encrypting and signing for pgp2

Holger Schurig holger@holger.om.org
Sat, 10 Jul 1999 00:20:23 +0200


Hi,

I hope this is not a FAQ, at least it's described in doc/FAQ and
also not in the german MiniHOWTO on the web.


Preface: I wrote an application that remote controls GnuPG. Works
nice. Unfortunately, more than half of my user base have ancient
keys (speak: PGP2 keys). They are spread out all over the world and
it's not easy to ask them to upgrade. Some of them migth even still
use Win95 laptops, some Macs ...  and almost none of them is a techy,
so they can't simply upgrade.

So, I could spend another external interface to PGP to my application.
But maybe I can convince GnuPG to behave like PGP, so I can save me
lots of coding and testing time.




I tried to encrypt with GnuPG 0.9.8 to PGP2:

gnupg --batch --yes --always-trust        \
      --armor --output testfile.gpg       \
      --cipher-algo idea --rfc1991        \
      -u 0xD2FFF8D --recipient 0xD2FFFB8D \
      --encrypt testfile




Now I not only to encrypt, but also to sign. I tried this approach:

gnupg --batch --yes --always-trust         \
      --armor --output testfile.gpg        \
      --cipher-algo idea --rfc1991         \
      -u 0xD2FFFB8D --recipient 0xD2FFFB8D \
      --sign --encrypt testfile

Note that my .gnupg/options file contains force-v3-sigs, but I
guess that this is irrelevant here?  And I guess that it is also
irrelevenat that the secret key contains no passphrase at all,
but it makes those tests certainly easier ...


Anyway: pgp refused to decode the generated file: "Error:
Decrypted plaintext is corrupted.". So I looked inside the packets,
first into the one created by pgp2:

holger:~$ gpg --verbose --verbose --list-packets testfile.pgp 2>/dev/null

:pubkey enc packet: version 3, algo 1, keyid 5BB84D1DD2FFFB8D
data: [1024 bits]
:encrypted data packet:
length: 216
:compressed packet: algo=1
:signature packet: algo 1, keyid 5BB84D1DD2FFFB8D
version 3, created 931556627, md5len 5, sigclass 00 digest algo 1, begin of digest 32 01 data: [1020 bits]
:literal data packet:
mode b, created 0, name="testfile", raw data: 31 bytes Look at this: first a signature, then data packet. Now look at the output of the file that GnuPG generated: holger:~$ gpg --verbose --verbose --list-packets testfile.gpg 2>/dev/null
:pubkey enc packet: version 3, algo 1, keyid 5BB84D1DD2FFFB8D
data: [1020 bits]
:encrypted data packet:
length: unknown
:compressed packet: algo=1
:literal data packet:
mode b, created 931556773, name="testfile", raw data: 31 bytes
:signature packet: algo 1, keyid 5BB84D1DD2FFFB8D
version 3, created 931556773, md5len 5, sigclass 00 digest algo 1, begin of digest 6f 6f data: [1024 bits] Here it's the other way around. May this be the reason? -- Holger Schurig | Die Botschaft vom Kreuz ist dem Renzstr. 31 | Unglaeubigen eine Torheit. 74821 Mosbach | 1. Korinther 1:18