"Encrypted session key is bad" (was: Re: GPG & PGP 6.5.x (was: PGP 5.x and GnuPG))

[L. Sassaman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay, here's your answer. The test keys and message tht William gave me
helped a lot.

It looks like GnuPG is listing Twofish, then Blowfish, then CAST as
preferred algorithms. For some reason, GnuPG is encrypting to
Blowfish, instead of Twofish. (Bug, Werner?) 

To be decrypted in PGP 6.5.x, the message must use CAST, IDEA, or 3DES as
the ESK.

To be the most compatable with all implementations of OpenPGP, one should
3DES, as this will be present in all OpenPGP compliant programs. (IDEA and
CAST5 are "shoulds", 3DES is a "must".) You are taking a chance with the
others, if you plan to move the secret keys to a different program in the
future.

Note that this incompatability only applies to keys generated in one
program, and imported and used in another.

You could keep the old key and work around this by adding a new UID with a
different preferred algorithm specified, and encrypting to that.



- --Len.

On Fri, 17 Mar 2000, Chris Ruvolo wrote:

> On Thu, 16 Mar 2000, William X. Walsh wrote:
> 
> >>>Well, I don't know about this.  I've had a large problem with PGP 6.x not
> >>>being
> >>>able to decrypt messages encrypted by GnuPG, regardless if they key it is
> >>>encrypting to was created in GnuPG or PGP.
> >> 
> >> So you're saying that GnuPG and PGP are *not* compatible and people
> >> using one may not be able to successfully exchange encrypted
> >> documents with users of the other?
> >
> >The problem is persistant, and anytime I encrypt a message using GnuPG, users
> >of PGP 6.5.x (for windows at least) cannot decrypt the message.  It gives an
> >error.  I've reported this a few times in the past over the last few months.
> >
> >This is not an intermittent problem.
> 
> 
> I can confirm this problem.  I was one of the people that emailed William.  
> I tested it with GPG 1.0.1 and PGP Freeware for Windows 6.5.2.  Perhaps
> there is some kind of option I am missing or something?
> 
> I have the following settings in my options file:
> 
> no-greeting
> force-v3-sigs
> escape-from-lines
> lock-once
> load-extension rsa
> load-extension idea
> rfc1991
> keyserver wwwkeys.us.pgp.net
> 
> Any suggestions?  Thanks.
> 
> -Chris
> 

__

L. Sassaman

System Administrator                |  "All of the chaos
Technology Consultant               |   Makes perfect sense..."
icq.. 10735603                      |
pgp.. finger://ns.quickie.net/rabbi |              --Joe Diffie




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1c (GNU/Linux)
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE40eOfPYrxsgmsCmoRAiZFAKDo1G/m8reBsSBwjxFAmHZ36qSbhwCeLzSO
1bxNqg4f+wqa+G+OG4wvDl0=
=UxGi
-----END PGP SIGNATURE-----