importing preference changes
David Shaw
dshaw at jabberwocky.com
Thu Aug 31 17:28:55 CEST 2006
On Thu, Aug 31, 2006 at 03:20:12AM +0200, Philipp Gühring wrote:
> Hi,
>
> I imported a DSA-1024-160 testkey into GnuPG, and got the following message:
>
> gpg --homedir work/696/ --import work/696/request.key
> Set preference list to:
> Cipher: AES256, AES192, AES, CAST5, 3DES
> Digest: SHA1, SHA256, RIPEMD160
> Compression: ZLIB, BZIP2, ZIP, Uncompressed
> Features: MDC, Keyserver no-modify
> Really update the preferences? (y/N)
>
> I am a bit puzzled that importing a key makes gnupg ask me, whether
> I want to update my preferences ...
Any time you import a key, GnuPG will check to see if the key is
advertising preferences that GnuPG can't fulfil. If you don't update
the preferences to match reality, you can receive messages that you
won't be able to decrypt.
> I have the feeling that this could be a security risk, if it changed the
> preferences in an insecure way ...
This does not parse. Do you have some reason to believe the
preference system is insecure? If so, please state it directly.
> Why doesn´t it show the previous settings, so that I know what it actually
> changes?
It does. Are you piping the GPG output somewhere and missing it?
The full message printed would be something like:
gpg: WARNING: key XXXXXXXX contains preferences for unavailable
gpg: algorithms on these user IDs:
gpg: "whatever": preference for cipher algorithm AES
gpg: it is strongly suggested that you update your preferences and
gpg: re-distribute this key to avoid potential algorithm mismatch problems
David
More information about the Gnupg-users
mailing list