Preference de-sync between public & private keys
mancha at mac.hush.com
mancha at mac.hush.com
Wed Jul 4 12:54:18 CEST 2012
Hi. I recently encountered interesting (buggy?) behavior in the way gpg
deals with the preference order of key pairs.
If one sets a default preference order in gpg.conf like so:
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES CAST5 AES192 ZLIB
BZIP2 ZIP Uncompressed
and generates a key-pair and exports each:
$ gpg --export -a "temporary" > temp-pub.asc
$ gpg --export-secret-key -a "temporary" > temp-pri.asc
the preference order coincides between public & private:
$ gpg --list-packets temp-pub.asc
[snip]
pref-sym-algos: 9 7 3 8
[snip]
$ gpg --list-packets temp-pri.asc
[snip]
pref-sym-algos: 9 7 3 8
[snip]
Now, if we change gpg.conf to have aes128 first in the cipher list:
default-preference-list SHA512 SHA384 SHA256 SHA224 AES CAST5 AES192 AES256 ZLIB
BZIP2 ZIP Uncompressed
And change the prefs via --edit-key -> updpref/setpref, only the public key
gets changed. Private and public keys no longer coincide.
$ gpg --list-packets temp-pub.asc
[snip]
pref-sym-algos: 7 3 8 9
[snip]
$ gpg --list-packets temp-pri.asc
[snip]
pref-sym-algos: 9 7 3 8
[snip]
Thanks in advance for your time.
More information about the Gnupg-users
mailing list