Handling of different key types with GnuPG

David Shaw dshaw at jabberwocky.com
Thu Dec 18 13:54:04 CET 2003


On Thu, Dec 18, 2003 at 06:38:24PM +0100, Kai Raven wrote:
> Hi,
> 
> i had some difficulties to encrypt or sign with GnuPG 1.2.3 to two
> recipients, both using two different versions of PGP 6.5.8. The first
> key was from 1998 and GnuPG said me, that the key had no preferences,
> because "PGP 2.X style keys have no preferences". So the compliance
> option "pgp6" could not be working. With pgp2 all worked fine.
> OK, i have different gpg.conf files to deal with keys from different
> PGP versions and i switch to them with Sylpheeds action feature on the
> fly. But what is the best way to handle a large key base with all kinds
> of keys? Detect and export all keys with a special type to an own
> pubring? But than i have the same problem again to remember the used key
> type and to take the correct gpg.conf.

I don't understand why you should have such problems.  --pgp2 is
needed for PGP 2.x compliance.  However, all other --pgpX options are
not generally useful and exist only for the case where a key has bad
preferences.  For example, if you generate a key in GnuPG and put in a
AES preference, and try to use that key in PGP 6, you won't be able to
decrypt because people will follow your preference and use AES.  What
--pgp6 does is pretend that the preferences on the key are "cast5 3des
idea".

If you are communicating with a PGP 2.x user, you usually need --pgp2.
The overwhelming majority of the other times, the right thing to do is
to use NO --pgpX option at all.  --pgpX is really only there to work
around the fact that PGP doesn't have any way to update preferences on
imported keys.

David



More information about the Gnupg-users mailing list