GPG and PGP5

brian moore bem at cmc.net
Sat Oct 17 21:41:58 CEST 1998 

Duh... figured that out (I hate pgp5, I hate pgp5... just when I though
pgp2's command line was ugly pgp5 made it more confusing..)

The problem is REALLY this:
[thorin:~] 8:33:52pm 153 % gpg --list-packets testc-pgp5.asc
gpg (GNUPG) 0.4.1; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

:signature packet: algo 17, keyid DB98F728A52DD52A
        version 3, created 908680015, md5len 5, sigclass 00
        digest algo 2, begin of digest 86 29
        data: [160 bits]
        data: [157 bits]
[thorin:~] 8:33:55pm 154 % gpg --list-packets testc.asc
gpg (GNUPG) 0.4.1; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

:signature packet: algo 17, keyid 377FCE2488322B51
        version 4, created 908681632, md5len 0, sigclass 00
        digest algo 2, begin of digest 34 14
        hashed subpacket 2 of length 5 (signature creation time)
        subpacket 16 of length 9 (issuer key ID)
        data: [160 bits]
        data: [158 bits]

Which is documented in the OpenPGP file:

     * PGP 5.x does not accept V4 signatures for anything other than
       key material.

(This is a detached signature.... so that's why it's mad.)

    * (5.5.2) states that an implementaion MUST NOT create a v3 key
      with an algorithm other than RSA.  GNUPG has an option to
      create an ElGamal key in a v3 packet; the properties of such
      a key are as good as a v4 key.  RFC1991 does not specifiy how
      to create fingerprints for algorithms other than RSA and so it
      is okay to choose a special format for ElGamal.

What's that option?  I guessed --rfc1991, but that's not it.

    * A special format of partial packet length exists for v3 packets
      which can be considered to be in compliance with RFC1991;  this
      format is only created if a special option is active.

Or is it this one.

-- 
Brian Moore                       | "The Zen nature of a spammer resembles
      Sysadmin, C/Perl Hacker     |  a cockroach, except that the cockroach
      Usenet Vandal               |  is higher up on the evolutionary chain."
      Netscum, Bane of Elves.                 Peter Olson, Delphi Postmaster

More information about the Gnupg-devel mailing list