RSA Encryption / exchange with PGP

David Hill DHill at StudentLoan.org
Tue Apr 27 16:35:09 CEST 2004


Actually we got the two to interoperate nicely, they are using PGP version 6.5 freeware, RSA legacy keys, and encrypting with IDEA. We used the PGP product to generate the newer RSA 2048 keys and imported those keys into GnuPG. That worked a lot better for allowing them to decrypt our traffic, the DSA/ElGamel gave them trouble decrypting our files. The real problem was that they were unwilling to change their preferred encryption method from IDEA to TripleDES, so we downloaded and tested the IDEA dll from ftp://ftp.gnupg.dk/pub/contrib-dk/ and that worked perfectly. Then I went to the www.mediacrypt.com site and found I could license the IDEA algorithm for 15 euros per seat, and presto, the rouge IDEA dll was legal.

-----Original Message-----
From: David Shaw [mailto:dshaw at jabberwocky.com]
Sent: Monday, April 26, 2004 6:57 PM
To: David Hill
Cc: gnupg-users at gnupg.org
Subject: Re: RSA Encryption / exchange with PGP


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Apr 20, 2004 at 12:15:58PM -0500, David Hill wrote:

> I am sending the trading partner a new text file encrypted with the following options:
> gpg --rfc1991
> --force-v3-sigs
> --compress-algo 1
> --recipient "THEM"
> --recipient "US"
> --output "readme.gpg"
> -es "readme.txt"
> 
> In previous attempts I didn't use the first three commands, I am
> hoping these will help our trading partner decrypt, but I don't have
> high hopes of success.

Unfortunately, PGP 6 does not follow the PGP specification very
closely.  GnuPG has code to work around this.  Try setting the
"--pgp6" option:

  gpg -r THEM -r US --pgp6 --output readme.gpg -es readme.txt

> Even if by some miracle that worked, we still can't decrypt their
> files. Do we need to use different keys or protocols in order to
> interoperate? This is a sample decryption session:
> 
> C:\gnupg>gpg --verbose --decrypt "install.log.pgp"
> gpg: public key is F58C3B48
> gpg: using secondary key F58C3B48 instead of primary key 4D1D68AC
> 
> You need a passphrase to unlock the secret key for
> user: "Iowa Student Loan Liquidity Corp. (iLink Dev) <dhill at studentloan.org>"
> gpg: using secondary key F58C3B48 instead of primary key 4D1D68AC
> 1024-bit ELG-E key, ID F58C3B48, created 2004-04-19 (main key ID 4D1D68AC)
> 
> gpg: encrypted with 1024-bit ELG-E key, ID F58C3B48, created 2004-04-19
>       "Iowa Student Loan Liquidity Corp. (iLink Dev) <dhill at studentloan.org>"
> gpg: CAST5 encrypted data
> gpg: block_filter 024BCB68: read error (size=7302,a->size=536874118)
> gpg: WARNING: message was not integrity protected
> gpg: block_filter: pending bytes!

How did you get the encrypted file (install.log.pgp)?  More than
anything else this looks like the encrypted file was transferred to
you via text mode instead of binary FTP and so the file was corrupted
before you got it.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHEEARECADEFAkCNoeUqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJOakAnRPS+0SSC0GhVslMCg9w+WlLarZ9AJ9D
gfcdosRoumYm87KEsu/OlibU0w==
=iARg
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list