gpgsm-Problems

Andreas Bergen andreas.bergen at in-jesus.de
Mon Jun 14 14:47:59 CEST 2004 

> On Tue, 8 Jun 2004 17:08:24 +0200, Andreas Bergen said:
> > Compilation and installation worked fine but as I wrote above there's
> > still the message that RC2 is not supported:
> >
> > gpgsm: unsupported algorithm `1.2.840.113549.3.2'
>
> Well. The RC2 support is only 40 bit as used by pkcs#12.

As I'm not a crypto-expert this is probably a stupid question, but, as far as 
I understand 1.2.840.113549.3.2 stands for the 40bit and the 128bit version 
of the rc2-algorithm, doesn't it? 
(http://www.jensign.com/JavaScience/dotnet/AuthAttr/clientcaps.txt) 
Why can't I decrypt a message sent from outlook express, though it complains 
that it can only encrypt using 40bit? 

Are there different RC2 (40bit)-Algorithms?
On 
http://www.betrusted.com/downloads/products/keytools/v51/pro/c-docs/html/devguide/procdevguide-Appendix-2.html
I found a list of crypto-algorithms with oid (what does this stand for?) and 
there's at least two versions of the rc2-algorithm:

1.2.840.113549.3.2    is called RC2CBC
and 
1.2.840.113549.1.12.1.6 is called pbeWithSHA1And40BitRC2_CBC

What's the difference between these two?

Are both 40bit?

Is there any way to decrypt outlook-40bit-messages?

> > And I've got one final question: Is there anywhere a cryptplug-version
> > which supports this new gnupg/gpgsm?
>
> There should be one because this is the reason I released gpgme 0.3.16
> quite some time ago.

Now I recompiled everything and things are sort of working but not really 
good. 
- rc2 still doesn't work (s. above)
- encryption-capabilities seem not to be part of the signature-certificate (at 
least they aren't imported into the gpgsm-keybox (gpgsm --dump-keys doesn't 
show any after verifying a self-signed text) and outlook express still 
doesn't know how to encrypt mail it wants to send to me and encrypts using 
40bit rc2 (which I can't decrypt, s. above)
- signing and encryption takes very (!) long using kmail (sometimes several 
minutes). There seem to be thousands of gpgsm-instances started and 
immediately finished (can be seen using ps) until I get the gpg-agent-window 
to enter the passphrase. Is there a problem in the communication between 
kmail and gpgsm?

Thanks again for any help
Yours
  Andreas

(Please reply by Email as I'm still not subscribed to the mailing-list -- slow 
modem user)

(this is in part a restating of questions I already had sent to WK but haven't  
got an answer, yet, so I put it all together in another email so that 
everyone on the mailing-list can see it, please don't feel pressed by it...)
-- 
Andreas Bergen
E-Mail: andreas.bergen in-jesus de
PGP/GnuPG-encrypted / -signed Email welcome. PGP-key-ID: 8CDEC18F
Gott ist Liebe, und wer in der Liebe bleibt, bleibt in Gott und Gott in ihm.

More information about the Gnupg-devel mailing list