Moving from PGP to GPG

John Clizbe JPClizbe at tx.rr.com
Wed Feb 20 19:53:21 CET 2008 

Maury Markowitz wrote:
> I'm in the process of automating a number of manual tasks. Several of
> these require a user to manually download e-mail attachments to a
> folder, decrypt them using PGP, and then open them in Excel. So far I
> have managed to redirect the mail to a public folder in Exchange, find
> and download the attachments (MS does NOT make that easy!) and in the
> unencrypted cases, open the files and automatically process them.
> 
> Now there's the encrypted ones. I have downloaded and installed both
> GPG and IDEA.DLL on a network share. I then copied over our keyfiles
> from the existing PGP installs, and renamed them ".gpg" which seems to
> make life simpler (do I need to do this? is can I specify the file
> directly and thus leave it named ".skr" and ".pkr"?)

<snip>
> 
> So am I correct in thinking that I should be able to copy the key files
> over? If not, is there some sort of process I can use to do so? Is
> there such thing as a "cross platform" keyfile that works in both GPG
> and PGP?

At the present, keyring files in PGP and GnuPG are just sequential collections
of key packets.

GnuPG is expecting the .gpg extension. You don't have to rename the files, so
long as you tell GnuPG what the names are:

   no-default-keyring
   keyring O:\utilities\pubring.pkr
   primary-keyring O:\utilities\pubring.pkr
   secret-keyring O:\utilities\secring.skr

included in <homedir>\gpg.conf, or specified on the commend line by prefixing '--'.

I usually import the files:

   gpg --import secring.skr
   gpg --import pubring.skr

Either way, there's one detail to take care of: key trust. PGP calls it
'Implicit Trust' and stores it as part of the key. GnuPG calls it 'Ultimate
trust' and stores it in trustdb.gpg.

You set it by editing the key:

   gpg --edit-key 0xdecafbad trust

Select 5 to select Ultimate trust, confirm with y, then exit with save.

For the passphrase issue: the times I've seen this, it is usually due to the
passphrase having characters that don't map into the command line code-page.

You may wish to try clearing the passphrase in PGP before copying the keyrings
and then resetting it in GnuPG.


-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080220/e18c8fad/attachment.pgp>

More information about the Gnupg-users mailing list