Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 May 2002 10:24:19 +0100
From:      Neil Darlow <neil@darlow.co.uk>
To:        freebsd-questions@freebsd.org
Subject:   gnupg-1.0.7 bites (was gnupg compatibility)
Message-ID:  <200205020924.g429OKj70951@router.darlow.co.uk>
next in thread | raw e-mail | index | archive | help 
On 05/01/2002 at 16:35:21, Kris Kennaway wrote:
> Why are you asking us?  This is a gnupg support question.

Fair enough, I'll follow it up through the GnuPG support channels but users 
may find the following useful to know.

From /usr/local/share/doc/gnupg/NEWS:
    * Secret keys are now stored and exported in a new format which
      uses SHA-1 for integrity checks.  This format renders the
      Rosa/Klima attack useless.  Other OpenPGP implementations might
      not yet support this, so the option --simple-sk-checksum creates
      the old vulnerable format.

    * The default cipher algorithm for encryption is now CAST5,
      default hash algorithm is SHA-1.  This will give us better
      interoperability with other OpenPGP implementations.

This implies that default encryption and signing capabilites between 1.0.7 
and previous versions may not be compatible. Indications are that this is the 
case as I can view signed and encrypted mails generated by 1.0.7 with 1.0.7 
but not between different versions.

From the gnupg-1.0.7 announcement mail at gnupg.org:
    Please note that due to a bug in prior versions, it won't be possible
    to downgrade to 1.0.6 unless you use the GnuPG version which comes
    with Debian's Woody release or you apply the patch
    http://www.gnupg.org/developer/gpg-woody-fix.txt .

This could catch the unwary. If you upgrade to gnupg-1.0.7, without 
backing-up your existing configuration, modifications to those files could 
prevent a regression to a previous version.

The .gnupg/options file now has additional options. I've found that simply 
moving the existing file and running gpg isn't sufficient to put the new file 
in place. The best solution is to rename the existing .gnupg directory and 
run gpg to create a new one then *copy* existing configuration files into the 
new .gnupg directory.

Regards,
Neil Darlow M.Sc.
-- 
1024D/531F9048 1999-09-11 Neil Darlow <neil@darlow.co.uk>
GPG Fingerprint = 359D B8FF 6273 6C32 BEAA  43F9 E579 E24A 531F 9048

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205020924.g429OKj70951>