Export secret key from WinXP (GnuPG) 1.4.7 to AIX PGP Version 6.5.8 gives Bad Pass Phrase

rlively 72ceot902 at sneakemail.com
Tue Sep 16 18:57:49 CEST 2008



David Shaw wrote:
> 
>> AIX 5.3.0.0
>> Pretty Good Privacy(tm) Version 6.5.8
> 
> PGP 6 is really, really old.  It predates some of the OpenPGP  
> standard, so I suspect a passphrase encoding problem between the two  
> programs.  I suggest removing the passphrase completely (just hit  
> enter when asked for the new passprase), then copying the key over to  
> PGP, and changing the passphrase to what you want it to be.
> 

I think our AIX administrator installed the highest version available here:
http://www.pgpi.org/products/pgp/versions/freeware/unix/

What is the latest PGP version for Unix/AIX if not this one? How old is this
version?


David Shaw wrote:
> 
>> received signal 11
>>
>> [no cleartext file is created]
> 
> That said, a signal 11 is a segfault.  If PGP is actually *crashing*,  
> there isn't much you can do.
> 

Do you think this version of PGP would always just segfault upon using a
GnuPG key?

I tried blanking out the password, but when exporting to AIX and trying the
new password I still got the "Bad Password" when just hitting enter.  Is
there anything else I can try?

If we install the latest Unix GnuPG on AIX, will we run into any issues with
our current keys?  If someone we communicate with uses RSA/IDEA, will our
GnuPG command-line fail to encrypt to their public key?  Would we need to
install the latest PGP instead and purchase the license for RSA/IDEA?

The versions of PGP, the algorithms, patents, license requirements, etc are
all extremely confusing, and I haven't found a good site explaining all of
the differences.  Is it free? Not free? License needed or not? Only if you
use IDEA?  Is RSA and IDEA the same thing?

Is this all correct?

1) PGP (or GPG) is a software package for encrypting and decrypting data. 
The software can use one of a number of encryption algorithms and usually
comes with support for many different algorithms.

2) The software we downloaded and installed on our local Windows
workstations (Gnu Privacy Guard - GPG) is free for use even in commercial
uses.

3) If our AIX admin installed GPG for Unix, then the software on our GIS
servers are also license-free and cost-free for commercial uses.  If he
installed PGP from http://www.pgpi.org or http://www.pgp.com/ then we need a
license.

3) Most of the algorithms in the software are license-free and cose-free for
both commercial and non-commercial uses, except for the IDEA algorithm,
which is patented and needs a license.    So we would need to find out if we
are using the IDEA encryption algorithm to find out whether we need to
purchase a license for that algorithm or not.  If we're not using the IDEA
algorithm, we don't need a license.  The MediaCrypt website (either
www.mediacrypt.com or www.media-crypt.com, I've seen both mentioned) seems
to be defunct, so I couldn't find out more information directly from their
website.  It may be that they're not enforcing the patent any longer.  If we
purchase a copy of the PGP software from NAI, it comes with a license for
IDEA algorithm.

See the information below:

http://www.mccune.cc/PGPpage2.htm#GPG

"GnuPG is a complete and free replacement for PGP."  GPG (GNU Privacy Guard)
is a PGP compatible alternative based on the OpenPGP standard.  It has
received funding from the German Federal Ministry of Economics and
Technology, and there are two great reasons to consider it: It is completely
open source software that can be peer reviewed for any security weaknesses;
and it is absolutely free to use for both commercial and noncommercial
purposes.  Although designed for command line operating systems such as
Linux, it has been ported for 32 bit Windows use.

http://www.uk.pgp.net/pgpnet/pgp-faq/pgp-faq-general-questions.html

Q: How much does PGP cost?

A: The PGP 2.x series are freely available as open source software under the
GNU General Public License, with no real limits on its use, at no cost
(except the IDEA patent should you opt to include support for it, see What's
with the patent on IDEA?).

A: GNU Privacy Guard is freely available as open source software, with no
real limits on its use, at no cost (except the IDEA patent should you opt to
include support for it, see What's with the patent on IDEA?). The website of
the GNU Privacy Guard Project is the primary distribution point.

A: PGP 5.x and higher are commercial products. Network Associates bought PGP
Inc., a company founded by Phil Zimmerman, and sells a whole range of
products under the brand "PGP". The "original" email and file encryption PGP
are called PGPmail and PGPfile respectively. See NAI for pricing and
availability. There is a version available at no cost for strictly
non-commercial use on http://www.pgp.com/products/freeware/.

Note that the free versions of PGP are free only for noncommercial use. If
you need to use PGP in a commercial setting you should buy a copy of PGP
from NAI. This version of PGP has other advantages as well, most notably its
integration with common MS Windows and Mac OS applications, a limited
license to export it to foreign branch offices and a license for IDEA. See
below, under question Where can I obtain PGP?, for information on how to
contact them.

Q: What's with the patent on IDEA?

A: IDEA is patented in the USA (US 5,214,703), Europe (EP-B-0482154)and
Japan (JP 3225440) by Ascom Systec AG. This patent expires 25 May 2010 (USA)
or 16 May 2011 (Europe and Japan). For strictly non-commercial use, the
licence fee is waved by MediaCrypt AG.

If you need to use PGP 2.x or GPG with IDEA (i.e. for compatibility with the
2.x versions) for commercial use, you should contact MediaCrypt AG who are
the distributor for the IDEA algorithm license for Ascom Systec AG, the
patent holders for IDEA. They sell individual and site licenses for using
IDEA in PGP. Contact:

    MediaCrypt AG
    Technoparkstrasse 1
    8005 Zurich
    Switzerland
    <IDEA at mediacrypt.com>
    Tel ++41 1 445 3070
    Fax ++41 1 445 3071

http://www.pgpi.org/doc/faq/pgpi/en/#What

2.2. Can I use PGPi for commercial purposes?

Yes, you can, but you must obtain a commercial use license from Network
Associates Inc. or its authorized representatives. (The GNU Privacy Guard
can be used for commercial purposes without any license.)

If you are located in the U.S. or Canada, go to: http://www.nai.com/.

If you are located elsewhere, go to: http://www.pgpinternational.com/.

If you wish to use a PGP-compatible product (i.e., an encryption product
that may be interoperable with PGP or based upon the Open-PGP standard, but
does not contain software actually owned by PGP to implement its
cryptography functions), you may require additional licenses from third
parties, such as from Ascom Systec AG in Switzerland if the IDEA algorithm
is used in such product or from RSA Data Security, Inc. if the RSA algorithm
is used in such product and the product is to be distributed in the United
States.
-- 
View this message in context: http://www.nabble.com/Export-secret-key-from-WinXP-%28GnuPG%29-1.4.7-to-AIX-PGP-Version-6.5.8-gives-Bad-Pass-Phrase-tp19512637p19516043.html
Sent from the GnuPG - User mailing list archive at Nabble.com.




More information about the Gnupg-users mailing list