Generating PGP 2.6.2-compatible RSA signing keys with GnuPG
rra at stanford.edu
Wed Mar 27 23:54:02 CET 2002
(I'm not a member of this mailing list, so please cc me on any replies.)
I'm working on putting in place more standard procedures and control
message handling for the gnu.* Usenet hierarchy. Currently, Usenet
control messages are verified using PGP signatures and a Usenet-specific
protocol for including that signature in the headers. Nearly everyone
verifying control messages is currently using PGP 2.6.2 or some varient
thereof, and all current control message signatures are done with RSA
For the gnu.* hierarchy, we'd obviously prefer to use GnuPG for all stages
of the process rather than using PGP (which is not free software). I see
that generation of RSA keys for signing only has been added to the latest
GnuPG development snapshots. However, when I generate a key with:
gpg --gen-key --pgp2
and then export the public key with either of:
gpg --pgp2 --export gnu.gnusenet.announce > gnu.key
gpg --pgp2 --armor --export gnu.gnusenet.announce > ! gnu.key
running the command:
pgp -ka gnu.key
using PGP 2.6.2 (like most Usenet administrators currently are) results in
the error message:
No keys found in 'gnu.key'.
Keyring add error.
The output of gpg --list-packets is as follows:
windlord:~> gpg --list-packets gnu.key
:public key packet:
version 4, algo 1, created 1017268539, expires 0
pkey: [1024 bits]
pkey: [6 bits]
:user ID packet: "gnu.gnusenet.announce"
:signature packet: algo 1, keyid DC39A12336D978BB
version 4, created 1017268539, md5len 0, sigclass 13
digest algo 2, begin of digest 2e 40
hashed subpkt 2 len 5 (sig created 2002-03-27)
hashed subpkt 27 len 2 (key flags: 03)
hashed subpkt 11 len 6 (pref-sym-algos: 7 10 3 4 2)
hashed subpkt 21 len 3 (pref-hash-algos: 3 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 1)
hashed subpkt 30 len 2 (features: 01)
hashed subpkt 23 len 2 (key server preferences: 80)
subpkt 16 len 9 (issuer key ID DC39A12336D978BB)
data: [1023 bits]
If I understand the issues correctly (and it's quite likely that I don't),
those "version 4" notes in the packet are a bad sign for compatibility
with PGP 2.6.2.
First question: Is this something that's supposed to be working already
and I'm just doing something wrong?
Second question: If this isn't already implemented, are there plans to
implement it, or is there some other way that I can approach this problem?
I know I can create the initial key using PGP 2.6.2 and then import it
into GnuPG and the resulting signatures can be verified using PGP 2.6.2,
but I'd rather not do that if there's an alternative.
Thank you very much for any help!
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Gnupg-devel