Upgrade from GnuPG 1.4.5 to 1.4.9 breaks signature verification in PGP
faramir.cl at gmail.com
Wed Apr 15 04:37:09 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Ronald Cook escribió:
> One of our clients recently upgraded their production installation of
> GnuPG 1.4.5 to version 1.4.9. They send encrypted / signed files to
> us almost daily for real-time financial processing.
> Prior to their upgrade, files received from them passed signature
> verification and decrypted successfully in our production installation
> of PGP 6.x, circa 1999-2000. Since the upgrade, signature
> verification fails.
Maybe they need to force compatibility with PGP 6.x... I recall
recently there was some talk about the length of supported hash
algorithms in PGP 6.x, but it was in another list (PGP-Basics list maybe?).
> They've not changed their key and manual decryption / verification
> works correctly through a stand-alone GnuPG 1.4.9.
I _think_ what has changed is the standard with which GnuPG 1.4.9
operates, when they upgraded, they moved to RFC 4880, and you are still
using an older way to do things...
> It took a while for us to get them to admit to the upgrade; now they
> can't recall if they had any specific command line options in place
> that might not have been replicated to the new version.
Maybe you should consider upgrading too... I don't know how complex
would that be for you. PGP 6.x is too old currently, and the standard
advice is to upgrade to something that supports the current standards,
but that advice is mostly for end users, maybe migrating would not be
trivial for your system
> Might anyone have any ideas as to anything we can suggest to them, or
> any comments as to what might have changed in their process?
Tell them to force PGP 6.x compatibility, it's done by adding the line:
to gpg.conf file in the home folder of GnuPG (the folder where the
keyrings are placed).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users