RSA & IDEA Howto (Was Re: Signing (with) old pgp 2 keys)

Dave Dykstra
Tue, 20 Jul 1999 09:32:49 -0500

Thanks for making this HOWTO.  I have a few suggestions for it:

On Jul 20, 12:57pm, Michael Roth wrote:

> * If you're inside the US or Canada you should use the RSAREF glue code
> for GnuPG. Get it from
> Of course you need the RSAREF library compiled and installed already.
> Take a look in the documentation of the RSAREF library for the way to
> do this.
I suggest including a URL for RSAREF 2.0: RSAREF 1 can be found at
> Installing the compiled modules:
> ================================
> After you compiled these two modules you get two files `rsa' and `idea'
> which are the modules you must install in the GnuPG module directory.
> The default GnuPG module directoy is `/usr/local/lib/gnupg'. If you
> compiled GnuPG with a different install prefix using "--prefix PREFIX"
> when you configured your GnuPG source, then the module directoy is equal
> to "PREFIX/lib/gnupg".
> Copy the two files `rsa' and `idea' into the module directory described
> above. Make sure everyone could read these files.
Note that the modules don't need to be there because you can also load extensions from other directories by using complete pathnames with --load-extension.
> You don't have to make
> these files executale. These files aren't programms but shared modules.
I found that to be untrue on HPUX; shared modules need to be executable there. GnuPG 0.9.8 no longer removes execute permissions when it installs its default extensions because of that. I suggest dropping the above statement. On Jul 20, 2:28pm, Remi Guyomarch wrote:
> Subject: Re: RSA & IDEA Howto (Was Re: Signing (with) old pgp 2 keys)
> On Tue, Jul 20, 1999 at 12:57:10PM +0200, Michael Roth wrote:
> [...]
> > Currently it is not possible to create PGP 2.6 compliant signatures with
> > GnuPG. However, you could decrypt and verify messages signed with PGP 2.6
> > using GnuPG without problems. The reason is that GnuPG doesn't use
> > tempfiles which were necessary to create PGP 2.6 compliant signatures. To
> > check such signatures it isn't necessary to use tempfiles. However, their
> > is work on a frontend to GnuPG in progress which will create PGP 2.6
> > compliants signatures. Please note: This tool is not yet finished.
> >
> > You could not create convetionally encrypted messages readable for PGP 2.6
> > nor could you decrypt such messages created from PGP 2.6 with GnuPG.
> I patched GnuPG to solve these issues. For various reasons
> (see and
> this patch won't be integrated into GnuPG.
> But I still maintain it for my own usage. I can email to anyone requesting it
> the diff between the current GnuPG and my version (don't try the patch in my
> original message).
This is not entirely true either: if you use "--clearsign" then pgp 2.6 can verify the signature. This is very significant in my opinion. As far as I can tell, pgp 2.6 only has trouble verifying gpg signatures if you use "--sign". - Dave Dykstra