Page MenuHome GnuPG

gpg2 man pages for s2k-* options are invalid
Closed, ResolvedPublic


Per this note from Werner the s2k-* options are all ignored as it relates to mangling the secret key passphrase:

"With GnuPG 2.1 the s2k options are only used for --symmetric encryption."

However, the man pages for gnupg 2.1.10 have not been updated to reflect this change in behavior and some might be using
these options (which used to work as the man page suggests prior to 2.1.x) with the intention of customizing their security
level but unaware that their options are being silently ignored.

The man pages currently show:

--s2k-cipher-algo name
Use name as the cipher algorithm used to protect secret keys. The default cipher is AES-128. This cipher is
also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not

--s2k-digest-algo name
Use name as the digest algorithm used to mangle the passphrases. The default algorithm is SHA-1.

--s2k-mode n
Selects how passphrases are mangled. If n is 0 a plain passphrase (which is not recommended) will be used, a 1
adds a salt to the passphrase and a 3 (the default) iterates the whole process a number of times (see --s2k-
count). Unless --rfc1991 is used, this mode is also used for symmetric encryption with a passphrase.

--s2k-count n
Specify how many times the passphrase mangling is repeated. This value may range between 1024 and 65011712
inclusive. The default is inquired from gpg-agent. Note that not all values in the 1024-65011712 range are
legal and if an illegal value is selected, GnuPG will round up to the nearest legal value. This option is only
meaningful if --s2k-mode is 3.

I found this while experimenting with suggestions found here:

and could only verify that these options were having no effect after a lot of time experimenting, and viewing the exported
secret key with --list-packets, and after being led astray by the incorrect man page.



Event Timeline

grempe set Version to 2.1.10.
grempe added a subscriber: grempe.

Thanks for reporting. I'll change this for 2.1.11.

Werner, there is a typo in your new commit 56275e4392a7b38abe5fdd84fe9d67599cf5e6d1

'defaulte' should be 'default'

+Use @code{name} as the digest algorithm used to mangle the passphrases
+for symmetric encryption. The defaulte is SHA-1.

Also, might it be beneficial to add this change of behavior to either the man page or
to the 'What's changed in 2.1' docs?


Fixed. Thanks.

The --s2k- options are expert options and should in general not be chnaged at
all. We can't make a list of all such minor chnages related to moving secret
keys to gpg-agent. People who care about this will know anyway.

werner claimed this task.