Options file GPG Win32

noodlez pietrzak@megahertz.net
Sat, 12 Aug 2000 09:45:41 -0400


I asked the same question.   This works (thanks Todd):

From: "Todd L. Brooks" <todd.brooks@yale.edu>
CC: gnupg-users@gnupg.org

There is no need to leave the password empty when exporting a GnuPG
secret
key! By default, GnuPG encrypts the secret key using the Blowfish
algorithm, and PGP 6.5.3 does not understand this algorithm.

Here is a much more secure solution:

1. % gpg --edit-key --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \
       KEY-ID

2. Change the password (but not to an empty password!). You can just
    change it to what is was before, but gpg will re-encrypt the key
    using an algorithm pgp will understand.

3. % gpg --export-secret-key --no-comment KEY-ID > key.asc
   % gpg --export --no-comment KEY-ID >> key.asc

4. Import key.asc into pgp and everything should work fine!

Todd

P.S. Hmmmm...I don't know why the --no-comment option is necessary
now...I
     seem to recall not needing to use this in the past.

P.P.S.  Perhaps this procedure should be added to the documentation or
        some sort of FAQ? I seem to recall a PGP5-GnuPG HOWTO which
        mentions the method of exporting an un-encrypted secret (which
is
        fine if you are very very very careful), but I think it is
better
        to never have to write your un-encrypted secret key to disk.

---------------------------------------
Todd L. Brooks
Department of Mechanical Engineering
Yale University
9 Hillhouse Avenue
PO BOX 208286
New Haven, CT 06520-8286
(203) 432-4362 (office and voice mail)
(203) 432-4363 (acoustics lab)
(203) 432-7654 (FAX)

For step 3, you don't have to do both (it generates two exactly the same
keys).  This is enough "gpg --export-secret-key --no-comment KEY-ID >
key.asc"

dueze wrote:

>
> I use GPG Win32.
>
> In my option file I have tried :
>
> s2k-cipher-algo CAST5
> s2k-digest-algo SHA1
> cipher-algo CAST5
>
> but it doesn't work : PGP can't verify the GPG signatures and can't decrypt
> the GPG conventional encrypted files.
>
> Could someone give me a typical "options" file to allow GnuPG Win32 to work
> with PGP 6.x ?
>
> Thanks
>
> --
> Daniel
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
-- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org