Incompatibility between GnuPG encryption and the Bouncy Castle encryption.
faramir.cl at gmail.com
Wed Jun 4 21:58:49 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Bhushan Jain escribió:
> I have created RSA key as well as its subkey for encryption using GnuPG.
> Now I encrypted a file using JAVA library functions given by Bouncy
> Castle (a pgp library in JAVA which claims to adhere to rfc 2440). I
> also encrypted the same file using the GnuPG commands from command line.
> The following are the results of the pgpdump for both of them...........
> Plz help me .....
> or is it that GnuPG donot follow the rfc2440??
All I know about this is GnuPG can be set to different compatibility
modes, like: openpgp, pgp2, pgp8, rfc1991, rfc2440, rfc4880, and some
Reading GnuPG manual, it states:
GnuPG tries to be a very flexible implementation of the OpenPGP
standard. In particular, GnuPG implements many of the optional parts of
the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
compression algorithms. It is important to be aware that not all
OpenPGP programs implement these optional algorithms and that by
forcing their use via the --cipher-algo, --digest-algo,
- --cert-digest-algo, or --compress-algo options in GnuPG, it is
possible to create a perfectly valid OpenPGP message, but one that
cannot be read by the intended recipient.
There are dozens of variations of OpenPGP programs available,
and each supports a slightly different subset of these optional
algorithms. For example, until recently, no (unhacked) version of
PGP supported the BLOWFISH cipher algorithm. A message using BLOWFISH
simply could not be read by a PGP user. By default, GnuPG uses the
standard OpenPGP preferences system that will always do the right thing
and create messages that are usable by all recipients, regardless of
which OpenPGP program they use. Only override this safe default if you
really know what you are doing.
If you absolutely must override the safe default, or if the
preferences on a given key are invalid for some reason, you are far
better off using the --pgp6, --pgp7, or --pgp8 options. These options
are safe as they do not force any particular algorithms in violation
of OpenPGP, but rather reduce the available algorithms to a "PGP-safe"
So, maybe the cipher algorithm you are using with GnuPG is not
supported in rfc2440, and the solution would be to change the
preferences settings to rfc2440 compatible.
I hope this helps.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users