gnupg: Compliance Options
4.2.5 Compliance options
------------------------
These options control what GnuPG is compliant to. Only one of these
options may be active at a time. Note that the default setting of this
is nearly always the correct one. See the INTEROPERABILITY WITH OTHER
OPENPGP PROGRAMS section below before using one of these options.
'--gnupg'
Use standard GnuPG behavior. This is essentially OpenPGP behavior
(see '--openpgp'), but with some additional workarounds for common
compatibility problems in different versions of PGP. This is the
default option, so it is not generally needed, but it may be useful
to override a different compliance option in the gpg.conf file.
'--openpgp'
Reset all packet, cipher and digest options to strict OpenPGP
behavior. Use this option to reset all previous options like
'--s2k-*', '--cipher-algo', '--digest-algo' and '--compress-algo'
to OpenPGP compliant values. All PGP workarounds are disabled.
'--rfc4880'
Reset all packet, cipher and digest options to strict RFC-4880
behavior. Note that this is currently the same thing as
'--openpgp'.
'--rfc4880bis'
Enable experimental features from proposed updates to RFC-4880.
This option can be used in addition to the other compliance
options. Warning: The behavior may change with any GnuPG release
and created keys or data may not be usable with future GnuPG
versions.
'--rfc2440'
Reset all packet, cipher and digest options to strict RFC-2440
behavior. Note that by using this option encryption packets are
created in a legacy mode without MDC protection. This is dangerous
and should thus only be used for experiments. See also option
'--ignore-mdc-error'.
'--pgp6'
Set up all options to be as PGP 6 compliant as possible. This
restricts you to the ciphers IDEA (if the IDEA plugin is
installed), 3DES, and CAST5, the hashes MD5, SHA1 and RIPEMD160,
and the compression algorithms none and ZIP. This also disables
'--throw-keyids', and making signatures with signing subkeys as PGP
6 does not understand signatures made by signing subkeys.
This option implies '--escape-from-lines'.
'--pgp7'
Set up all options to be as PGP 7 compliant as possible. This is
identical to '--pgp6' except that MDCs are not disabled, and the
list of allowable ciphers is expanded to add AES128, AES192,
AES256, and TWOFISH.
'--pgp8'
Set up all options to be as PGP 8 compliant as possible. PGP 8 is
a lot closer to the OpenPGP standard than previous versions of PGP,
so all this does is disable '--throw-keyids' and set
'--escape-from-lines'. All algorithms are allowed except for the
SHA224, SHA384, and SHA512 digests.
'--compliance STRING'
This option can be used instead of one of the options above. Valid
values for STRING are the above option names (without the double
dash) and possibly others as shown when using "help" for VALUE.