[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pgp in Debian: obsolete?

Quoting Dale Amon (amon@vnl.com):

> I don't know for sure either. I do seem to remember there was a
> document explaining how to transition and that there was a new key
> generation method. I also vaguely remember having some problem with my
> own package signing keys when the switch was made from PGP to GPG, but
> that is 4-5 years ago and I cannot for the life of me remember the
> details. I just have a vague disquiet about it.

Just attempting to fill in missing detail:  PGP first used for its
symmetric cipher Zimmerman's own amateur effort "Bass-o-Matic", which
was quickly dropped and replaced with the IDEA algorithm.  IDEA is
patent encumbered (and will remain that way for some years, yet).

GnuPG lacks IDEA support.  It was included for a while as an optional
module, but has bene removed from the tarball.  (You can find it and
retrofit it, if you search a bit.)

The problems with dodgy RSA support have, as you mentioned, now gone
away:  One can achieve maximum compatibility with various PGP versions
by avoiding mixing RSA and Diffie-Hellman / DSS, as detailed here:

That and the lingering IDEA problem (limiting only compatiblity with
some PGP 2.x users) are all I'm aware of.  PGPi, unlike GnuPG, _does_
include IDEA code by default.

Cheers,            There are only 10 types of people in this world -- 
Rick Moen          those who understand binary arithmetic and those who don't.

Reply to: