Monday, January 02, 2017

[xevirvht] gpg setpref string

gpg --edit-key

setpref S9 S10 S13 S8 S12 S7 S4 S11 S3 S1 S2 H11 H9 H10 H8 H3 H2 H1 Z0 Z3 Z2 Z1 mdc no-ks-modify

This translates to (showpref)

Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES, BLOWFISH, CAMELLIA128, CAST5, IDEA, 3DES
Digest: SHA224, SHA384, SHA512, SHA256, RIPEMD160, SHA1, MD5
Compression: Uncompressed, BZIP2, ZLIB, ZIP
Features: MDC, Keyserver no-modify

Principle on ciphers and digests: Be liberal in what you accept.  This is much more ciphers and digests than the default preferences.  It is hard to imagine, but if a sender wants to send you something but can only use some weird but still-believed-to-be-secure ciphers, there's no reason to stop them.  I suppose it does open you up to exploits in rarely used code paths as you decrypt.

Prefer ciphers with larger keys over smaller keys.  Prefer ciphers with larger block sizes over smaller.  Prefer AES family over other less scrutinized ciphers.  Prefer Bruce Schneier ciphers because maybe his popularity has caused his ciphers to be more scrutinized.

Digests (hash functions): prefer digests which do not dump their entire state.  Prefer shorter digests over long, because that affects message size.  (I suppose cipher key size also affects message size.)  Accept MD5 because collision attack is not applicable.

Compression: prefer no compression because compression can leak information about the plaintext.  But if you are going to use compression, then use the best one.

The list of features available appears not to be documented anywhere.  Reading the source code, 1.4.21, those are the only two features available.

Beware that in 1.4 and 2.0, setting the preferences of a secret key, then exporting then importing the secret key will reset the preferences to default.

Finally, consider increasing the number of password hashing iterations protecting your private key.

No comments :