PGP Keys are capable of multiple Encoding methods, Ciphers, Hashes and Compressions. This article will discuss all of these Advanced Key settings available for PGP Keys and how it works in PGP Desktop VS PGP Command Line
When creating a PGP keypair, you have the option to specify advanced settings for your key. This option is available by clicking the Advanced button on the Name and Email Assignment screen in the PGP Key Generation Assistant.
Key type
To view your Key properties within PGP Desktop, simply double-click on the key:
If you would like to see the ciphers and hashes, run the following command where you list the Key ID for the key in question:
pgp --list-key-details 0xBF27E93E
The following output will be displayed:
C:\>pgp --list-key-details
Key Details: user <user@example.com>
Key ID: 0xBF27E93E (0x6DCAA00CBF27E93E)
Type: RSA (v4) key pair
Size: 2048
Validity: Complete
Trust: Implicit (Axiomatic)
Created: 2024-01-11
Expires: Never
Status: Active
Cipher: AES-256
Cipher: AES-128
Cipher: AES-192
Cipher: TripleDES
Hash: SHA-256
Hash: SHA-512
Compress: ZLIB
Photo: No
Revocable: Yes
Token: No
Keyserver: Absent
Default: Yes
Wrapper: No
Prop Flags: Sign user IDs
Prop Flags: Sign messages
Prop Flags: PGP NetShare
Prop Flags: PGP WDE
Prop Flags: PGP ZIP
Prop Flags: PGP Messaging
Ksrv Flags: Absent
Feat Flags: Modification detection
Notations: 01 0x80000000 preferred-email-encoding@pgp.com=pgpmime
Usage: Sign user IDs
Usage: Sign messages
Subkey ID: 0x027BBDF4 (0x4C4927E7027BBDF4)
Type: RSA (v4) subkey pair
Size: 2048
Created: 2020-09-11
Expires: Never
Status: Active
Revocable: Yes
Token: No
X.509: No
Prop Flags: Encrypt communications
Prop Flags: Encrypt storage
Prop Flags: PGP NetShare
Prop Flags: PGP WDE
Prop Flags: PGP ZIP
Prop Flags: PGP Messaging
Notations: None
Usage: Encrypt communications
Usage: Encrypt storage
Usage: PGP NetShare
Usage: PGP WDE
Usage: PGP ZIP
Usage: PGP Messaging
ADK: None
Revoker: None
Generate separate signing subkey
Select this box if you need a separate subkey for signing. A separate Signing Subkey is created along with the new keypair. You can also create additional signing or encryption subkeys any time after the new key has been created. This is more rare and not typically needed.
In this example, you can see there is only one Subkey and it is for both encryption:
If you have a subkey that is used for both Signing and Encryption, you'll see two icons:
Key size
Type from 1024 bits to 4096 bits. The Default Key Size is 2048. The larger the key, the more secure it is, but could take longer to generate.
Expiration
Select Never or specify a date on which the keypair you are creating will expire.
Allowed Ciphers
Deselect any cipher you do not want the keypair you are creating to support.
Preferred Cipher
The Preferred Cipher is the cipher you would like to have be used by those who encrypt to your key. This cipher will be used first and if the encrypting entity can't use this cipher, other allowed ciphers will be used. Select the cipher you want to be used in those cases where no algorithm is specified. Only a cipher that is allowed can be selected as preferred.
The checked Cipher denotes what is preferred.
PGP Command Line will use the Cipher first in the list as the preferred Cipher.
Allowed Hashes
Deselect any hash you do not want the keypair you are creating to support.
Preferred Hash
The same rules apply here as they did with the Preferred Cipher. Select the hash you want to be used in those cases where no hash is specified. Only a hash that is allowed can be selected as preferred.
The checked Hash denotes what is preferred.
PGP Command Line will use the first Hash in the list as the preferred Hash.
Compression
You can also have a Preferred Compression. The checked Compression denotes what is preferred.
PGP Command Line will use the first Compression in the list as the preferred compression. Review the text output above as an example.
The "Encoding" is typically chosen automatically. The Default value for Encoding is "PGP/MIME", which is a widely-used encryption encoding standard and offers the most compatibility. You can change this in the Key properties as needed.
If you have the Private portion of the Key, then you can check the encoding that is desired. PGP/MIME is recommended as it is the most wisely used.