GnuPG and PGP 5.0 compatibility problem
wk at gnupg.org
Thu Jul 26 11:45:33 CEST 2007
On Tue, 17 Jul 2007 18:45, stefan-oltmanns at gmx.net said:
> I got the latest GnuPG. The bank uses "PGP 5.0 for OS/2", unfortunately
> I can´t change that.
[ Wow, still a bank using OS/2. Some years ago I heard that IBM dropped
OS/2 support for the 4758 and thus required the banks to switch to
> Unfortunately I haven´t found out how to remove this from my key, is
> there a (simple) way to do that?
Keyflags are required for RSA and are in general a very good idea. If
you want to get rid of them, you need to patch gpg. Point your editor
to g10/keygen.c and search for the function do_add_key_flags. Comment
out the last line and compile again. Then you need to update the
self-signatures of your key: Setting the primary flag or changing the
expire time will do the trick.
> But that doesn´t mean PGP 5 is insecure in any way, it´s just outdated
> and not RFC2440 conform, right?
The GNU/Linux version is definitly insecure as the RNG has a major flaw.
All keys created with this version and possible all signing keys used
with this versions should be considered compromised. I have also great
doubts that they are much safer with an OS/2 version.
More information about the Gnupg-users