On Mar 10, 2010, at 4:07 PM, Robert Palmer wrote:

> During exchange of a public key to a 3rd party – they rejected the key for 
> not having a compatible cipher; so, after doing some research the key was 
> edited within gpg to update prefs on the key which now shows a compatible 
> cipher (in this case, AES-256).  I re-exported the public key and noticed 
> that the ascii representation was different – this leads me to my question, 
> which is: is this new key 100% compatible with the old key?  To elaborate, 
> will previous other 3rd party entities (equipped only with the non-updated 
> prefs version) still be able to decrypt and accept messages signed with the 
> new key?  Preliminary testing shows that the updated prefs version encrypted 
> message is able to be decrypted and signature verified on the non-updated 
> prefs version keyring system.
>  
> I am thinking (from preliminary tests) that the “key” information does not 
> get updated at all – but, somehow, the cipher preferences are embedded in the 
> public key – hence, the reason that the exported public key ASCII 
> representation was different before and after updating preferences.

This is exactly correct.  The prefs are just a field attached to the key.

However, your 3rd party should not have rejected the key.  The OpenPGP 
preferences system is designed to *always* reach a valid answer.  Every 
preference list contains Triple-DES, whether you explicitly list it there or 
not, and every OpenPGP program is compatible with Triple-DES.  If no other 
compatible ciphers are found, the answer is Triple-DES.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to