Pb decrypting with PGP 6.5.3 and GnuPG

Werner Koch wk@gnupg.org
Fri, 25 Aug 2000 18:31:15 +0200


On Fri, 25 Aug 2000, Mr Griffon wrote:


> I'm having a problem with inter-operating PGP 6.5.3 and GNUPG on Windows. I
> got to export my public and private keys from GNUPG to PGP without problems
> - and I can use it to encrypt/decrypt with PGP, but everytime I try decrypt
> with PGP a message encrypted with GNUPG I get a "bad packet" error. Did
> anyone got this problem and found a solution ?
PGP does not understand the Blowfish cipher algorithm but die to the fact that you created the key with GnuPG, this key indicates GnuPG that your decryption software understands Blowfish. Blowfish used to be in the first PGP 5 version which I used for interoperabilty testing - later versions of PGP removed Blowfish. However Blowfish is a legal OpenPGP algorithm. Due to these problems I am going to change the preferences to use CAST5 in favor of Blowfish. Neither GnuPG nor PGP has currently a simple way to chnage the preferences. With GnuPG is is possible but you need to know a little bit aboput programming: Edit the file g10/keygen.c, function keygen_add_std_prefs() and change the sequence of algorithms given there to have CAST5 come before Blowfish: Original: buf[0] = CIPHER_ALGO_TWOFISH; buf[1] = CIPHER_ALGO_BLOWFISH; buf[2] = CIPHER_ALGO_CAST5; After your modification: buf[0] = CIPHER_ALGO_CAST5; buf[1] = CIPHER_ALGO_TWOFISH; buf[2] = CIPHER_ALGO_BLOWFISH; then use gpg's edit menu and for example use "expire" to recreate your self-signature. In General it is not a good idea to chnage implementaions after creating the key; the preferences mechanism assumes that you use the same implementations. Negotiating parameters in am email system is not rwally possible and preferences are the only thing we can do. In future we are going to use Twofish and I have checked with the PGP creators, that we can interoperate. There is also a GnuPG version for Windows available. Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org