On 30.11.2015 21:53, Peter Lebbing wrote: > On 30/11/15 20:10, Andrey Utkin wrote: >> Is it impossible straight from RFC 4880 in any defined mode, or is >> it just a wrong behaviour in GnuPG/Libgcrypt? > > It is a specific bug of GnuPG 2.1, and Werner's comment on the bug entry > mentioned here makes me believe he intends to fix it eventually. > > GnuPG 1.4 and 2.0 can export keys without passphrases, and this is fully > defined in RFC 4880.
Thanks for clarification. I'd be glad to help Werner to fix it if he has
no time.
Could you please direct me to exact S2K-stuff modes for exporting it
which would be compliant with earlier GnuPG branches 1.4 and 2.0? Then I
would have a chance to accomplish the fix in finite time.
>> Empty passphrases are banned in several places in this software:
>
> Yes; that's because there is a difference between not encrypting stuff
> and encrypting it with an empty passphrase :). The latter is just silly.
> The only purpose of doing that is to be able to tell your client that
> you "encrypted it" without technically lying. And I'm not making stuff
> up. This actually happens (I'm looking at you, DropBox!).
>
> When a private key is stored without a passphrase, it is stored without
> encryption. The actual packet looks different: it clearly indicates that
> what follows is plaintext. If you were to encrypt it with an empty
> passphrase, it would actually be encrypted, but with a key that
> corresponds to an empty passphrase and hence would be trivially cracked
> by anyone.
Surely these two ways are distinguishable. But for unattended processing
cases, I'd like a mode that makes utils skip all passphrase entry
prompts. I guess the no-encryption case ("trivially cracked by anyone")
is needed here.
Which of the mentioned modes was used in 1.4 and 2.0 for exporting
without passphrase?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
