Changing passphrase parameters (s2k options)
John Lane
gnupg at jelmail.com
Mon Jan 23 12:54:02 CET 2017
On 23/01/17 11:22, Peter Lebbing wrote:
> It's close to what you're talking about, but not exactly. That is
> specifically about *exporting* an OpenPGP secret key, not how it is
> *stored* in your keyring. The protection on private-keys-v1.d is
> implemented differently than the protection of the OpenPGP standard
> which is used for export.
Ok, so - if I understand you correctly - when I *export* the secret key
I can choose which algorithms are applied to the exported copy ?
So I tried:
$ gpg --export-secret-key my-key | gpg --list-packets | grep S2K
gnu-dummy S2K, algo: 0, simple checksum, hash: 0
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ...
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ...
(I presume the first line is like that because the primary secret isn't
in my ring)
Then:
$ gpg --export-secret-key --s2k-cipher-algo AES256 --s2k-digest-algo
SHA512 my-key | gpg --list-packets | grep S2K
gnu-dummy S2K, algo: 0, simple checksum, hash: 0
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ...
iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ...
Surely I would expect it to look like
iter+salt S2K, algo: 9, SHA512 protection, hash: 10, salt: ...
Thanks.
More information about the Gnupg-users
mailing list