|

»

GnuPG 2 does not import older keys with RSA-E and RSA-S anymore

View: New views

3 Messages — Rating Filter: Alert me

	GnuPG 2 does not import older keys with RSA-E and RSA-S anymore by Bernhard Reiter :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message It seems that some GnuPG2 2.0.12 packages do not import old keys with the deprecated following algorithms anymore: 2 - RSA Encrypt-Only [HAC] 3 - RSA Sign-Only [HAC] rfc4880 notes: Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be generated, but may be interpreted. For a test case see: http://lists.wald.intevation.org/pipermail/gpg4win-devel/2009-September/000881.html http://lists.wald.intevation.org/pipermail/gpg4win-devel/2009-September/000882.html Gpg1 still does it. Certainly a defect is that the algorithm is reported as unknown. I wonder though, why this was changes as rf4880 allows for interpretation of such keys. Best, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel signature.asc (205 bytes) Download Attachment
	Re: GnuPG 2 does not import older keys with RSA-E and RSA-S anymore by Werner Koch :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, 16 Sep 2009 11:50, bernhard@... said: > following algorithms anymore: > 2 - RSA Encrypt-Only [HAC] > 3 - RSA Sign-Only [HAC] > rfc4880 notes: > Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be > generated, but may be interpreted. I have not seen such keys for years. Software used to create such keys most likely also used MD5 as a hash algorithm and thus these keys should be considered broken. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: GnuPG 2 does not import older keys with RSA-E and RSA-S anymore by Bernhard Reiter :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Am Montag, 21. September 2009 10:15:05 schrieb Werner Koch: > On Wed, 16 Sep 2009 11:50, bernhard@... said: > > following algorithms anymore: > > 2 - RSA Encrypt-Only [HAC] > > 3 - RSA Sign-Only [HAC] > > rfc4880 notes: > > Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be > > generated, but may be interpreted. > > I have not seen such keys for years. Software used to create such keys > most likely also used MD5 as a hash algorithm and thus these keys should > be considered broken. Wouldn't it better to say so then instead of "unknown"? I've created the following issue about it: https://bugs.g10code.com/gnupg/issue1139 -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel signature.asc (205 bytes) Download Attachment