Embedded Files
GnuPG allows you to set algorithm preferences for encryption/decryption, secure checksum, and compression algorithms. In order GnuPG versions, by default, those settings were kind of outdated. Hence, you need to update them accordingly. This section guides you on how to configure primary key's algorithms.
Verify Your Primary "Certify" Key Is Available
Verify Your Primary "Certify" Key Is Available
For advanced users who deleted their "certify" capability secret key, you need to restore it back for key creations. You can verify it by using the following command:
$ gpg --list-secret-keysExample:
$ gpg --list-secret-keys...---------------------------sec rsa4096 2020-01-10 [C] AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EFuid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>You want to observe the key with [C] capability and the sec label does not have a hash ("sec#"). If it does, you need to restore the key by loading the backup copy and use the following command to restore it:
$ gpg --import /path/to/you/key.ascSet Algorithms
Set Algorithms
Once done, it's time to set the algorithms.
Obtain Your Primary Key ID
Obtain Your Primary Key ID
We start off by obtaining your primary key ID. This is by using the following command and find your key:
$ gpg --list-secret-keysExample:
$ gpg --list-secret-keys...---------------------------sec rsa4096 2020-01-10 [C] AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EFuid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>ssb rsa4096 2020-01-10 [S] [expires: 2022-01-09]ssb rsa4096 2020-01-10 [E] [expires: 2022-01-09]ssb rsa4096 2020-01-10 [A] [expires: 2022-01-09]ssb ed25519 2020-01-10 [S] [expires: 2022-01-09]ssb ed25519 2020-01-10 [A] [expires: 2022-01-09]ssb cv25519 2020-01-10 [E] [expires: 2022-01-09]You want the long string under the [C] key. In the example above, it is: AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF.
Edit Primary Key
Edit Primary Key
With the key ID identified, it's time to edit the key. Use the following command pattern to edit the key:
$ gpg --expert --edit-key <key-id>From the example above, it is:
$ gpg --expert --edit-key AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EFYou will be presented with the gpg key editor's main menu. It looks something like:
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Secret key is available.sec rsa4096/F5EF57A0FB4EF0EF created: 2020-01-10 expires: never usage: C trust: ultimate validity: ultimatessb rsa4096/66F2E45747AB2C90 created: 2020-01-10 expires: 2022-01-09 usage: S ssb rsa4096/9D485C5208D0859F created: 2020-01-10 expires: 2022-01-09 usage: E ssb rsa4096/90939A7DBBFC226D created: 2020-01-10 expires: 2022-01-09 usage: A ssb ed25519/16972F736B59F874 created: 2020-01-10 expires: 2022-01-09 usage: S ssb ed25519/D22D6E1FD575E506 created: 2020-01-10 expires: 2022-01-09 usage: A ssb cv25519/25252612A403B41C created: 2020-01-10 expires: 2022-01-09 usage: E [ultimate] (1). "Shotgun" John, Smith <john.smith@company.com>[ultimate] (2) "Shotgun" John, Smith (Main ID) <john.smith@email.com>gpg> Show Current Preference
Show Current Preference
Now, let's check the current preferences. Use showpref command:
gpg> showpref[ultimate] (1). "Shotgun" John, Smith <john.smith@company.com> Cipher: AES256, AES192, AES, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify[ultimate] (2) "Shotgun" John, Smith (Main ID) <john.smith@email.com> Cipher: AES256, AES192, AES, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modifygpg> Set Preference
Set Preference
With that in mind, we can now set the preferences using setpref command. Before we do, we need to populate the list in this order:
<hash 1> <hash 2> ... <hash n> <cipher 1> <cipher 2> ... <cipher n> <comp 1> <comp 2> ... <comp n>If the primary key is passphrase protected, GPG may ask for it for authentication purposed.
Once you're done, we can then issue the command with setpref. You will be prompted for confirmation. Give y to confirm.
gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP UncompressedSet preference list to: Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modifyReally update the preferences? (y/N) ygpg: WARNING: no user ID has been marked as primary. This command may cause a different user ID to become the assumed primary.sec rsa4096/F5EF57A0FB4EF0EF created: 2020-01-10 expires: never usage: C trust: ultimate validity: ultimatessb rsa4096/66F2E45747AB2C90 created: 2020-01-10 expires: 2022-01-09 usage: S ssb rsa4096/9D485C5208D0859F created: 2020-01-10 expires: 2022-01-09 usage: E ssb rsa4096/90939A7DBBFC226D created: 2020-01-10 expires: 2022-01-09 usage: A ssb ed25519/16972F736B59F874 created: 2020-01-10 expires: 2022-01-09 usage: S ssb ed25519/D22D6E1FD575E506 created: 2020-01-10 expires: 2022-01-09 usage: A ssb cv25519/25252612A403B41C created: 2020-01-10 expires: 2022-01-09 usage: E [ultimate] (1) "Shotgun" John, Smith <john.smith@company.com>[ultimate] (2). "Shotgun" John, Smith (Main ID) <john.smith@email.com>gpg> Confirm New Changes
Confirm New Changes
Now that you completed the editing, proceed to confirm the changes by using showpref command again. This time, you can check the preferences are changed to your specified algorithms.
Once you're done, you may proceed to quit the interface. You may be asked for save changes, give it a y to confirm. Otherwise, restart the whole sequence.
gpg> showpref[ultimate] (1). "Shotgun" John, Smith <john.smith@company.com> Cipher: AES256, AES192, AES, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify[ultimate] (2) "Shotgun" John, Smith (Main ID) <john.smith@email.com> Cipher: AES256, AES192, AES, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modifygpg> quitSave changes? (y/N) yUpdate Your New Public Key
Update Your New Public Key
Now that your preferences are set, you need to update the key-server or re-distribute the public key to all your recipients again. This is mainly because the new public key (with the same fingerprint) carries your preferences. How to distribute is outside of this section's scope. You may seek "Distribute" in the index page.
That's all for configuring GPG primary key algorithms.
Page updated
Google Sites
Report abuse