From 2473b7e2f0192c446c067be2670a26322423c127 Mon Sep 17 00:00:00 2001 From: Nils Ellmenreich Date: Tue, 20 Feb 2001 14:18:55 +0000 Subject: [PATCH] updated 5.1 and 5.7 with comments by H.Felger, removed 5.3 --- doc/FAQ | 65 +++++++++++++++++++++++++++++++---------------------- doc/faq.raw | 61 +++++++++++++++++++++++++++++-------------------- 2 files changed, 75 insertions(+), 51 deletions(-) diff --git a/doc/FAQ b/doc/FAQ index 536a138b1..e5a1dbc3f 100644 --- a/doc/FAQ +++ b/doc/FAQ @@ -2,8 +2,8 @@ GNUPG FREQUENTLY ASKED QUESTIONS -Version: 0.37 -Last-Modified: Jan 25, 2001 +Version: 1.0 +Last-Modified: Feb 20, 2001 Maintained-by: Nils Ellmenreich @@ -19,7 +19,7 @@ most convenient if you could provide the answer to be included here. Your help is very much appreciated. Please, don't send message like "This should be a FAQ - what's the -answer?". If it hasn't been asked before, it isn't a FAQ. In that case, +answer?". If it hasn't been asked before, it isn't a FAQ. In that case you could search in the mailing list archive. @@ -29,7 +29,7 @@ you could search in the mailing list archive. 1.1) What is GnuPG? 1.2) Is GnuPG compatible with PGP? - 2. SOURCES OF INFORMATION + 2. SOURCES of INFORMATION 2.1) Where can I find more information? 2.2) Where do I get GnuPG? @@ -59,14 +59,13 @@ you could search in the mailing list archive. 4.15) Can't we have a gpg library? 5. COMPATIBILITY ISSUES - 5.1) How can I encrypt a message so that PGP 2.x is able to decrypt it? + 5.1) How can I encrypt a message with GnuPG so that PGP is able to decrypt it? 5.2) How do I migrate from PGP 2.x to GnuPG? - 5.3) How can I conventional encrypt a message, so that PGP can decrypt - it? + 5.3) (removed) 5.4) Why is PGP 5.x not able to encrypt messages with some keys? 5.5) Why is PGP 5.x not able to verify my messages? 5.6) How do I transfer owner trust values from PGP to GnuPG? - 5.7) Older PGPs do not like my secret key. + 5.7) PGP does not like my secret key. 6. PROBLEMS and ERROR MESSAGES 6.1) Why do I get "gpg: Warning: using insecure memory!" @@ -116,7 +115,7 @@ you could search in the mailing list archive. the OpenPGP standard. But there are some interoperability problems. See questions 5.1ff. for details. -2. SOURCES OF INFORMATION +2. SOURCES of INFORMATION 2.1) Where can I find more information? @@ -446,17 +445,36 @@ messages? 5. COMPATIBILITY ISSUES -5.1) How can I encrypt a message so that PGP 2.x is able to decrypt it? +5.1) How can I encrypt a message with GnuPG so that PGP is able to decrypt it? + + It depends on the PGP version. + + PGP 2.x You can't do that because PGP 2.x normally uses IDEA which is not - supported by GnuPG because it is patented (see 3.3), but if you + supported by GnuPG as it is patented (see 3.3), but if you have a modified version of PGP you can try this: gpg --rfc1991 --cipher-algo 3des ... - Please don't pipe the data to encrypt to gpg but give it as a + Please don't pipe the data to encrypt to gpg but provide it using a filename; otherwise, PGP 2 will not be able to handle it. + As for conventional encryption, you can't do this for PGP 2. + + + PGP 5.x and higher + + You need to provide two additional options: + --compress-algo 1 --cipher-algo cast5 + + You may also use "3des" instead of "cast5", "blowfish" does not + work with all versions of pgp5. You may also want to put + compress-algo 1 into your ~/.gnupg/options file - this does + not affect normal gnupg operation. + + This applies to conventional encryption as well. + 5.2) How do I migrate from PGP 2.x to GnuPG? PGP 2 uses the RSA and IDEA encryption algorithms. Whereas the RSA @@ -468,18 +486,9 @@ messages? to perform the migration. -5.3) How can I conventional encrypt a message, so that PGP can decrypt -it? - - You can't do this for PGP 2. For PGP 5 you should use this: - - gpg -c --cipher-algo 3des --compress-algo 1 myfile - - You may replace "3des" by "cast5". "blowfish" does not work with all - versions of pgp5. You may also want to put compress-algo 1 - into your ~/.gnupg/options file - this does not affect - normal gnupg operation. +5.3) (removed) + (empty) 5.4) Why is PGP 5.x not able to encrypt messages with some keys? @@ -507,9 +516,9 @@ it? where pgpkeyring is the original keyring and not the GnuPG one you might have created in the first step. -5.7) Older PGPs do not like my secret key. +5.7) PGP does not like my secret key. - PGP probably bails out on some private comment packets used by + Older PGPs probably bail out on some private comment packets used by GnuPG. These packets are fully in compliance with OpenPGP; however PGP is not really OpenPGP aware. A workaround is to export the secret keys with this command: @@ -522,14 +531,16 @@ it? different algo: $ gpg --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \ - --compress-algo=1 --edit-key username + --compress-algo=1 --edit-key Then use passwd to change the password (just change it to the same thing, but it will encrypt the key with CAST5 this time). Now you can export it and PGP should be able to handle it. - + For PGP 6.x the following options work to export a key: + $ gpg --s2k-cipher-algo 3des --compress-algo 1 --rfc1991 \ + --export-secret-keys 6. PROBLEMS and ERROR MESSAGES diff --git a/doc/faq.raw b/doc/faq.raw index b22ff84e2..9de8ec429 100644 --- a/doc/faq.raw +++ b/doc/faq.raw @@ -13,8 +13,8 @@ The most recent version of the FAQ is available from [H H1]GNUPG FREQUENTLY ASKED QUESTIONS[H /H1] -Version: 0.37[H p] -Last-Modified: Jan 25, 2001[H p] +Version: 1.0[H p] +Last-Modified: Feb 20, 2001[H p] Maintained-by: [$maintainer] @@ -30,7 +30,7 @@ most convenient if you could provide the answer to be included here. Your help is very much appreciated. Please, don't send message like "This should be a FAQ - what's the -answer?". If it hasn't been asked before, it isn't a FAQ. In that case, +answer?". If it hasn't been asked before, it isn't a FAQ. In that case you could search in the mailing list archive. @@ -58,7 +58,7 @@ you could search in the mailing list archive. the OpenPGP standard. But there are some interoperability problems. See questions ff. for details. - SOURCES OF INFORMATION + SOURCES of INFORMATION Where can I find more information? @@ -404,17 +404,37 @@ messages? - How can I encrypt a message so that PGP 2.x is able to decrypt it? + How can I encrypt a message with GnuPG so that PGP is able to decrypt it? + + It depends on the PGP version.[H UL] + + [H LI] PGP 2.x You can't do that because PGP 2.x normally uses IDEA which is not - supported by GnuPG because it is patented (see ), but if you + supported by GnuPG as it is patented (see ), but if you have a modified version of PGP you can try this: [H pre] gpg --rfc1991 --cipher-algo 3des ... [H/pre] - Please don't pipe the data to encrypt to gpg but give it as a + Please don't pipe the data to encrypt to gpg but provide it using a filename; otherwise, PGP 2 will not be able to handle it. + As for conventional encryption, you can't do this for PGP 2. + + + [H LI] PGP 5.x and higher + + You need to provide two additional options: + [H pre]--compress-algo 1 --cipher-algo cast5 [H/pre] + + You may also use "3des" instead of "cast5", "blowfish" does not + work with all versions of pgp5. You may also want to put [H pre] + compress-algo 1 [H/pre] into your ~/.gnupg/options file - this does + not affect normal gnupg operation. + + This applies to conventional encryption as well. + [H /UL] + How do I migrate from PGP 2.x to GnuPG? PGP 2 uses the RSA and IDEA encryption algorithms. Whereas the RSA @@ -426,20 +446,9 @@ messages? to perform the migration. - How can I conventional encrypt a message, so that PGP can decrypt -it? - - You can't do this for PGP 2. For PGP 5 you should use this: - - [H pre] - gpg -c --cipher-algo 3des --compress-algo 1 myfile - [H/pre] - - You may replace "3des" by "cast5". "blowfish" does not work with all - versions of pgp5. You may also want to put [H pre] compress-algo 1 - [H/pre] into your ~/.gnupg/options file - this does not affect - normal gnupg operation. + (removed) + (empty) Why is PGP 5.x not able to encrypt messages with some keys? @@ -469,9 +478,9 @@ it? where pgpkeyring is the original keyring and not the GnuPG one you might have created in the first step. - Older PGPs do not like my secret key. + PGP does not like my secret key. - PGP probably bails out on some private comment packets used by + Older PGPs probably bail out on some private comment packets used by GnuPG. These packets are fully in compliance with OpenPGP; however PGP is not really OpenPGP aware. A workaround is to export the secret keys with this command: @@ -485,7 +494,7 @@ it? [H pre] $ gpg --s2k-cipher-algo=CAST5 --s2k-digest-algo=SHA1 \ - --compress-algo=1 --edit-key username + --compress-algo=1 --edit-key [H /pre] Then use passwd to change the password (just change it to the same @@ -493,7 +502,11 @@ it? Now you can export it and PGP should be able to handle it. - + For PGP 6.x the following options work to export a key: + [H pre] + $ gpg --s2k-cipher-algo 3des --compress-algo 1 --rfc1991 \ + --export-secret-keys + [H /pre] PROBLEMS and ERROR MESSAGES