Mailing List Archive

Re: interoperability with pgp
On Sunday, 26 Sep 1999, Bo¹tjan Muller [NEONATUS] wrote:

Hi Bo¹tjan,

> I would like to know how much is gpg interoperatible with pgp versions 2.x and
> above - the gpg's homepage only states that gpg can decrypt and verify
> signatures from pgp 5.x, what about other versions? Can gpg create sigs and
> encryptions so that users of pgp could decrypt or verify them?

GnuPG doesn't use the RSA and IDEA algorithms. So you can't use a key
which is generated from PGP 2.x (PGP 2.x only knows RSA- and IDEA
keys). PGP 2.x can't use a key from GnuPG, because PGP 2.x doesn't
knows the algorithms (in this case DSA/EG).

You can use a DSS/DH key with GnuPG (that is default for PGP 5.x and
above) and you can use a DSA/EG key with PGP 5.x and above *without*
problems; you can verify the signatures and decrypt encryptet mails.

solong,
Thomas
--
Thomas Bader <thomasb@trash.net>, Powered by LINUX 2.2
Infos und Tipps zu Linux, HOWTOs des DLHP <http://www.trash.net/~thomasb/>
==> Failure is not an option. It comes bundled with your Microsoft product.
Re: interoperability with pgp [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Bader <thomasb@trash.net> writes:

> GnuPG doesn't use the RSA and IDEA algorithms. So you can't use a key
> which is generated from PGP 2.x (PGP 2.x only knows RSA- and IDEA
> keys). PGP 2.x can't use a key from GnuPG, because PGP 2.x doesn't
> knows the algorithms (in this case DSA/EG).

Though it is possible to add support for RSA and IDEA by compiling
them as modules and using load-extension. Which means that you can
communicate with PGP 2.x users.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.4 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE39cM0EhN/ETQwnEERAj9dAKDE1KHKtvnEVKsDLkSWFSbmmrfsfACeNZwD
wwM0+dbWFiKJpYxYyXtQrp8=
=sczG
-----END PGP SIGNATURE-----
Re: interoperability with pgp [ In reply to ]
On Fri, 1 Oct 1999, Thomas Bader wrote:

> GnuPG doesn't use the RSA and IDEA algorithms. So you can't use a key
> which is generated from PGP 2.x (PGP 2.x only knows RSA- and IDEA
> keys). PGP 2.x can't use a key from GnuPG, because PGP 2.x doesn't
> knows the algorithms (in this case DSA/EG).

You can use IDEA and RSA modules, but make sure you have valid licences to
use these algorithm from the patent holders.
With these modules you can decrypt and verify PGP 2.6 encrypted and signed
messages without problems. If you would like to encrypt or sign data using
GnuPG to decrypt and verify with PGP 2.6, some care must be taken. AFAIK
there is somewhere a FAQ for this issue. If not, I could update my older
post regarding this issue and repost it.


cu
Michael
Re: interoperability with pgp [ In reply to ]
On Sat, Oct 02, 1999 at 08:32:56AM +0000, Graham Murray wrote:
>
> Though it is possible to add support for RSA and IDEA by compiling
> them as modules and using load-extension. Which means that you can
> communicate with PGP 2.x users.

But only to a limited degree. See list archives for recent thread I
started on the inability to encrypt to PGP2 user. :(

A one-way street is not very satisfying.

--
Please encrypt all mail whenever possible. The following Public Keys
for Lazarus Long <lazarus@overdue.ompages.com> are available upon request:

Type Bits/KeyID Fingerprint (GnuPG (GPG) is preferred.)
GPG/ELG: 2048g/DE3E078A 0023 E86F A45A C46D 8243 1A7F 6FF2 84C1 3F5B F7CD
GPG/DSA: 1024D/3F5BF7CD (none for DSA keys)
Re: interoperability with pgp [ In reply to ]
El sáb, 02 de oct de 1999, a las 08:32:56 +0000, Graham Murray dijo:
>
> > GnuPG doesn't use the RSA and IDEA algorithms. So you can't use a key
> > which is generated from PGP 2.x (PGP 2.x only knows RSA- and IDEA
> > keys). PGP 2.x can't use a key from GnuPG, because PGP 2.x doesn't
> > knows the algorithms (in this case DSA/EG).
>
> Though it is possible to add support for RSA and IDEA by compiling
> them as modules and using load-extension. Which means that you can
> communicate with PGP 2.x users.

Hold on... we're just going round and round this issue, and the answers
are always the same: ``install rsa.c and idea.c modules, and *you'll be
able to communicate with pgp2 users*'' !!!

Well, this is not quite so. You will, indeed, be able to decrypt pgp2
enciphered messages, plus verify pgp2 signatures, plus...

But, ¿does this mean a pgp2 user will be able to decrypt (or verify) a
GnuPG encrypted (signed) message? ... If the data treated with DSA/EG
keys, it sounds obvious that pgp2 will be unable to deal with it ...
¿or? well, or you might encrypt (sign) the message with GnuPG, but
using an RSA key and IDEA for encryption...

but this means you ALREADY HAVE A RSA KEY, which you previously
generated with pgp2, since GnuPG, for all I know, WILL NOT GENERATE RSA
keys regardless the rsa.c and idea.c modules.

This is not just a GnuPG-pgp2 issue, it's also a pgp5-2 issue, since
most >pgp5 versions don't use RSA.

Ok, so I might be wrong somewhere along the line; please, tell me if
and where. On a parallel issue... time to talk about the documentation
(please, don't flame me for this):

(oh, oh, I feel this should be discussed on a differente thread ... bye
for now)


Regards,

--

Horacio
mailto:homega@ciberia.es
~ Spain ~Spanje ~ Spanien
Re: interoperability with pgp [ In reply to ]
On Sat, 02 Oct 1999, Lazarus Long wrote:

> > Though it is possible to add support for RSA and IDEA by compiling
> > them as modules and using load-extension. Which means that you can
> > communicate with PGP 2.x users.

> But only to a limited degree. See list archives for recent thread I
> started on the inability to encrypt to PGP2 user. :(

> A one-way street is not very satisfying.

You may want to look at
http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz a tricky
perl script written by Gero Treuner <gero@faveve.uni-stuttgart.de>.
This scripts is a wrapper which should be used in combination with
Mutt (don't ask me whether it works in other environments) and it
allows to sign, encrypt and sign+encrypt Messages with GnuPG, which
are readable for PGP 2.x.

This script give you full PGP 2.x interoperability as long as you use
RSA keys only (for signing and encryption to _all_ recipients).

Ciao

Roland

--
* roland@spinnaker.de * http://www.spinnaker.de/ *
PGP: 1024/DD08DD6D 2D E7 CC DE D5 8D 78 BE 3C A0 A4 F1 4B 09 CE AF
Re: interoperability with pgp [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 2 Oct 1999, Roland Rosenfeld wrote:
> On Sat, 02 Oct 1999, Lazarus Long wrote:
>
> > > Though it is possible to add support for RSA and IDEA by compiling
> > > them as modules and using load-extension. Which means that you can
> > > communicate with PGP 2.x users.
>
> > But only to a limited degree. See list archives for recent thread I
> > started on the inability to encrypt to PGP2 user. :(
>
> > A one-way street is not very satisfying.

In fact, you can go both ways. See the PGP 2.x interoperability
guide on the GnuPG documentation project web page:
http://www.bluemarble.net/~jashley/gph

Mike

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjf2OcQACgkQBwMqlokEyOKkSgCcDnBKBcFqzxG4MIQ3hukRJZHg
Bu8AoLEaDyRR3sF1XsOfSKlqstXRzQTC
=6RW/
-----END PGP SIGNATURE-----
Re: interoperability with pgp [ In reply to ]
On Sat, 02 Oct 1999, J. Michael Ashley wrote:

> > > > Though it is possible to add support for RSA and IDEA by
> > > > compiling them as modules and using load-extension. Which
> > > > means that you can communicate with PGP 2.x users.

> > > But only to a limited degree. See list archives for recent thread I
> > > started on the inability to encrypt to PGP2 user. :(

> > > A one-way street is not very satisfying.
>
> In fact, you can go both ways. See the PGP 2.x interoperability
> guide on the GnuPG documentation project web page:
> http://www.bluemarble.net/~jashley/gph

It doesn't say anything about the combination of signing and
encryption, which normally doesn't work correct. Gero's script works
around this problem by first creating a detached signature, then
creating a signed message with this (using some perl tricks and the
--no-literal option of gpg) and after this it encrypts this temporary
message with gpg --no-literal. Don't ask me why this works, but it
works correct for sign+encrypt.

Ciao

Roland

--
* roland@spinnaker.de * http://www.spinnaker.de/ *
PGP: 1024/DD08DD6D 2D E7 CC DE D5 8D 78 BE 3C A0 A4 F1 4B 09 CE AF