gpg 1.0.1 also cannot decrypt stuff encrypted by gpg 1.0.4
Werner Koch
wk@gnupg.org
Wed, 18 Oct 2000 11:10:00 +0200
On Tue, 17 Oct 2000, Darxus@ChaosReigns.com wrote:
> Without verbose mode turned on, attempts to decrypt messages from gpg
> 1.0.3 or 1.0.4 with gpg 1.0.1 result in a blank message and no errors. Is
> this acceptable behavior ? I, personally, don't want to encrypt anything
> to anyone else using anything over gpg 1.0.2, because I want the recipient
For various reasons it is suggested to upgrade to 1.0.4.
If you have problems with that you should put
disable-cipher twofish
into your ~/.gnupg/options.
Look at the NEWS entry for 1.0.3:
* Twofish and MDC enhanced encryption is now used. PGP 7
supports this. Older versions of GnuPG don't support it, so
they should be upgraded to at least 1.0.2
> gpg: ELG-E/TWOFISH encrypted for: A089BDC4 test key, delete <test@chaosreigns.com>
Twofish triggers the use of the new MDC encryption. Becuase Twofish
has been in the cipher preferences for a long time, you gpg assumes
that the receiver is able to decrypt the MDC packets ....
> :unknown packet: type 18, length 74
MDC packet; gpg 1.0.1 does not know about it.
So there is a problem with the assumption that using Twofish also
means that the recipient is able to do MDC. My fault. Workaround
is to disable the use of Twofish for a while until everyone has
updated gpg - THIS SHOULD BE DONE ANYWAY DUE TO THE RECENTLY FOUND
BUG. It does not make much sense to use a security software when
one is not going to keep up with important updates. I know that
this is troublesome (unless you have Debian ;-), but although we
have "open source" it does not mean software is bug free. We do our
best to deliver fixes as fast as possible but it is up to the
sysadmin/user to apply them.
Hth,
Werner
--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org