FW: Migrating from PGP to GPG question

Smith, Cathy cathy.smith at pnl.gov
Wed Mar 3 03:18:42 CET 2010


The gpg --import option worked without any problems for importing the OpenPGP public keyring.  When I try to import the secret keyring, I get the following message:

[app1 ~/.gnupg]$ gpg --import secring.skr
gpg: key B4A839CC: secret key imported
gpg: key B4A8899S: "ofc" not changed
gpg: key 96B12847: secret key imported
gpg: key 96B12847: "pss" not changed
gpg: WARNING: key 96B12847 contains preferences for unavailable
gpg:          algorithms on these user IDs:
gpg:          "pss": preference for cipher algorithm 1
gpg: it is strongly suggested that you update your preferences and
gpg: re-distribute this key to avoid potential algorithm mismatch problems

Set preference list to:
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
Really update the preferences? (y/N)

If I answer "no", the import finishes with the message:

Key not changed so no update needed.
gpg: Total number processed: 7
gpg:           w/o user IDs: 1
gpg:              unchanged: 6
gpg:       secret keys read: 7
gpg:   secret keys imported: 7

When I created my gpg keyring, I selected the default for the key, DSA and Elgamml, and a 2048 bit keysize.  

What are the ramifications of just saying "yes" to the prompt - update preferences?  How potentially serious is the algorithm mismatch?  I'd like to better understand exactly what is happening.

Just for background, this is migration has to go into production in a very short time.  Redistributing keys to the various vendors, and to test the batch jobs using these keys to exchange files with vendors, wasn't included when planning.  So I'm under a short deadline.

Cathy L. Smith
IT Engineer
Pacific Northwest National Laboratory

Phone:  509.375.2687
Fax:        509.375.2330
Email:     cathy.smith at pnl.gov

-----Original Message-----
From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Laurent Jumet
Sent: Thursday, February 25, 2010 2:51 PM
To: Smith, Cathy
Subject: RE: Migrating from PGP to GPG question

Hello Smith, !

"Smith, Cathy" <cathy.smith at pnl.gov> wrote:

> Another question about this migration.  Is it possible to do a mass import
> of a single user's keyring or do I have to do it for each individual key.
> I've not been able to find anything so far about anything that addresses
> this.

    I would try

gpg pubring.pgp

    as GPG assumes usually the most relevant action.

keyring pubring.pgp
    in gpg.conf adds current file to list of keyrings.

gpg --import pubring.pgp
    should import the whole keyring too.

Laurent Jumet
      KeyID: 0xCFAF704C

Gnupg-users mailing list
Gnupg-users at gnupg.org

More information about the Gnupg-users mailing list