GPG question (cipher preference)

Henry Hertz Hobbit hhhobbit at securemecca.net
Tue Dec 12 20:33:57 CET 2006 

On Mon, Dec 11, 2006 at 02:29:45PM +0100, Lormans Harry wrote:

> In PGP I can select the symmetric cryptographic algorithm to use
> (e.g. TripleDES, IDEA, etc.).  How can I make this selection in
> GPG? If not: what is setup at the moment?  Note that I cannot
> find anything in one of the preferences (I'm using GPG4Win).

For defaults, do the equivalent of (you may have to add the path
to the gpg.exe executable and use the CMD window, but some of
this may be done in the GUI tools):

[0] gpg --version
    # this will show your choices of check sums and ciphers and
    # keys among other things
[1] gpg --list-keys | more  # snag your key as it comes past or
    redirect output to a file to find it:

[2] gpg --edit-key YOURKEYID
    Command> showpref
    Command> setpref AES AES192 AES256 TWOFISH CAST5 BLOWFISH 3DES \
      SHA256 SHA384 SHA512 SHA1 ZLIB BZIP2 ZIP MDC no-ks-modify
    REM All the stuff in this command is on ONE line with
    REM NO backslash - sorry, my email wrapped it
    Command> expire
    REM give it a reasonable default like 2-3 years
    Command> save

If you just want to change the encryption on the fly to some other
symmetric encryption algorithm you can do that with the "--cipher-algo"
option and specify the one to use.  This should be selectable in what
ever GUI you are using to manage your keys and do symmetric encryption
of your files.  On the other hand you may be able to do it only using
the command line (cmd.exe).  If you do have to do it that way, what I
do is create a %SystemDrive%\bin (usually c:\bin) folder and
copy the gpg*.exe files into that folder and add that to the path.
Just remember to copy the new executables there when you upgrade.

If all you need is to change the defaults, it shouldn't be too painful
since you only need to do it once.  If you want to do a LOT of symmetric
ciphers and your GUI tool won't let you do it easily you may want to
write a script to do it.  I have them on 'nix, the shell is much more
powerful than cmd.exe.  If you write me privately, I can send them to
you but I don't know how much help they would be.

Nuff?

HHH

More information about the Gnupg-users mailing list