PGP & GPG compatibility

[Werner Koch]

On Sat, 3 Jan 1970 09:41:26 +1000, Nicholas Brawn said:

> What's the state of the game with PGP and GPG compatibility?

According to the bug reports I receive for GnuPG, it seems that even
the latest versions of PGP (7.0.3?) are still not OpenPGP compatible.
At least they still don't understand version 4 signatures on data
packets (only on keys).  I had in mind that this was fixed some time
ago, but obviously this isn't the case.

There is a problem wrt text mode signatures: no agreement was found on
what a line ending consists of.  PGP translates a CR inside a line
(well, what most non Apple programmers consider a line ending) into a
CR,LF sequence for hashing.  The proper solution is not to use
textmode signatures except for cleartext signed messages.

About two years ago we agreed on a way to implement MDC and defined
new packet types for it.  I did some tests with Hal Finney and it used
to work.  The OpenPGP draft was later changed to introduce key flags
and use one to enable MDC mode.  However, GnuPG uses MDC mode with all
ciphers of a block length other than 64 bits (i.e. Twofish and AES*).
The draft has still not been released as a new RFC so this may change
again :-(.

The flaw in the secret key protection mechanism was discussed for a
short time but it seems that nobody is willing to continue with this.
I made several suggestion on how to do it.

Interoperability tests should have happened last summer but for
unknown reasons they didn't.  It is very sad to see that after 3 years
we have not achieved to get OpenPGP into draft status :-(.


  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com