Secret key storage

Kristian Fiskerstrand news at kfwebs.net
Sat Jan 6 15:54:04 CET 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Janusz A. Urbanowicz wrote, On 01/06/2007 03:38 PM:
> On Fri, Jan 05, 2007 at 04:51:10PM -0500, Robert J. Hansen wrote:
>> Kristian Fiskerstrand wrote:
>>> I tried to manually set the s2k cipher algo to CAST5 using gnupg 1.4.6
>>> to be sure that wasn't the problem itself, but that didn't result in any
>>> change.
>> Perhaps I'm missing something incredibly obvious, but didn't PGP 2.6 use
>> IDEA exclusively for symmetric encryption?  If so, why are you using
> 
> It did.
> 
Remember,  I was talking about encryption of the secret key, not the
messages sent, the cast approach was solely to ensure that the secret
key was encrypted / passphrase protected using CAST5 as I know that
works for gnupg 2.0 too, hence it helped rule out some possible points
of failure.

>> CAST as the S2K algorithm?
> 
> plus, there is --pgp2 switch in gnupg to enforce compatibility

The issue also happens when receiving messages, which is the example in
the bug report. --pgp2 by default won't have any meaning in GnuPG 2.0,
as there wasn't any IDEA plugin (that I'm aware of) prior to this effort.

The issue arises whenever the RSAv3 key is passphrase protected, remove
the passphrase using gnupg 1.4 or pgp2 and things works as it should.
Add a passphrase again and it constantly gives a bad key in gnupg 2.0,
although the same passphrase works in gnupg 1.4.

To rule out any pinentry issues I used --password-fd 0 and piped the
password to it, with the same results.

I'm just trying to figure out why this happens, and more importantly:
how to get around it.
- --
- ----------------------------
Kristian Fiskerstrand
http://www.kfwebs.net
- ----------------------------
http://www.secure-my-email.com
http://www.secure-my-internet.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRZ+4Cxbgz41rC5UIAQgn7w/+OK4RUX2mnbsVUJqMuefI21TTHv9UeOcY
QvDV8OYmIQb2Mot2B5/TibZBmLF70TC0M0cVrBWd3CzESvdvmcn2bEw7VQh4RBIN
lc63FzDDagpA1Ouk0wT/PUTZYPFVuUI81UOWMe8smcTcDkE3RN0Lh/QbvV6fm7n2
0HFM5SpmyvsDQknJ8BK1RUElsjV57WAOj2XziF3Tj8ZGyzAKlfvU/tO7VOSvOntK
eSmmgITtJcdiXAJgX2/4BQADSiF3vv+fZnMX1mHtVyZUW1mmC+EHYYmo7IF66cMt
TH7B86GzhJLK8n+s5hlQBN+P2CpZPv/Z6lOfGIG8zT2h4+FdNXyaOJnqImKzOATl
yG3/JUaOkEnaV+t7GqTpxESXOxA7DtqzkxcRAfYk7Q1AqtmlveOpa1hfTeftGUTd
Vzzs7nm/d7zeH7+Ki2mU/UvI5487YISDiUNDetQkYxnMzpTmQPlTEy4xooSlThYy
ZCAx2d1AvWv+OWuAiZP0jSBgrVuG9DEtBUAmrpIXWM/liJ9KfWcZSYQgW3Ia7hrd
9f/3RIErpQqDUAkyGh+/7y0WlfB5FtQyUcZNXVRWdPrMJ2VXCFC+JPRc/zYslTPm
TBoOrGbv76Ym4OB4dxOOMIPcNksQWF/MiIZefajVrB42i7B9QqJBFq1Zb2JhwYVp
VavL0k8wK6A=
=qK2i
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list