Oh, no: inter-version 3DES incompatibility strikes again :-(

Enzo Michelangeli Enzo Michelangeli" <enzom@bigfoot.com
Wed, 8 Mar 2000 18:04:33 +0800

Aargghh! Data encrypted by GnuPG 1.0.1 are not understood by GnuPG
1.0.0, which complains about "bad key". Instead, GnuPG 1.0.1 interoperates
with the old 0.9.7 (see message quoted below).

Guys, I do appreciate your continued development efforts, but please
document changes affecting backward compatibility a little more explicitly
than calling them "Bug fixes and small enhancements"...


Oh, by the way: none of the two families interoperates with PGP6.5.1i . Data
3DES-encrypted with GnuPG 1.0.0 result in "incorrect passphrase" messages
from PGP; GnuPG 1.0.1 and 0.9.7 elicit a "An error has occurred : bad
packet" PGP Warning box.

To: gnupg-users@gnupg.org
Subject: Re: Incompatibility between gnupg 0.9.7 and >0.9.10 in conv. 3des
From: Werner Koch <wk@gnupg.org>
Date: Sat, 8 Jan 2000 11:13:09 +0100
In-Reply-To: <025b01bf598d$eba84ec0$efcf54ca@asiainter.net>; from em@who.net
on Sat, Jan 08, 2000 at 12:07:00PM +0800
Mail-Followup-To: gnupg-users@gnupg.org
References: <04DD95EB6E9FD31199D400A0C9A6CFFF2A2B5F@mail.mia.co.uk>
Sender: Werner Koch <wk@gnupg.de>
User-Agent: Mutt/1.1.1i

On Sat, 8 Jan 2000, Enzo Michelangeli wrote:

> I'm not sure whether it's a known problem, but if one encrypts with:
> ./gpg097 -a -c --cipher-algo 3des q
> and then tries to decrypt with gpg version 0.9.10 or later:
There are more problems with that. The reason is that I changed the internal API form the hash algorithms somewhere between these versions with the result that all ciphers needing a key lasrger than the hash size didn't work anymore or better the string-to-key algorithm was not compatible. This is a problem with 3DES and Twofish. The only solution to reencypt these messages - I am yery soory about this. GnuPG 1.0.1 now works like required by the standard and produces valid 3DES, Twofish symmetric only encryptions which interoperate with PGP. 1.0.1 has an option to emulate the bug: --emulate-3des-s2k-bug . Please note that this option will be removed in gpg 1.1, so either re-encrypt all these messages or keep a copy of gpg 1.0.0 which has this bug.
> However, I would expect that backward compatibility with older s2k values
> preserved in decryption.
It is not possible because the bug reduces the keylength to 160 bit which is effective then less than 112 bits for 3DES. -- Werner Koch at guug.de www.gnupg.org keyid 621CC013 Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html