GnuPG versus PGP

Werner Koch wk@gnupg.org
Wed Feb 7 20:09:01 2001


On Wed, 7 Feb 2001, George Sinclair wrote:


> 1. What is the correct syntax for creating a detached signature,
> suitable for e-mail, that a user running either PGP or GnuPG can
> later verify (here's what I've been using)?
>
> gpg --detach-sig --armor filename
This is described in rfc2015 and the upcoming new release of it. gpg --detach-sig --armor --textmode is the suggested way. It doesn't matter whether this is used in a pipeline or with explicit files. If you are writing an email client, you should better make sure that there are no trailing whites spaces (they cause compatibility problems with old PGP versions) and if you want a trailing white space (say for the "-- " prefix), you should convert the mail to quoted-printable. It might alo be a good idea to convert one character from a "From " at the start of a line to quoted-printable.
> 2. How should I export a key that a user running PGP or GnuPG may need to
> import so as to verify the signed file(s) created in 1. above
> (here's what I've been using)?
>
> gpg --export --armor --output username.key username
Correct, you can also use it in a pipeline.
> NOTE: I have tested the syntax in 1 and 2 above with a Solaris copy of
> PGP 5.0 (`pgpk --version` shows the following: PGP for Personal
Don't use PGP 5.0 it has major problems and we are not going to add more fixes just for this Version. Use at least pgp 6.5.8.
> exported key will have the same checksum. These options only have an
> appreciated effect when they're used to sign a file.
Correct.
> The option: '--force-v3-sigs' can be included but appears to have no
> appreciable effects on my ability to later verify the signature using
You need it to create signature that pgp < 7 (maybe 6.5.x) can verify.
> PGP 5.0. However, the option: '--openpgp' will create problems unless
> the option: '--force-vs-options' was also included.
PGP < 7 is not OpenPGP compatible. According to the developers 7 is. Hth, Werner -- Werner Koch <wk@gnupg.org> GNU Privacy Guard (http://www.gnupg.org) Free Software Foundation Europe (http://www.fsfeurope.org) [Please see X-* mail header for OpenPGP key info]