Next: , Previous: , Up: GPG Options   [Contents][Index]


3.2.5 Compliance options

These options control what GnuPG is compliant to. Only one of these options may be active at a time. Note that the default setting of this is nearly always the correct one. See the INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below before using one of these options.

--gnupg

Use standard GnuPG behavior. This is essentially OpenPGP behavior (see --openpgp), but with some additional workarounds for common compatibility problems in different versions of PGP. This is the default option, so it is not generally needed, but it may be useful to override a different compliance option in the gpg.conf file.

--openpgp

Reset all packet, cipher and digest options to strict OpenPGP behavior. Use this option to reset all previous options like --s2k-*, --cipher-algo, --digest-algo and --compress-algo to OpenPGP compliant values. All PGP workarounds are disabled.

--rfc4880

Reset all packet, cipher and digest options to strict RFC-4880 behavior. Note that this is currently the same thing as --openpgp.

--rfc2440

Reset all packet, cipher and digest options to strict RFC-2440 behavior.

--rfc1991

Try to be more RFC-1991 (PGP 2.x) compliant.

--pgp2

Set up all options to be as PGP 2.x compliant as possible, and warn if an action is taken (e.g. encrypting to a non-RSA key) that will create a message that PGP 2.x will not be able to handle. Note that ‘PGP 2.x’ here means ‘MIT PGP 2.6.2’. There are other versions of PGP 2.x available, but the MIT release is a good common baseline.

This option implies --rfc1991 --disable-mdc --no-force-v4-certs --escape-from-lines --force-v3-sigs --allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP. It also disables --textmode when encrypting.

--pgp6

Set up all options to be as PGP 6 compliant as possible. This restricts you to the ciphers IDEA (if the IDEA plugin is installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160, and the compression algorithms none and ZIP. This also disables –throw-keyids, and making signatures with signing subkeys as PGP 6 does not understand signatures made by signing subkeys.

This option implies --disable-mdc --escape-from-lines --force-v3-sigs.

--pgp7

Set up all options to be as PGP 7 compliant as possible. This is identical to --pgp6 except that MDCs are not disabled, and the list of allowable ciphers is expanded to add AES128, AES192, AES256, and TWOFISH.

--pgp8

Set up all options to be as PGP 8 compliant as possible. PGP 8 is a lot closer to the OpenPGP standard than previous versions of PGP, so all this does is disable --throw-keyids and set --escape-from-lines. All algorithms are allowed except for the SHA224, SHA384, and SHA512 digests.


Next: , Previous: , Up: GPG Options   [Contents][Index]