Exclude 3DES Cipher and SHA1 Digest
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	GnuPG-User
	Aug 11 2020, 9:13 AM

Description

Hi,
I'm trying to exclude 3DES and SHA1 from the key. But it doesnot allow me.
I have used the following.
gpg> setpref AES256 AES192 AES CAST5 SHA512 SHA384 SHA256 SHA224 ZLIB BZIP2 ZIP Uncompressed
GPG automatically adds 3DES and SHA1.

Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify

I have tried to use config file but it doesn't take effect. Following is my config file.

Avoid information leaked

no-emit-version
no-comments
export-options export-minimal

Displays the long format of the ID of the keys and their fingerprints

keyid-format 0xlong
with-fingerprint

Displays the validity of the keys

list-options show-uid-validity
verify-options show-uid-validity

Limits the algorithms used

personal-cipher-preferences AES256
personal-digest-preferences SHA512
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES Uncompressed
#default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed

cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo ZLIB

disable-cipher-algo 3DES
weak-digest SHA1

s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712

Regards,

Details

Version: 2.2.19

Event Timeline

GnuPG-User created this task.Aug 11 2020, 9:13 AM

GnuPG-User created this object in space S1 Public.

OpenPGP (RFC-4880) requires support for 3DES and SHA-1 thus you can't disable them. However, they are not used in practice because the key preference guarantee the use of more modern algorithms,

Exclude 3DES Cipher and SHA1 DigestClosed, ResolvedPublicActions