Incompatibility between GnuPG encryption and the Bouncy Castle encryption.

Faramir faramir.cl at gmail.com
Wed Jun 4 21:58:49 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bhushan Jain escribió:
> Hi,
> 
> I have created RSA key as well as its subkey for encryption using GnuPG.
> Now I encrypted a file using JAVA library functions given by Bouncy
> Castle (a pgp library in JAVA which claims to adhere to rfc 2440). I
> also encrypted the same file using the GnuPG commands from command line.
> The following are the results of the pgpdump for both of them...........
...
> Plz help me .....
> or is it that GnuPG donot follow the rfc2440??

  All I know about this is GnuPG can be set to different compatibility
modes, like: openpgp, pgp2, pgp8, rfc1991, rfc2440, rfc4880, and some
others.

  Reading GnuPG manual, it states:

"INTEROPERABILITY
       GnuPG  tries  to be a very flexible implementation of the OpenPGP
standard. In particular, GnuPG implements many of the optional parts of
the standard,  such as the SHA-512 hash, and the ZLIB and BZIP2
compression algorithms. It is important to be aware that not all
OpenPGP  programs implement  these  optional algorithms and that by
forcing their use via the --cipher-algo, --digest-algo,
- --cert-digest-algo, or  --compress-algo  options  in  GnuPG,  it  is
possible to create a perfectly valid OpenPGP message, but one that
cannot be read by the intended recipient.
       There  are dozens of variations of OpenPGP programs available,
and each supports a slightly different subset of these optional
algorithms.  For example,  until  recently,  no  (unhacked) version of
PGP supported the BLOWFISH cipher algorithm. A message using BLOWFISH
simply could not be read by a PGP user. By default, GnuPG uses the
standard OpenPGP preferences system that will always do the right thing
 and  create  messages that  are usable by all recipients, regardless of
which OpenPGP program they use. Only override this safe default if you
really know  what  you are doing.

       If you absolutely must override the safe default, or if the
preferences on a given key are invalid for some reason,  you  are  far
better  off using  the --pgp6, --pgp7, or --pgp8 options. These options
are safe as they do not force any particular algorithms in  violation
of  OpenPGP, but rather reduce the available algorithms to a "PGP-safe"
list."

  So, maybe the cipher algorithm you are using with GnuPG is not
supported in rfc2440, and the solution would be to change the
preferences settings to rfc2440 compatible.

  I hope this helps.

  Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJIRvP5AAoJEMV4f6PvczxAozgH/3bFLpB1JXfCQZvBBXGOmvfh
sFUWVRyo8AQlNx5A4lpl2m6IV36kMzJ3YWmgIeSCsoYmPtD2SswS82j1selIaz7n
2SoLLYjfsagHnREOaP4uqENySse/5Sz+cALMD3WJ7VHTtFWG1HanENVH1IdQBjwW
AG8stUf0pfUef6mh8buqhRU5GfEO8uONnH6kB4nislcYVnfTH2JgVYz7OPGNqBc1
eS1owiKg3ycUh/WO2xAeshn0sp6Tv5Ch/zE1ibMymuswYHdFnNcQR0JM67XfAds0
1ZiLIV7qPiV+5BBhKHe7L2aywX0hnjWzUs/BEBoMBQc3UIEDrtmfbMOT8kv0Lro=
=e1GL
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list