Advanced PGP Key Settings - PGP Desktop and PGP Command Line - Preferred Ciphers, Hashes, and Compressions
search cancel

Advanced PGP Key Settings - PGP Desktop and PGP Command Line - Preferred Ciphers, Hashes, and Compressions

book

Article ID: 153518

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

PGP Keys are capable of multiple Encoding methods, Ciphers, Hashes and Compressions.  This article will discuss all of these Advanced Key settings available for PGP Keys and how it works in PGP Desktop VS PGP Command Line

Resolution

When creating a PGP keypair, you have the option to specify advanced settings for your key. This option is available by clicking the Advanced button on the Name and Email Assignment screen in the PGP Key Generation Assistant.

Key type

  • RSA (Recommended and the Default Key type)
  • Diffie-Hellman/DSS (Legacy)

 

To view your Key properties within PGP Desktop, simply double-click on the key:

 

If you would like to see the ciphers and hashes, run the following command where you list the Key ID for the key in question:

 

pgp --list-key-details 0xBF27E93E 

 

The following output will be displayed:

C:\>pgp --list-key-details
Key Details: user <[email protected]>
     Key ID: 0xBF27E93E (0x6DCAA00CBF27E93E)
       Type: RSA (v4) key pair
       Size: 2048
   Validity: Complete
      Trust: Implicit (Axiomatic)
  Created: 2024-01-11
    Expires: Never
     Status: Active
     Cipher: AES-256
     Cipher: AES-128
     Cipher: AES-192
   Cipher: TripleDES
       Hash: SHA-256
       Hash: SHA-512
   Compress: ZLIB
      Photo: No
  Revocable: Yes
      Token: No
  Keyserver: Absent
    Default: Yes
    Wrapper: No
 Prop Flags: Sign user IDs
 Prop Flags: Sign messages
 Prop Flags: PGP NetShare
 Prop Flags: PGP WDE
 Prop Flags: PGP ZIP
 Prop Flags: PGP Messaging
 Ksrv Flags: Absent
 Feat Flags: Modification detection
  Notations: 01 0x80000000 [email protected]=pgpmime
      Usage: Sign user IDs
      Usage: Sign messages

  Subkey ID: 0x027BBDF4 (0x4C4927E7027BBDF4)
       Type: RSA (v4) subkey pair
       Size: 2048
    Created: 2020-09-11
    Expires: Never
     Status: Active
  Revocable: Yes
      Token: No
      X.509: No
 Prop Flags: Encrypt communications
 Prop Flags: Encrypt storage
 Prop Flags: PGP NetShare
 Prop Flags: PGP WDE
 Prop Flags: PGP ZIP
 Prop Flags: PGP Messaging
  Notations: None
      Usage: Encrypt communications
      Usage: Encrypt storage
      Usage: PGP NetShare
      Usage: PGP WDE
      Usage: PGP ZIP
      Usage: PGP Messaging

        ADK: None

    Revoker: None

 

 

Generate separate signing subkey
Select this box if you need a separate subkey for signing. A separate Signing Subkey is created along with the new keypair. You can also create additional signing or encryption subkeys any time after the new key has been created.  This is more rare and not typically needed. 

In this example, you can see there is only one Subkey and it is for both encryption: 

If you have a subkey that is used for both Signing and Encryption, you'll see two icons:

 

 



Key size
Type from 1024 bits to 4096 bits.  The Default Key Size is 2048. The larger the key, the more secure it is, but could take longer to generate.  

Expiration
Select Never or specify a date on which the keypair you are creating will expire.

Allowed Ciphers
Deselect any cipher you do not want the keypair you are creating to support.

Preferred Cipher
The Preferred Cipher is the cipher you would like to have be used by those who encrypt to your key.  This cipher will be used first and if the encrypting entity can't use this cipher, other allowed ciphers will be used.   Select the cipher you want to be used in those cases where no algorithm is specified. Only a cipher that is allowed can be selected as preferred.

The checked Cipher denotes what is preferred.

PGP Command Line will use the Cipher first in the list as the preferred Cipher.



Allowed Hashes
Deselect any hash you do not want the keypair you are creating to support.

Preferred Hash
The same rules apply here as they did with the Preferred Cipher.  Select the hash you want to be used in those cases where no hash is specified. Only a hash that is allowed can be selected as preferred.

The checked Hash denotes what is preferred.

PGP Command Line will use the first Hash in the list as the preferred Hash.

 

Compression
You can also have a Preferred Compression.  The checked Compression denotes what is preferred.

PGP Command Line will use the first Compression in the list as the preferred compression.  Review the text output above as an example.


 

The "Encoding" is typically chosen automatically.  The Default value for Encoding is "PGP/MIME", which is a widely-used encryption encoding standard and offers the most compatibility.   You can change this in the Key properties as needed. 

If you have the Private portion of the Key, then you can check the encoding that is desired.  PGP/MIME is recommended as it is the most wisely used.