<div dir="ltr">Hello Gao,<br><br>Your question could be stated more clearly as in this bug report:<br><a href="https://dev.gnupg.org/T1800">https://dev.gnupg.org/T1800</a><br><br><br>1. The solution is also in this report. Just install gpg version 2.0.x, which prior to version 2.1, then run the following command to generate the key:<br><br>> gpg2 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65000000 --gen-key<br><br>Then export, using the s2k options in case they're needed here instead:<br><br>> gpg2 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65000000 --export-secret-keys | gpg2 --list-packets<br><br>Then you can see the algo changed to AES256 and digest changed to SHA512.<br><br><br>2. To modify the existing key, you still have to install gpg version 2.0.x first, which prior to version 2.1, then add the following options into your gpg.conf:<br><br>> #-----------------------------<br>> # algorithm and ciphers<br>> #-----------------------------<br>> # Limits the algorithms used<br>> personal-cipher-preferences AES256<br>> personal-digest-preferences SHA512<br>> default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed<br>> cipher-algo AES256<br>> digest-algo SHA512<br>> cert-digest-algo SHA512<br>> compress-algo ZLIB<br>> disable-cipher-algo 3DES<br>> #weak-digest SHA1<br>> s2k-cipher-algo AES256<br>> s2k-digest-algo SHA512<br>> s2k-mode 3<br>> s2k-count 65011712<br><br>Then reset the passphrase of the private key, using the above settings, then export the private key to file. Here is the output of command of --list-packets :<br><br>> iter+salt S2K, algo: 9, SHA1 protection, hash: 10, salt: 12d208a128163024<br>> protect count: 65011712 (255)<br><br>This idea comes from the links: <a href="https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1">https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1</a> , <a href="https://security.stackexchange.com/a/90617">https://security.stackexchange.com/a/90617</a><br><br><br>3. There is a small tool along with the command of --list-packets, called pgpdump which is available at <a href="https://www.mew.org/~kazu/proj/pgpdump/en/">https://www.mew.org/~kazu/proj/pgpdump/en/</a> , to provide more details of the private key file.<div><br></div><div><br></div><div>Best regards<br><br></div></div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 6 Nov 2020 at 16:27, Gao Xiaohui via Gnupg-users <<a href="mailto:gnupg-users@gnupg.org">gnupg-users@gnupg.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div><span style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt">Hello,</span><br>
</div>
<div dir="ltr">
<div>
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Excuse me,When using "gpg --list-packets [private secret key file]",it print "iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ****************", how to change "algo:7" and "hash:2"? </div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I searched on Google, it use the "gpg --gen-key" or "gpg --edit-key" command with "--s2k-cipher-algo AES256" and "--s2k-digest-algo SHA512" options could change them, but I tested,It could not change them. Tell me the correct way please.Thank you very much.<br>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a></blockquote></div>