Mailing List Archive

> Hello.
> I am having the most trouble using these two together (GNUPG in Linux
> and PGP 6.5.3 on Win95). I have read countless posts and messages on
> this, and none have given me a complete answer. Reading that GNUPG has
> some security enhancements over PGP, I decided to create my keys with it
> using Option 1 and 1536 bit encryption. Everything worked fine (in
> Linux): encrypting, decrypting, signing, etc.
> I exported my public and private keys (gpg --export-secret-key --output
> keys.gpg pietrzak@megahertz.net) and tried to import them into PGP
> 6.5.3. PGP said it was corrupted. If I use the tag '--export' instead
> of '--export-secret-key', it imports fine but I don't have the secret
> key in PGP. So.... I deleted the GNUPG keys and created a pair in PGP
> with CAST5 encryption (DH/DSS 1536), knowing beforehand GNUPG needed
> this kind of encryption. I exported it with 6.0 extensions and with the
> private key. Importing them into GNUPG was a piece of cake and works
> great (I can encrypt files in GNUPG and de-crypt them in PGP... and
> vice-versa).
> This leads back to my original problem. Is it possible to take
> advantage of GNUPG security enhancements and still use those keys in PGP
> in win95?
> Thanks before hand to anyone able or willing to help.

I was successfully able to do the following last night: First create keys in
gpg leave the password option empty. Then export the secret key using the
following:

gpg --export-secret-keys --no-comment -a foo >foo.asc

Then open foo.asc in Windows PGP6.5.1 and change the password - this works.

From here I have two choices in making the keys compatible: work out how to
change the password in GPG or import the PGP key pair back into GPG.

I was wondering if anyone knows if the RSA module in GPG will make any
difference to the exporting of secret keys?

Thanks, Oliver


--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Thu, Aug 10, 2000 at 10:01:55AM +1000, Oliver Bode wrote:
[...]
> I was successfully able to do the following last night: First create keys in
> gpg leave the password option empty. Then export the secret key using the
> following:
>
> gpg --export-secret-keys --no-comment -a foo >foo.asc
>
> Then open foo.asc in Windows PGP6.5.1 and change the password - this works.
>
I had the same problem, and it works fine with --no-comment, but
I can't change my password in windows PGP6.5.1

Any idea ?

Antoine

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Thu, Aug 10, 2000 at 09:35:52AM +0200, Antoine Martin wrote:
[...]
> I had the same problem, and it works fine with --no-comment, but
> I can't change my password in windows PGP6.5.1
>
> Any idea ?
>
Ooops ! I removed the password and it works like this

Antoine

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

There is no need to leave the password empty when exporting a GnuPG secret
key! By default, GnuPG encrypts the secret key using the Blowfish
algorithm, and PGP 6.5.3 does not understand this algorithm.

Here is a much more secure solution:

1. % gpg --edit-key --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \
KEY-ID

2. Change the password (but not to an empty password!). You can just
change it to what is was before, but gpg will re-encrypt the key
using an algorithm pgp will understand.

3. % gpg --export-secret-key --no-comment KEY-ID > key.asc
% gpg --export --no-comment KEY-ID >> key.asc

4. Import key.asc into pgp and everything should work fine!

Todd

P.S. Hmmmm...I don't know why the --no-comment option is necessary now...I
seem to recall not needing to use this in the past.

P.P.S. Perhaps this procedure should be added to the documentation or
some sort of FAQ? I seem to recall a PGP5-GnuPG HOWTO which
mentions the method of exporting an un-encrypted secret (which is
fine if you are very very very careful), but I think it is better
to never have to write your un-encrypted secret key to disk.

---------------------------------------
Todd L. Brooks
Department of Mechanical Engineering
Yale University
9 Hillhouse Avenue
PO BOX 208286
New Haven, CT 06520-8286
(203) 432-4362 (office and voice mail)
(203) 432-4363 (acoustics lab)
(203) 432-7654 (FAX)


--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Fri, 11 Aug 2000, noodlez wrote:

Any cipher algorithm in your key preferences that pgp doesn't support will
show up as IDEA. Any key generated with GnuPG (regardless of whether you
disable all those algorithms in your .options file), will have public key
preferences of TWOFISH then BLOWFISH then CAST5. PGP won't understand
this, so in the key info box it says IDEA. However, when actually
encrypting to this key, pgp does the right thing: since it doesn't
understand twofish and blowfish, it will encrypt with CAST5.

> just one question though: when i imported the GPG keys into PGP, it said
> (and still says) that the cipher is IDEA, but i can't be because my GPG
> doesn't even recognize IDEA. is PGP wrong?

---------------------------------------
Todd L. Brooks
Department of Mechanical Engineering
Yale University
9 Hillhouse Avenue
PO BOX 208286
New Haven, CT 06520-8286
(203) 432-4362 (office and voice mail)
(203) 432-4363 (acoustics lab)
(203) 432-7654 (FAX)


--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Ok, I follow steps 1-4 and everything looks like its working.

However, in PGP my signature is corrupt - so I delete it and sign it again

Then I go to encrypt a file using PGP and I find that there are no
recipients in my list. Signing works Ok

What may be going on here?

Thanks, Oliver.

> There is no need to leave the password empty when exporting a GnuPG secret
> key! By default, GnuPG encrypts the secret key using the Blowfish
> algorithm, and PGP 6.5.3 does not understand this algorithm.
>
> Here is a much more secure solution:
>
> 1. % gpg --edit-key --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \
> KEY-ID
>
> 2. Change the password (but not to an empty password!). You can just
> change it to what is was before, but gpg will re-encrypt the key
> using an algorithm pgp will understand.
>
> 3. % gpg --export-secret-key --no-comment KEY-ID > key.asc
> % gpg --export --no-comment KEY-ID >> key.asc
>
> 4. Import key.asc into pgp and everything should work fine!




--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Hey, I'm sorry,

what you said works correctly. I just had to change it to asci output ie:

> 1. % gpg --edit-key --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \
> KEY-ID
>
> 2. Change the password (but not to an empty password!). You can just
> change it to what is was before, but gpg will re-encrypt the key
> using an algorithm pgp will understand.
>
> 3. % gpg --export-secret-key --no-comment KEY-ID > key.asc
> % gpg --export --no-comment KEY-ID >> key.asc

gpg --export-secret-key --no-comment -a KEY-ID > key.asc
gpg --export --no-comment -a KEY-ID >> key.asc

> 4. Import key.asc into pgp and everything should work fine!

This is excellent and yes I agree it should be in FAQ or somewhere.

Well done.


--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

after hours of mental anguish (literally), I finally got it to work
thanks for your help

I got desperate. I downloaded the source for GNUPG 1.0.2 (before I
installed via RPM), compiled it on my slow comp, and installed it. I
went to OPTIONS in
PGPkeys in win95 and set it that the ONLY allowed algorithm is CAST5. I
also added a few lines to my ~/.gnupg/options:

cipher-algo CAST5
s2k-cipher-algo CAST5
s2k-digest-algo SHA1
compress-algo 1
disable-cipher-algo BLOWFISH
disable-cipher-algo TWOFISH
disable-cipher-algo 3DES
disable-pubkey-algo ELG

i prolly disabled something i shouldn't, but.... it works :)
This OPTIONS file would support the following algo's: (accessed by
hitting 'gpg --version')
Home: ~/.gnupg
Supported algorithms:
Cipher: CAST5
Pubkey: ELG-E, DSA
Hash: MD5, SHA1, RIPEMD160

I went over to GPG and created new keys *with* a good password.
Exported it ('gpg --armor
--output key4pgp --no-comment --export-secret-key
pietrzak@megahertz.net') and imported it into PGP with no problems.
also, you can't have the line "force-v3-sigs" commented because then PGP
in win95 says it's a bad signature (question: why??).
now I can encrypt and sign any file in PGP in win95 and de-crypt it in
GPG, and vice-versa. :)
just one question though: when i imported the GPG keys into PGP, it said
(and still says) that the cipher is IDEA, but i can't be because my GPG
doesn't even recognize IDEA. is PGP wrong?
Oliver, about your RSA question: I don't think so. the only difference
I could think of would be if you *created* the secret key using the RSA
module.


Oliver Bode wrote:
>
> > Hello.
> > I am having the most trouble using these two together (GNUPG in Linux
> > and PGP 6.5.3 on Win95). I have read countless posts and messages on
> > this, and none have given me a complete answer. Reading that GNUPG has
> > some security enhancements over PGP, I decided to create my keys with it
> > using Option 1 and 1536 bit encryption. Everything worked fine (in
> > Linux): encrypting, decrypting, signing, etc.
> > I exported my public and private keys (gpg --export-secret-key --output
> > keys.gpg pietrzak@megahertz.net) and tried to import them into PGP
> > 6.5.3. PGP said it was corrupted. If I use the tag '--export' instead
> > of '--export-secret-key', it imports fine but I don't have the secret
> > key in PGP. So.... I deleted the GNUPG keys and created a pair in PGP
> > with CAST5 encryption (DH/DSS 1536), knowing beforehand GNUPG needed
> > this kind of encryption. I exported it with 6.0 extensions and with the
> > private key. Importing them into GNUPG was a piece of cake and works
> > great (I can encrypt files in GNUPG and de-crypt them in PGP... and
> > vice-versa).
> > This leads back to my original problem. Is it possible to take
> > advantage of GNUPG security enhancements and still use those keys in PGP
> > in win95?
> > Thanks before hand to anyone able or willing to help.
>
> I was successfully able to do the following last night: First create keys in
> gpg leave the password option empty. Then export the secret key using the
> following:
>
> gpg --export-secret-keys --no-comment -a foo >foo.asc
>
> Then open foo.asc in Windows PGP6.5.1 and change the password - this works.
>
> >From here I have two choices in making the keys compatible: work out how to
> change the password in GPG or import the PGP key pair back into GPG.
>
> I was wondering if anyone knows if the RSA module in GPG will make any
> difference to the exporting of secret keys?
>
> Thanks, Oliver
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org