updprefs command and changing key
David Shaw
dshaw at jabberwocky.com
Sat Mar 13 13:58:40 CET 2010
On Mar 13, 2010, at 5:55 AM, John Clizbe wrote:
> MFPA wrote:
>> On Saturday 13 March 2010 at 12:07:08 AM, in
>> <mid:DE002B15-FA18-49A1-B7B0-5AFAAF829339 at jabberwocky.com>, David Shaw
>> wrote:
>>> On Mar 12, 2010, at 6:31 PM, Faramir wrote:
>>>> is there a way to disable the usage of 3DES in GnuPG, when
>>>> encrypting?
>>> Patch the source :)
>>> There is no way other than that.
>>
>> Wouldn't "--disable-cipher-algo 3DES" achieve this?
>
> "Google Is Your Friend®"
> http://www.google.com/search?&q=disable-cipher-algo+3des
>
> http://lists.gnupg.org/pipermail/gnupg-devel/2009-May/025042.html
>
> "One" is, of course, free to shoot oneself in the foot. There is little rational
> rationale for disabling 3DES.
It won't work anyway. You can't remove 3DES from the cipher preferences with disable-cipher-algo. The best you can do is set a personal-cipher-preferences with ciphers other than 3DES and then simply decline to communicate at all with people who have a 3DES-only key. To make matters worse, not only does it not work in preventing 3DES being selected via preferences, disable-cipher-algo also has the unpleasant side effect of making the user unable to *decrypt* 3DES messages as well.
So setting disable-cipher-algo 3DES both doesn't accomplish what it was intended to, and also breaks other things. I'd avoid it ;)
There will eventually come a day when 3DES will have to go. We're not there yet, and it'll be a big deal from the OpenPGP perspective, given the special position that 3DES has within the protocol.
David
More information about the Gnupg-users
mailing list