FW: Migrating from PGP to GPG question
cathy.smith at pnl.gov
Wed Mar 3 03:18:42 CET 2010
The gpg --import option worked without any problems for importing the OpenPGP public keyring. When I try to import the secret keyring, I get the following message:
[app1 ~/.gnupg]$ gpg --import secring.skr
gpg: key B4A839CC: secret key imported
gpg: key B4A8899S: "ofc" not changed
gpg: key 96B12847: secret key imported
gpg: key 96B12847: "pss" not changed
gpg: WARNING: key 96B12847 contains preferences for unavailable
gpg: algorithms on these user IDs:
gpg: "pss": preference for cipher algorithm 1
gpg: it is strongly suggested that you update your preferences and
gpg: re-distribute this key to avoid potential algorithm mismatch problems
Set preference list to:
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Really update the preferences? (y/N)
If I answer "no", the import finishes with the message:
Key not changed so no update needed.
gpg: Total number processed: 7
gpg: w/o user IDs: 1
gpg: unchanged: 6
gpg: secret keys read: 7
gpg: secret keys imported: 7
When I created my gpg keyring, I selected the default for the key, DSA and Elgamml, and a 2048 bit keysize.
What are the ramifications of just saying "yes" to the prompt - update preferences? How potentially serious is the algorithm mismatch? I'd like to better understand exactly what is happening.
Just for background, this is migration has to go into production in a very short time. Redistributing keys to the various vendors, and to test the batch jobs using these keys to exchange files with vendors, wasn't included when planning. So I'm under a short deadline.
Cathy L. Smith
Pacific Northwest National Laboratory
Email: cathy.smith at pnl.gov
From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Laurent Jumet
Sent: Thursday, February 25, 2010 2:51 PM
To: Smith, Cathy
Subject: RE: Migrating from PGP to GPG question
Hello Smith, !
"Smith, Cathy" <cathy.smith at pnl.gov> wrote:
> Another question about this migration. Is it possible to do a mass import
> of a single user's keyring or do I have to do it for each individual key.
> I've not been able to find anything so far about anything that addresses
I would try
as GPG assumes usually the most relevant action.
in gpg.conf adds current file to list of keyrings.
gpg --import pubring.pgp
should import the whole keyring too.
Gnupg-users mailing list
Gnupg-users at gnupg.org
More information about the Gnupg-users