Migrating from PGP to GPG question

Laurent Jumet laurent.jumet at skynet.be
Wed Mar 3 08:56:50 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Hello Smith, !

"Smith, Cathy" <cathy.smith at pnl.gov> wrote:

> The gpg --import option worked without any problems for importing the
> OpenPGP public keyring.  When I try to import the secret keyring, I get the
> following message:

> [app1 ~/.gnupg]$ gpg --import secring.skr
> gpg: key B4A839CC: secret key imported
> gpg: key B4A8899S: "ofc" not changed
> gpg: key 96B12847: secret key imported
> gpg: key 96B12847: "pss" not changed
> gpg: WARNING: key 96B12847 contains preferences for unavailable
> gpg:          algorithms on these user IDs:
> gpg:          "pss": preference for cipher algorithm 1
> gpg: it is strongly suggested that you update your preferences and
> gpg: re-distribute this key to avoid potential algorithm mismatch problems

> Set preference list to:
>      Cipher: AES256, AES192, AES, CAST5, 3DES
>      Digest: SHA1, SHA256, RIPEMD160
>      Compression: ZLIB, BZIP2, ZIP, Uncompressed
>      Features: MDC, Keyserver no-modify
> Really update the preferences? (y/N)

> If I answer "no", the import finishes with the message:

> Key not changed so no update needed.
> gpg: Total number processed: 7
> gpg:           w/o user IDs: 1
> gpg:              unchanged: 6
> gpg:       secret keys read: 7
> gpg:   secret keys imported: 7


> When I created my gpg keyring, I selected the default for the key, DSA and
> Elgamml, and a 2048 bit keysize.

> What are the ramifications of just saying "yes" to the prompt - update
> preferences?  How potentially serious is the algorithm mismatch?  I'd like
> to better understand exactly what is happening.

    Let's suppose you are trying to import two key pairs that have been created
with an older version of PGP: PGP2, PGP6, PGP7, PGP8 or other.

    GPG is warning you, that you are about to include in one of those imported 
keys ("pss") a set of preferences that your friends *may* use if they match 
their own set of preferences, and send you an encrypted file that *may not* be 
compatible with your system.

    So, for that key ("pss"), it is strongly recommended that you accept the 
suggested preferences and save them in the key. After that, you extract that 
public key and send it to servers, in order to update your already uploaded 
key.
    That means that people using that key, would not use algorythms that *may 
not* work.

    Confused? Me too... :-)

- -- 
Laurent Jumet
      KeyID: 0xCFAF704C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iHEEAREDADEFAkuOGicqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB
RjcwNEMuYXNjAAoJEPUdbaDPr3BMURMAn12IWL5mayCkEzmFug0DzT0LR3S6AKCu
W7a8T07kyCMZqu8jj+0rHD4VwA==
=S26d
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list