Problem with Key Protection

Daniel Luebke list@daniel-luebke.de
Mon Nov 18 20:14:02 2002


Hi everybody!

Thank you Bob! Your hint was the critical piece to the solution of our 
problem. However I came up to another strange thing, but we solved that:
The "official" windows version of GnuPG (1.2.0 and 1.2.1) do not support 
the new protection as well - at least we weren't able to do that; so we 
couldn't change our passphrase to apply the old protection.
However most "gpg-newbies" are using Windows, so we tried the 
Cygwin-gpg-version which really works! We built a batch file for that, 
copied the corresponding cygwin-dlls and the gpg executable into a 
downloadable archive and this seems to work.

If anyone somehow runs into similar problems, he/she can download our 
solution from:
http://www.daniel-luebke.de/download/cyggpg.zip

Thank you

Daniel

Bob Mathews wrote:

> On Friday 15 November 2002 05:56, Daniel Luebke wrote:
>
> gpg: Protection algorithm 254 is not supported
> gpg: signature failed: Unknown encryption algorithm
>
> Does anyone has a solution for that?
>
>
> Algorithm 254 is used with the new SHA-1 protected secret key format, 
> which
> was introduced in gpg 1.0.7. To turn it off for compatibility with 
> 1.0.6, use
> --simple-sk-checksum when generating the key or changing the passphrase.
>
> The new format is meant to defend against the vulnerability described 
> here:
>     http://www.i.cz/en/onas/tisk4.html
> Is this a really big issue? Probably not. Anyone who can modify your 
> secret
> key ring on disk can probably also trojan your copy of gpg and steal 
> your key
> that way. Better safe than sorry, though.
>
>  -bob mathews
>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users