Changing passphrase parameters (s2k options)
Peter Lebbing
peter at digitalbrains.com
Mon Jan 23 12:22:19 CET 2017
On 23/01/17 11:01, John Lane wrote:
> I've been reading about symmetric encryption of the private key.
>
> When I tried to experiment with the `--s2k` options, attempting to
> change the passphrase on my key, I found that they were ignored.
GnuPG 2.1 handles the private key in a completely different manner than
earlier versions. I couldn't find any other configurable things than the
s2k-count. Look at the difference between the man page for 2.1.16 and
1.4.18:
1.4.18:
> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys.
> The default cipher is CAST5. This cipher is also used for conven‐
> tional encryption if --personal-cipher-preferences and --cipher-
> algo is not given.
2.1.16:
> --s2k-cipher-algo name
> Use name as the cipher algorithm for symmetric encryption with a
> passphrase if --personal-cipher-preferences and --cipher-algo are
> not given. The default is AES-128.
> A brief
> search identified issue 1800 [1] on the bug tracker which was last
> updated in 2015, some 20 months ago.
It's close to what you're talking about, but not exactly. That is
specifically about *exporting* an OpenPGP secret key, not how it is
*stored* in your keyring. The protection on private-keys-v1.d is
implemented differently than the protection of the OpenPGP standard
which is used for export.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list