Problems with compatibility between GnuPG 1.2.2 and PGPTools 7.0.3

David Shaw dshaw at jabberwocky.com
Thu Sep 11 18:14:01 CEST 2003


On Thu, Sep 11, 2003 at 10:48:41AM -0400, Michael Young wrote:

> > I've thought about doing a "pgpX" macro.  I'd rather that PGP did the
> > right thing rather than load up GnuPG with these sort of hacks though.
> 
> It's already partially loaded.  There are command-line switches
> that set these preferences, but they appear to work only for
> encryption, not key generation or editing [in 1.2.1, anyway].

True, but not completely true.  The --pgpX switches do not set
preferences - rather, they eliminate preferences.  This is a
significant difference, because forcing preferences by a switch could
actually cause the exact algorithm-not-available problem that the user
was trying to avoid.  For example, when --pgp6 is used, the cipher
preferences are not set to IDEA/3DES/CAST5... rather, everything that
isn't IDEA/3DES/CAST5 is removed.  You could do much the same thing
with "personal-cipher-preferences s1 s2 s3".

> I'd be equally happy if --gen-key or --edit-key/updpref would use the
> preferences from a --pgp7 (or similar) switch.  This would involve
> no new switches or macros, but it would change behavior, so I knew
> you might be reluctant to do that.

The --pgpX flags are an interesting issue.  The idea is to generate a
PGPx compatible *message*, not to emulate that version of PGP in all
matters.  --pgpX is to be used on the (usually rare) occasion when the
preferences on a key are known to be wrong.  It has little other
purpose.

(--pgp2 is a little different here since PGP 2.x is substantially
different from the modern PGPs, so that flag does more than restrict
preferences).

David




More information about the Gnupg-devel mailing list