Prefer AES256 and SHA512

inKdahood · June 9, 2024, 2:38pm

Hello,

First I need to say I’m new with gpg so maybe I miss something somewhere in my research.

Help me understand something :
every where on internet we can read, SHA1 and AES128 is deprecated, and that since a long time now. We can also read that AES256 and SHA512 are the actual cipcher and digest all should use for security reason, ok until here I can understand.
So I modify gpg.conf to don’t use SHA1 and AES128 and always prefer AES256 and SHA512 I also set S2K to use SHA512 and AES256. So here my settings should be OK, let’s create a keypair with gpg --full-generate-key…
My key is finally created it’s a RSA 4096 keypair great now I want to know if my settings are applied correctly to that keypair
So I export public and private key and execute PGPDUMP on both.
In the output of the private key surprise me a bit I obtain this:

Secret Key Packet
Pub alg - RSA Encrypt or Sign(pub 1)
        RSA n(4096 bits) - ...
        RSA e(17 bits) - ...
        Sym alg - AES with 128-bit key(sym 7)
        Iterated and salted string-to-key(s2k 3):
                Hash alg - SHA1(hash 2)

Why the S2K hash use SHA1 and sym-alg use AES128 even with gpg.conf set to not use it and why gpg use these algo are deprecated???

why gpg use the wrong algo cipher and digest for my secret key?
why gpg finally use the right algo in Signature Packet on the same private key(yes in signature packet I can read SHA512 and AES256 as prefered order

why the public key of that same gpg key use AES256 and SHA512 if the private use SHA1 and AES128 ???
and last question how can I “force” gpg to use the algo I choose on the private key when generate a new keypair?

I hope my question is understandable English is not my first language so don’t hesitate to ask me more details or whatever you need to understand what I ask for thanks for those who will respond to me =)

cklassen · June 13, 2024, 7:08am

How does your gpg.conf look like? Riseup offers an instruction how to configure the algorithms of GnuPG.

inKdahood · June 14, 2024, 5:48pm

Hello my gpg.conf look like this

# GnuPG config file created by KGpg

list-options show-photos
verify-options show-photos
fixed-list-mode
keyid-format 0xlong
with-fingerprint
personal-cipher-preferences AES256
personal-digest-preferences SHA512
default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed
cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512

compress-algo ZLIB
disable-cipher-algo 3DES
weak-digest SHA1
weak-digest SHA256
weak-digest SHA384
weak-digest RIPEMD160
verify-options show-uid-validity
list-options show-uid-validity
no-emit-version
no-comments
export-options export-minimal

s2k options

s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712

But the new key created with that gpg.conf use s2k on SHA1 and AES128 I found on another forum that need to be set up in gpg-agent.conf but even with that file in /home/user/.gnupg that dosen’t work.

inKdahood · June 14, 2024, 6:02pm

To clarify my first post, I learn a lot this week so ok I understand AES128 and SHA1 are not deprecated and still resist to attack actually, but if SHA512 and AES256 are better security why S2K don’t use these algos? even with line S2K-digest-algo SHA512 and S2K-cipher-algo AES256 line in gpg.conf.