1

I already created a PGP key-pair in Thunderbird Enigmail on Ubuntu. Now I would like to change the key, so it uses preferably Camellia-256 for encryption.

How can I change the preferred algorithm from AES 256 to Camellia-256 in my existing key?

UPDATE:
I want to find out how to add the information that I prefer CAMELLIA256 to my already existing PGP key. I guess this can be done using the commandline somehow like gpg2 --edit-key ... and use setpref CAMELLIA256 somehow, but I cannot find a good site that explains this syntax

rubo77
  • 2,370
  • 10
  • 26
  • 49
  • This is a software-specific configuration question. – schroeder Feb 26 '15 at 21:40
  • 1
    GPG under the hood of anything is very much like GPG under the hood of everything else. The only thing that changes are the paths and that question even tells you how to get GPG to tell you the path. – gowenfawr Feb 26 '15 at 21:48
  • I slightly changed the linked question to make it more general, as the answers indeed are valid for both operating systems. – Jens Erat Feb 26 '15 at 22:45
  • The linked answer only shows how to change the behaviour, but here I want to find out how to **add** the information that I prefer CAMELLIA256 to my already **existing PGP key** – rubo77 Feb 26 '15 at 23:31
  • I think, the duplicate link is not correct. The other question is not about the preferred cipher in the keys, but this one is. However, there is also [this question and answer](https://security.stackexchange.com/a/90598/134095). – not2savvy Dec 13 '22 at 14:14

1 Answers1

0

You can look up available algorithms by running gpg --version, An example output might include:

Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256

Start the edit menu using gpg --edit-key [key-id] (replacing [key-id] with your key id, and you might have to use gpg.exe again as described above). Inside, you can use showpref to list the currently set up preferences, and setpref to change them. The user interface for doing so is horrible, and you have to provide a long list of cipher, digest and compression algorithms, while the preferred ones always have to be listed first.

An article on debian-administration.org also describes this procedure, and proposes following preferences, which seem reasonable:

setpref CAMELLIA256 SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

(There will be a preview of the result, before you really edit the key)

Additionally for future keys, to enforce the use of CAMELLIA256, edit your gpg.conf file and add following line:

personal-cipher-preferences CAMELLIA256
rubo77
  • 2,370
  • 10
  • 26
  • 49