Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Error using PGP 5 generated key
johanw at vulcan
Oct 27, 1999, 2:23 PM
Post #1 of 3 (916 views)
Permalink
Hello,

I have created a DSA/ElGamal key with pgp 5.0i for Linux (to ensure I
remained compatible with PGP users) and try to use it with GnuPG 1.0.0.
Encrypting to myself works, but signing does not:

vulcan:~/tmp> gpg -r johanw@vulcan.xs4all.nl -es testfile

You need a passphrase to unlock the secret key for
user: "Johan Wevers <johanw@vulcan.xs4all.nl>"
3072-bit ELG-E key, ID 1B240FEE, created 1999-10-26 (main key ID 624B3B3E)

gpg: this is a PGP generated ElGamal key which is NOT secure for signatures!
gpg: no valid signators
gpg: testfile: sign+encrypt failed: no such user id

gpg --sign-key results in an error:

Command> sign
Really sign all user IDs? y
gpg: this is a PGP generated ElGamal key which is NOT secure for signatures!
gpg: no valid signators

What is going on? Is this key really insecure (and if so, why?), or are
there some obscure trust settings that are incorrect? PGP 5 seems able to
use it for signatures.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
Re: Error using PGP 5 generated key [ In reply to ]
wk at gnupg
Oct 28, 1999, 12:00 AM
Post #2 of 3 (867 views)
Permalink
Johan Wevers <johanw@vulcan.xs4all.nl> writes:

> 3072-bit ELG-E key, ID 1B240FEE, created 1999-10-26 (main key ID 624B3B3E)
>
> gpg: this is a PGP generated ElGamal key which is NOT secure for signatures!

You tried to use an encrypt only key for signatures. Keys of type 16
are not usable for signing (Bleichenbacher attack). There is one
exception: Early versions of gpg created keys of type 16 which are
secure for signature - however these keys are in v3 packets and
gpg is the only version which ever used this packets vor ElGamal keys.

> What is going on? Is this key really insecure (and if so, why?), or are

ElGamal (aka DH) keys created by PGP >=5 are only intended for
encryption.


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013
Re: Error using PGP 5 generated key [ In reply to ]
johanw at vulcan
Oct 28, 1999, 1:06 PM
Post #3 of 3 (863 views)
Permalink
Werner Koch wrote:

> ElGamal (aka DH) keys created by PGP >=5 are only intended for
> encryption.

Hmmm. I created a new key with gpg, choose option 1, and set the keyID of
that new key in my options file as default key. I noticed it took gpg a LOT
more time to generate a key than pgp 5.

However, I get the same error when I use that key for signing when I set the
keyID of the ElGamal key as default key. When I set the keyID of the DSA key
as default, it works, but then it uses my old RSA key for encryption, which
was not quite what I intended.

Whan I remove these keys from my secret keyring the newly generated key is
used.

Is there some option to set the default encryption and sign keys separately?
I don't want to delete the RSA key.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal