Security Basics mailing list archives

Re: gnugpg question

From: al <alias24 () HotPOP com>
Date: Thu, 24 Oct 2002 00:30:42 +0100

-----BEGIN PGP SIGNED MESSAGE-----


On Fri, 18 Oct 2002 12:07:35 -0700, Evil Monkey wrote:

- I can create a keypair with gnugpg on the slackware box.  I can use this
key pair to successfully encrypt and decrypt things on that box.  I can
export the key pair and import it into the pgp tools on a windows box.
However when I try to encrypt or decrypt with that keypair it barfs on the
passphrase.  With an older version of the pgp tools it claimed the
passphrase was incorrect.  With the most current version it claims the
passphrase doesn't exist and won't let me do a thing.  On the newest version
of pgp tools, if I check out the key's properties and attempt to change the
passphrase it says the passphrase I've entered is incorrect.

Any ideas as to the cause of this?


Keys created with new versions of GPG have MDC (Modification Detection Code)
protection. (see http://www.counterpane.com/pgp-attack.html for more).

To export your secret key so it is compatible with PGP, do this from gpg:

    gpg --simple-sk-checksum --edit keyid
    passwd
    enter password
    change password (SAME PASSWORD is fine)
    save

    gpg --export-secret-key keyid > secret_key_filename.asc
    gpg --export keyid > public_key_filename.asc

The reverse is valid too. To have a PGPkey MDC protected in GPG keyring,
after importing the secret PGPkey into GPG, from gpg do:

    gpg --edit keyid
    passwd
    enter password
    change password (SAME PASSWORD is fine)
    save

HTH,
- -- 
al <alias24 () HotPOP com>

-----BEGIN PGP SIGNATURE-----
Version: PGP version 2.6.3

iQEVAwUBPbc+OPytj9AacSlJAQGnBQf/V9VeMoRM8+0QxZud4Qw1Du2731bn04zV
H3DP4C1jxYlggYuXxKFKFZCAYEGaf6eQgvteSrseO7z6wUhhfLhcvxAcI2rQej5J
cXpmb5WGExJ6dIjPQN6B143K4/FuUFCH7l8FGrn2G/Ce1nfX9QRHN/L20mAW703C
zjgnCUkabkJ2ZBRpZczbjy69+L/mTGER2Qi7MRZnGyXoJfiM8ZY4Rph9zrbYR4Kj
dOMIs/U816FUH/ikwsGOVolAUPIjEUqZ9wFWE5xzr2x9WQ2jmgoGNdL5gaX9zCLZ
Jlo01H7Tb342bxm12KfagCZSkAKkoXADTXLjJtX5bdegvtGzsz3n0Q==
=LwmI
-----END PGP SIGNATURE-----

Current thread:

gnugpg question Evil Monkey (Oct 21)
- Re: gnugpg question Jens Rantil (Oct 22)
- Re: gnugpg question Brad Arlt (Oct 22)
- Re: gnugpg question Noah Salzman (Oct 22)
- Re: gnugpg question Jeremie Banier (Oct 22)
  - Re: gnugpg question Bruno Lustosa (Oct 24)
- Re: gnugpg question al (Oct 24)
- <Possible follow-ups>
- Re: gnugpg question Evil Monkey (Oct 24)