Language for preference troubles
David Shaw
dshaw at jabberwocky.com
Fri Feb 13 16:45:59 CET 2004
I recently added a feature to devel to check keys upon import for
potential preference problems and warn the user (and optionally
rewrite the prefs). What with the recent discussions of error
messages, I figured I'd post the language that I used for comment.
The concept that needs to be gotten across is this:
Alice creates a key using an OpenPGP program that supports
algorithms A, B, and C.
Alice uses this program for a while and later decides she wants to
use GnuPG instead.
GnuPG does not support algorithm "C".
Alice's public key that she sent to the keyservers advertises that
she can handle A, B, and C, so occasionally she will get messages
that use C, and be unable to read them.
Since GnuPG currently supports all of the possible algorithms in
OpenPGP, this obviously doesn't happen too often. However, the devel
GnuPG allows users (for reasons of embedded systems) to leave out any
algorithms they choose at build time (--disable-rsa, --disable-aes,
etc.) which makes for a smaller, but less capable, program. A "full"
GnuPG generated key will advertise capabilities that a minimal GnuPG
will not be able to fulfill.
The solution is, if Alice imports a public *AND* secret key (thus
indicating that she is using that GnuPG for more than encryption), the
preferences are checked against what the program supports, and any
mismatches are flagged. This is as per 2440bis-09, section 5.2.3.3.
Now, here is the text that I used (for the English translation):
gpg: WARNING: key 98223BC3 contains preferences for unavailable algorithms:
gpg: "algotest": preference for cipher algorithm AES
gpg: "algotest": preference for cipher algorithm TWOFISH
gpg: "other uid": preference for compress algorithm BZIP2
gpg: it is strongly suggested that you update your preferences and
gpg: re-distribute this key to avoid potential algorithm mismatch problems
If --batch is not set, the user gets:
Set preference list to:
Cipher: CAST5, 3DES
Digest: SHA1, RIPEMD160
Compression: ZLIB, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Really update the preferences?
(and is prompted for the passphrase, etc).
If --batch is set, and --quiet is not set, the user gets:
gpg: you can update your preferences with: gpg --edit-key 98223BC3 updpref save
David
More information about the Gnupg-devel
mailing list