how to change the default symmetric cipher

Gregor Zattler telegraph at gmx.net
Tue Aug 31 12:58:28 CEST 2010 

Hi Alex,
* Alex Smily <alex_gnupg at yahoo.in> [31. Aug. 2010]:
> now my question is how to choose the symmetric encryption
> algorithm among the available ciphers in GNUPG.  
> & is there any way of selecting / adding a new symmetric cipher
> to GNUPG on which both sender and recipient are agreed. 

Different OpenPGP clients provide different symmetric ciphers.
Your public key contains among other meta information the
information which symmetric ciphers your OpenPGP client supports
and ranks them according to your preferences [or the defaults if
you did not provide the preferences yourself].  

You may set/change the preferences on your key in order to inform
your recipients OpenPGP client about them.

you can do this with the command

gpg --edit-key <your-keyid-here>

and use the commands (you should read the gpg manual):

showpref
       More  verbose  preferences listing for the selected user ID.
       This shows  the  preferences  in  effect  by  including  the
       implied  preferences  of  3DES (cipher), SHA-1 (digest), and
       Uncompressed (compression) if they are not already  included
       in the preference list. In addition, the preferred keyserver
       and signature notations (if any) are shown.


setpref string
       Set the list of user ID preferences to string  for  all  (or
       just  the  selected) user IDs. Calling setpref with no argu‐
       ments sets the preference list to the default (either built-
       in  or  set via --default-preference-list), and calling set‐
       pref with "none" as the argument sets  an  empty  preference
       list.  Use  gpg  --version  to get a list of available algo‐
       rithms. Note that while you can change the preferences on an
       attribute  user  ID  (aka "photo ID"), GnuPG does not select
       keys via attribute user IDs so these preferences will not be
       used by GnuPG.

       When  setting preferences, you should list the algorithms in
       the order which you'd like to see them used by someone  else
       when encrypting a message to your key.  If you don't include
       3DES, it will be automatically added at the end.  Note  that
       there  are  many  factors that go into choosing an algorithm
       (for example, your key may not be the only  recipient),  and
       so  the remote OpenPGP application being used to send to you
       may or may not follow your exact chosen order  for  a  given
       message.  It will, however, only choose an algorithm that is
       present on the preference list of every recipient key.   See
       also  the  INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS sec‐
       tion below.

Use "save" to end editing your keys preferences.



When your OpenPGP client encrytpts to a recipents key it it
searches the cipher capabilities/preferences of your recipents
key and matches them against your preferences as stated in your
config file (again you should read the manual:)


--personal-cipher-preferences string
       Set  the  list  of  personal cipher preferences to string.  Use gpg
       --version to get a list of available algorithms, and  use  none  to
       set  no preference at all.  This allows the user to safely override
       the algorithm chosen by the recipient key preferences, as GPG  will
       only  select  an  algorithm  that is usable by all recipients.  The
       most highly ranked cipher in this list is also used for the  --sym‐
       metric encryption command.


--personal-digest-preferences string
       Set  the  list  of  personal digest preferences to string.  Use gpg
       --version to get a list of available algorithms, and  use  none  to
       set  no preference at all.  This allows the user to safely override
       the algorithm chosen by the recipient key preferences, as GPG  will
       only  select  an  algorithm  that is usable by all recipients.  The
       most highly ranked digest algorithm in this list is also used  when
       signing  without  encryption  (e.g.  --clearsign  or  --sign).  The
       default value is SHA-1.


--personal-compress-preferences string
       Set the list of personal compression preferences  to  string.   Use
       gpg  --version  to get a list of available algorithms, and use none
       to set no preference at all.  This allows the user to safely  over‐
       ride  the algorithm chosen by the recipient key preferences, as GPG
       will only select an algorithm that is  usable  by  all  recipients.
       The  most  highly ranked compression algorithm in this list is also
       used when there are no recipient keys to consider  (e.g.  --symmet‐
       ric).


HTH, Gregor
-- 
 -... --- .-. . -.. ..--.. ...-.-

More information about the Gnupg-users mailing list