An imported public key can be used to encrypt documents to a PGP 2.x private key holder and check signatures made using a PGP 2.x private key. It is important to realize that it is impossible to use a new OpenPGP key to communicate with an PGP 2.x user, so you must import an old style key if you want to communicate with a PGP 2.x user.
Encrypting a document uses several command-line options, and the document to be encrypted must be specified as a file.
alice% gpg --rfc1991 --cipher-algo idea --compress-algo 1 --encrypt --recipient alice secret
gpg:
RSA keys are deprecated; please consider creating a new key and use this key in the future
gpg: this cipher algorithm is depreciated; please use a more standard one! |
Each of the command-line options are necessary.
The option rfc1991 is used to force GnuPG to be more compliant with RFC 1991, which is the old PGP specification implemented by PGP 2.x. If it is omitted, the output from GnuPG will be malformed and unusable by PGP 2.x.
The option cipher-algo specifies the symmetric cipher with which the document is to be encrypted. In the special case of encrypting to a PGP 2.x public key, the cipher specified must be IDEA. If it is omitted, the document will usually be encrypted using 3DES, an algorithm unsupported by PGP 2.x.
PGP 2.x's compression algorithm motivates how the rest of the command is formed. The option compress-algo specifies that GnuPG must use the old zlib compression algorithm used by PGP 2.x. Despite this, GnuPG uses partial length headers when encrypting a stream of unknown size, and this is unsupported by PGP 2.x. The document to be encrypted must therefore be in a file so that GnuPG knows the total size of the document to be encrypted before starting. So unfortunately, you cannot use pipes when using PGP 2.x keys.
Signing a document is no different than when any other key is used.
alice% gpg --local-user 0x24E2C409 --sign document
You need a passphrase to unlock the secret key for
user: "Alice <alice@cyb.com>"
1024-bit RSA key, ID 24E2C409, created 1999-09-18
gpg: RSA keys are deprecated; please consider creating a new key and use this
key in the future |
In this example, the option local-user is used to specify which private key to use for signing. Also, the output file is document.gpg. If the signature is to be verified using PGP 2.x, it must be renamed to a filename with a .pgp extension.
An imported private key may be used to decrypt documents encrypted to the key as well as make signatures using the key. Decrypting a message is no more difficult than when any other key is used.
alice% gpg secret.pgp
You need a passphrase to unlock the secret key for
user: "Alice <alice@cyb.org>"
1024-bit RSA key, ID 24E2C409, created 1999-09-18
gpg: NOTE: cipher algorithm 1 not found in preferences
gpg: secret.pgp: unknown suffix
Enter new filename [secret]: |
Again, the file renaming dialog can be avoided by renaming the input file with a .gpg extension. The note emitted by GnuPG regarding cipher algorithm 1 not found in the preferences may be safely ignored if seen.
Verifying a signature made using a PGP 2.x key is straightforward.
alice% gpg document.pgp
gpg: document.pgp: unknown suffix
Enter new filename [document]:
File `document' exists. Overwrite (y/N)? y
gpg: old style (PGP 2.x) signature
gpg: Signature made Sat Sep 18 17:55:30 1999 EST using RSA key ID 24E2C409
gpg: Good signature from "Alice <alice@cyb.org>" |
The file renaming dialog can be avoided if the document being verified is renamed with a .gpg extension before invoking gpg.