Showing posts with label gpg. Show all posts
Showing posts with label gpg. Show all posts

Thursday, August 30, 2007

GPG and IDEA

There are several posts and publications out there on the net about why not to use IDEA with gpg, and how to install the idea.dll plugin if you do it anyway. Yet we did not finde any information about what to do if a certain private/public key pair wants to use IDEA only, possibly, because it was created with pgp2 compatibility. Yet there are some easy steps to change the preferred ciphers of a key, and thus to avoid IDEA when using the key for encryption (especially encrypting to self and thus for all gpg mails that the person sends). 

gpg --edit-key 0x12345678
pub  1024D/######## created: 2007-02-03  expires: never     usage: SC
                     trust: unknown      validity: unknown
sub  2048g/########  created: 2007-02-03 expires: never     usage: E
[ unknown] (1). user <mail>

Command> showpref
[ unknown] (1). user <mail>
     Cipher: [1], CAST5, AES256, AES192, AES, 3DES, TWOFISH
     Digest: SHA1
     Compression: ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
the [1] stands for IDEA as the (first) preferred cipher, though it is not a known one in the current gpg installation ... otherwise, IDEA should stand there. So, just set the prefs ... unfortunately, all of them have to be set in one command as a string ... 
Command> setpref AES256 AES192 AES CAST5 3DES SHA1 SHA256 RIPEMD160 ZLIB
BZIP2 ZIP Uncompressed MDC
You can do this only with your own key, of course, and need to enter your passphrase (1). Test it, and publish the key anew to the usual key servers. As the preferences are set per user id, and one key may contain a bunch of them, you might have to set the prefs for all user ids seperately ... I didn't try yet. if anything breaks, use setpref w/o any parameters to reset to default values. 
Command> setpref
Maybe this helps you as well, if no one else can decrypt the mails you wrote with thunderbird, enigmail and gpgp ... (1) If you are running on windows and use German Umlauts or other diacritical characters, don't be surprised if your passphrase is not accepted in a shell, while enigmail or some other GUI accepts it ... windows cmd.exe has a different character set/code page than the windows system usually uses!

Graphical user interfaces for GPG

BTW, some nice gpg software for windows (linux/unix has gpa, anyway).

Posted by Seb um 10:58 2 comments

Labels:

Subscribe to: Posts (Atom)