GnuPG Preferences
Table of Contents
Overview
Many GnuPG users do not set the preferences for cipher, hash and compression algorithms – at least that is my impression. Therefore quite a few users have unwanted or unexpected preferences and do not always know how to change them.
Pointing these users to the documentation may be helpful but there’s no step by step instruction of how to change preferences. However, this is what this document does.
Note: The following works with GnuPG 1.0.7 or later, BZIP2 compression method works with GnuPG 1.2.4 or later (see Change preferences).
Examination of supported algorithms
To check the supported algorithms of your GnuPG installation just enter the
command gpg –version:
![Screenshot [Terminal Window]: Output of "gpg --version"](/images/gnupg/gnupg_prefs-001.png "GnuPG: supported algorithms")
Lines beginning with Cipher:, Hash: and Compress: are of interest.
Examination of the current preferences
To enter the GnuPG interface for editing keys just fire gpg –edit-key Key-ID:
![Screenshot [Terminal Window]: Entering GnuPG key editor ("gpg --edit-key"), issuing "pref"](/images/gnupg/gnupg_prefs-002.png "GnuPG: current preferences (pref)")
To examine the current preferences you can use the command pref. However,
showpref will generate an output that is easier to understand:
![Screenshot [Terminal Window]: GnuPG key editor – #"showpref"](/images/gnupg/gnupg_prefs-003.png "GnuPG: current preferences (showpref)")
Change preferences
To change the preferences you will have to use the command setpref. This
command expects a list of preferred algorithms as argument. These
algorithms have to be encoded as shown in the following table:
| cipher algorithms | hash algorithms | compression algorithms |
|---|---|---|
| S1 IDEA | H1 MD5 | Z1 ZIP |
| S2 3DES | H2 SHA1 | Z2 ZLIB |
| S3 CAST5 | H3 RIPEMD160 | Z3 BZIP2 |
| S4 BLOWFISH | ||
| S5 invalid | ||
| S6 invalid | ||
| S7 AES | ||
| S8 AES192 | ||
| S9 AES256 | ||
| S10 TWOFISH |
Note: The BZIP2 compression method is supported since GnuPG 1.2.4.
To set AES as preferred cipher algo followed by TWOFISH, CAST5, BLOWFISH
and 3DES the sequence S7 S10 S3 S4 S2 has to be used. You can append the
codes for your preferred hash and compression algos, e.g. if you like to
have SHA1, RIPEMD160, MD5 as hash algos and ZLIB, ZIP as compression algos
your complete sequence should look like this: S7 S10 S3 S4 S2 H2 H3 H1 Z2
Z1. This sequence is used as argument for setpref:
![Screenshot [Terminal Window]: GnuPG key editor – "setpref"](/images/gnupg/gnupg_prefs-004.png "GnuPG: set preferences")
The command shown above sets preferences for all three keys in the keyring.
To set preferences for a single key you will have to select the key by
entering the appropriate number prior to the setpref command.
Save the new preferences
To finally update your newly set preferences enter the command updpref:
![Screenshot [Terminal Window]: GnuPG key editor – "updpref"](/images/gnupg/gnupg_prefs-005.png "GnuPG: save preferences")
This command requires you to enter your passphrase. Next, you can check
your new preferences with pref or showpref and quit the interface with
quit (confirm that you want to save the changes).
![[FSF Associate Member]](/images/fsf-member.png){kind=small}