Howdy..
Instead of creating a new GPG key, I figured I would just import my PGP 5.0
key (since they use the same algorithms). PGP 5.0 doesn't provide a way to
export secret keys, and gpg appears unable to handle the secret-key protection
that pgp5.0 uses on secring.skr, so I had to use the following trick:
use 'pgpk' to temporarily remove the passphrase on my pgp 5.0 key
pgpk -xa warner |gpg --import
(this imports the public key)
gpg --armor --export-secret-keys --keyring ~/.pgp/pubring.pkr \
--secret-keyring ~/.pgp/secring.skr warner |gpg --import
(this imports the secret key)
use 'pgpk' to replace the passphrase on the 5.0 key
gpg --edit-key warner
(to replace the passphrase on my gpg key)
Now I have an apparently fully functional key on my gpg secret key ring. But I
have a problem with the preferences. If I create a new gpg key, the algorithm
preferences get set as follows (displayed with 'gpg --edit-key warner;
prefs'):
Command> pref
pub 1024D/8170B9CE created: 1998-09-19 expires: never trust: -/u
(1) Brian Warner (home) <warner@lothar.com>
S4 S3 H3 H2 H6 H1 Z2 Z1
When I first imported the pgp5.0 key, I think it had a preference like:
Command> pref
pub 1024D/D139CC4C created: 1998-04-25 expires: never trust: -/q
(1) Brian Warner <warner@lothar.com>
S3 S1 S2
Now, after importing the 5.0 key I went to change the uid (to add the "home"
comment). To do this, I had to create a new uid then delete the old one. Now
the preferences have gone away completely:
Command> pref
pub 1024D/D139CC4C created: 1998-04-25 expires: never trust: f/u
(1) Brian Warner (home) <warner@lothar.com>
Can the preferences be set or changed? (I assume they fundamentally can, but
there's just no interface for it yet). Specifically, does a signature on my
key include the preferences? If somebody signs my key, and then I change the
preferences, does that signature become invalid? I want to upload my key but
once there is a mechanism for it I intend to change the preferences to
match GPG's capabilities (twofish, etc), so I don't want to start getting it
signed if I know that I'll have to do it again once I change them.
Is the lack of preferences likely to cause any weird behavior? Reading over
the OpenPGP draft it looks like the sender will assume 3DES only, with ZIP
compression.
thanks,
-Brian
warner@lothar.com
Instead of creating a new GPG key, I figured I would just import my PGP 5.0
key (since they use the same algorithms). PGP 5.0 doesn't provide a way to
export secret keys, and gpg appears unable to handle the secret-key protection
that pgp5.0 uses on secring.skr, so I had to use the following trick:
use 'pgpk' to temporarily remove the passphrase on my pgp 5.0 key
pgpk -xa warner |gpg --import
(this imports the public key)
gpg --armor --export-secret-keys --keyring ~/.pgp/pubring.pkr \
--secret-keyring ~/.pgp/secring.skr warner |gpg --import
(this imports the secret key)
use 'pgpk' to replace the passphrase on the 5.0 key
gpg --edit-key warner
(to replace the passphrase on my gpg key)
Now I have an apparently fully functional key on my gpg secret key ring. But I
have a problem with the preferences. If I create a new gpg key, the algorithm
preferences get set as follows (displayed with 'gpg --edit-key warner;
prefs'):
Command> pref
pub 1024D/8170B9CE created: 1998-09-19 expires: never trust: -/u
(1) Brian Warner (home) <warner@lothar.com>
S4 S3 H3 H2 H6 H1 Z2 Z1
When I first imported the pgp5.0 key, I think it had a preference like:
Command> pref
pub 1024D/D139CC4C created: 1998-04-25 expires: never trust: -/q
(1) Brian Warner <warner@lothar.com>
S3 S1 S2
Now, after importing the 5.0 key I went to change the uid (to add the "home"
comment). To do this, I had to create a new uid then delete the old one. Now
the preferences have gone away completely:
Command> pref
pub 1024D/D139CC4C created: 1998-04-25 expires: never trust: f/u
(1) Brian Warner (home) <warner@lothar.com>
Can the preferences be set or changed? (I assume they fundamentally can, but
there's just no interface for it yet). Specifically, does a signature on my
key include the preferences? If somebody signs my key, and then I change the
preferences, does that signature become invalid? I want to upload my key but
once there is a mechanism for it I intend to change the preferences to
match GPG's capabilities (twofish, etc), so I don't want to start getting it
signed if I know that I'll have to do it again once I change them.
Is the lack of preferences likely to cause any weird behavior? Reading over
the OpenPGP draft it looks like the sender will assume 3DES only, with ZIP
compression.
thanks,
-Brian
warner@lothar.com