Discussion:
porting keypairs from gnupg to pgp 6.5.8
(too old to reply)
Ed
2009-01-22 15:52:41 UTC
Permalink
I've got some keyspairs in gnupg that I need available in pgp
6.5.8. I recall that there's an edit that's needed to fix
something so that pgp can properly deal with the keys but I
haven't found it anywhere and it's been a long time since
I've had to move keys that way.

- --
http://blogdoofus.com
http://tinfoilchef.com
http://www.domaincarryout.com
John Wunderlich
2009-01-22 21:46:22 UTC
Permalink
Post by Ed
I've got some keyspairs in gnupg that I need available in pgp
6.5.8. I recall that there's an edit that's needed to fix
something so that pgp can properly deal with the keys but I
haven't found it anywhere and it's been a long time since
I've had to move keys that way.
Have you tried simply exporting the keys out of GPG then importing them
into PGP? It will most likely work.

Keep in mind that some key preferences may not be compatible with PGP
6. For example, your public key that you signed your post with says
that it supports the following:
preferred symmetric algorithms
AES with 256-bit key
AES with 192-bit key
AES with 128-bit key
CAST5
Triple-DES
IDEA
preferred hash algorithms
SHA1
SHA256
RIPEMD160
preferred compression algorithms
ZLIB
BZip2
ZIP

According to your encryption key, anybody encrypting to your public key
can choose from the algorithms/hashes/compressions above. On the
other hand, PGP 6.5.x only supports the following:

preferred symmetric algorithms
CAST5
Triple-DES
IDEA
preferred hash algorithms
SHA1
RIPEMD160
preferred compression algorithms
ZIP

So if someone chose to use your key to encrypt to an AES cypher or a
SHA256 hash or use either ZLIB or BZip2 compression, then your PGP
6.5.8 will not be able to handle the incoming message. You can edit
your key to change the preferences, but then you have to redistribute
your key as well. PGP 6 also only understands "v3" signatures. It
does not understand signing subkeys, so signatures made with a signing
subkey will not be processed by PGP 6.

Read the manual page for GPG, particularly the
--pgp6 and --force-v3-sigs
options.

HTH,
John
Ed
2009-01-23 03:34:58 UTC
Permalink
Post by John Wunderlich
Post by Ed
I've got some keyspairs in gnupg that I need available in
pgp 6.5.8. I recall that there's an edit that's needed to
fix something so that pgp can properly deal with the keys
but I haven't found it anywhere and it's been a long time
since I've had to move keys that way.
Have you tried simply exporting the keys out of GPG then
importing them into PGP? It will most likely work.
Keep in mind that some key preferences may not be
compatible with PGP 6. For example, your public key that
Thanks. The key preferences turned out to be the key to the
problem. I went back to Gnupg and made a config file:

cipher-algo 3DES
digest-algo SHA1
compress-algo ZIP
pgp6
personal-cipher-preferences CAST5 3DES IDEA
personal-digest-preferences SHA1 RIPEMD160 MD5
keyid-format SHORT
no-greeting
no-mdc-warning
trust-model pgp
force-v3-sigs
simple-sk-checksum
escape-from-lines
allow-freeform-uid

changed the password on the keys in question to get it to
recalc the checksum and exported the result. Once imported
into PGP, I set implicit trust and now they work.




- --
http://blogdoofus.com
http://tinfoilchef.com
http://www.domaincarryout.com
David E. Ross
2009-01-23 16:10:39 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by John Wunderlich
Post by Ed
I've got some keyspairs in gnupg that I need available in
pgp 6.5.8. I recall that there's an edit that's needed to
fix something so that pgp can properly deal with the keys
but I haven't found it anywhere and it's been a long time
since I've had to move keys that way.
Have you tried simply exporting the keys out of GPG then
importing them into PGP? It will most likely work.
Keep in mind that some key preferences may not be
compatible with PGP 6. For example, your public key that
Thanks. The key preferences turned out to be the key to the
cipher-algo 3DES
digest-algo SHA1
compress-algo ZIP
pgp6
personal-cipher-preferences CAST5 3DES IDEA
personal-digest-preferences SHA1 RIPEMD160 MD5
keyid-format SHORT
no-greeting
no-mdc-warning
trust-model pgp
force-v3-sigs
simple-sk-checksum
escape-from-lines
allow-freeform-uid
changed the password on the keys in question to get it to
recalc the checksum and exported the result. Once imported
into PGP, I set implicit trust and now they work.
As Wunderlich indicated, you still have a problem. Anyone who already
had your public key could try to encrypt messages to you with algorithms
not supported by PGP 6. If your public key is on a key server, you
might not be able to correct that situation.

You might want to create a new key-pair with PGP 6. Sign it with your
old key (that has been altered for compatibility with PGP 6). Then
distribute your new key. This way, only algorithms supported by PGP 6
can be used with the new key. You might then revoke your old key, which
could still be used after revocation to verify the new key.
--
David E. Ross
<http://www.rossde.com/>.

Don't ask "Why is there road rage?" Instead, ask
"Why NOT Road Rage?" or "Why Is There No Such
Thing as Fast Enough?"
<http://www.rossde.com/roadrage.html>
David E. Ross
2009-01-23 16:24:45 UTC
Permalink
Post by David E. Ross
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Post by John Wunderlich
Post by Ed
I've got some keyspairs in gnupg that I need available in
pgp 6.5.8. I recall that there's an edit that's needed to
fix something so that pgp can properly deal with the keys
but I haven't found it anywhere and it's been a long time
since I've had to move keys that way.
Have you tried simply exporting the keys out of GPG then
importing them into PGP? It will most likely work.
Keep in mind that some key preferences may not be
compatible with PGP 6. For example, your public key that
Thanks. The key preferences turned out to be the key to the
cipher-algo 3DES
digest-algo SHA1
compress-algo ZIP
pgp6
personal-cipher-preferences CAST5 3DES IDEA
personal-digest-preferences SHA1 RIPEMD160 MD5
keyid-format SHORT
no-greeting
no-mdc-warning
trust-model pgp
force-v3-sigs
simple-sk-checksum
escape-from-lines
allow-freeform-uid
changed the password on the keys in question to get it to
recalc the checksum and exported the result. Once imported
into PGP, I set implicit trust and now they work.
As Wunderlich indicated, you still have a problem. Anyone who already
had your public key could try to encrypt messages to you with algorithms
not supported by PGP 6. If your public key is on a key server, you
might not be able to correct that situation.
You might want to create a new key-pair with PGP 6. Sign it with your
old key (that has been altered for compatibility with PGP 6). Then
distribute your new key. This way, only algorithms supported by PGP 6
can be used with the new key. You might then revoke your old key, which
could still be used after revocation to verify the new key.
Oops! I don't think a revoked key can be used to verify a key.
However, the presence of the signature of the old key (revoked or not)
on the new key might indicate to others some authenticity of the new
key. This involves human viewing of the keys and signatures, not any
software authentication.
--
David E. Ross
<http://www.rossde.com/>.

Don't ask "Why is there road rage?" Instead, ask
"Why NOT Road Rage?" or "Why Is There No Such
Thing as Fast Enough?"
<http://www.rossde.com/roadrage.html>
Ed
2009-01-23 16:37:28 UTC
Permalink
"David E. Ross" <***@nowhere.not> wrote in news:JNCdnbCcHc-***@posted.docknet:

[snip]
Post by David E. Ross
As Wunderlich indicated, you still have a problem. Anyone
who already had your public key could try to encrypt
messages to you with algorithms not supported by PGP 6. If
your public key is on a key server, you might not be able
to correct that situation.
Actually I don't. The problem I had was for another key
that's not related to (0x84D46604) which I use for most of my
clearsigning needs. 0x84D46604 is used only with GnuPG so
there shouldn't be a problem.

The key that had the problem is for use with a program that
cannot deal with GnuPG or the modern post 6.5.8 versions of
PGP.




- --
http://blogdoofus.com
http://tinfoilchef.com
http://www.domaincarryout.com

Loading...