[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ElGamal key restriction



On Fri, Oct 13, 2000 at 12:32:04PM +1100, Anand Kumria wrote:
> On Wed, Oct 04, 2000 at 11:28:31PM +0100, Julian Gilbey wrote:
> > On Wed, Oct 04, 2000 at 12:04:04PM -0700, Matt Kraai wrote:
> > > Howdy,
> > > 
> > > According to http://www.debian.org/devel/join/nm-step2 , ElGamal keys
> > > generated by gnupg versions prior to 1.0.2 are not acceptable.  I
> > > haven't been able to find a justification for this restriction in the
> > > mailing list archives, debian-keyring, or the ChangeLog and NEWS files
> > > of gnupg.  Would someone please explain (or direct me to) the reasons
> > > for this requirement?
> > 
> > Bug in gnupg << 1.0.2.  Explained by a mail from James Troup to the
> > -admin list about a month ago.  (Was that pre-archiving?)
> 
> No it wasn't. I've just resent it so it is (hopefully) archived.
> 
> If so then Sano can put in a link to the message I guess.

Thanks for posting the explanation.  After sending the email I found out
about the incompatible signature problem, and wanted to make sure that
this (rather than some kind of insecure key generation) was responsible
for the requirement.  Could the wording of the web page be changed to
something like the following?

Note: ElGamal signatures generated by GPG <= 1.0.1 are incompatible with
later versions.  Such signatures must be regenerated by GPG >= 1.0.2.

Perhaps it should also mention that the ElGamal keys do *not* need to be
regenerated, only the signatures created by ElGamal keys.

Matt



Reply to: