Security Basics mailing list archives

Re: gnugpg question

From: "Evil Monkey" <mojojojo () cheme washington edu>
Date: Wed, 23 Oct 2002 12:00:58 -0700

Thanks to those who responded.  Here was the catch - looks like PGP is
barfing  on the secret key checksum:

  --simple-sk-checksum

               Secret keys are integrity  protected  by  using  a
               SHA-1  checksum.   This  method will be part of an
               enhanced OpenPGP specification but  GnuPG  already
               uses   it  as  a  countermeasure  against  certain
               attacks.  Old applications don't  understand  this
               new  format,  so this option may be used to switch
               back to the old behaviour.  Using this this option
               bears  a  security  risk.   Note  that  using this
               option only takes effect when the  secret  key  is
               encrypted  -  the simplest way to make this happen
               is to change  the  passphrase  on  the  key  (even
               changing it to the same value is acceptable).

So doing the following worked:

gpg --simple-sk-checksum --edit-key [key id]
Command> passwd
Re-enter password to rewrite it to the database
Command> save

On Friday, October 18, 2002, at 12:07 PM, Evil Monkey wrote:

I've been playing around with PGP and have found something kooky.  I'm
curious if y'all have seen the same thing and might be able to offer
some
explaination:

- I can create a key pair with the PGP tools for Windows.  I can use
this
key pair to successfully encrypt and decrypt on the box I created it.
I can
export this keypair, and import it into gnugpg on a slackware box and
successfully use it to encrypt and decrypt things.

- I can create a keypair with gnugpg on the slackware box.  I can use
this
key pair to successfully encrypt and decrypt things on that box.  I can
export the key pair and import it into the pgp tools on a windows box.
However when I try to encrypt or decrypt with that keypair it barfs on
the
passphrase.  With an older version of the pgp tools it claimed the
passphrase was incorrect.  With the most current version it claims the
passphrase doesn't exist and won't let me do a thing.  On the newest
version
of pgp tools, if I check out the key's properties and attempt to
change the
passphrase it says the passphrase I've entered is incorrect.

Any ideas as to the cause of this?

Pete

Current thread:

gnugpg question Evil Monkey (Oct 21)
- Re: gnugpg question Jens Rantil (Oct 22)
- Re: gnugpg question Brad Arlt (Oct 22)
- Re: gnugpg question Noah Salzman (Oct 22)
- Re: gnugpg question Jeremie Banier (Oct 22)
  - Re: gnugpg question Bruno Lustosa (Oct 24)
- Re: gnugpg question al (Oct 24)
- <Possible follow-ups>
- Re: gnugpg question Evil Monkey (Oct 24)