GNUPG and PGP FreeWare 6.5.3

Todd L. Brooks todd.brooks@yale.edu
Thu, 10 Aug 2000 13:40:14 +0000 (GMT)


There is no need to leave the password empty when exporting a GnuPG secret
key! By default, GnuPG encrypts the secret key using the Blowfish
algorithm, and PGP 6.5.3 does not understand this algorithm.

Here is a much more secure solution:

1. % gpg --edit-key --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \
       KEY-ID

2. Change the password (but not to an empty password!). You can just
    change it to what is was before, but gpg will re-encrypt the key
    using an algorithm pgp will understand.

3. % gpg --export-secret-key --no-comment KEY-ID > key.asc
   % gpg --export --no-comment KEY-ID >> key.asc

4. Import key.asc into pgp and everything should work fine!

Todd

P.S. Hmmmm...I don't know why the --no-comment option is necessary now...I
     seem to recall not needing to use this in the past.

P.P.S.  Perhaps this procedure should be added to the documentation or
        some sort of FAQ? I seem to recall a PGP5-GnuPG HOWTO which
        mentions the method of exporting an un-encrypted secret (which is
        fine if you are very very very careful), but I think it is better
        to never have to write your un-encrypted secret key to disk. 

---------------------------------------
Todd L. Brooks
Department of Mechanical Engineering
Yale University
9 Hillhouse Avenue
PO BOX 208286
New Haven, CT 06520-8286
(203) 432-4362 (office and voice mail)
(203) 432-4363 (acoustics lab)
(203) 432-7654 (FAX)


-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org