Setpref is not working or is it a bug or something?

gnupgpack at on.yourweb.de gnupgpack at on.yourweb.de
Wed Nov 26 08:19:01 CET 2014


Hello,
beware of compatibility issues...

Older versions of Debian (< sarge) don't support SHA512, AFAIK.
Many Smartcards are limited to key size <= 3072 bit, AFAIK.
RSA signatures are larger than DSA signatures, even if same bit size.

So, what are the most useful cross-over compatibility settings for new,
secure keys?

Regards, @g.

> -----Original Message-----
> From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of
> Robin Mathew Rajan
> Sent: Tuesday, November 25, 2014 8:44 PM
> To: Robert J. Hansen; gnupg-users at gnupg.org
> Subject: Re: Setpref is not working or is it a bug or something?
> 
> No bro. You got me wrong. :(
> 
> I referred these two manuals before I made the change in gpg.conf.
> 
> 1) https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-
> Options.html
> 
> "--default-preference-list string
>     Set the list of default preferences to string. This preference list is
> used for new keys and becomes the default for "setpref" in the edit menu."
> 
> 2) http://www.gossamer-threads.com/lists/gnupg/users/51697
> 
> "Re: Difference between setpref and options in the configuration [In reply
> to]
> On Sun, Feb 9, 2014 at 2:39 PM, Stephane Bortzmeyer <bortzmeyer [at] nic>
> wrote:
> > When reading
> > <https://alexcabal.com/creating-the-perfect-gpg-keypair/>, which
> > advises to use gpg --edit-key and setpref to choose "better"
> > algorithms, I told myself "Why risking forgetting the right
> > command-line when you can simply use the configuration file?" So, I
> > put this in ~/.gnupg/gpg.conf :
> >
> > # SHA1 by default
> > cert-digest-algo SHA256
> > # Crypto preferences
> > personal-cipher-preferences AES256 AES192 AES128
> > personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> > personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
> >
> > And generated a key, with two UID. But it seems the preferences in
> > personal-*-preferences have been completely ignored:
> 
> That's because the personal-*-preferences don't change the preferences
> in the key itself. They merely change the order of ciphers, hashes,
> and compression methods that you prefer when communicating with others
> (so long as you both support those algorithms).
> 
> According to http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-
> Esoteric-Options.html
> you'll want to use "default-preference-list" followed by the list of
> preferences for your key. For example, putting
> "default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
> CAST5 ZLIB BZIP2 ZIP Uncompressed" in your gpg.conf file and then
> generating a new key (or running "edit-key KEYID", "setpref" with an
> empty string for the preferences, and "save" on an existing key) will
> set the key preferences to that string.
> 
> Cheers!
> -Pete"
> 
> Those are the two manuals I mainly referred before editing the gpg.conf.
> 
> The backup file was made after the changes made in the key. It's not made
> before I edited the gpg.conf and used setpref. The backup file is made
> after I used the setpref option.
> 
> And that's why I'm confused about it. Even though the backup file was made
> after the changes made in the key, why the properties set by setpref are
> not included in the key? I'm confused. :(
> 
> 
> 
> On 25-11-2014 PM 08:23, Robert J. Hansen wrote:
> >> Why this happening and what is the solution to it?
> >
> > The preferences list in gpg.conf are your preferences for what you use
> > for the mail you compose to others; the preferences list on your key are
> > your preferences for what you'd like other people to use for the mail
> > they compose to you.
> >
> > They represent two different things, which you seem to have conflated
> > together.  I think this will resolve a good half of your questions.
> >
> > The other half can be resolved by asking this question: "When I changed
> > my key preferences, then deleted the key, and restored it from a backup
> > I made before I changed my key preferences, how could the backup know
> > about the changes I made *after* I made the backup?"
> >
> > :)
> >
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list