On Tue, Oct 05, 1999 at 12:39:50PM +0200, Rene Mayrhofer wrote:
> > > Is it possible to use a key created by pgp5 for package signing ? The
> > > key works for me when I use it with gpg, both the opposite is not true
> > > (e.g. pgp5 is unable to verify a signature created with a gpg key). I am
> > > no maintainer yet and so I want to start cleanly. What is the "right"
> > > way if I want to use gpg and pgp5 and communicate with people using pgp5
> > > ? Can I create a gpg key usable by pgp5 or is it possible to use the
> > > pgp5 key for administrative purposes ?
> > > I really want to revoke my rsa key and use only one key for all
> > > purposes.
> >
> > By default gpg will use OpenPGP sigs. This is probably your problem.
> > Yes, you can import the pgp5 key into gpg and use it directly. There's
> > also some documentation on how to get gpg to generate pgp5 compatible
> > sigs in the manpage.
> So it is ok to use a pgp5 created key (gpg works with it) to sign
> packages ? I would like to use a pgp5 key because even if pgp5 can read
> gpg-key signatures, I think it is impossible to use a gpg key with pgp5.
> This is something I want to do because I have to work under Windows
> sometimes (therefore forced to use pgp5).
PGP5 and GnuPG share a common key format (DSA/ElGammal) but they're stored
differently in the keyrings. Example:
gpg --export 0xSomeKeyID | pgpk -a
pgpk -x 0xSomeKeyID | gpg --import
--
Joseph Carter <knghtbrd@debian.org> Debian GNU/Linux developer
GnuPG: 2048g/3F9C2A43 - 20F6 2261 F185 7A3E 79FC 44F9 8FF7 D7A3 DCF9 DAB3
PGP 2.6: 2048R/50BDA0ED - E8 D6 84 81 E3 A8 BB 77 8E E2 29 96 C9 44 5F BE
--------------------------------------------------------------------------
"Actually, the only distribution of Linux I've ever used that passed the
rootshell test out of the box (hit rootshell at the time the dist is
released and see if you can break the OS with scripts from there) is
Debian."
-- seen on the Linux security-audit mailing list
Attachment:
pgpInU3GGYilk.pgp
Description: PGP signature