[Announce] GnuPG 2.1.0 "modern" released

Michael Richardson mcr at sandelman.ca
Thu Nov 6 20:05:04 CET 2014

Werner Koch <wk at gnupg.org> wrote:
    >> Werner Koch <wk at gnupg.org> wrote: > - All support for PGP-2 keys has
    >> been removed for security reasons.
    >> Does this mean that documents signed decades ago with PGP2 can no
    >> longer be verified?

    > Right.  It is anyway useless because you have to assume that such
    > signatures are broken.  If you want to decrypt you should have 1.4

I agree that one's confidence in that content should be suspect, but the
value is not zero.  I am happy that you have removed the support,
btw. Simpler code is important.

    >   There is one use case where PGP-2 keys may still be required: For
    > existing encrypted data.  We suggest to keep a version of GnuPG 1.4
    > around which still has support for these keys (it might be required to
    > use the `--allow-weak-digest-algos' option).  A better solution is to
    > re-encrypt the data using a modern key.

Yes, that was idea too -- just use 1.4.
And one can't re-encrypt data signed by another.

In many cases, in my archives, I have email that is clear signed, which was
then encrypted, and stored that way.

]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
URL: </pipermail/attachments/20141106/2fa6de26/attachment-0001.sig>

More information about the Gnupg-users mailing list