GPG as a PGP replacement
Hi all,
I have been doing some reasearch here and I have been able to determine
that right now GPG represents (with the non-free RSA and IDEA modules) a
functional replacement for PGP 2.x for both checking signatures and
creating signatures.
It is remarkably easy to do, I am surprised that someone else has not
mentioned it.. Put this in your .gnupg/options file:
load-extension rsa
load-extension idea
keyring /usr/share/keyrings/debian-keyring.pgp
keyring /usr/share/keyrings/debian-keyring.gpg
keyring /home/jgg/.pgp/pubring.pgp
secret-keyring /home/jgg/.pgp/secring.pgp
(for instance)
GPG will directly read your existing PGP 2 key rings, the distributed RSA
ring and the DSS ring. It also able to directly parse the encrypted secret
key ring.
PGP 2.x compatible signatures can be generated using this command:
gpg --rfc-1991 -a --clearsign foo.txt
Note: You cannot pipe input to gpg and get a PGP 2.x compatible sig.
Werner says it enters a different mode when you use a pipe..
Sigs can be checked using
cat foo.asc | gpgm
Much like PGP.. (gpgm is a version that does not need root privlage to
lock memory)
You can also generate a DSS key and have both your RSA and DSS key
available to GPG for signing, the -u option can select between them.
I am hoping that information like this will help us to adopt gpg and free
algorithms more quickly. With any luck we should be able to eliminate the
use of PGP in the archive checking scripts using instead GPG (which would
finally allow DSS keys to be used for uploads)
As a final note, I have not yet found out the fate of RSA in a years time,
I would hope that it will be moved into the main GPG distribution and
become a fully free algorithm. IDEA won't be, but IDEA is unnecessary for
signatures and GPG can use other ciphers with RSA keys for encryption.
Jason
Reply to: