On Tue, 29 Jul 2003 21:53:47 -0700 Will Price <wprice(_at_)cyphers(_dot_)net>
wrote:
This sounds to me very much like a private key format issue and not
a
general public key issue. We made many changes in PGP 8 to adhere
to
the OpenPGP RFC more closely and improve compatibility with other
OpenPGP implementations. As part of this, changing the passphrase
of a
key or generating a new key in PGP 8.0.2+ will use the newer 0xFE
private key format from the Secret Key Packet Formats section of
the
draft.
this is very interesting !
i just tried it out by exporting a key generated in gnupg 1.2.2 with
the new s2k hash protection, which does not work in pre-8 pgp (except
for ckt build 9), but does work without any problems in pgp 8.0.2
now here is where it becomes sort of surprising:
[1] if the imported gnupg key which works in pgp 8.0.2, is exported from
pgp 8.0.2, it will still not work in pre-8 pgp
[2] if the passphrase is changed in pgp 8.0.2, and then exported, it
still does not work in pre-8
[3] if the passphrase is removed in 8.0.2, and exported without a passphrase,
then it 'does' work, in pre-8
[4] if the passphrase is removed in 8.0.2, and then then changed in 8.0.2,
and then exported,
it still acts like the original gnupg and does 'not' work in pre-8
(even though the passphrase is changed in 8.0.2 after the passphrase
has been removed, the new pgp 8.0.2 one is still not a simple s2k hash)
*but*
[5] if the key is imported from 8.0.2 into pre-8 with the passphrase
removed in 8.0.2,
and the passphrase then changed in pre-8,
then it does work
(probably since pre-8 does not have the capacity to produce the complex
s2k hash, so it does not, whereas pgp 8.0.2 does have this capacity,
so it produces it by default for this type of key, but not for other
keys generated de-novo in pgp 8.0.2)
these different key import/export variations can become very hard to
keep track of ;-)
would suggest/request:
(a) pgp 8.0.x have something in the key properties that identifies
the s2k hash type (simple or complex-gnupg-type)
(b) pgp 8.0.x allow the user to choose the s2k hash type when changing
the passphrase,
{and in the interests of maximum intercompatibility, have the default
be the simple s2k hash, which can be then be changed in gnupg to the
more complex one if desired, but will stillbe compatible in pre-8 pgp
by default}
with Respect,
vedaal
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427