Re: Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)

2022-02-24 Thread Bernhard Reiter
Am Sonntag 20 Februar 2022 09:30:36 schrieb Daniel Colquitt via Gnupg-users: > I agree with you, and Robert Hansen above, insofar as there is no practical > weakness in using SHA-1 as part of a key derivation algorithm. (for protecting exported private keys) > Nevertheless it does seem

Re: Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)

2022-02-20 Thread Robert J. Hansen via Gnupg-users
Whoever told you SHA-1 is broken was gravely in error. There are certain areas of the cryptographic space where it is no longer recommended. There are others where it's strong as a rock.As part of an iterated key derivation function, SHA-1 is still believed safe.  There's no reason to shy away

RE: Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)

2022-02-20 Thread Daniel Colquitt via Gnupg-users
> Has it really been that long? ... No, it has not been: a free-start collision was > found on the SHA-1 compression function in 2015, less than > 7 years ago. > > As far as I know, a single collision pair ("SHAttered") has been produced, > using about 9 months on a very large cluster, against

Re: Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)

2022-02-19 Thread Jacob Bachmeyer via Gnupg-users
Daniel Colquitt via Gnupg-users wrote: Whilst AES128 is probably okay for now, SHA1 has been broken for well over 15 years. Has it really been that long? ... No, it has not been: a free-start collision was found on the SHA-1 compression function in 2015, less than 7 years ago. As far as

Re: Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)

2022-02-19 Thread Daniel Colquitt via Gnupg-users
> On 19 Feb 2022, at 14:52, Werner Koch wrote: > > gpg does not encrypt private keys. This is done by gpg-agent. The > method how the keys are protected internally are out of scope for > OpenPGP. See gnupg/agent/keyformat.txt for the specification of the > internal format. Apologies for

Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)

2022-02-19 Thread Werner Koch via Gnupg-users
On Fri, 18 Feb 2022 13:08, Daniel Colquitt said: > Is the suggestion the gpg does not respect these flags when applying > symmetric encryption to keys? gpg does not encrypt private keys. This is done by gpg-agent. The method how the keys are protected internally are out of scope for OpenPGP.

Re: Changing the encryption algorithm used for PGP/GPG private key

2022-02-19 Thread Daniel Colquitt via Gnupg-users
Hi Vedaal, > Try this: > In gpg.conf file add the option of > --expert > and in personal preferences, list only AES 256, > Not the other strengths. > Keep all of the s2k options you listed, and try generating a new key again > Vedaal Many thanks for the suggestion, but I’m afraid that this

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread vedaal via Gnupg-users
On 2/18/2022 at 3:12 AM, "Daniel Colquitt via Gnupg-users" wrote:Just to follow up that this isn't a gpgwin problem. I have a Debian installation and generated a test key using GnuPG and the same gpg.conf file = Try this: In gpg.conf file add the option of --expert and in personal

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Daniel Colquitt via Gnupg-users
Thanks for responding, Ingo. > As far as I can tell `man gpg` does not claim that any of these settings > influence the encryption of secret keys. According to the manual, the --s2k-* flags control

Re: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Ingo Klöcker
On Montag, 14. Februar 2022 10:36:25 CET Daniel Colquitt via Gnupg-users wrote: > I've read various tutorials and posts regarding changing the algorithm used to encrypt my private PGP keys. However, nothing I have tried seems to work. I am using gpg4win: [...] > My gpg.conf file located at >

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Daniel Colquitt via Gnupg-users
Just to follow up that this isn't a gpgwin problem. I have a Debian installation and generated a test key using GnuPG and the same gpg.conf file. Here is the output > gpg --list-packets test.key > # off=0 ctb=95 tag=5 hlen=3 plen=1862 > :secret key packet: >version 4, algo 1, created

Changing the encryption algorithm used for PGP/GPG private key

2022-02-14 Thread Daniel Colquitt via Gnupg-users
I've read various tutorials and posts regarding changing the algorithm used to encrypt my private PGP keys. However, nothing I have tried seems to work. I am using gpg4win: > gpg (GnuPG) 2.3.4 > libgcrypt 1.9.4 > Copyright (C) 2021 g10 Code GmbH > License GNU GPL-3.0-or-later