Keypair created with gpg 1.0.7
Leigh S. Jones
kr6x@kr6x.com
Tue May 28 20:42:02 2002
This question sounds like it could be about the
--simple-sk-checksum option.
For improved security, gpg has a new database
storage format for the secret key. Exported keys use
the new format, which is incompatible with older gpg
versions as well as with PGP. To make your exported
keys PGP compatible, you need to store the keys in
the database with the --simple-sk-checksum option
enabled. You could put the simple-sk-checksum into
your options file if you are working on a computer
that you have complete control over including physical
security.
The secure way to work with this is to:
1) gpg --simple-sk-checksum --edit-key [keyID]
Command> passwd
Re-enter your password without changing it.
Command> save
2) Export the key.
3) Edit and re-enter your password again, this
time without the --simple-sk-checksum option.
This puts you back into high security mode.
Treat the exported secret keys carefully and don't
allow them to be compromised. Some people
prefer to change the password to a blank. Then they
don't need to use the --simple-sk-checksum option.
I think this is a real security problem.
----- Original Message -----
From: "Charly Avital" <shavital@mac.com>
To: <gnupg-users@gnupg.org>
Sent: Tuesday, May 28, 2002 7:32 AM
Subject: Keypair created with gpg 1.0.7
> I run Mac GPG, under Mac OS X (10.1.4) and I have the following
problem.
>
> From a keypair generated in Mac GPG 1.0.7, I can export the public
key and
> import it into PGP 7.0.3 (Mac+HotFix) without any problem.
>
> Trying to import the secret key into PGP 7.0.3, in whichever way I
try,
> makes PGP quit, just quit, no system crash, no error message,
nothing, just
> quit.
>
> I have changed the secret keyblock line ends from Unix to Mac.
>
> I have tried to import the secret keyblock through
Eudora+PGP-plugin, as I
> did sucessfully with secret keys generated undr Mac GPG 1.0.6.
Eudora
> quits, no system crash, just quits.
>
> I have imported, without any kind of problem, key pairs, both the
public
> and the secret keys, generated in Mac GPG 1.0.6, into the same PGP
7.0.3,
> without any problem.
>
> I run PGP 7.0.3 on a separate computer when I can't run Mac OS X,
only for
> compatibility tests purposes. I never use 7.0.3 to encrypt outgoing
mail.
>
> Is there any special way that I should use to export that secret key
from
> Mac GPG 1.0.7, before trying to import it into PGP 7.0.3?
>
> Thanks,
> Charly
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users