Difference between setpref and options in the configuration
Stephane Bortzmeyer
bortzmeyer at nic.fr
Sun Feb 9 14:39:21 CET 2014
When reading
<https://alexcabal.com/creating-the-perfect-gpg-keypair/>, which
advises to use gpg --edit-key and setpref to choose "better"
algorithms, I told myself "Why risking forgetting the right
command-line when you can simply use the configuration file?" So, I
put this in ~/.gnupg/gpg.conf :
# SHA1 by default
cert-digest-algo SHA256
# Crypto preferences
personal-cipher-preferences AES256 AES192 AES128
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
And generated a key, with two UID. But it seems the preferences in
personal-*-preferences have been completely ignored:
gpg> showpref
[ultimate] (1). Stéphane Bortzmeyer (Main ID) <stephane at bortzmeyer.org>
Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
[ultimate] (2) Stéphane Bortzmeyer (Work) <bortzmeyer at nic.fr>
Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Why is it so?
% gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.6.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECC, ?
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
More information about the Gnupg-users
mailing list