Default hash

Robert J. Hansen rjh at
Fri Feb 25 02:20:17 CET 2011

On 2/24/11 4:31 PM, Aaron Toponce wrote:
> If I run 'setpref S9 S10 S13 ...' when editing my key, then is adding
> all this to the gpg.conf file really necessary?


"setpref" is, IMO, a badly misnamed command.  The preferences you attach
to your certificate are more like a ranked set of capabilities: they are
what you advertise to the world as what you're capable of accepting, and
(to an extent) in which order you prefer them.[*]

The default-*-pref in your gpg.conf file is how you tell GnuPG what
algorithms you wish to use, and in which order.

E.g., if you encrypt a message to someone, the setprefs on your
certificate are never even looked at: after all, you're only using your
*recipient's* certificate.  But if you have a default-*-pref, then GnuPG
will (almost) always read and respect that.

[*] The OpenPGP spec does not require it be treated as a preference
list, but only as a capability set.  GnuPG does a modified Borda count,
IIRC, to determine which algorithm to use -- basically, the union of
sender and recipient capabilities is considered, and each of sender and
recipient get to cast a "vote" on which algorithm is used.  This is
GnuPG-specific behavior: don't expect other OpenPGP implementations to
do likewise.

More information about the Gnupg-users mailing list