Robert J. Hansen
rjh at sixdemonbag.org
Fri Feb 25 02:20:17 CET 2011
On 2/24/11 4:31 PM, Aaron Toponce wrote:
> If I run 'setpref S9 S10 S13 ...' when editing my key, then is adding
> all this to the gpg.conf file really necessary?
"setpref" is, IMO, a badly misnamed command. The preferences you attach
to your certificate are more like a ranked set of capabilities: they are
what you advertise to the world as what you're capable of accepting, and
(to an extent) in which order you prefer them.[*]
The default-*-pref in your gpg.conf file is how you tell GnuPG what
algorithms you wish to use, and in which order.
E.g., if you encrypt a message to someone, the setprefs on your
certificate are never even looked at: after all, you're only using your
*recipient's* certificate. But if you have a default-*-pref, then GnuPG
will (almost) always read and respect that.
[*] The OpenPGP spec does not require it be treated as a preference
list, but only as a capability set. GnuPG does a modified Borda count,
IIRC, to determine which algorithm to use -- basically, the union of
sender and recipient capabilities is considered, and each of sender and
recipient get to cast a "vote" on which algorithm is used. This is
GnuPG-specific behavior: don't expect other OpenPGP implementations to
More information about the Gnupg-users