Check that s2k-count has changed

David Shaw dshaw at
Fri Jul 8 18:31:10 CEST 2011

On Jul 8, 2011, at 10:10 AM, Chris Poole wrote:

> When changing my secret key's passphrase, I bumped up the s2k-count to
> 6553600 (I just added two zeros; I don't notice any slow down when
> decrypting on a Core2Duo).
> How can I confirm that this count is being used?
> I ran gpg --list-packets ~/.gnupg/secring.gpg, which told me a number
> for "protect count" (in the secret key packet section). Does this map
> to the number I gave on the command line when changing my passphrase?

Yes.  Note that the list-packets output shows the internal packed value: 6553600 should come out to 201.  The default of 65536 would encode to 96.

You might file an enhancement bug to print the decoded value in --list-packets.  We already print it for symmetric encryption, and it's reasonable to print it for secret keys as well.


More information about the Gnupg-users mailing list