Secret key storage

Janusz A. Urbanowicz alex at bofh.net.pl
Sat Jan 6 18:46:38 CET 2007


On Sat, Jan 06, 2007 at 03:54:04PM +0100, Kristian Fiskerstrand wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Janusz A. Urbanowicz wrote, On 01/06/2007 03:38 PM:
> > On Fri, Jan 05, 2007 at 04:51:10PM -0500, Robert J. Hansen wrote:
> >> Kristian Fiskerstrand wrote:
> >>> I tried to manually set the s2k cipher algo to CAST5 using gnupg 1.4.6
> >>> to be sure that wasn't the problem itself, but that didn't result in any
> >>> change.
> >> Perhaps I'm missing something incredibly obvious, but didn't PGP 2.6 use
> >> IDEA exclusively for symmetric encryption?  If so, why are you using
> > 
> > It did.
> > 
> Remember,  I was talking about encryption of the secret key, not the
> messages sent, the cast approach was solely to ensure that the secret
> key was encrypted / passphrase protected using CAST5 as I know that
> works for gnupg 2.0 too, hence it helped rule out some possible points
> of failure.

You lost me.

In every place PGP 2.x used symmetric encryption, it used IDEA. It
couln't use CAST for many reasons, first one being that CAST didn't
exit yet.
 
> >> CAST as the S2K algorithm?
> > 
> > plus, there is --pgp2 switch in gnupg to enforce compatibility
> 
> The issue also happens when receiving messages, which is the example in
> the bug report. --pgp2 by default won't have any meaning in GnuPG 2.0,
> as there wasn't any IDEA plugin (that I'm aware of) prior to this effort.

And you're wrong:

alex at FUCKUP:~$ gpg --version
gpg (GnuPG) 1.4.3
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
Compression: Uncompressed, ZIP, ZLIB
alex at FUCKUP:~$  

It is just that the plugin cannot be distributed along GPG for patent reasons.

Alex
-- 
JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski



More information about the Gnupg-devel mailing list