{gnupg 2.1.6} Howto change s2k cipher from AES -> AES256?

Werner Koch wk at gnupg.org
Wed Aug 5 20:34:23 CEST 2015

On Wed,  5 Aug 2015 15:02, dieamme at googlemail.com said:

> Ok, but the secret Keys in "private-keys-v1.d" are
> encrypted with (symmetric) AES128.
> My question is, why securing the private key's with sha1?

I am not sure whether I understand your question.  If you mean the SHA-1
as mentioned in the algo string of the private key files:


  This describes an algorithm using using AES in CBC mode for
  encryption, SHA-1 for integrity protection and the String to Key
  algorithm 3 from OpenPGP (rfc2440).

Thus SHA-1 is not used for protection but to detect tampering of the
encrypted private key.  This is the same method as defined by RFC-4880
but using an S-expression encoding.

The decryption part also knows about openpgp-s2k3-sha1-aes256-cbc so to
be prepared for the time we want to change to AES-256.  However, it is
questionable whether this will ever be done.  Although the entire
construct is safe on practice, it will eventually be replaced by a
modern AEAD method.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list