updprefs command and changing key

David Shaw dshaw at jabberwocky.com
Fri Mar 12 23:14:38 CET 2010


On Mar 10, 2010, at 4:07 PM, Robert Palmer wrote:

> During exchange of a public key to a 3rd party – they rejected the key for not having a compatible cipher; so, after doing some research the key was edited within gpg to update prefs on the key which now shows a compatible cipher (in this case, AES-256).  I re-exported the public key and noticed that the ascii representation was different – this leads me to my question, which is: is this new key 100% compatible with the old key?  To elaborate, will previous other 3rd party entities (equipped only with the non-updated prefs version) still be able to decrypt and accept messages signed with the new key?  Preliminary testing shows that the updated prefs version encrypted message is able to be decrypted and signature verified on the non-updated prefs version keyring system.
>  
> I am thinking (from preliminary tests) that the “key” information does not get updated at all – but, somehow, the cipher preferences are embedded in the public key – hence, the reason that the exported public key ASCII representation was different before and after updating preferences.

This is exactly correct.  The prefs are just a field attached to the key.

However, your 3rd party should not have rejected the key.  The OpenPGP preferences system is designed to *always* reach a valid answer.  Every preference list contains Triple-DES, whether you explicitly list it there or not, and every OpenPGP program is compatible with Triple-DES.  If no other compatible ciphers are found, the answer is Triple-DES.

David




More information about the Gnupg-users mailing list