How to export gpg keys to use in PGP 8.0 beta
Sebastian Mauer
maui@betastation.de
Sun Oct 13 10:27:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I get the message that the 16bit encoding of the secret key is unsecure.
I don't think that this is a positive message.
Can I change my key back to the original format when I'm done with export=
ing=20
to PGP ?
sincerely,
Sebastian Mauer
Am Samstag, 12. Oktober 2002 21:33 schrieb David Shaw:
> On Sat, Oct 12, 2002 at 11:59:29AM +0200, Sebastian Mauer wrote:
> > hi,
> > i'm from Germany, so please excuse my really worse english.
> > I'm new to gpg an generated myself a key a month ago. now i want to u=
se
> > encrypted mail under windows too. so I downloaded pgp 8.0 beta from t=
he
> > new PGP Corporation. But when I exprt my secret key by the following
> > command:
> >
> > $ gpg --output secretkey.asc --armor --export-secret-key maui
> >
> > PGP won't be able to import it. Why ? Are they key fornats incompatib=
le.
> > Can anyone help me ?
>
> This has come up fairly often, so here's the HOWTO:
>
> PGP can (for most key types) use secret keys generated by GnuPG. The
> problems that come up occasionally are generally because GnuPG
> supports a few more features from the OpenPGP standard than PGP does.
> If your secret key has any of those features in use, then PGP will
> reject the key or you will have problems communicating later. Note
> that PGP doesn't do Elgamal signing keys at all, so they are not
> usable with any version.
>
> These instructions should work for GnuPG 1.0.7 and later, and PGP
> 7.0.3 and later.
>
> Start by editing the key. Most of this line is not really necessary
> as the default values are correct, but it does not hurt to repeat the
> values, as this will override them in case you have something else set
> in your options file.
>
> ->> gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3
> --simple-sk-checksum --edit THEKEYID
>
> Turn off some features. Set the list of preferred ciphers, hashes,
> and compression algorithms to things that PGP can handle. (Yes, I
> know this is an odd list of ciphers, but this is what PGP itself uses,
> minus IDEA).
>
> ->> setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0
>
> Now put the list of preferences onto the key.
>
> ->> updpref
>
> Finally we must decrypt and re-encrypt the key, making sure that we
> encrypt with a cipher that PGP likes. We set this up in the --edit
> line above, so now we just need to change the passphrase to make it
> take effect. You can use the same passphrase if you like, or take
> this opportunity to actually change it.
>
> ->> passwd
>
> Save our work.
>
> ->> save
>
> Now we can do the usual export:
>
> ->> gpg --export THEKEYID > mypublickey.pgp
> ->> gpg --export-secret-key THEKEYID > mysecretkey.pgp
>
> Sometimes I wonder if a --convert-to-pgp command for GnuPG to automate
> all of that would be useful.
>
> David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9qS6QRR5S0See5KQRApLkAJ9l5D/FjnJT8GbNK8KyPFQZn5dqiACfQblR
IgMoNKdWdLk65QB3rkJQ8BQ=3D
=3Dp6tq
-----END PGP SIGNATURE-----