gnupg private-keys encryption

npy at npy at
Fri Dec 13 07:14:23 CET 2019


Gnupg (installed from debian repositories) seems to ignore cipher/digest preferences while encrypting the key. Below are the options I've in my gpg.conf.

personal-digest-preferences SHA512
personal-cipher-preferences AES256
personal-compress-preferences Uncompressed
digest-algo SHA512
cipher-algo AES256
s2k-mode 3
s2k-count 65011712
s2k-digest-algo SHA512
s2k-cipher-algo AES256

However, --export-secret-keys followed by --list-packets shows, "iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ", and in the binary *.key file from the private-keys dir, ".. protected25:openpgp-s2k3-sha1-aes-cbc .." leads me to believe that the key is encrypted with SHA1/AES.

How can I control the encryption on the private-key?


More information about the Gnupg-users mailing list