How exactly does OpenGPG protect private keys?
Today it was time again to generate some new PGP key pairs that will be used for end-to-end-encrypted email. Now I'd like to know how exactly OpenPGP protects the private keys.
What I have understood so far is that the actual private PGP key is stored in encrypted form. The private PGP key is encrypted using symmetric encryption, and the the encryption key for that encryption is derived from the passphrase that I have to enter when generating a key pair.
But I was not able to figure out yet how long the symmetric encryption key is, which kind of symmetric encryption (e.g. AES256-CBC) is used to encrypt the private key, and which method is used to derive the symmetric encryption key from the passphrase.
Please note that this question relates only to the protection of the private PGP key of asymmetric PGP key pairs. It does not relate to keys that are used to symmetrically encrypt files.
During my research, I have found a lot of similar questions, but they were all about symmetric file encryption, not about protecting the private key part of asymmetric key pairs as used in end-to-encrypted-email.
I also have found the following option in the manual of OpenPGP:
--s2k-digest-algo name
Use name as the digest algorithm used to mangle the passphrases for symmetric encryption. The default is SHA-1.
However, that does not answer my question. From the wording, I get the impression that --s2k-digest-algo only is effective when we symmetrically encrypt a file, which is not what this question is about (see remarks above). I may be wrong, though.
My first question:
Let's assume I generate a key pair the following way:
gpg2 --full-generate-key --s2k-digest-algo sha512 --s2k-count 100000
Do the --s2k- options effect anything in this situation? Notably, would they make sure that the symmetric key (that is derived from the passphrase and that is used to encrypt the actual private PGP key) is 512 bits long and that 100000 rounds are used to compute that key?
My second question (only if the answer to the first question is "no"):
What digest algorithm and which number of rounds does OpenPGP use to derive the symmetric key (that protects the private PGP key) from the passphrase, and can we influence this process?
