updprefs command and changing key
rdpalmer70 at hotmail.com
Fri Mar 12 23:32:05 CET 2010
Thanks David for helping to clarify.
From: David Shaw [mailto:dshaw at jabberwocky.com]
Sent: Friday, March 12, 2010 5:15 PM
To: Robert Palmer
Cc: gnupg-users at gnupg.org
Subject: Re: updprefs command and changing key
On Mar 10, 2010, at 4:07 PM, Robert Palmer wrote:
> During exchange of a public key to a 3rd party - they rejected the key for
not having a compatible cipher; so, after doing some research the key was
edited within gpg to update prefs on the key which now shows a compatible
cipher (in this case, AES-256). I re-exported the public key and noticed
that the ascii representation was different - this leads me to my question,
which is: is this new key 100% compatible with the old key? To elaborate,
will previous other 3rd party entities (equipped only with the non-updated
prefs version) still be able to decrypt and accept messages signed with the
new key? Preliminary testing shows that the updated prefs version encrypted
message is able to be decrypted and signature verified on the non-updated
prefs version keyring system.
> I am thinking (from preliminary tests) that the "key" information does not
get updated at all - but, somehow, the cipher preferences are embedded in
the public key - hence, the reason that the exported public key ASCII
representation was different before and after updating preferences.
This is exactly correct. The prefs are just a field attached to the key.
However, your 3rd party should not have rejected the key. The OpenPGP
preferences system is designed to *always* reach a valid answer. Every
preference list contains Triple-DES, whether you explicitly list it there or
not, and every OpenPGP program is compatible with Triple-DES. If no other
compatible ciphers are found, the answer is Triple-DES.
More information about the Gnupg-users