bug?: gpg 1.0 symmetric crypto 3DES problems with PGP 5.0/6.5.1

Richard Johnson rdump at river.com
Mon Sep 27 18:25:12 CEST 1999

Hash: SHA1

This appears to be a general problem, so I'm posting it here.  (If I've
missed previous discusson of this specific problem in the list archives,
please point me at the right thread.)


- -------

I've been trying to exchange conventionally encrypted files between systems
running PGP 6.5.1 (Linux command line, MacOS, Windows) and systems running
gnupg 1.0 (OpenBSD, Linux, IRIX, Solaris).

As expected, gpg can decrypt the conventionally encrypted files PGP 6.5.1
produces.  (We avoid IDEA, of course.)

However, the PGP 5.0/6.5.1 systems can't decrypt some of the conventionally
encrypted files produced by gpg.  (We avoid BLOWFISH, of course.)

This works:

	gpg -ca --cipher-algo CAST5 --compress-algo 1 {file}

This doesn't work:

	gpg -ca --cipher-algo 3DES --compress-algo 1 {file}

The response from PGP 6.5.1 or PGP 5.0 when we attempt to decrypt the
3DES-encrypted file is "Invalid passphrase" or "Password incorrect", even
when the passphrase is typed correctly.

In addition, the 3DES problems occur for us regardless of the size or
compressability of the plaintext file, regardless of whether we specify a
non-default --s2k-mode (0 or 3), and regardless of whether we use --rfc1991
or not.

Version: PGP Personal Privacy 6.5.1
Comment: www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm


More information about the Gnupg-devel mailing list