Upgrade from GnuPG 1.4.5 to 1.4.9 breaks signature verification in PGP

Faramir faramir.cl at gmail.com
Wed Apr 15 04:37:09 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ronald Cook escribió:
...
> One of our clients recently upgraded their production installation of
> GnuPG 1.4.5 to version 1.4.9.  They send encrypted / signed files to
> us almost daily for real-time financial processing.
> 
> Prior to their upgrade, files received from them passed signature
> verification and decrypted successfully in our production installation
> of PGP 6.x, circa 1999-2000.  Since the upgrade, signature
> verification fails.

   Maybe they need to force compatibility with PGP 6.x... I recall
recently there was some talk about the length of supported hash
algorithms in PGP 6.x, but it was in another list (PGP-Basics list maybe?).

> They've not changed their key and  manual decryption / verification
> works correctly through a stand-alone GnuPG 1.4.9.

  I _think_ what has changed is the standard with which GnuPG 1.4.9
operates, when they upgraded, they moved to RFC 4880, and you are still
using an older way to do things...

> It took a while for us to get them to admit to the upgrade; now they
> can't recall if they had any specific command line options in place
> that might not have been replicated to the new version.

   Maybe you should consider upgrading too... I don't know how complex
would that be for you. PGP 6.x is too old currently, and the standard
advice is to upgrade to something that supports the current standards,
but that advice is mostly for end users, maybe migrating would not be
trivial for your system

> Might anyone have any ideas as to anything we can suggest to them, or
> any comments as to what might have changed in their process?

  Tell them to force PGP 6.x compatibility, it's done by adding the line:
pgp6

  to gpg.conf file in the home folder of GnuPG (the folder where the
keyrings are placed).

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJ5UhVAAoJEMV4f6PvczxABFkIAJ2JkcFmrfRDFz/FDzAu7rbO
Ef0LvivXzOPCfs6UJhMYd6lneAuUo6uJNDtT3D4B4YpU76UpthxhVMywxJbtaah2
AUJegkmaCC71SefIZ8u8Kka2oMxICB0/RsZqVqzbPfl01xJ6ZrEgTJiu0zy0KgBX
xQaEgVFTpgo2kkOrSYG4ZhefRWSelDOAqAv011zByhba6x4C5RglaCjhspjTmiAA
RAHP0x6Bj84vOdC+2UyQMoFGvVn8l/vdM+vcvlf3JK+1eFAiLwsSr1sMJhGwl4MK
+reE8jkDjLpZbqsVCQ25MiWXGTWRAktybp6hfC/Luw5TPBlAUkdgiaY9OpuFJvY=
=84EX
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list