Difference between setpref and options in the configuration

Pete Stephenson pete at heypete.com
Sun Feb 9 16:30:46 CET 2014

On Sun, Feb 9, 2014 at 2:39 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> When reading
> <https://alexcabal.com/creating-the-perfect-gpg-keypair/>, which
> advises to use gpg --edit-key and setpref to choose "better"
> algorithms, I told myself "Why risking forgetting the right
> command-line when you can simply use the configuration file?" So, I
> put this in ~/.gnupg/gpg.conf :
> # SHA1 by default
> cert-digest-algo SHA256
> # Crypto preferences
> personal-cipher-preferences  AES256 AES192 AES128
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> personal-compress-preferences  ZLIB BZIP2 ZIP Uncompressed
> And generated a key, with two UID. But it seems the preferences in
> personal-*-preferences have been completely ignored:

That's because the personal-*-preferences don't change the preferences
in the key itself. They merely change the order of ciphers, hashes,
and compression methods that you prefer when communicating with others
(so long as you both support those algorithms).

According to http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Esoteric-Options.html
you'll want to use "default-preference-list" followed by the list of
preferences for your key. For example, putting
"default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 ZLIB BZIP2 ZIP Uncompressed" in your gpg.conf file and then
generating a new key (or running "edit-key KEYID", "setpref" with an
empty string for the preferences, and "save" on an existing key) will
set the key preferences to that string.


More information about the Gnupg-users mailing list