Problem with Key Protection

Daniel Luebke
Mon Nov 18 20:14:02 2002

Hi everybody!

Thank you Bob! Your hint was the critical piece to the solution of our 
problem. However I came up to another strange thing, but we solved that:
The "official" windows version of GnuPG (1.2.0 and 1.2.1) do not support 
the new protection as well - at least we weren't able to do that; so we 
couldn't change our passphrase to apply the old protection.
However most "gpg-newbies" are using Windows, so we tried the 
Cygwin-gpg-version which really works! We built a batch file for that, 
copied the corresponding cygwin-dlls and the gpg executable into a 
downloadable archive and this seems to work.

If anyone somehow runs into similar problems, he/she can download our 
solution from:

Thank you


Bob Mathews wrote:

> On Friday 15 November 2002 05:56, Daniel Luebke wrote:
> gpg: Protection algorithm 254 is not supported
> gpg: signature failed: Unknown encryption algorithm
> Does anyone has a solution for that?
> Algorithm 254 is used with the new SHA-1 protected secret key format, 
> which
> was introduced in gpg 1.0.7. To turn it off for compatibility with 
> 1.0.6, use
> --simple-sk-checksum when generating the key or changing the passphrase.
> The new format is meant to defend against the vulnerability described 
> here:
> Is this a really big issue? Probably not. Anyone who can modify your 
> secret
> key ring on disk can probably also trojan your copy of gpg and steal 
> your key
> that way. Better safe than sorry, though.
>  -bob mathews

Gnupg-users mailing list