1
According to RFC 4880,
String-to-key (S2K) specifiers are used to convert passphrase strings into symmetric-key encryption/decryption keys. They are used in two places, currently: to encrypt the secret part of private keys in the private keyring, and to convert passphrases to encryption keys for symmetrically encrypted messages.
The latter works:
The former, for the secret part of private keys, does not:
gpg2 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-mode 3 --s2k-count 65000000 --export-secret-keys | gpg2 --list-packets
Which shows a result that includes:
iter+salt S2K, **algo: 7**, **SHA1 protection**, **hash: 2**,
**protect count: 13107200**.
So, it's a discreet, de facto downgrade to AES128 and GPU-friendly SHA-1 from what was expected. This problem was brought up here (about 42 months ago), and then lessened in urgency as a question after two years of inaction.
Gpg-agent has a default that limits the time that the KDF can take.
What can one do to get the s2k specifiers to fully work?
(Or at least get the same effect of significantly increasing the iteration count, which makes password cracking tough for the attacker)
1
Crossdupe https://security.stackexchange.com/a/149371/39571 which is probably a better place for it. (This is how-to-use-crypto-in-a-program not how-crypto-works.)
– dave_thompson_085 – 2018-06-18T01:36:57.030@ dave_thompson_085 Thank you! I need to search the other stackexchange sites before I post any question. That said, I wonder if anyone could give a clear answer. What can be done to get the s2k specifiers to work for private keys? – None – 2018-06-21T08:59:01.110
(1) hope the devs agree to the wishlist item and wait for them to do it (2) it's open source, do it yourself (but if you distribute, comply with GPL) (3) go back to 2.0 (or less?) and set at generation time (4) use something else instead of (or at least in addition to) gpg :-( – dave_thompson_085 – 2018-06-22T07:17:00.730
@ dave_thompson_085 Thanks again! Well, please fill me on point 4. What can I use that is better than GPG, or at least will complement it? I am very curious to know. – None – 2018-06-22T11:24:43.383
I'm sure there are other possibilites, but personally I would use BouncyCastle's 'bcpg' http://www.bouncycastle.org/latest_releases.html because Java is the fastest and easiest for me to code in.
– dave_thompson_085 – 2018-06-24T06:40:30.760@ dave_thompson_085 I need to turn my attention towards this and leave GPG2 in the dust. – None – 2018-06-24T12:47:31.663