How to export gpg keys to use in PGP 8.0 beta

David Shaw
Sat Oct 12 21:33:02 2002

On Sat, Oct 12, 2002 at 11:59:29AM +0200, Sebastian Mauer wrote:

> hi,
> i'm from Germany, so please excuse my really worse english.
> I'm new to gpg an generated myself a key a month ago. now i want to use
> encrypted mail under windows too. so I downloaded pgp 8.0 beta from the
> new PGP Corporation. But when I exprt my secret key by the following command:
>  $ gpg --output secretkey.asc --armor --export-secret-key maui
> PGP won't be able to import it. Why ? Are they key fornats incompatible. Can
> anyone help me ?

This has come up fairly often, so here's the HOWTO:

PGP can (for most key types) use secret keys generated by GnuPG.  The
problems that come up occasionally are generally because GnuPG
supports a few more features from the OpenPGP standard than PGP does.
If your secret key has any of those features in use, then PGP will
reject the key or you will have problems communicating later.  Note
that PGP doesn't do Elgamal signing keys at all, so they are not
usable with any version.

These instructions should work for GnuPG 1.0.7 and later, and PGP
7.0.3 and later.

Start by editing the key.  Most of this line is not really necessary
as the default values are correct, but it does not hurt to repeat the
values, as this will override them in case you have something else set
in your options file.

->> gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 --simple-sk-checksum --edit THEKEYID

Turn off some features.  Set the list of preferred ciphers, hashes,
and compression algorithms to things that PGP can handle.  (Yes, I
know this is an odd list of ciphers, but this is what PGP itself uses,
minus IDEA).

->> setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0

Now put the list of preferences onto the key.

->> updpref

Finally we must decrypt and re-encrypt the key, making sure that we
encrypt with a cipher that PGP likes.  We set this up in the --edit
line above, so now we just need to change the passphrase to make it
take effect.  You can use the same passphrase if you like, or take
this opportunity to actually change it.

->> passwd

Save our work.

->> save

Now we can do the usual export:

->> gpg --export THEKEYID > mypublickey.pgp
->> gpg --export-secret-key THEKEYID > mysecretkey.pgp

Sometimes I wonder if a --convert-to-pgp command for GnuPG to automate
all of that would be useful.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson