GnuPG and PGP 2.6: unusable public key
Tommi Vainikainen
tvainika@cc.hut.fi
Fri Oct 19 17:59:06 2001
On Fri, 19 Oct 2001, disastry@saiknes.lv wrote:
> Tommi Vainikainen wrote:
>> But with more testing, it seems gpg doesn't allow using keys
>> without selfsignature.
>
> so ask the friend to selfsign his key
Yes I understand this is one possible solution. Another solution
would be use --always-trust but it seems gpg is buggy and is trying to
force me to do extra work. No good.
This is exactly why US patent/dual-use export restrictions are very
useful. Those make it so complicated to people so people don't want
to use crypto. And gpg seems to be supporting this complicateness
more with extra checks, detecting pgp2 keys and warning more but still
not denying users from doing what they want would be the right
solution for this. Also using idea algorithm by default for pgp2
recipients (when idea extension is available) would be very nice and
would allow people use gpg more easily.
>> Second problem is that pgp2 cannot decrypt those messages.
>> Difference in messages generated by gpg and pgp2 was that length of
>> encrypted packet was "unknown" when generated by gpg and some
>> integer when generated by pgp2.
>
> do not pipe to gpg, encrypt file instead. then hopefully it will
> know the length.
Seems like it was my problem, I didn't remeber to give --cipher-algo
idea --compress-algo 1 --rfc1991 to gpg, after that pgp2 was able to
decrypt message. But if I used many recipients, myself (with
DSA/ElGamal key) included, then even with those parameters pgp2 was
not able to decrypt. But of course moving from pgp2 to pgp5 and
keeping key same is almost trivial, so this should not be big problem,
maybe I have to push my friends to do that then.
BTW, does anyone know why gpg doesn't allow creating new RSA keys? In
pgp5 there seems to be some compatibility options and it doesn't like
my DSA key when there are multiple recipients others using RSA keys
and me using DSA. Creating RSA key with pgp5 and then importing
public and secret keys to my gpg keyring is possible and that's what I
probably must do.
--
Tommi Vainikainen