Re: Export secret key from WinXP (GnuPG) 1.4.7 to AIX PGP Version 6.5.8 gives Bad Pass Phrase

vedaal at hush.com vedaal at hush.com
Wed Sep 17 17:04:18 CEST 2008 

>Date: Wed, 17 Sep 2008 06:42:10 -0700 (PDT)
>From: rlively <72ceot902 at sneakemail.com>
>Subject: Re: Export secret key from WinXP (GnuPG) 1.4.7 to AIX PGP
>	Version	6.5.8 gives Bad Pass Phrase

>I need help reconciling the two responses below.  I am still going 
>to get a
>test file encrypted/decrypted using GPG 1.4.7 with the owner of 
>said key
>just to see how it goes, but that might take a while, and I need 
>to improve my general understanding of this entire process
>and all of the software involved anyway.


>David Shaw wrote:

>> Yes.  Even though the key specifies IDEA as a cipher, modern 
>OpenPGP systems (GPG or PGP) will both use 3DES as an alternative 
if 
>they do not have IDEA.
>> 
>> &gt; If they use a newer version of PGP or GnuPG we should be 
>fine?
>> 
>> Yes.


>Robert J. Hansen-3 wrote:
>> 
>> 
>This is a PGP 2.6 key, unfortunately. 
>> 
>> &gt; If they use a newer version of PGP or GnuPG we should be 
>fine?
>> 
>> He is not.  


both posts are technically correct

but, practically,
the problem is that NO newer version of PGP, will use anything 
besides IDEA to encrypt to a pgp 2.6 key,

so, 
while you can use gnupg to encrypt to that key, using ANY cipher, 
and PGP can decrypt it (as long as the version of PGP used has that 
cipher
i.e., PGP 6x doesn't have AES, so it can't decrypt an AES message, 
but PGP 9.x does and can)

you will still not be able to use gnupg to decrypt any message done 
in ANY version of PGP that encrypts to a pgp 2.x key, unless you 
have IDEA
installed in your gnupg

to make life simple for you,
if you aren't a stickler for the IDEA patent issues, 
and if you don't get any grief from the legal team at your work,
just put IDEA into your gnupg;

[1] get the IDEA module:
ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip

[2] unzip this to your gnupg folder (c:\gnupg)

[3] put this line into your gpg.conf file:
load-extension c:\gnupg\IDEA.dll

now you can decrypt whatever the client sends to you


alternatively,
as the client uses pgp 6.5.8

just ask the client to generate a new DH/DSA key

(REAL 'diehard' pgp 2.x users, don't use anything besides 2.x ;-)
so if the client already has 6.5.8
he may be more amenable to making a new key,
and then all you have to do, is use the option of --pgp6
and gnupg will automatically make sure that everything you send can 
be decrypted and verified by 6.5.8)


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Enhance your home's curb appeal with name brand shutters. Click now.
http://tagline.hushmail.com/fc/Ioyw6h4dZriiv64dIK5kLv7cT4enlUOJKv0jhymfS6YyOIseeni83N/

More information about the Gnupg-users mailing list