changed:
-
After having fought with this for some time due to interoperability problems between one of the financial companies we do file exchanges with, I figured I'd explain what was necessary.

As of version 7.0 of NAI's PGP (before NAI dropped PGP entirely and PGP.com rose again like a phoenix), there is an incompatibility in the TWOFISH algorithms used by PGP and GnuPG.  Basically, PGP started using a 256-bit key for TWOFISH, whereas the rest of the world (basically, GnuPG) was still using 128-bit keys.

Sadly, when you generate a new key pair in GnuPG, the default preferences for the public key specify TWOFISH as the default encryption method, with support for 3DES, CAST5 and AES thrown in as well.

As of version 1.2x of GnuPG, however, you can change your public key preferences.  To first see what GnuPG supports, run::

  gpg --version

This should give you output similar to the following::

  gregory@sdgregory(pts/8):~ 24 > gpg --version
  gpg (GnuPG) 1.2.1
  Copyright (C) 2002 Free Software Foundation, Inc.
  This program comes with ABSOLUTELY NO WARRANTY.
  This is free software, and you are welcome to redistribute it
  under certain conditions. See the file COPYING for details.
  Home: ~/.gnupg
  Supported algorithms:
  Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
  Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
  Hash: MD5, SHA1, RIPEMD160
  Compress: Uncompressed, ZIP, ZLIB

Now, to actually go in and view and change our key preferences::

  gregory@sdgregory(pts/8):~ 25 > gpg --edit-key gregory@castandcrew.com
  Secret key is available.
  pub  1024D/FC2D16F5  created: 2002-03-18 expires: never      trust: u/u
  sub  1024g/53131290  created: 2002-03-18 expires: 2003-03-18
  (1). Gregory K. Ade (Sr. Systems Administrator) <gregory@castandcrew.com>
  Command> pref
  pub  1024D/FC2D16F5  created: 2002-03-18 expires: never      trust: u/u
  (1). Gregory K. Ade (Sr. Systems Administrator) <gregory@castandcrew.com>
        S7 S3 S2 H2 H3 Z2 Z1 ![mdc]

That last line there lists our symmetric key preferences (S*), our hashing preferences (H*) and our compression preferences (Z*).  The "![mdc]" is a feature introduced with newer versions of GnuPG, and isn't relevant to this discussion.

Here's a slightly more verbose way to see your public key preferences::

  Command> showpref
  pub  1024D/FC2D16F5  created: 2002-03-18 expires: never      trust: u/u
  (1). Gregory K. Ade (Sr. Systems Administrator) <gregory@castandcrew.com>
       Cipher: AES, CAST5, 3DES
       Hash: SHA1, RIPEMD160
       Compression: ZLIB, ZIP, Uncompressed
       Features: MDC

To actually change our preferences, it would be very helpful to have some sort of table explaining which numbers map to which preferences.  To set and save preferences, GnuPG requires that we enter them similar to the way they're shown with the "pref" command.  The best reference for this is the "Open PGP Message Format, rfc2440":http://www.faqs.org/rfcs/rfc2440.html .  Skip down to section 9 (Constants.)  In section 9, we're most interested in 9.2: Symmetric Key Algorithms.  Reproduced here, the table is::

  9.2. Symmetric Key Algorithms
          ID           Algorithm
          --           ---------
          0          - Plaintext or unencrypted data
          1          - IDEA ![IDEA]
          2          - Triple-DES (DES-EDE, as per spec - 168 bit key derived from 192)
          3          - CAST5 (128 bit key, as per RFC 2144)
          4          - Blowfish (128 bit key, 16 rounds) ![BLOWFISH]
          5          - SAFER-SK128 (13 rounds) ![SAFER]
          6          - Reserved for DES/SK
          7          - Reserved for AES with 128-bit key
          8          - Reserved for AES with 192-bit key
          9          - Reserved for AES with 256-bit key
          100 to 110 - Private/Experimental algorithm.
  Implementations MUST implement Triple-DES. Implementations SHOULD
  implement IDEA and CAST5.Implementations MAY implement any other
  algorithm.

These numbers correspond to the S* codes listed out by the "pref" command.   So, given our existing preferences of "S7 S3 S2 H2 H3 Z2 Z1", let's re-order them so that CAST5 is the first in the list.  Looking at the table above, we see that CAST5 is algorithm number 3.  The new preferences, then, would be "S3 S7 S2 H2 H3 Z2 Z1".

To tell GnuPG we want new preferences, we use the "setpref" and "updpref" commands, like so::

  Command> setpref S3 S7 S2 H2 H3 Z2 Z1

Then, we need to write it to the key::

  Command> updpref
  Current preference list: S3 S7 S2 H2 H3 Z2 Z1 ![mdc]
  Really update the preferences? y
  You need a passphrase to unlock the secret key for
  user: "Gregory K. Ade (Sr. Systems Administrator) <gregory@castandcrew.com>"
  1024-bit DSA key, ID FC2D16F5, created 2002-03-18
  gpg: gpg-agent is not available in this session
  pub  1024D/FC2D16F5  created: 2002-03-18 expires: never      trust: u/u
  sub  1024g/53131290  created: 2002-03-18 expires: 2003-03-18
  (1). Gregory K. Ade (Sr. Systems Administrator) <gregory@castandcrew.com>

Enter your passphrase when asked, and when you get another prompt back, it's done!  Now, you can re-distribute your modified public key to the keyservers and whoever else you'd like.  Since the only change has been to the preferences, the Key ID and Fingerprint remain identical, so there's no need for any re-verification.

Now, any PGP user that wishes to encrypt something to you will send you cyphertext that you can actually decrypt.  Very useful!

-- [Chef]