Secret key storage
news at kfwebs.net
Sat Jan 6 15:54:04 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Janusz A. Urbanowicz wrote, On 01/06/2007 03:38 PM:
> On Fri, Jan 05, 2007 at 04:51:10PM -0500, Robert J. Hansen wrote:
>> Kristian Fiskerstrand wrote:
>>> I tried to manually set the s2k cipher algo to CAST5 using gnupg 1.4.6
>>> to be sure that wasn't the problem itself, but that didn't result in any
>> Perhaps I'm missing something incredibly obvious, but didn't PGP 2.6 use
>> IDEA exclusively for symmetric encryption? If so, why are you using
> It did.
Remember, I was talking about encryption of the secret key, not the
messages sent, the cast approach was solely to ensure that the secret
key was encrypted / passphrase protected using CAST5 as I know that
works for gnupg 2.0 too, hence it helped rule out some possible points
>> CAST as the S2K algorithm?
> plus, there is --pgp2 switch in gnupg to enforce compatibility
The issue also happens when receiving messages, which is the example in
the bug report. --pgp2 by default won't have any meaning in GnuPG 2.0,
as there wasn't any IDEA plugin (that I'm aware of) prior to this effort.
The issue arises whenever the RSAv3 key is passphrase protected, remove
the passphrase using gnupg 1.4 or pgp2 and things works as it should.
Add a passphrase again and it constantly gives a bad key in gnupg 2.0,
although the same passphrase works in gnupg 1.4.
To rule out any pinentry issues I used --password-fd 0 and piped the
password to it, with the same results.
I'm just trying to figure out why this happens, and more importantly:
how to get around it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-devel