Re: Problem encrypting to a hushmail gpg key
David Yes the key is generated by hushmail.com. Not sure if they will listen to me, but I will forward this to the list where the problem originated Thanks for the help and sorry for top posting, on my BlackBerry (and sadly no gnupg) Sean On 1/29/10, David Shaw wrote: > On Jan 17, 2010, at 12:23 PM, Sean Rima wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi >> >> A friend on the pgpnet mailing list is using a hushmail.com gpg key but >> when I import it, I get: >> >> C:\Users\Sean Rima>gpg --import < test.txt >> gpg: key C4E23A82: accepted non self-signed user ID >> ""**...@hushmail.com" <-...@hushmail.com>" >> gpg: key C4E23A82: public key ""-...@hushmail.com" >> " >> imported >> gpg: Total number processed: 1 >> gpg: imported: 1 (RSA: 1) >> >> >> If I edit the key, I see: >> >> pub 0s/C4E23A82 created: 2010-01-07 expires: never usage: SC >> [ unknown] (1). "---...@hushmail.com" <---...@hushmail.com> >> >> >> I see there is no encrytion subkey. >> >> If I look at the key with --list-packets, I see >> >> C:\Users\Sean Rima>gpg --list-packets < test.txt >> :public key packet: >>version 4, algo 3, created 1262830845, expires 0 >>unknown algorithm 3 > > Algorithm 3 is "RSA Sign-Only". > >> :public sub key packet: >>version 4, algo 2, created 1262830846, expires 0 >>unknown algorithm 2 > > Algorithm 2 is "RSA Encrypt-Only". > >> :signature packet: algo 3, keyid 7853D9CDC4E23A82 >>version 4, created 1262830857, md5len 0, sigclass 0x18 >>digest algo 2, begin of digest 8b f2 >>hashed subpkt 2 len 4 (sig created 2010-01-07) >>subpkt 16 len 8 (issuer key ID 7853D9CDC4E23A82) >>unknown algorithm 3 >> > > Both of those algorithms are deprecated in the OpenPGP spec: "RSA > Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be > generated, but may be interpreted." > >> I am using gpg2.0.12 (waiting for gpg4win to be compiled to latest) > > The 1.4.x branch will interpret these deprecated keys (internally treating > them as regular RSA with the appropriate encrypt or sign flags). I don't > think gpg2 does that. > > Was this generated by Hushmail? If so, they to stop generating keys that > the spec says SHOULD NOT be generated :) > > David > > -- Sent from my mobile device ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem encrypting to a hushmail gpg key
On Jan 17, 2010, at 12:23 PM, Sean Rima wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi > > A friend on the pgpnet mailing list is using a hushmail.com gpg key but > when I import it, I get: > > C:\Users\Sean Rima>gpg --import < test.txt > gpg: key C4E23A82: accepted non self-signed user ID > ""**...@hushmail.com" <-...@hushmail.com>" > gpg: key C4E23A82: public key ""-...@hushmail.com" " > imported > gpg: Total number processed: 1 > gpg: imported: 1 (RSA: 1) > > > If I edit the key, I see: > > pub 0s/C4E23A82 created: 2010-01-07 expires: never usage: SC > [ unknown] (1). "---...@hushmail.com" <---...@hushmail.com> > > > I see there is no encrytion subkey. > > If I look at the key with --list-packets, I see > > C:\Users\Sean Rima>gpg --list-packets < test.txt > :public key packet: >version 4, algo 3, created 1262830845, expires 0 >unknown algorithm 3 Algorithm 3 is "RSA Sign-Only". > :public sub key packet: >version 4, algo 2, created 1262830846, expires 0 >unknown algorithm 2 Algorithm 2 is "RSA Encrypt-Only". > :signature packet: algo 3, keyid 7853D9CDC4E23A82 >version 4, created 1262830857, md5len 0, sigclass 0x18 >digest algo 2, begin of digest 8b f2 >hashed subpkt 2 len 4 (sig created 2010-01-07) >subpkt 16 len 8 (issuer key ID 7853D9CDC4E23A82) >unknown algorithm 3 > Both of those algorithms are deprecated in the OpenPGP spec: "RSA Encrypt-Only (2) and RSA Sign-Only are deprecated and SHOULD NOT be generated, but may be interpreted." > I am using gpg2.0.12 (waiting for gpg4win to be compiled to latest) The 1.4.x branch will interpret these deprecated keys (internally treating them as regular RSA with the appropriate encrypt or sign flags). I don't think gpg2 does that. Was this generated by Hushmail? If so, they to stop generating keys that the spec says SHOULD NOT be generated :) David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem encrypting to a hushmail gpg key
On 29/01/2010 16:31, Sean Rima wrote: {think I sent my last wrong} >> >>> it is not a great idea to use hushmail keys for open pgp encryption >>> or authentication >> >>> (1) the keys are not updated, and can't be for the same email >>> address, >>> so, for example, i've been with hushmail since it started, and my >>> key is a 1024 bit key and signs with SHA-1 >>> (to be fair, i imagine that whenever this becomes a 'real' threat, >>> hushmail will allow for modifications/new keys) >> >>> (2) the hushmail user probably will not be able to decrypt a gnupg >>> encrypted message in hushmail if the encryption algorithm chosen >>> isn't currently being used by hushmail, which, depending on how old >>> the key is, may not be the encryption algorithm listed on the key, >> >>> and if the hushmail user uses gnupg (preferable ;-) ), then he/she >>> would be better off generating a new key in gnupg, and just leave >>> the hushmail key for hushmail users >> >> >> I will pass this info on, though how far we get is debatable :) Thanks >> for the info >> > Ok, on this, I unstalled gpg 2.0.10 and installed 1.4.10b and I can import and encrypt to Hushmail keys. Does this mean that gpg 2.0.10 is broken or is it correctly handling the key where 1.4.10b is not Sean -- GSWoT and CaCert WOT Assurer My public GPG Key http://sl.srima.eu/sfr .tel http://rima.tel/ I believe that every human has a finite number of heartbeats. I don't intend to waste any of mine running around doing exercises. - Neil Armstrong signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem encrypting to a hushmail gpg key
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 On 26/01/2010 18:52, ved...@hush.com wrote: > Sean Rima it is not a great idea to use hushmail keys for open pgp encryption > or authentication > > (1) the keys are not updated, and can't be for the same email > address, > so, for example, i've been with hushmail since it started, and my > key is a 1024 bit key and signs with SHA-1 > (to be fair, i imagine that whenever this becomes a 'real' threat, > hushmail will allow for modifications/new keys) > > (2) the hushmail user probably will not be able to decrypt a gnupg > encrypted message in hushmail if the encryption algorithm chosen > isn't currently being used by hushmail, which, depending on how old > the key is, may not be the encryption algorithm listed on the key, > > and if the hushmail user uses gnupg (preferable ;-) ), then he/she > would be better off generating a new key in gnupg, and just leave > the hushmail key for hushmail users > I will pass this info on, though how far we get is debatable :) Thanks for the info Sean - -- GSWoT and CaCert WOT Assurer .tel http://rima.tel/ I believe that every human has a finite number of heartbeats. I don't intend to waste any of mine running around doing exercises. - Neil Armstrong -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Contact Details http://rima.tel Comment: My GPG Key http://sl.srima.eu/sfr Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREDAAYFAkthJeUACgkQydfi32iLfZj5AACfelzckOQnaIrvhnleZy6YCTeK QnMAoMnSmaJKx+ByaaxXSUwdDyIybOME =nDtd -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: Problem encrypting to a hushmail gpg key
Sean Rima A friend on the pgpnet mailing list is using a hushmail.com gpg key >but when I import it, I get >gpg: key C4E23A82: public key ""-...@hushmail.com" " >imported >gpg: Total number processed: 1 >gpg: imported: 1 (RSA: 1) ... :public sub key packet: version 4, algo 2, created 1262830846, expires 0 unknown algorithm 2 - the above listed public subkey packet is the encryption key i imported it directly from hushmail (https://www.hushtools.com/hushtools2/index.php click on 'key management' then enter the hushmail email address and retrieve the key ) and encrypted to it without any problem. caveat: it is not a great idea to use hushmail keys for open pgp encryption or authentication (1) the keys are not updated, and can't be for the same email address, so, for example, i've been with hushmail since it started, and my key is a 1024 bit key and signs with SHA-1 (to be fair, i imagine that whenever this becomes a 'real' threat, hushmail will allow for modifications/new keys) (2) the hushmail user probably will not be able to decrypt a gnupg encrypted message in hushmail if the encryption algorithm chosen isn't currently being used by hushmail, which, depending on how old the key is, may not be the encryption algorithm listed on the key, and if the hushmail user uses gnupg (preferable ;-) ), then he/she would be better off generating a new key in gnupg, and just leave the hushmail key for hushmail users (i use my hushmail key only for hushmail/hushtools) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users