Best Practices
Laurent Jumet
laurent.jumet at skynet.be
Sun Dec 12 09:34:05 CET 2010
Hello David !
David Tomaschik <david at systemoverlord.com> wrote:
> In my gpg.conf, I have (other than keyserver/no-greeting/etc. settings):
> personal-digest-preferences SHA512
> cert-digest-algo SHA512
> Are there any other settings (or changes to these) that would be considered
> more "forward looking"?
Hello !
To set the preferences, this can help:
??????????????????????????????????????????????????????????
? Cipher-Algos: ? Digest-Algos: ? Compress-Algos: ?
??????????????????????????????????????????????????????????
? ? ? Z0 Uncompressed ?
? S1 IDEA ? H1 MD5 ? Z1 ZIP ?
? S2 3DES ? H2 SHA1 ? Z2 ZLIB ?
? S3 CAST5 ? H3 RIPEMD160 ? Z3 BZIP2 ?
? S4 BLOWFISH ? ? ?
? ? ? ?
? ? ? ?
? S7 AES ? ? ?
? S8 AES192 ? H8 SHA256 ? ?
? S9 AES256 ? H9 SHA384 ? ?
? S10 TWOFISH ? H10 SHA512 ? ?
? S11 CAMELLIA128 ? H11 SHA224 ? ?
? S12 CAMELLIA192 ? ? ?
? S13 CAMELLIA256 ? ? ?
??????????????????????????????????????????????????????????
Those are my settings in GPG.CONF:
default-preference-list S7 S1 S10 S3 S4 S2 S9 S8 H3 H8 H9 H10 H11 H2 H1 Z1 Z3
Z2 Z0
personal-cipher-preferences S7 S1 S10 S3 S4 S2 S9 S8
personal-digest-preferences H3 H8 H9 H10 H11 H2 H1
personal-compress-preferences Z1 Z3 Z2 Z0
As you can see, you can replace the whole name by its tag.
When you change the settings, you must edit and save your public key and reload it on the servers; otherwise those changes will not work as they will stay internal in your system.
--
Laurent Jumet
KeyID: 0xCFAF704C
More information about the Gnupg-users
mailing list