Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: devel

GnuPG 2 does not import older keys with RSA-E and RSA-S anymore

  

 
GnuPG devel RSS feed   Index | Next | Previous | View Threaded


bernhard at intevation

Sep 16, 2009, 2:50 AM

Post #1 of 3 (685 views)
Permalink
GnuPG 2 does not import older keys with RSA-E and RSA-S anymore
It seems that some GnuPG2 2.0.12 packages do not import old keys
with the deprecated
following algorithms anymore:
2 - RSA Encrypt-Only [HAC]
3 - RSA Sign-Only [HAC]
rfc4880 notes:
Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be
generated, but may be interpreted.

For a test case see:
http://lists.wald.intevation.org/pipermail/gpg4win-devel/2009-September/000881.html
http://lists.wald.intevation.org/pipermail/gpg4win-devel/2009-September/000882.html

Gpg1 still does it.

Certainly a defect is that the algorithm is reported as unknown.
I wonder though, why this was changes as rf4880 allows for interpretation
of such keys.

Best,
Bernhard

--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Attachments: signature.asc (0.19 KB)


wk at gnupg

Sep 21, 2009, 1:15 AM

Post #2 of 3 (649 views)
Permalink
Re: GnuPG 2 does not import older keys with RSA-E and RSA-S anymore [In reply to]
On Wed, 16 Sep 2009 11:50, bernhard [at] intevation said:

> following algorithms anymore:
> 2 - RSA Encrypt-Only [HAC]
> 3 - RSA Sign-Only [HAC]
> rfc4880 notes:
> Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be
> generated, but may be interpreted.

I have not seen such keys for years. Software used to create such keys
most likely also used MD5 as a hash algorithm and thus these keys should
be considered broken.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel


bernhard at intevation

Sep 22, 2009, 5:36 AM

Post #3 of 3 (645 views)
Permalink
Re: GnuPG 2 does not import older keys with RSA-E and RSA-S anymore [In reply to]
Am Montag, 21. September 2009 10:15:05 schrieb Werner Koch:
> On Wed, 16 Sep 2009 11:50, bernhard [at] intevation said:
> > following algorithms anymore:    
> >       2          - RSA Encrypt-Only [HAC]
> >       3          - RSA Sign-Only [HAC]
> > rfc4880 notes:
> >    Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be
> >    generated, but may be interpreted.
>
> I have not seen such keys for years.  Software used to create such keys
> most likely also used MD5 as a hash algorithm and thus these keys should
> be considered broken.

Wouldn't it better to say so then instead of "unknown"?
I've created the following issue about it:
https://bugs.g10code.com/gnupg/issue1139


--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Attachments: signature.asc (0.19 KB)

GnuPG devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.