I've read various tutorials and posts regarding changing the algorithm used to encrypt my private PGP keys. However, nothing I have tried seems to work. I am using gpg4win:
> gpg (GnuPG) 2.3.4
> libgcrypt 1.9.4
> Copyright (C) 2021 g10 Code GmbH
> License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Home: C:\Users\[REDACTED]\AppData\Roaming\gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> AEAD: EAX, OCB
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
My gpg.conf file located at C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is
> personal-digest-preferences SHA512
> cert-digest-algo SHA512
> default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify
> personal-cipher-preferences AES256 AES192 AES
> s2k-mode 3
> s2k-cipher-algo AES256
> s2k-digest-algo SHA512
> s2k-count 65011712
> cipher-algo AES256
I then change the password via
> gpg -vv --expert --edit-key A7AA75FD6A11F453DE501E38D3E3B91787699C75
> passwd
Export the key
> gpg -vv --cipher-algo AES256 --export-secret-keys A7AA75FD6A11F453DE501E38D3E3B91787699C75 -a > key.txt
and then inspect it
> gpg --list-packets key.txt
which then outputs
> :secret key packet:
> ...
> iter+salt S2K, algo: 7, SHA1 protection, hash: 2,
> ...
This would seem to suggest that the key is still encrypted using AES128 (algo 7) and a SHA1 hash. Further, inspecting the contents of $GNUPGHOME/private-keys-v1.d/ shows files with the following lines
> ...
> (protected openpgp-s2k3-ocb-aes ((sha1 ...
> ...
What am I missing? Any help or advice would be very much appreciated.
Yours,
Dan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
> gpg (GnuPG) 2.3.4
> libgcrypt 1.9.4
> Copyright (C) 2021 g10 Code GmbH
> License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Home: C:\Users\[REDACTED]\AppData\Roaming\gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> AEAD: EAX, OCB
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
My gpg.conf file located at C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is
> personal-digest-preferences SHA512
> cert-digest-algo SHA512
> default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify
> personal-cipher-preferences AES256 AES192 AES
> s2k-mode 3
> s2k-cipher-algo AES256
> s2k-digest-algo SHA512
> s2k-count 65011712
> cipher-algo AES256
I then change the password via
> gpg -vv --expert --edit-key A7AA75FD6A11F453DE501E38D3E3B91787699C75
> passwd
Export the key
> gpg -vv --cipher-algo AES256 --export-secret-keys A7AA75FD6A11F453DE501E38D3E3B91787699C75 -a > key.txt
and then inspect it
> gpg --list-packets key.txt
which then outputs
> :secret key packet:
> ...
> iter+salt S2K, algo: 7, SHA1 protection, hash: 2,
> ...
This would seem to suggest that the key is still encrypted using AES128 (algo 7) and a SHA1 hash. Further, inspecting the contents of $GNUPGHOME/private-keys-v1.d/ shows files with the following lines
> ...
> (protected openpgp-s2k3-ocb-aes ((sha1 ...
> ...
What am I missing? Any help or advice would be very much appreciated.
Yours,
Dan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
