1. Forum
  2. Usenet
  3. COMP.SECURITY.PGP.DISCUSS

  • GPG 2 and MD5

    From otto@21:1/5 to All on Mon Mar 28 09:22:13 2016
    Am 11.06.15 11:07, schrieb David W. Hodgins:
    On Thu, 11 Jun 2015 04:13:14 -0400, Ba?ar Alabay <alabay@gmx.net> wrote:

    Not affected yet, it starts with 2.0.23.
    See:
    <http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000342.html>

    Have you tried the --pgp2 option?

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)



    You may know -pgp2 option is no more in latest versions. Old pgp keys are
    not accepted and will be removed. Thus breaking web of trust completely.

    Otto

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to David W. Hodgins on Mon Mar 28 20:42:08 2016
    "David W. Hodgins" <dwhodgins@nomail.afraid.org> writes:
    On Mon, 28 Mar 2016 05:22:13 -0400, otto <bggb@gmx.ch> wrote:
    You may know -pgp2 option is no more in latest versions. Old pgp keys
    are not accepted and will be removed. Thus breaking web of trust
    completely.

    Ouch. I was not aware. I haven't kept up on the latest change logs. Still running 2.0.27 here.
    https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2

    That seems to be announcing the abandonment of V3 keys.

    I'll have to keep a copy of the older version to be able to view messages that are only stored in encrypted form, that were encrypted for my older keys, or signed by other peoples older keys.

    Thanks for the heads up.

    I have generated two new keys, 0xF05EA26D and 0x8AA76EE9. They are both signed with my older key, 0x98B013E0, but as you say, the web of trust
    will be broken as that key will no longer be usable.

    98B013E0 is a V4 key, why do you think that will stop working?

    --
    http://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David W. Hodgins@21:1/5 to Richard Kettlewell on Mon Mar 28 19:56:30 2016
    On Mon, 28 Mar 2016 15:42:08 -0400, Richard Kettlewell <rjk@greenend.org.uk> wrote:

    98B013E0 is a V4 key, why do you think that will stop working?

    Didn't actually check. Was guessing based on the age of the key (1998).
    My oldest key is from 1993, which was created with pgp 1.0, IIRC. I
    don't remember when V4 keys were introduced.

    I don't see an option in gpg to list which version each key is.

    Regards, Dave Hodgins

    --
    Change dwhodgins@nomail.afraid.org to davidwhodgins@teksavvy.com for
    email replies.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David W. Hodgins@21:1/5 to otto on Mon Mar 28 06:57:41 2016
    On Mon, 28 Mar 2016 05:22:13 -0400, otto <bggb@gmx.ch> wrote:

    You may know -pgp2 option is no more in latest versions. Old pgp keys are
    not accepted and will be removed. Thus breaking web of trust completely.

    Ouch. I was not aware. I haven't kept up on the latest change logs. Still running 2.0.27 here.
    https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2

    I'll have to keep a copy of the older version to be able to view messages
    that are only stored in encrypted form, that were encrypted for my older
    keys, or signed by other peoples older keys.

    Thanks for the heads up.

    I have generated two new keys, 0xF05EA26D and 0x8AA76EE9. They are both
    signed with my older key, 0x98B013E0, but as you say, the web of trust
    will be broken as that key will no longer be usable.

    Regards, Dave Hodgins

    --
    Change dwhodgins@nomail.afraid.org to davidwhodgins@teksavvy.com for
    email replies.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Kettlewell@21:1/5 to David W. Hodgins on Tue Mar 29 09:23:22 2016
    "David W. Hodgins" <dwhodgins@nomail.afraid.org> writes:
    Richard Kettlewell <rjk@greenend.org.uk> wrote:
    98B013E0 is a V4 key, why do you think that will stop working?

    Didn't actually check. Was guessing based on the age of the key (1998).
    My oldest key is from 1993, which was created with pgp 1.0, IIRC. I
    don't remember when V4 keys were introduced.

    I don't see an option in gpg to list which version each key is.

    The v2.1 announcement linked earlier describes how to find the key
    version.

    Additionally, it’s a DSA key, and V3 keys can only be RSA keys.

    --
    http://www.greenend.org.uk/rjk/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Allan@21:1/5 to David W. Hodgins on Wed Mar 30 23:12:56 2016
    On 2016-03-28, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

    98B013E0 is a V4 key, why do you think that will stop working?

    Didn't actually check. Was guessing based on the age of the key (1998).
    My oldest key is from 1993, which was created with pgp 1.0, IIRC. I
    don't remember when V4 keys were introduced.

    I don't see an option in gpg to list which version each key is.


    Run the following against your key, replacing 0xKEYID with your actual
    value.

    gpg -a --export 0xKEYID | gpg --list-packets --verbose

    The version is listed for each (sub)key and signature.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)