From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/53377 Path: main.gmane.org!not-for-mail From: Matthias Andree Newsgroups: gmane.emacs.gnus.general Subject: how to signencrypt with gpg for pgp2 (was: broken: #secure method=pgp mode=signencrypt) Date: Thu, 10 Jul 2003 15:14:59 +0200 Sender: ding-owner@lists.math.uh.edu Message-ID: References: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable X-Trace: main.gmane.org 1057842909 21330 80.91.224.249 (10 Jul 2003 13:15:09 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Thu, 10 Jul 2003 13:15:09 +0000 (UTC) Original-X-From: ding-owner+M1921@lists.math.uh.edu Thu Jul 10 15:15:07 2003 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 19abGN-0005Xl-00 for ; Thu, 10 Jul 2003 15:15:07 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19abGj-0008IK-00; Thu, 10 Jul 2003 08:15:29 -0500 Original-Received: from sclp3.sclp.com ([64.157.176.121]) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 19abGe-0008IF-00 for ding@lists.math.uh.edu; Thu, 10 Jul 2003 08:15:24 -0500 Original-Received: (qmail 67655 invoked by alias); 10 Jul 2003 13:15:11 -0000 Original-Received: (qmail 67640 invoked from network); 10 Jul 2003 13:15:05 -0000 Original-Received: from pd951f44c.dip.t-dialin.net (HELO m2a2.dyndns.org) (postfix@217.81.244.76) by sclp3.sclp.com with SMTP; 10 Jul 2003 13:15:05 -0000 Original-Received: by merlin.emma.line.org (Postfix, from userid 500) id 79BA78A2E9; Thu, 10 Jul 2003 15:14:59 +0200 (CEST) Original-To: ding@gnus.org In-Reply-To: (Simon Josefsson's message of "Thu, 10 Jul 2003 06:16:47 +0200") User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:53377 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:53377 Simon Josefsson writes: > Florian explained that the compatibility problem wasn't at the sender, > but rather at the receiver, so I changed my opinion and now think that > we shouldn't use combined mode by default since it isn't > interoperable. Maybe I can make you change your mind yet again. > We should make the "separate" mode work correctly though. This is > somewhat unfortunate though. An alternative would be to state that we > cannot talk to PGP 2.x properly. "Replacing PGP 2.x with GnuPG" by Kyle Hasselbacher et al, , comes to our rescue: it documents a workaround (with minor errors in the first of the four stages). It's not trivial, but works. I've cast this workaround into a sh script, and I've successfully "signencrypt"ed a mail with GnuPG 1.2.2 that I can decode with pgp 2.6.3in without difficulties. Script and screenshots below. Here's the unpolished script, you may test it but please don't include it with Gnus or distribute otherwise. If we want to use such a wrapper script in Gnus (rather than have someone - not me, I don't speak Elisp - reimplement it in pgg.el), I can polish and document it, add getopt parsing for the keys and put it under the GPL. When testing, adjust the localkey (signing key) and remotekey (recipient's key), and send yourself an email. :-) --cut-here------------------------------------------------------------------ #! /bin/sh # (C) Copyright 2003, Matthias Andree. All rights reserved. localkey=3D0x26bf5ca9 remotekey=3D0x26bf5ca9 input=3D${1:=3Dtest} tmppfx=3Dgs2p2.$$. armor=3D--armor trap "rm -f \"${tmppfx}\"* ; exit 1" 0 1 2 3 15 set -e gpg --detach-sign --local-user "$localkey" --output "${tmppfx}sig" "$input" gpg --store -z 0 --output "${tmppfx}lit" "$input" cat "${tmppfx}sig" "${tmppfx}lit" \ | gpg --no-options --no-literal --store --compress-algo 1 --output "${tmppf= x}z" gpg --rfc1991 --cipher-algo idea --no-literal --encrypt \ --recipient "$remotekey" --output `basename "$input"`.asc "${tmppfx}z" rm -f "${tmppfx}"* trap 0 1 2 3 15 exit 0 --cut-here------------------------------------------------------------------ Here are the screenshots: signencrypt stage, GnuPG 1.2.2 + above script at work: |$ gpg-signencrypt-to-pgp2.sh test | |You need a passphrase to unlock the secret key for |user: "Matthias Andree " |1024-bit RSA key, ID 26BF5CA9, created 1996-01-18 | |gpg: NOTE: --no-literal is not for normal use! |gpg: NOTE: --no-literal is not for normal use! |gpg: 0x26bf5ca9: skipped: public key already present |File `test.asc' exists. Overwrite (y/N)? y |gpg: forcing symmetric cipher IDEA (1) violates recipient preferences |gpg: this cipher algorithm is deprecated; please use a more standard one! decrypt/verify stage, PGP 2.6.3in: |$ pgp test.asc |Pretty Good Privacy(tm) 2.6.3in - Public-key encryption for the masses. |(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 2000-10-07 |International version - not for use in the USA. Does not use RSAREF. |Current time: 2003/07/10 13:01 GMT | |File is encrypted. Secret key is required to read it.=20 |Key for user ID: Matthias Andree |1024-bit key, key ID 26BF5CA9, created 1996/01/18 [...] | |You need a pass phrase to unlock your RSA secret key.=20 |Enter pass phrase: Pass phrase is good. Just a moment...... |File has signature. Public key is required to check signature. |. |Good signature from user "Matthias Andree ". |Signature made 2003/07/10 13:01 GMT using 1024-bit key, key ID 26BF5CA9 | |Plaintext filename: test |Output file 'test' already exists. Overwrite (y/N)? y Bonus: |$ cat test |test=E4=F6=FC=DF --=20 Matthias Andree