Downgrade problem. (Jean-David Beyer)
Leigh S. Jones
Tue Jun 4 05:38:01 2002
Thanks for the supportive words, but where David Shaw
is concerned I'll have to point out that I'm a neophyte with
gpg next to him, and need to absorb from him anything I
----- Original Message -----
From: "Jean-David Beyer" <email@example.com>
To: "GnuPG Users' List" <firstname.lastname@example.org>
Sent: Monday, June 03, 2002 7:32 PM
Subject: Re: Downgrade problem. (Jean-David Beyer)
> David Shaw wrote:
> > This is not correct. There is no need to go through the trouble
> > danger) of making a special copy of the key with no passphrase,
> > disconnecting from the network, etc.
> I think Leigh S. Jones was showing that it could be done that way. I
> am not sure that his procedure would not work, nor do I really care.
> I believe he was trying to show me, in a round-about way, that I
> should just upgrade, which I have now done. Note especially his last
> line, emphasized by me with <---<<<
> Before upgrading from Red Hat 6.2 to 7.3, I made and verified three
> backup tapes of EVERYTHING on this machine, so I did not need to
> download 1.0.7; I simply restored the .gz from tape and did the
> usual things.
> There are a lot of uses, in addition to fumble-fingers and disk
> crashes, for good complete backups.
> > Just do this:
> > 0) Make a backup of your keyrings.
> > 1) On the 1.0.7 box:
> > gpg --simple-sk-checksum --edit (keyid)
> > Enter "passwd", and change your password to anything. It does
> > have to be blank, and you can in fact "set" it to what it
> > is.
> > 2) On the 1.0.7 box:
> > gpg --export-secret-key (keyid) > mykey.gpg
> > gpg --export-key (keyid) >> mykey.gpg
> > (copy mykey.gpg to the new box)
> > 3) On the 1.0.6 box:
> > gpg --allow-secret-key-import --import mykey.gpg
> > However, I wouldn't do it - rebuild 1.0.7, and use that. <---<<<
> > David
> > On Mon, Jun 03, 2002 at 04:36:28PM -0700, Leigh S. Jones, KR6X
> >>You will need 1.0.7 to fix the problem. If you chose to
> >>retain gpg 1.0.6, you will need to use someone's copy
> >>of 1.0.7 to fix your keyring before it can be used by
> >>To perform the fix, rename the existing keyring files
> >>and options files for safe keeping. Next, transport the
> >>keyring files to be adjusted together with your options
> >>file onto the ~/.gnupg directory being used. Next,
> >>temporarily disconnect the computer being used from
> >>the network, for security purposes. Edit your options
> >>file, adding the line "simple-sk-checksum" at or near
> >>the end of the file. Now use the command:
> >>gpg --edit-key <keyID>
> >>to start the key edit function of gpg. At the Command>
> >>prompt enter "passwd". Set your password to a zero
> >>length blank password. At the Command>
> >>prompt enter "save". Do this once for each secret key
> >>on your keyring. Now copy your keyring file to a floppy
> >>drive and keep it safe. Blast away the copy of your
> >>options file (edited) and the (now insecure) keyrings.
> >>on the workstation, and rename the "safe keeping" files
> >>to return the workstation to its original condition.
> >>Reconnect this machine to the network. Take the
> >>keyring files back to your own version 1.0.6 machine.
> >>Disconnect it from the network before proceeding.
> >>Don't overwrite your existing (unusable) keyring files --
> >>rename them for now -- just to make sure you don't
> >>overwrite something you will need later. On gpg1.0.6
> >>you won't need the simple-sk-checksum option added.
> >>Edit each of your secret keys to reintroduce your
> >>password in place of the blank password. Test
> >>by signing a file to make sure the password is right
> >>on each of your secret keys. When everything is shown
> >>to be working OK, reformat/wipe the floppy drive to
> >>blast away the insecure keyring files. Now you can
> >>reconnect your computer to the network.
> >>Sounds like it would be easier to build 1.0.7 again,
> >>doesn't it?
> >>----- Original Message -----
> >>From: "David Shaw" <email@example.com>
> >>To: "GnuPG Users' List" <firstname.lastname@example.org>
> >>Sent: Monday, June 03, 2002 15:58
> >>Subject: Re: Downgrade problem.
> >>>On Mon, Jun 03, 2002 at 06:52:20PM -0400, Jean-David Beyer wrote:
> >>>>I was running gnuPG 1.0.7 that I had compiled from scratch, and
> >>>>my keys with it. I have since upgraded my OS from Red Hat Linux
> >>>>to R.H.L. 7.3 which has gnupg-1.0.6-5 on it. Nothing much works
> >>>>because it has trouble with the key rings.
> >>>>I suspect an incompatibility with the way the key rings are
> >>>>constructed. I further suspect that were I to download the
> >>>>(1.0.7, I suppose) and built it, that my existing key rings
> >>>>resume operating? Are my suspicions correct, or is it likely to
> >>>>different problem?
> >>>You are correct. 1.0.7 has a slightly different keyring format
> >>>(actually a problem in 1.0.6).
> .~. Jean-David Beyer Registered Linux User 85642.
> /V\ Registered Machine 73926.
> /( )\ Shrewsbury, New Jersey http://counter.li.org
> ^^-^^ 10:25pm up 6 days, 6 min, 2 users, load average: 5.30, 5.05,
> Gnupg-users mailing list