Page MenuHome GnuPG

Exclude 3DES Cipher and SHA1 Digest
Closed, ResolvedPublic


I'm trying to exclude 3DES and SHA1 from the key. But it doesnot allow me.
I have used the following.
gpg> setpref AES256 AES192 AES CAST5 SHA512 SHA384 SHA256 SHA224 ZLIB BZIP2 ZIP Uncompressed
GPG automatically adds 3DES and SHA1.

Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify

I have tried to use config file but it doesn't take effect. Following is my config file.

Avoid information leaked

export-options export-minimal

Displays the long format of the ID of the keys and their fingerprints

keyid-format 0xlong

Displays the validity of the keys

list-options show-uid-validity
verify-options show-uid-validity

Limits the algorithms used

personal-cipher-preferences AES256
personal-digest-preferences SHA512
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES Uncompressed
#default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed

cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo ZLIB

disable-cipher-algo 3DES
weak-digest SHA1

s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712




Event Timeline

werner claimed this task.
werner added projects: Not A Bug, gnupg, OpenPGP.
werner added a subscriber: werner.

OpenPGP (RFC-4880) requires support for 3DES and SHA-1 thus you can't disable them. However, they are not used in practice because the key preference guarantee the use of more modern algorithms,