Mailing List Archive

You, Johnston, Sam, wrote:

> gpg --export-secret-keys --armor

> to get the secret, which I've copied to the clipboard and then done 'Add key
> from clipboard' (from pgptray). I can do this with the public key, but get a
> read error when I do it for the private. If I do it to a file:

What kind of read error exactly? Did you use a symmetric algorithm that pgp
doesn't support? Try removing the password from the secret key, importing it
and put then ther password back on the key.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johnston, Sam, at 20:13 +1000 on Sat, 22 Apr 2000, wrote:

> gpg --export-secret-keys --armor -o somefile.asc
>
> and then try to import them with PGPkeys I get errors about not containing
> any valid PGP keys.

The problem I would guess, is that the default symmetric algorithm used to
encrypt GnuPG secret keys is Blowfish, which is not supported by PGP.

I don't know how you could go about resolving this issue; that is, I don't
know how you could get GnuPG to change the algorithm used to encrypt an
already-created secret key. There is an option "s2k-cipher-algo", but
according to the documentation in the manpage, is not clear that this may
have any effect while not generating a key.

- --
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjkB89gACgkQVv/RCiYMT6Ol7QCdGMUmAV+7PDXakh2+mVtdmmUq
+4IAn1n7jV60tCnq0s4eJ/1y03r0Kzhj
=WI7j
-----END PGP SIGNATURE-----

Hello all,

Thanks to those who responded - especially those who replied within minutes!

It appears the simplest way around the problem (the problem being I want to
use PGP in Windoze and GPG in Unix for now) is to generate my keys in PGP
and import them into GPG.

This is apparantly because GPG stores its keys using Blowfish. I would have
thought it could have been more friendly than that, but I suspect it is more
PGP being broken than GPG :)

Sam

-----Original Message-----
From: Frank Tobin [mailto:ftobin@uiuc.edu]
Sent: Sunday, 23 April 2000 4:48
To: 'gnupg-users@gnupg.org'
Cc: Johnston, Sam
Subject: Re: Windoze PGP Compatability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johnston, Sam, at 20:13 +1000 on Sat, 22 Apr 2000, wrote:

> gpg --export-secret-keys --armor -o somefile.asc
>
> and then try to import them with PGPkeys I get errors about not containing
> any valid PGP keys.

The problem I would guess, is that the default symmetric algorithm used to
encrypt GnuPG secret keys is Blowfish, which is not supported by PGP.

I don't know how you could go about resolving this issue; that is, I don't
know how you could get GnuPG to change the algorithm used to encrypt an
already-created secret key. There is an option "s2k-cipher-algo", but
according to the documentation in the manpage, is not clear that this may
have any effect while not generating a key.

- --
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjkB89gACgkQVv/RCiYMT6Ol7QCdGMUmAV+7PDXakh2+mVtdmmUq
+4IAn1n7jV60tCnq0s4eJ/1y03r0Kzhj
=WI7j
-----END PGP SIGNATURE-----

On Mon, 24 Apr 2000, L. Sassaman wrote:

> Also, disabling blowfish altogether is probably a good idea.

why?

--
ino-waiting@gmx.net

On Mon, 24 Apr 2000, L. Sassaman wrote:

> Schneier's work, use Twofish if you must. Even CAST and 3DES are probably
> better choices than Blowfish. I don't even think that Bruce recommends
> people use Blowfish anymore.

According to private mail with Bruce last year, he sometimes
recommends Blowfish and sometimes Twofish with no real facts behind
it. Okay times are changing and Twofish seems to be a good choice now
- however we should do this together with the new MDC packet.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Sun, 30 Apr 2000, L. Sassaman wrote:

> Isn't Twofish Symmetric Key Algorithm ID 10? I'm not seeing a direct
> correlation between the MDC packet and adding Twofish.

Yes, it is 10 but it is just something the WG has agreed on and not in
the RFC. The thing with the MDC (manipulation detection code) and
Twofish is that it would allow us to say: if you are using a block
cipher with a blocklength greater than 64, you MUST use the MDC
packet - Twofish is the first algorithm which uses a different
blocksize.

> But re: the MDC packet, last I heard Hal was working on getting that into
> 7.0 (this is from his posts to the OpenPGP list).

Right, after a long time (about one year) we have now agreed on the
way to do it.


Werner


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de