Export secret key from WinXP (GnuPG) 1.4.7 to AIX PGP Version 6.5.8 gives Bad Pass Phrase

rlively 72ceot902 at sneakemail.com
Tue Sep 16 23:25:17 CEST 2008

David Shaw wrote:
> Bottom line: don't use PGP 6 (you can't use it for commercial use
> without a license and I'm fairly sure there is nobody who will sell
> you a PGP 6 license at this point anyway).  Use a recent GPG or a
> recent PGP.  Don't even get involved with IDEA unless a specific
> customer has a problem, and asking that customer to upgrade isn't an
> option.  There is a lot of code in both GPG and PGP to make all these
> cipher and version questions invisible to the outside world.  Let the
> system do the work for you.
> ...
>> If someone we communicate with uses RSA/IDEA, will our 
>> GnuPG command-line fail to encrypt to their public key?
> No.  IDEA is an optional part of PGP, and 3DES will be used instead. 
> Whether your recipient will be able to decrypt depends on whether 
> they're stuck with PGP 2.x.
> David

One of our contacts uses this key:

Type: Public Key
Algorithm: RSA Legacy
Size: 2048 bits
Created: 5/17/1999
Expires: Never
Validity: None
Cipher: IDEA

Even though they key specifies Cipher: IDEA, are you saying that we should
be able to encrypt to this public key just fine with the latest veresion of
GnuPG, unless that contact is stuck using legacy PGP 2.x?  If they use a
newer version of PGP or GnuPG we should be fine?  So to be safe, what do we
need to do before the decision of whether to go PGP or GnuPG -- just contact
them and ask what version of PGP or GPG they use?

Supported under AIX?

http://gnupg.org/download/supported_systems.en.html GnuPG Supported Systems 
doesn't list AIX 5.3.  It does have AIX v4.3 under "Other OSes," though it
has this disclaimer: GnuPG compiles and runs on many more systems, but due
to the lack of a well tested entropy source, it should be used with some
caution. We have positive reports on these systems.

Is this anything to be concerned about? Is there a precompiled binary for
AIX that someone has done?  What is the danger of downloading the latest
source and compiling it under AIX?  How can I find a group of people that
may have done this in the past so we can get some guidance?
View this message in context: http://www.nabble.com/Export-secret-key-from-WinXP-%28GnuPG%29-1.4.7-to-AIX-PGP-Version-6.5.8-gives-Bad-Pass-Phrase-tp19512637p19520453.html
Sent from the GnuPG - User mailing list archive at Nabble.com.

More information about the Gnupg-users mailing list