PGP & GPG compatibility
Derek Atkins
warlord at MIT.EDU
Tue Jan 15 15:06:42 EST 2002
Is there even development on the PGP (product) line? AFAIK
they (NAI) have not release PGP 7.x in source form. Worse, there
are a couple of bugs I found in 6.5.8 when I was porting it
to Tru64, but who knows if anyone is listening over at NAI.
It's a sad state of affairs. Perhaps I should go into "PGP
consulting", but I don't know if anyone would pay me to support
PGP for them....
-derek
Werner Koch <wk at gnupg.org> writes:
> On Sat, 3 Jan 1970 09:41:26 +1000, Nicholas Brawn said:
>
> > What's the state of the game with PGP and GPG compatibility?
>
> According to the bug reports I receive for GnuPG, it seems that even
> the latest versions of PGP (7.0.3?) are still not OpenPGP compatible.
> At least they still don't understand version 4 signatures on data
> packets (only on keys). I had in mind that this was fixed some time
> ago, but obviously this isn't the case.
>
> There is a problem wrt text mode signatures: no agreement was found on
> what a line ending consists of. PGP translates a CR inside a line
> (well, what most non Apple programmers consider a line ending) into a
> CR,LF sequence for hashing. The proper solution is not to use
> textmode signatures except for cleartext signed messages.
>
> About two years ago we agreed on a way to implement MDC and defined
> new packet types for it. I did some tests with Hal Finney and it used
> to work. The OpenPGP draft was later changed to introduce key flags
> and use one to enable MDC mode. However, GnuPG uses MDC mode with all
> ciphers of a block length other than 64 bits (i.e. Twofish and AES*).
> The draft has still not been released as a new RFC so this may change
> again :-(.
>
> The flaw in the secret key protection mechanism was discussed for a
> short time but it seems that nobody is willing to continue with this.
> I made several suggestion on how to do it.
>
> Interoperability tests should have happened last summer but for
> unknown reasons they didn't. It is very sad to see that after 3 years
> we have not achieved to get OpenPGP into draft status :-(.
>
>
> Werner
>
> --
> Werner Koch Omnis enim res, quae dando non deficit, dum habetur
> g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
> Privacy Solutions -- Augustinus
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list