some(!) PGP / GPG compatibility question

Brian M. Carlson
Tue May 21 15:26:01 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 21, 2002 at 08:11:17AM +0530, Aditya wrote:
> hi all,
> I created a new pgp 7.1 key with the following parameters
> (
>   key type    : RSA [*NOT* legacy],
> key size     : 4096,
> key chipper: AES
> )
> now when I import this key in GPG in Linux or Solaris I cannot see my name
> or any other key details and mutt on linux shows a ? besides my id in the
> key...
> I think this means the new PGP / GPG keys are not compatible

This should work. What version of gpg are you using? If you are using 1.0.6
or less, than you need --allow-secret-key-import, if 1.0.7 or greater you
need to --edit-key and set the key trust to ultimate ('trust', '5').
> So my questions are
> 1. what are the safe parameters for a key to be compatible with PGP and G=
> ?

DH/DSS (DSA/ElGamal), RSA (v3 (legacy), or v4). ElGamal is not supported by
official PGP versions. Key size for DSA must be 768<=3Dx<=3D1024; for ElGam=
al (DH),
768<=3Dx<=3D4096; and for RSA, 768<=3Dx<=3D4096.

Appropriate symmetric algorithms ('chippers'?) are 3DES, CAST5, BLOWFISH,
TWOFISH, AES, AES192, AES256. IDEA is patented and is therefore not allowed=

> I have come with the following parameters
> (=20
>    key type     : DH/DSS
>    key size      : 4096/1024
>    key chipper : IDEA
> )
> =20
> I would like to use the same key for GPG on linux and PGP for windows and=
 the key should be compatiable with most of pgp / gpg implementations=20
> =20
> =20
> 2. I read in bugtrap mailing list key size smaller that 1024 can be crack=
ed by NSA, FBI and likes so is the above key safe from this type of attack ?

Some people think this is true, some people think this isn't. Make up your
own mind. The type of key which is allegedly vulnerable to attack is RSA,
because it is based on the Integer Factorization Problem (IFP). ElGamal (DH)
and DSA are not based on this problem; they are instead based on the
Discrete Logarithm Problem (DLP), which is not believed to be vulnerable to
this advance. Whatever size your key, you should make as large as possible.

> 3. my private key has a sub key that is 786 bytes in length. Will this ke=
y allow all the data encrypted with my other key to be cracked ( other keys=
 are 4096 and 2048 bits long ) ?

It doesn't look good, but unless you're a really attractive target, nobody
is going to bother cracking your key. The Three Letter Agencies have much
more attractive targets to go after.
> 4. I seached google and saw some rumblings on the web about the DH/DSS al=
go being less secure than RSA. Would this matter in the generation of new k=
ey ( ie I should not generate a DH/DSS type of key ) ?

People, when DSA was first created, were concerned for numerous reasons,
including possible patent issues, the fact that DSA has a tiny key size for
long-term security, the fact that the NSA stuck its nose in once again, etc.
See Applied Cryptography, 2nd ed.
> 5. which key servers are the most reliable for use with pgp / gpg ? ( the=
 original keyservers in PGP seem to be unstable )

Try ldap:// or x-hkp://
The latter is still in development; therefore, it is not always working rig=

> 6. if I generate a new key what is the best way to let the people that I =
have generated a new key and that they should stop using the old key ( of c=
ourse I will revoke it if required ) ? should I sign my new key with the ol=
d key for this and put the key on a public keyserver or should I not revoke=
 the old key but instead change the name in the old key to reflect the new =
keys ID and fingerprint and urging them to use the new key ?=20
> (ie change the name in old key to something like=20
> please use new key KeyID: 0xXXXXXXXX, Fingerprint : XXXX XXXX XXXX XXXX X=
> whe
> re the=20
You can do that; however, I prefer an X-GPG-Key header. It is not
cryptographically protected, but most people are not going to change it.
> 7. I am using pgp 7.1 which has the ability to use X.509 Certs. Until now=
> used a X.509 cert and PGP Key for secure email and VPN and Encrypting file
> system in Win2k. is there a way to consolidate both of them to one key /
> cert that can be used in secure email, VPN and encrypting file system and
> still have the multiple names the way new RSA or DH/DSS keys have ? ( any
> ideas that u may have will be helpful, we use our own X.509 root Cert for
> internal certs )

I'm going to repeat the official party line for this list (from Werner). ;-)
X.509 is a competing standard to OpenPGP. GnuPG does not support it.
> 8. is the encrypt to self option in PGP / GPG a security hole or a featur=
e ?
> can it used to do anything malicious ?

Well, in itself it is not a hole. If the Big Bad Government were ever to
want the plaintext of those messages that you sent, it would be easier for
them to go after you with rubber hose cryptography than it would to find
every single recipient and go after them.

> 9. I have ikey 1000 token. If I wish to put the public/private key on this
> token what is the way to tell pgp 7.1 to use this token ?

I have no idea. GnuPG doesn't use this. Ask on PGP-Users.

> 10. I wish to have a ADK in my key so that if I ever forget my password I
> can use the other key to decrypt the email / files how does one put a ADK=
> the newly generated key ?

This is listed in the OpenPGP standard as "Reserved for backwards
compatibility". ADK's are not part of the standard, therefore, GnuPG does n=
support them.

> 11. is there any good GPG front end for linux ( x windows, Windows 9x,
> 2000 ) like PGP for
> windows for doing the key management ( GPL, BSD any lic will do only that=
> should be free for personal use )

Seahorse, GPA, Gehiminis (sp?). I'm sure some others can think of some.=20

Brian M. Carlson
OpenPGP: 0x351336B2DCA1913A

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Ubi libertas, ibi patria.