gnupg preferences

Ben McGinnes ben at
Mon Apr 6 23:51:43 CEST 2015

On 3/04/2015 1:14 am, Robert Deroy wrote:
> Good Morning,
> I send you this letter because maybe you can help me about somethings,
> i know that my english is not perfect at all..
> Is it possible to remake an original gpgconf file ?

There should be a sample gpg.conf file installed to a directory close
to the installation directory.  The file is called gpg-conf.skel and
it is most likely to be in /usr/share/gnupg or /usr/local/share/gnupg.

> I don't understand how i could use this commands :
> --default-preference-list string

This one sets cipher, hash and compression preferences for a key at
the time it is generated.

> --list-config
> --gpgconf-list
> --gpgconf-test

I haven't played with these so much, so I'll leave that for someone
else to answer.

> And how could i use this one ? :
> --personal-cipher-preferences string

It's related to the first one, but only affects the symmetric cipher
used to encrypt files and messages.

> Is it possible to set preferences for the gnupg software globally ?

It is possible to set a default set of files to be added to a new
user's home directory when created, but the recommended method varies
by operating system and, in the case of Linux, by distribution.

> Or maybe it is possible just for a key especially ?

The preferences for any key can be modified by editing the key and
updating the algorithms with the setpref command.  I am not sure which
GUI interfaces permit this, if any, but if that is limited then the
most likely one that would allow it is GPA.

> Preferences are recorded inside the keys ? Or in the gnupg software ?

In the keys, so that GPG can determine which algortithms a recipient
can use, though GPG itself needs to have those algorithms included
with its installation.  For example, the cipher preferences on your
key are:

Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA

On mine they're:


If I were to send you an encrypted message, though, GPG would use your
preferred cipher, AES256, because that's the first shared preference.

> When we generate a new key, preferences of cipher algo or digest
> algo are impacting the new key ?

Yes, but it can be changed.

> I try to set a default user with those commands, but it works not :
> --default-key

This one is usually best set in a gpg.conf file, often with the
--encrypt-to option (to always encrypt messages to your own key).

> -u
> --local-user

These two are interchangable and used to override the default-key for
either signing or decryption purposes.

> --default-recipient 
> --default-recipient-self 

These are alternative methods of always encrypting to a specific key,
but are intended for when that key is not the default-key or when the
default-key or encrypt-to options are not set.

> Is a gnupg portable for linux exist ?

There is a GPG4USB project which provides versions for Windows and
Linux, but Linux users are much better off using the version which
comes with their distribution.

> Or maybe i should use wine.

No, that adds an additional layer which could very easily be exploited
to compromise your information.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150407/18da39b7/attachment.sig>

More information about the Gnupg-users mailing list