Several questions about s2k

David Shaw dshaw at
Tue Feb 28 03:40:44 CET 2006

On Tue, Feb 28, 2006 at 02:31:10AM +0100, Malte Gell wrote:
> On Tuesday 28 February 2006 00:32, Olli Artemjev wrote:
> > I've updated comments on novell bugreport page.
> > Please refresh.
> 2:21 a.m. will look at it tomorrow ;-)
> > 1. The gpg.conf used in my tests is avaliable from bugreport.
> > Also attaching here.
> Thanx, looked at it, I may have found the issue, you use
> disable-cipher-algo 3DES
> disable-pubkey-algo 3DES
> and this causes the error message "gpg: invalid item `S2' in preference 
> string", admittedly it sounds confusing, but has nothing to do with the 
> s2k options. So, you are right, it was not a typo.
> But, 3DES is a requirement by OpenPGP and must never be disabled, but 
> this is what you did in your gpg.conf and this has confused GnuPG.

No.  It's possible to disable 3DES - noncompliant with OpenPGP, and
will make you incapable of communicating with many people, but
possible.  The error message you saw was GnuPG warning you that it
could not make a preference list for the new key you were generating
when 3DES was missing.  The key will be generated fine, but
ironically, without a preference list on the key, the only cipher that
will be used is 3DES..

The "disable-pubkey-algo 3DES" line is just nonsense (and ignored) as
3DES is not a public key algorithm.

That gpg.conf file has a lot of values hardcoded that will make it
impossible for you to communicate with some people.  Please read the
section about interoperability in the manual, and especially the bit
about "Only override this safe default if you really know what you are

99% of the time, using --cipher-algo, --digest-algo, or
--compress-algo is a mistake.


More information about the Gnupg-devel mailing list