faramir.cl at gmail.com
Thu Sep 18 07:17:55 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
David Shaw escribió:
> You say you modified your preferences in gpg.conf - how? There are a
personal-cipher-preferences AES256 TWOFISH AES192 AES BLOWFISH CAST5 3DES
personal-digest-preferences SHA256 SHA1 SHA512 SHA384 SHA224 RIPEMD160 MD5
personal-compress-preferences ZIP ZLIB BZIP2 Z0
And from the key:
[ absoluta ] (1). Faramir <faramir.cl at gmail.com>
Cifrado: AES256, AES192, AES, CAST5, 3DES
Resumen: SHA1, SHA256, RIPEMD160
Compresión: ZLIB, BZIP2, ZIP, Sin comprimir
Características: MDC, Sevidor de claves no-modificar
> few things regarding preferences in gpg.conf, but few of them impact
I supposed if I generate a key, gpg would follow those preferences...
so my concern was the keys generated previous to setting the
preferences. But it seems I was wrong, because a key I generated
yesterday shows the same preferences as my oldest key...
> Showpref shows what the preferences are on the key itself. These are
> the preferences that other users who are encrypting to you will use for
> you. Obviously, your gpg.conf cannot be consulted by the other users :)
Right, but if I edit a key, or generate a new one, gpg could take the
preferences from gpgp.conf (if any), and set the key preferences
according to that list... if it doesn't do it, probably there is a good
reason for that... it is my newbie point of view about the subject.
> If you want to alter the list of preferences on your key, do this:
> gpg --edit-key (thekey)
> setpref aes256 sha512 bzip2 blah blah blah
Ok, I will do that, thanks.
> mix cipher, hash, and compression algorithms. You can also use "mdc",
> "no-mdc", "ks-modify", and "no-ks-modify" to enable and disable the MDC
> and keyserver modify flags. MDC defaults to on, ks-modify defaults to
> off (i.e. don't allow modification).
I will have to take a look at the manual again, I am not sure what
does MDC mean...
> Note that you can specify a different set of preferences for each user
> ID. This is a handy feature, as it lets you express things like "I want
> to use AES256 for home stuff, but my work address requires 3DES by policy".
Yes, that looks very useful. However, I would rather use different
keys, with different email addresses for different purposes... I mean, I
don't see the advantage of having a "Faramir" UID, and another UID with
my real name, if somebody will see all my UIDs after downloading my
key... but that is material for another subject, I think :-P
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users