File: gnupg.info, Node: OpenPGP Options, Next: Compliance Options, Prev: GPG Input and Output, Up: GPG Options 4.2.4 OpenPGP protocol specific options --------------------------------------- '--force-ocb' '--force-aead' Force the use of AEAD encryption over MDC encryption. AEAD is a modern and faster way to do authenticated encryption than the old MDC method. '--force-aead' is an alias and deprecated. See also option '--chunk-size'. '--force-mdc' '--disable-mdc' These options are obsolete and have no effect since GnuPG 2.2.8. The MDC is always used unless the keys indicate that an AEAD algorithm can be used in which case AEAD is used. But note: If the creation of a legacy non-MDC message is exceptionally required, the option '--rfc2440' allows for this. '--disable-signer-uid' By default the user ID of the signing key is embedded in the data signature. As of now this is only done if the signing key has been specified with 'local-user' using a mail address, or with 'sender'. This information can be helpful for verifier to locate the key; see option '--auto-key-retrieve'. '--include-key-block' '--no-include-key-block' This option is used to embed the actual signing key into a data signature. The embedded key is stripped down to a single user id and includes only the signing subkey used to create the signature as well as as valid encryption subkeys. All other info is removed from the key to keep it and thus the signature small. This option is the OpenPGP counterpart to the 'gpgsm' option '--include-certs' and allows the recipient of a signed message to reply encrypted to the sender without using any online directories to lookup the key. The default is '--no-include-key-block'. See also the option '--auto-key-import'. '--personal-cipher-preferences STRING' Set the list of personal cipher preferences to STRING. Use 'gpg --version' to get a list of available algorithms, and use 'none' to set no preference at all. This allows the user to safely override the algorithm chosen by the recipient key preferences, as GPG will only select an algorithm that is usable by all recipients. The most highly ranked cipher in this list is also used for the '--symmetric' encryption command. '--personal-digest-preferences STRING' Set the list of personal digest preferences to STRING. Use 'gpg --version' to get a list of available algorithms, and use 'none' to set no preference at all. This allows the user to safely override the algorithm chosen by the recipient key preferences, as GPG will only select an algorithm that is usable by all recipients. The most highly ranked digest algorithm in this list is also used when signing without encryption (e.g. '--clear-sign' or '--sign'). '--personal-compress-preferences STRING' Set the list of personal compression preferences to STRING. Use 'gpg --version' to get a list of available algorithms, and use 'none' to set no preference at all. This allows the user to safely override the algorithm chosen by the recipient key preferences, as GPG will only select an algorithm that is usable by all recipients. The most highly ranked compression algorithm in this list is also used when there are no recipient keys to consider (e.g. '--symmetric'). '--s2k-cipher-algo NAME' Use NAME as the cipher algorithm for symmetric encryption with a passphrase if '--personal-cipher-preferences' and '--cipher-algo' are not given. The default is AES-128. '--s2k-digest-algo NAME' Use NAME as the digest algorithm used to mangle the passphrases for symmetric encryption. The default is SHA-1. '--s2k-mode N' Selects how passphrases for symmetric encryption are mangled. If N is 0 a plain passphrase (which is in general not recommended) will be used, a 1 adds a salt (which should not be used) to the passphrase and a 3 (the default) iterates the whole process a number of times (see '--s2k-count'). '--s2k-count N' Specify how many times the passphrases mangling for symmetric encryption is repeated. This value may range between 1024 and 65011712 inclusive. The default is inquired from gpg-agent. Note that not all values in the 1024-65011712 range are legal and if an illegal value is selected, GnuPG will round up to the nearest legal value. This option is only meaningful if '--s2k-mode' is set to the default of 3.