[Gpg4win-users-en] Changing the encryption algorithm used for PGP/GPG private key

Daniel Colquitt hello at danielcolquitt.com
Sat Feb 12 21:32:51 CET 2022


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I've read various turorials and posts regarding changing the algorithm used to encrypt my private PGP keys. However, nothing I have tried seems to work. I am using gpg4win:

———
gpg (GnuPG) 2.3.4
libgcrypt 1.9.4
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:\Users\[REDACTED]\AppData\Roaming\gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
———

My gpg.conf file located at C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is

———
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify
personal-cipher-preferences AES256 AES192 AES
s2k-mode 3
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-count 65011712
cipher-algo AES256
———

I then change the password via

———
gpg -vv --expert --edit-key A7AA75FD6A11F453DE501E38D3E3B91787699C75
passwd
———

Export the key

———
gpg -vv --cipher-algo AES256 --export-secret-keys A7AA75FD6A11F453DE501E38D3E3B91787699C75 -a > key.txt
———

and then inspect it

———
gpg --list-packets key.txt
———

which then outputs

———
:secret key packet:
    ...
    iter+salt S2K, algo: 7, SHA1 protection, hash: 2,
    ...
———

This would seem to suggest that the key is still encrypted using AES128 (algo 7) and a SHA1 hash.

What am I missing? Any help or advice would be very much appreciated.

Yours,
Dan

-----BEGIN PGP SIGNATURE-----

iF4EARYKAAYFAmIIGQsACgkQ0+O5F4dpnHUr6AEA4jtaAKNRguCl+mnMLEyKMP0srt1ZckDaBZDR
nJ7w3dYBAKyFCbAoGXuqk6TdtCyQdVJU8jHY36uk1TZnws9G8/EC
=hwGt
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20220212/3d237583/attachment.html>


More information about the Gpg4win-users-en mailing list