Export secret key from WinXP (GnuPG) 1.4.7 to AIX PGP Version 6.5.8 gives Bad Pass Phrase

David Shaw dshaw at jabberwocky.com
Tue Sep 16 19:26:21 CEST 2008


On Tue, Sep 16, 2008 at 09:57:49AM -0700, rlively wrote:
> 
> 
> David Shaw wrote:
> > 
> >> AIX 5.3.0.0
> >> Pretty Good Privacy(tm) Version 6.5.8
> > 
> > PGP 6 is really, really old.  It predates some of the OpenPGP  
> > standard, so I suspect a passphrase encoding problem between the two  
> > programs.  I suggest removing the passphrase completely (just hit  
> > enter when asked for the new passprase), then copying the key over to  
> > PGP, and changing the passphrase to what you want it to be.
> > 
> 
> I think our AIX administrator installed the highest version available here:
> http://www.pgpi.org/products/pgp/versions/freeware/unix/
> 
> What is the latest PGP version for Unix/AIX if not this one? How old is this
> version?

Mid-2000, I think.
 
> David Shaw wrote:
> > 
> >> received signal 11
> >>
> >> [no cleartext file is created]
> > 
> > That said, a signal 11 is a segfault.  If PGP is actually *crashing*,  
> > there isn't much you can do.
> > 
> 
> Do you think this version of PGP would always just segfault upon using a
> GnuPG key?

No way to guess.  It's a segfault, so something is clearly very
broken.  A sane program would print an error instead of crashing.

> If we install the latest Unix GnuPG on AIX, will we run into any issues with
> our current keys?

Probably not, unless the person you are communicating with is using
PGP 2.x from the 1990s (don't laugh - some people still are).  Just
update your key like this:

 gpg --edit-key (thekey)
 setpref
 save

> If someone we communicate with uses RSA/IDEA, will our
> GnuPG command-line fail to encrypt to their public key?

No.  IDEA is an optional part of PGP, and 3DES will be used instead.
Whether your recipient will be able to decrypt depends on whether
they're stuck with PGP 2.x.

> Would we need to
> install the latest PGP instead and purchase the license for
> RSA/IDEA?

No.

> 1) PGP (or GPG) is a software package for encrypting and decrypting data. 
> The software can use one of a number of encryption algorithms and usually
> comes with support for many different algorithms.

Yes.

> 2) The software we downloaded and installed on our local Windows
> workstations (Gnu Privacy Guard - GPG) is free for use even in commercial
> uses.

Yes.  GPG, and every algorithm supplied with GPG is free for use in
any way you want to use it.

IDEA is a different beast.  It is not shipped as part of GPG, and
requires a license for commercial use.  You can add IDEA to GPG via a
plugin or special compilation, but don't.  Unless your situation is
extremely special, you don't need IDEA.  Just ignore it.

> 3) If our AIX admin installed GPG for Unix, then the software on our GIS
> servers are also license-free and cost-free for commercial uses.  If he
> installed PGP from http://www.pgpi.org or http://www.pgp.com/ then we need a
> license.

Yes.

> 3) Most of the algorithms in the software are license-free and cose-free for
> both commercial and non-commercial uses, except for the IDEA algorithm,
> which is patented and needs a license.    So we would need to find out if we
> are using the IDEA encryption algorithm to find out whether we need to
> purchase a license for that algorithm or not.  If we're not using the IDEA
> algorithm, we don't need a license.  The MediaCrypt website (either
> www.mediacrypt.com or www.media-crypt.com, I've seen both mentioned) seems
> to be defunct, so I couldn't find out more information directly from their
> website.  It may be that they're not enforcing the patent any longer.  If we
> purchase a copy of the PGP software from NAI, it comes with a license for
> IDEA algorithm.

Yes.

Bottom line: don't use PGP 6 (you can't use it for commercial use
without a license and I'm fairly sure there is nobody who will sell
you a PGP 6 license at this point anyway).  Use a recent GPG or a
recent PGP.  Don't even get involved with IDEA unless a specific
customer has a problem, and asking that customer to upgrade isn't an
option.  There is a lot of code in both GPG and PGP to make all these
cipher and version questions invisible to the outside world.  Let the
system do the work for you.

David



More information about the Gnupg-users mailing list