<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">-----BEGIN PGP SIGNED MESSAGE-----</div><div id="AppleMailSignature" dir="ltr">Hash: SHA512</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">I've read various turorials and posts regarding changing the algorithm used to encrypt my private PGP keys. However, nothing I have tried seems to work. I am using gpg4win:</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr">gpg (GnuPG) 2.3.4</div><div id="AppleMailSignature" dir="ltr">libgcrypt 1.9.4</div><div id="AppleMailSignature" dir="ltr">Copyright (C) 2021 g10 Code GmbH</div><div id="AppleMailSignature" dir="ltr">License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html></div><div id="AppleMailSignature" dir="ltr">This is free software: you are free to change and redistribute it.</div><div id="AppleMailSignature" dir="ltr">There is NO WARRANTY, to the extent permitted by law.</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">Home: C:\Users\[REDACTED]\AppData\Roaming\gnupg</div><div id="AppleMailSignature" dir="ltr">Supported algorithms:</div><div id="AppleMailSignature" dir="ltr">Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA</div><div id="AppleMailSignature" dir="ltr">Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,</div><div id="AppleMailSignature" dir="ltr"> CAMELLIA128, CAMELLIA192, CAMELLIA256</div><div id="AppleMailSignature" dir="ltr">AEAD: EAX, OCB</div><div id="AppleMailSignature" dir="ltr">Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224</div><div id="AppleMailSignature" dir="ltr">Compression: Uncompressed, ZIP, ZLIB, BZIP2</div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">My gpg.conf file located at C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr">personal-digest-preferences SHA512</div><div id="AppleMailSignature" dir="ltr">cert-digest-algo SHA512</div><div id="AppleMailSignature" dir="ltr">default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify</div><div id="AppleMailSignature" dir="ltr">personal-cipher-preferences AES256 AES192 AES</div><div id="AppleMailSignature" dir="ltr">s2k-mode 3</div><div id="AppleMailSignature" dir="ltr">s2k-cipher-algo AES256</div><div id="AppleMailSignature" dir="ltr">s2k-digest-algo SHA512</div><div id="AppleMailSignature" dir="ltr">s2k-count 65011712</div><div id="AppleMailSignature" dir="ltr">cipher-algo AES256</div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">I then change the password via</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr">gpg -vv --expert --edit-key A7AA75FD6A11F453DE501E38D3E3B91787699C75</div><div id="AppleMailSignature" dir="ltr">passwd</div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">Export the key</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr">gpg -vv --cipher-algo AES256 --export-secret-keys A7AA75FD6A11F453DE501E38D3E3B91787699C75 -a > key.txt</div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">and then inspect it</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr">gpg --list-packets key.txt</div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">which then outputs</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr">:secret key packet:</div><div id="AppleMailSignature" dir="ltr"> ...</div><div id="AppleMailSignature" dir="ltr"> iter+salt S2K, algo: 7, SHA1 protection, hash: 2,</div><div id="AppleMailSignature" dir="ltr"> ...</div><div id="AppleMailSignature" dir="ltr">———</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">This would seem to suggest that the key is still encrypted using AES128 (algo 7) and a SHA1 hash.</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">What am I missing? Any help or advice would be very much appreciated.</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">Yours,</div><div id="AppleMailSignature" dir="ltr">Dan</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">-----BEGIN PGP SIGNATURE-----</div><div id="AppleMailSignature" dir="ltr"><br></div><div id="AppleMailSignature" dir="ltr">iF4EARYKAAYFAmIIGQsACgkQ0+O5F4dpnHUr6AEA4jtaAKNRguCl+mnMLEyKMP0srt1ZckDaBZDR</div><div id="AppleMailSignature" dir="ltr">nJ7w3dYBAKyFCbAoGXuqk6TdtCyQdVJU8jHY36uk1TZnws9G8/EC</div><div id="AppleMailSignature" dir="ltr">=hwGt</div><div id="AppleMailSignature" dir="ltr">-----END PGP SIGNATURE-----</div><div><br></div><div id="AppleMailSignature" dir="ltr"></div></body></html>