New beta
Werner Koch
wk at gnupg.org
Mon Sep 22 08:52:03 CEST 2014
On Sun, 21 Sep 2014 11:59, peter at digitalbrains.com said:
> What is the net effect when GnuPG 1.4 encounters, for example, such a key:
>
> RSA pubkey with Certify and Sign capabilities
> RSA subkey with Encrypt capability, created 2014-04-01
> ECC subkey with Encrypt capability, created 2014-09-21
>
> Everything is non-expired. If I were to try to encrypt to it, would 1.4 pick the
> RSA subkey because it is valid and understandable to it, or would it fail to
> encrypt to this key because it can't parse ECC keys?
I did some tests:
$ gpg1 -k 9613A41C
pub 1024R/9613A41C 2014-09-22
uid RSA+RSA key created by gpg1 (test)
sub 1024R/0CA0BC98 2014-09-22
sub 0e/A519E3EC 2014-09-22
$ ../g10/gpg2 -k 9613A41C
pub rsa1024/9613A41C 2014-09-22
uid [ultimate] RSA+RSA key created by gpg1 (test)
sub rsa1024/0CA0BC98 2014-09-22
sub nistp256/A519E3EC 2014-09-22 nistp256
You can't see it in this output but the ECC keys has been created a
minute or so after the standard key (with gpg2 of course). The initial
keyring was created by "gpg1 --export >pubring.gpg" and then gpg1 was
used to create a new standard key. I redacted some diagnostics.
$ fortune | ../g10/gpg2 -evar 9613A41C >x
gpg: using subkey A519E3EC instead of primary key 9613A41C
gpg: using PGP trust model
gpg: This key belongs to us
gpg: reading from '[stdin]'
gpg: writing to stdout
gpg: ECDH/AES256 encrypted for: "A519E3EC RSA+RSA key created by gpg1 (test)"
$ ../g10/gpg2 <x
gpg: encrypted with 256-bit ECDH key, ID A519E3EC, created 2014-09-22
"RSA+RSA key created by gpg1 (test)"
I believe in an America where the separation of church and state is absolute --
where no Catholic prelate would tell the president (should he be Catholic)
how to act, and no Protestant minister would tell his parishioners for whom
to vote--where no church or church school is granted any public funds or
political preference--and where no man is denied public office merely
because his religion differs from the president who might appoint him or the
people who might elect him.
- from John F. Kennedy's address to the Greater Houston Ministerial Association
September 12, 1960.
As expected the ECC key was used.
$ gpg1 <x
gpg: encrypted with 0-bit [?] key, ID A519E3EC, created 2014-09-22
"RSA+RSA key created by gpg1 (test)"
gpg: public key decryption failed: unknown pubkey algorithm
gpg: decryption failed: secret key not available
and gpg1 is not able to decrypt it.
$ fortune | gpg1 -evar 9613A41C >x
gpg: using subkey 0CA0BC98 instead of primary key 9613A41C
gpg: using PGP trust model
gpg: This key belongs to us
gpg: reading from `[stdin]'
gpg: writing to stdout
gpg: RSA/AES256 encrypted for: "0CA0BC98 RSA+RSA key created by gpg1 (test)"
The RSA key was used.
$ gpg1 <x
You need a passphrase to unlock the secret key for
user: "RSA+RSA key created by gpg1 (test)"
1024-bit RSA key, ID 0CA0BC98, created 2014-09-22 (main key ID 9613A41C)
gpg: encrypted with 1024-bit RSA key, ID 0CA0BC98, created 2014-09-22
"RSA+RSA key created by gpg1 (test)"
... eighty years later he could still recall with the young pang of his
original joy his falling in love with Ada.
-- Nabokov
and gpg1 is able to decrypt it.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list