Changing secret key encryption algorithms

Dan Cowsill danthehat at
Thu Oct 21 18:40:11 CEST 2010

Hash: SHA1


I was inspired by a thread on a friend's mishap with his secret key to
look into the various ways that a GnuPG secret key can be encrypted
prior to its storage on disk.

On 20/10/2010 1:24 PM, Faramir wrote:
>   Well, then the private key was still protected by the passphrase, I
> think it uses CAST5 algorithm.

I poked around the documentation a bit and confirmed that the default
cipher is CAST5 (GnuPG seems to prefer it when it needs a symmetric key
cipher).  After further digging, I found a way to change the symmetric
key cipher used on the secret key from the default CAST5.  You can
discover the algorithms included in your GnuPG version by using gpg
- --version, of course.

I endeavored to test this by generating a new keypair on a new user.  I
used the following command:

$ gpg --s2k-cipher-algo CAMMELIA256 --gen-key

If you've got a secret key and you want to change its cipher algo, you
can use the following command:

$ gpg --s2k-cipher-algo <name> --edit-key <keyid>

After that, you enter the passwd command in the edit key shell and
change your passphrase.  I used the same passphrase as I used during key
generation and this posed no problem.  I wonder if it is a good idea
from a cryptographic standpoint, however.  If anyone can comment on
this, it would be appreciated.

Also, it should be noted that changing the cipher algorithm used to
encrypt a secret key should in no way change or impair the ability of
that secret key to decrypt or sign documents.  It simply changes the way
in which the key is stored on the disk.  However, if you use several
different GnuPG versions with your secret key, you should probably check
gpg --version on all of them to make sure your preferred cipher is present.

After making the changes, I began digging through the documentation to
find a way to verify that the Cammelia algorithm was indeed being used
to encrypt my secret key.  I used the following command:

$ gpg --list-packets .gnupg/secring.gpg

And got this output:
iter+salt S2K, algo: 13, SHA1 protection ...

It seems the algorithms are mapped to algo ID's.  I can confirm that the
algorithm is different than than the one used on my real secret key, but
I had not been able to find any resources that map the algo ID's to
their respective names with any completeness.  I was able to find an
excellent (if dated) resource on secret keys in the process[1].

I looked at the source code for GnuPG next, poking around different
header files until I found this:

#define CIPHER_ALGO_IDEA         1
#define CIPHER_ALGO_3DES         2
#define CIPHER_ALGO_CAST5        3
#define CIPHER_ALGO_BLOWFISH     4  /* blowfish 128 bit key */
/* 5 & 6 are reserved */
#define CIPHER_ALGO_AES          7
#define CIPHER_ALGO_AES192       8
#define CIPHER_ALGO_AES256       9
#define CIPHER_ALGO_TWOFISH     10  /* twofish 256 bit */
#define PUBKEY_ALGO_RSA        1
#define PUBKEY_ALGO_RSA_E      2     /* RSA encrypt only */
#define PUBKEY_ALGO_RSA_S      3     /* RSA sign only */
#define PUBKEY_ALGO_ELGAMAL_E 16     /* encrypt only ElGamal (but not
for v3)*/
#define PUBKEY_ALGO_DSA       17
#define PUBKEY_ALGO_ELGAMAL   20     /* sign and encrypt elgamal */

You can use these ID values to determine what kind of cipher or public
key algorithm is being used on any piece of GnuPG data using the
- --list-packets option.

This post is purely informative and is the result of an early morning
problem solving mission.  I don't know why anyone would want to change
the secret key protection algorithm, aside from personal preference.
However, it is my view that if I have to go to this much trouble to find
information about something, I should probably make it public.

If you have any further information, want to correct or otherwise
comment on the above, feel free.


Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list