simple-sk-checksum in linux gpg-1.0.7 to windows gpg-1.0.6 compatibility
john clark
lurq_gnupg@yahoo.com
Mon Jul 15 11:57:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
gnupg-users@gnupg.org
hi guys,
Here's my problem:
I have win98 and linux. win98 is running GnuPG 1.0.6
and linux is running
1.0.7.
I tried to export my linux keys, both the secret and
public keys, to the
windows box gpg.
C:\> gpg --allow-secret-key-import --import
linux-keys.asc
It accepted it. No problem there.
Then, still in windows, I tried encrypting a text file
using the linux keys
I just imported. No problem there either.
But when I tried decrypting that text.asc, it says:
C:\> gpg text.asc
gpg: protection algorithm 254 is not supported
gpg: encrypted with 768-bit ELG-E key, ID 1C7BDE25,
created 2002-07-09
"gpger (options all commented out) (INSECURE!)"
gpg: public key decryption failed: unknown cipher
algorithm
gpg: decryption failed: secret key not available
gpg: [don't know]: invalid packet (ctb=5f)
I tried all manner of editing in the linux box
~/.gnupg/options file.
I tried an options file with all the options commented
out (the above
example).
I also tried a no-force-v3-sigs option then generated
a key using that
setting. Which still didn't work.
gpg: protection algorithm 254 is not supported
gpg: encrypted with 768-bit ELG-E key, ID F6F04A91,
created 2002-07-09
"gpger (no force v3 sigs) (INSECURE!)"
gpg: public key decryption failed: unknown cipher
algorithm
gpg: decryption failed: secret key not available
gpg: [don't know]: invalid packet (ctb=6e)
I tried all manner of options file editing in the
linux box but all was in
vain.
gpg: protection algorithm 254 is not supported
gpg: encrypted with 768-bit ELG-E key, ID 981B9892,
created 2002-07-09
"gpger (aes256) (INSECURE!)"
gpg: public key decryption failed: unknown cipher
algorithm
gpg: decryption failed: secret key not available
gpg: orphaned user ID
gpg: [don't know]: invalid packet (ctb=05)
gpg: protection algorithm 254 is not supported
gpg: encrypted with 768-bit ELG-E key, ID 9EDDF79A,
created 2002-07-09
"gpger (armor ONLY!) (INSECURE!)"
gpg: public key decryption failed: unknown cipher
algorithm
gpg: decryption failed: secret key not available
gpg: block_filter 00590D30: read error
(size=15978,a->size=27377)
gpg: block_filter: pending bytes!
The only thing that my windows gpg could decrypt were
public keys generated
by it (surprise, surprise).
I'm really out of ideas at this point.
I looked for "protection algorithm 254" everywhere in
the gpg 1.0.7 source
files. The only thing that matched my `grep -r " 254 "
gnupg-1.0.7/` were in
(1) gnupg-1.0.7/cipher/twofish.c: * exponents I'll
ever see are 254
(variable) and 237 (constant), so they'll
(2) gnupg-1.0.7/cipher/tiger.c:
0xa6300f170bdc4820LL /* 254 */,
0xebc18760ed78a77aLL /* 255 */
(3)* gnupg-1.0.7/g10/parse-packet.c: if(
sk->protect.algo == 254 ||
sk->protect.algo == 255 ) {
(4) gnupg-1.0.7/doc/DETAILS: Record type 254 (free
record)
So I again tried to generate a new key using the
- --simple-sk-checksum option.
linux[~]$ gpg --simple-sk-checksum --gen-key
But it says that "Using this option bears a security
risk" in the gpg man
pages.
I don't want to use anything that "bears a security
risk" on my gpg, be it
theoretical or real (and I guess neither do you :).
The reason that I want to export my linux generated
secret and public keys
is that I keep those keys in a backup, symmetrically
encrypted, ascii armored
file. Those are the keys that I use to encrypt my
private files. And I want
to be able to access those private files using either
*nix or win32 by
importing those keys. You know, just a backup, in case
my comp dies or I
need to open my private files in another computer.
What do I do now?
Does this excerpt in the FAQ present a solution?
- --- GnuPG FAQ excerpt ---
6.19) Why does GnuPG 1.0.6 bail out on keyrings used
with 1.0.7?
There is a small bug in 1.0.6 which didn't parse
trust packets
currectly. You may want to apply this patch if
you can't upgrade:
http://www.gnupg.org/developer/gpg-woody-fix.txt
- --- end ---
I haven't tried it yet and I doubt if I can patch my
win32 gpg.
NOTES: You may have noticed the "(INSECURE!)" comment
on the name field. As
you all know it's because of the --quick-random
option. I used it only to
generate my test keys faster as I tried out the
different option settings.
Please don't bother commenting on it.
- - jed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9KymjluOtB0iIhFgRAsVuAJ9ki44GPtQtOIQIV7mV/eyF448eBQCfbmeJ
3vtSF7IhSdO7y01+1iI2q2Q=
=1qIl
-----END PGP SIGNATURE-----
__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com