Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

Importing old PGP key

  

 
GnuPG users RSS feed   Index | Next | Previous | View Threaded


kissg at ssg

Aug 13, 2008, 2:54 AM

Post #1 of 5 (352 views)
Permalink
Importing old PGP key
I have the same problem as was answered by David Shaw in 2004:
http://osdir.com/ml/gnu.gnupg.users/2004-06/msg00022.html
(Converting a veeeery old PGP key (2.6.3ia) to GnuPG.)

However the method he suggested does not work for me:


$ gpg --s2k-cipher-algo cast5 --edit-key 0x5D144299
gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

pub 512R/5D144299 created: 1999-04-12 expires: never usage:
SCEA
trust: unknown validity: unknown
[ unknown] (1). hun.admin.news

Command> passwd
Key is protected.
gpg: protection algorithm 1 (IDEA) is not supported
gpg: the IDEA cipher plugin is not present
gpg: please see http://www.gnupg.org/faq/why-not-idea.html for more information
Can't edit this key: unknown cipher algorithm

Command>


What should I do?

Gabor

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Aug 13, 2008, 3:21 AM

Post #2 of 5 (332 views)
Permalink
Re: Importing old PGP key [In reply to]
Kiss Gabor (Bitman) wrote:
> What should I do?

I'd start by asking whether you really need that key. 512-bit RSA is
nowhere near modern standards of sufficiency; it is quite likely that in
just a few years such keys will be able to be broken by motivated high
school students.

RSA-512 is grossly inadequate for essentially any serious cryptographic
purpose.

If you absolutely _must_ have this key in GnuPG, well, we can help you
do it. But first ask yourself whether you should be migrating to 2kbit
keys. If so, then now is the ideal time to do it.


_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


kissg at ssg

Aug 13, 2008, 7:09 AM

Post #3 of 5 (328 views)
Permalink
Re: Importing old PGP key [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I'd start by asking whether you really need that key. 512-bit RSA is
> nowhere near modern standards of sufficiency; it is quite likely that in
> just a few years such keys will be able to be broken by motivated high
> school students.

This key is to sign control messages of the hun.* newsgroups.
It is quite unlikely that someone wants to spend any time with
breaking of it. :-)
It is no worth to do it.
However administering and distribute a new key may be problematic.
I don't know yet how much.

> RSA-512 is grossly inadequate for essentially any serious cryptographic
> purpose.
>
> If you absolutely _must_ have this key in GnuPG, well, we can help you
> do it. But first ask yourself whether you should be migrating to 2kbit
> keys. If so, then now is the ideal time to do it.

If this cannot be done by my self in one hour then I figure out
what is the cost of changing the key.

Thanks for your advices.

Gabor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFIousQd2oiOrtquzgRArG1AKDHANs38lIlvPuqt7Kuvgd4HRsCXQCg0VLL
GT/b1bb+YqdpxqVH5nDfrmI=
=+2W1
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Aug 13, 2008, 8:46 AM

Post #4 of 5 (331 views)
Permalink
Re: Importing old PGP key [In reply to]
On Wed, 13 Aug 2008 16:09, kissg[at]ssg.ki.iif.hu said:

> If this cannot be done by my self in one hour then I figure out
> what is the cost of changing the key.

Use pgp to set the passphrase to empty, then export the secret key and
import it in gpg. If you like add a new passphrase using gpg --edit-key
and the passwd.



Shalom-Salam,

Werner

--
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org

Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


vedaal at hush

Aug 13, 2008, 9:04 AM

Post #5 of 5 (331 views)
Permalink
Re: Importing old PGP key [In reply to]
>Message: 6
>Date: Wed, 13 Aug 2008 11:54:18 +0200 (CEST)
>From: "Kiss Gabor (Bitman)" <kissg[at]ssg.ki.iif.hu>
>Subject: Importing old PGP key

>I have the same problem as was answered by David Shaw in 2004:
>http://osdir.com/ml/gnu.gnupg.users/2004-06/msg00022.html
>(Converting a veeeery old PGP key (2.6.3ia) to GnuPG.)
>
>However the method he suggested does not work for me:
>
>
>$ gpg --s2k-cipher-algo cast5 --edit-key 0x5D144299
>gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation,
>Inc.
>This program comes with ABSOLUTELY NO WARRANTY.
>This is free software, and you are welcome to redistribute it
>under certain conditions. See the file COPYING for details.
>
>Secret key is available.
>
>pub 512R/5D144299 created: 1999-04-12 expires: never
>usage:
>SCEA
> trust: unknown validity: unknown
>[ unknown] (1). hun.admin.news
>
>Command> passwd
>Key is protected.
>gpg: protection algorithm 1 (IDEA) is not supported
>gpg: the IDEA cipher plugin is not present
>gpg: please see http://www.gnupg.org/faq/why-not-idea.html for
>more information
>Can't edit this key: unknown cipher algorithm
>
>Command>
>
>
>What should I do?


get the IDEA algorithm
ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip

unzip it, and save it to any folder
(for illustration, let's say it was saved as 'c:\gnupg\idea.dll')

add this line to your gpg.conf :
load-extension c:\gnupg\idea.dll

then follow David's suggestion

then consider following Robert's suggestion ;-)
(generate a new key,
and decrypt whatever files are encrypted to the old key,
and re-encrypt them to the new key)

n.b.

if, for some reason, you still need to communicate
with die-hard pgp 2.x users,
(relax, i'm one of them ;-) )

then i suggest you generate a 2047 key in pgp 2.x
and re-import it to gnupg,
and use the option of --pgp2 whenever you need to communicate with
a pgp 2.x user)

(some 'really early' versions of pgp 2.x,
had a max of 2047, not 2048 ;-) )
and current versions of gnupg won't let you generate a v3 key,
and even if you have an older version that does,
it's not such a simple procedure to generate a pgp 2.x compatible
one...)

otherwise,
just use the 'default' for gnupg key generation


vedaal


any ads or links below this message are added by hushmail without
my endorsement or awareness of the nature of the link

--
Save hundreds on getting a Web Design Degree. Click here.
http://tagline.hushmail.com/fc/Ioyw6h4fMueeRt35OAiMiGkjJoGEtl2rsF0s2foIDgKh4LdeW5s0NJ/


_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.