on the state of PGP compatibility (2nd try)

Vipul Ved Prakash mail at vipul.net
Sun Mar 31 17:33:33 EST 2002 

Adam,

See Crypt::OpenPGP. http://rhumba.pair.com/ben/perl/openpgp/

It reads/writes PGP 2.x, 5.x and GNUPG compatible packets, autodetects
formats, contains support for almost all ciphers present in various
implementations of PGP.

cheers,
vipul.

On Sun, Mar 31, 2002 at 06:08:51PM +0100, Adam Back wrote:
> [This is actually slightly more accurate and even worse than my first
> mail which bounced to some of the lists as I had a typo, _and_
> separately encountered a mail hub outage at cyberpass.net -- apologies
> to those who get duplicates].
> 
> So I was trying to decrypt this stored mail sent to me by a GPG user,
> and lo pgp6.x failed to decrypt it.
> 
> So I try an older gpg I had installed, and it fails because it doesn't
> support RSA or IDEA, and this GPG user it seems installed the RSA and
> IDEA patches.
> 
> So I go fetch GPG from www.gnupg.org, but it still doesn't contain
> IDEA by default due to the anti-patent religion thing gone-to-far over
> at GNU land, so I try to download the idea.c plugin -- except they
> seem to have removed it (accidentally? hmm -- I fire off a mildly
> brusque email to webmaster at gnupg.org -- and hit google.com but all
> the first few hits are pointing at the gnupg.org faq with labyrinth of
> links ending eventually in the same dud link.)
> 
> Either way _even_ if idea.c were still where they claimed it would be
> it seems intentionally very well hidden, which I think is
> unconscionable for a security product: to _intentionally_ frustrate
> users attempts to interoperate with secure previous versions and
> alternate implementations.
> 
> So then I try pgp5.x but the binary is using dynamic libraries that
> are no longer on my shiny new redhat7.1 installation, so I try to
> compile it but it no longer compiles.  Tinker briefly fixing up
> things, but the errors are multiple, and I haven't got time for this.
> 
> So my last hope is pgp2.x, but some buggy pgp variant has left my
> pgp2.x key ring empty, and you can't use it directly on pgp6.x
> keyrings as it will barf on the new key formats.  So then I ponder
> exporting my private key out of pgp6.5.8 which isn't going to do it
> compatibly without some serious thought -- openPGP's salted key
> stretching maybe being used -- do I want to export it without a
> password (not really), so figure out how do I turn the salted key
> stretching off, will pgp6.5.8 even let you export private keys, or is
> it easier to just extract it with a binary editor?  Fortunately I
> finally find a pgp2.x keyring secring.bak file (thanks PRZ), and move
> it back and lo pgp2 can't decrypt it because of some unsupported
> packetry.  I take a look at it with Mark Shoulsen's pgpacket and it
> seems that _even_ pgpacket thinks there is some unsupported packets at
> the end, so dig out another packet analysis program -- pgpdump by Kazu
> Yamamoto and it doesn't seem to realise it's ascii armored or is
> expecting to find an external program to de-armor which is missing --
> I don't care, so use emacs and mmencode -u to produce a binary
> version, and then it plays.  And there lies the problem: gpg encrypted
> it with IDEA using the new openPGP streaming options to encode the
> message in chunks despite it being encrypted with idea (presumably the
> sender forget to invoke --rfc1991 not realising my potential future
> predicament).  Thus sprach Kazu's analyzer:
> 
> New: Symmetrically Encrypted Data Packet(tag 9)(512 bytes) partial start
> 	Encrypted data [if pub/sym session key not present, sym alg - IDEA]
> New:	(201 bytes) partial end
> 
> So, for now, give up.  I guess it's cheaper to just send the original
> author an email ask him if he remembers that idea he sent me 4 months
> ago and have him send me it in clear text to be sure!
> 
> What a nightmare!  Try that sequence on a novice user and they give up
> before they get past the first GPG faq with rant about algorithm
> patents.
> 
> We've really got to do something about the compatibility problems.
> 
> Adam
> --
> http://www.cypherspace.org/adam/
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

-- 

Vipul Ved Prakash         
Software Design Artist   
http://vipul.net/       


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list