On Tue, 17 Jul 2007 18:45, [EMAIL PROTECTED] said: > I got the latest GnuPG. The bank uses "PGP 5.0 for OS/2", unfortunately > I can´t change that.
[ Wow, still a bank using OS/2. Some years ago I heard that IBM dropped OS/2 support for the 4758 and thus required the banks to switch to Windows. ] > Unfortunately I haven´t found out how to remove this from my key, is > there a (simple) way to do that? Keyflags are required for RSA and are in general a very good idea. If you want to get rid of them, you need to patch gpg. Point your editor to g10/keygen.c and search for the function do_add_key_flags. Comment out the last line and compile again. Then you need to update the self-signatures of your key: Setting the primary flag or changing the expire time will do the trick. > But that doesn´t mean PGP 5 is insecure in any way, it´s just outdated > and not RFC2440 conform, right? The GNU/Linux version is definitly insecure as the RNG has a major flaw. All keys created with this version and possible all signing keys used with this versions should be considered compromised. I have also great doubts that they are much safer with an OS/2 version. Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
