Downgrade problem. (Jean-David Beyer)

Leigh S. Jones, KR6X
Tue Jun 4 01:33:02 2002

You will need 1.0.7 to fix the problem.  If you chose to
retain gpg 1.0.6, you will need to use someone's copy
of 1.0.7 to fix your keyring before it can be used by

To perform the fix, rename the existing keyring files
and options files for safe keeping.  Next, transport the
keyring files to be adjusted together with your options
file onto the ~/.gnupg directory being used.  Next,
temporarily disconnect the computer being used from
the network, for security purposes.  Edit your options
file, adding the line "simple-sk-checksum" at or near
the end of the file.  Now use the command:

gpg --edit-key <keyID>

to start the key edit function of gpg.  At the Command>
prompt enter "passwd".  Set your password to a zero
length blank password. At the Command>
prompt enter "save".  Do this once for each secret key
on your keyring.  Now copy your keyring file to a floppy
drive and keep it safe.  Blast away the copy of your
options file (edited) and the (now insecure) keyrings.
on the workstation, and rename the "safe keeping" files
to return the workstation to its original condition.
Reconnect this machine to the network.  Take the
keyring files back to your own version 1.0.6 machine.
Disconnect it from the network before proceeding.
Don't overwrite your existing (unusable) keyring files --
rename them for now -- just to make sure you don't
overwrite something you will need later.  On gpg1.0.6
you won't need the simple-sk-checksum option added.
Edit each of your secret keys to reintroduce your
password in place of the blank password.  Test
by signing a file to make sure the password is right
on each of your secret keys.  When everything is shown
to be working OK, reformat/wipe the floppy drive to
blast away the insecure keyring files.  Now you can
reconnect your computer to the network.

Sounds like it would be easier to build 1.0.7 again,
doesn't it?

----- Original Message -----
From: "David Shaw" <>
To: "GnuPG Users' List" <>
Sent: Monday, June 03, 2002 15:58
Subject: Re: Downgrade problem.

> On Mon, Jun 03, 2002 at 06:52:20PM -0400, Jean-David Beyer wrote:
> > I was running gnuPG 1.0.7 that I had compiled from scratch, and made
> > my keys with it. I have since upgraded my OS from Red Hat Linux 6.2
> > to R.H.L. 7.3 which has gnupg-1.0.6-5 on it. Nothing much works
> > because it has trouble with the key rings.
> >
> > I suspect an incompatibility with the way the key rings are
> > constructed. I further suspect that were I to download the latest
> > (1.0.7, I suppose) and built it, that my existing key rings would
> > resume operating? Are my suspicions correct, or is it likely to be a
> > different problem?
> You are correct.  1.0.7 has a slightly different keyring format
> (actually a problem in 1.0.6).
> David
> --
>    David Shaw  |  |  WWW
>    "There are two major products that come out of Berkeley: LSD and UNIX.
>       We don't believe this to be a coincidence." - Jeremy S. Anderson
> _______________________________________________
> Gnupg-users mailing list