simple-sk-checksum in linux gpg-1.0.7 to windows gpg-1.0.6 compatibility

john clark lurq_gnupg@yahoo.com
Mon Jul 15 11:57:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


gnupg-users@gnupg.org

hi guys,

Here's my problem:

I have win98 and linux. win98 is running GnuPG 1.0.6
and linux is running
1.0.7.

I tried to export my linux keys, both the secret and
public keys, to the
windows box gpg.

	C:\> gpg --allow-secret-key-import --import
linux-keys.asc

It accepted it. No problem there.

Then, still in windows, I tried encrypting a text file
using the linux keys
I just imported. No problem there either.

But when I tried decrypting that text.asc, it says:

	C:\> gpg text.asc
	gpg: protection algorithm 254 is not supported
	gpg: encrypted with 768-bit ELG-E key, ID 1C7BDE25,
created 2002-07-09
	      "gpger (options all commented out) (INSECURE!)"
	gpg: public key decryption failed: unknown cipher
algorithm
	gpg: decryption failed: secret key not available
	gpg: [don't know]: invalid packet (ctb=5f)

I tried all manner of editing in the linux box
~/.gnupg/options file.
I tried an options file with all the options commented
out (the above
example).

I also tried a no-force-v3-sigs option then generated
a key using that
setting. Which still didn't work.

	gpg: protection algorithm 254 is not supported
	gpg: encrypted with 768-bit ELG-E key, ID F6F04A91,
created 2002-07-09
	      "gpger (no force v3 sigs) (INSECURE!)"
	gpg: public key decryption failed: unknown cipher
algorithm
	gpg: decryption failed: secret key not available
	gpg: [don't know]: invalid packet (ctb=6e)

I tried all manner of options file editing in the
linux box but all was in
vain.

	gpg: protection algorithm 254 is not supported
	gpg: encrypted with 768-bit ELG-E key, ID 981B9892,
created 2002-07-09
	      "gpger (aes256) (INSECURE!)"
	gpg: public key decryption failed: unknown cipher
algorithm
	gpg: decryption failed: secret key not available
	gpg: orphaned user ID
	gpg: [don't know]: invalid packet (ctb=05)

	gpg: protection algorithm 254 is not supported
	gpg: encrypted with 768-bit ELG-E key, ID 9EDDF79A,
created 2002-07-09
	      "gpger (armor ONLY!) (INSECURE!)"
	gpg: public key decryption failed: unknown cipher
algorithm
	gpg: decryption failed: secret key not available
	gpg: block_filter 00590D30: read error
(size=15978,a->size=27377)
	gpg: block_filter: pending bytes!

The only thing that my windows gpg could decrypt were
public keys generated
by it (surprise, surprise).

I'm really out of ideas at this point.

I looked for "protection algorithm 254" everywhere in
the gpg 1.0.7 source
files. The only thing that matched my `grep -r " 254 "
gnupg-1.0.7/` were in

(1) gnupg-1.0.7/cipher/twofish.c: * exponents I'll
ever see are 254
	(variable) and 237 (constant), so they'll

(2) gnupg-1.0.7/cipher/tiger.c:   
0xa6300f170bdc4820LL /*  254 */,
	0xebc18760ed78a77aLL /* 255 */

(3)* gnupg-1.0.7/g10/parse-packet.c:	    if(
sk->protect.algo == 254 ||
	 sk->protect.algo == 255 ) {

(4) gnupg-1.0.7/doc/DETAILS:  Record type 254 (free
record)

So I again tried to generate a new key using the
- --simple-sk-checksum option.

	linux[~]$ gpg --simple-sk-checksum --gen-key

But it says that "Using this option bears a security
risk" in the gpg man
pages.

I don't want to use anything that "bears a security
risk" on my gpg, be it
theoretical or real (and I guess neither do you :).

The reason that I want to export my linux generated
secret and public keys
is that I keep those keys in a backup, symmetrically
encrypted, ascii armored
file. Those are the keys that I use to encrypt my
private files. And I want
to be able to access those private files using either
*nix or win32 by
importing those keys. You know, just a backup, in case
my comp dies or I
need to open my private files in another computer.

What do I do now?

Does this excerpt in the FAQ present a solution?

- --- GnuPG FAQ excerpt ---
6.19) Why does GnuPG 1.0.6 bail out on keyrings used
with 1.0.7?

    There is a small bug in 1.0.6 which didn't parse
trust packets
    currectly.  You may want to apply this patch if
you can't upgrade:
      
http://www.gnupg.org/developer/gpg-woody-fix.txt
- --- end ---

I haven't tried it yet and I doubt if I can patch my
win32 gpg.

NOTES: You may have noticed the "(INSECURE!)" comment
on the name field. As
you all know it's because of the --quick-random
option. I used it only to
generate my test keys faster as I tried out the
different option settings.
Please don't bother commenting on it.

- - jed

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9KymjluOtB0iIhFgRAsVuAJ9ki44GPtQtOIQIV7mV/eyF448eBQCfbmeJ
3vtSF7IhSdO7y01+1iI2q2Q=
=1qIl
-----END PGP SIGNATURE-----


__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com