Are there any sources online for the following?
* contact info for people involved in interop testing
* examples of non-conformant output (for testing)
* examples of conformant output which have been
documented to break certain implementations
Should a page be set up to host this information?
--
JJK
http://www.openpgp.org/technical/interoperability/ However, the information there is pretty limited. If anyone has contributions of the types described below, send them to me and I'll see that they're added to the site. Brian Smith Hush Communications > -----Original Message----- > From: John J Kane [mailto:jkane89 <at> softhome.net] > Sent: 03 November 2001 18:06 > To: ietf-openpgp <at> imc.org > Subject: pointers to openpgp-interop knowledge base? > > ________________________________________________________ > > This message has NOT been ENCRYPTED and has NOT been SIGNED > ________________________________________________________ > > > Are there any sources online for the following? > > * contact info for people involved in interop testing > * examples of non-conformant output (for testing) > * examples of conformant output which have been > documented to break certain implementations > > Should a page be set up to host this information?(Continue reading)
John J Kane <jkane89 <at> softhome.net> wrote: >Are there any sources online for the following? > > * contact info for people involved in interop testing > * examples of non-conformant output (for testing) > * examples of conformant output which have been documented to break certain > implementations I've found that just using the various options of PGP 5.0 (which is not-quite- OpenPGP), 6.5.x, and GPG will give you all the quirks and peculiarities you need. Once you've made sure you can read what they produce, you should also check that they can read what you produce. Peter.
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 - ----- Original Message ----- From: "Peter Gutmann" <pgut001 <at> cs.auckland.ac.nz> To: <ietf-openpgp <at> imc.org>; <jkane89 <at> softhome.net> Sent: Sunday, November 04, 2001 9:22 AM Subject: Re: pointers to openpgp-interop knowledge base? > I've found that just using the various options of PGP 5.0 (which is > not-(Continue reading)quite- OpenPGP), 6.5.x, and GPG will give you all the quirks and > peculiarities you need. Once you've made sure you can read what they > produce, you should also check that they can read what you produce. > > Peter. short summary of intercompatibility, and incompatibilities: messages from any pgp version can be read and verified by gpg {with the idea plugin}, except if a shared key/split key system is used [gpg can encrypt to a split key, but not sign or decrypt with a shared key system] messages from gpg using the throw-key id switch, cannot be read by 'any' version of pgp {except for Disastry's 2.6.3i multi 5} messages from gpg using mdc, cannot be read by any pgp version prior to
On Sun, 4 Nov 2001, vedaal wrote:
> messages from any pgp version can be read and verified by gpg {with the
> idea plugin},
> except if a shared key/split key system is used
> [gpg can encrypt to a split key, but not sign or decrypt with a shared key
> system]
>
> messages from gpg using the throw-key id switch, cannot be read by 'any'
> version
> of pgp {except for Disastry's 2.6.3i multi 5}
>
> messages from gpg using mdc, cannot be read by any pgp version prior to
> 7.xx
> {6.5.8ckt is an exception, having a patch to ignore the mdc packets}
>
> messages from 7.xx using twofish or aes, cannot be decrypted by pgp
> versions prior
> to 7.xx, but signatures can be verified
> {again, 6.5.8ckt is an exception}
>
> messages using an RSA v4 key, can be decrypted, and can be verified, by pgp
> versions
> prior to 7.xx, but, for some reason, not, if the message is 'both' signed
> and encrypted
>
> messages signed with ripemd-160 or sha-1, can be verified by all pgp
> versions greater
> than 2.6.x, even if they do not use them to sign with for a particular key
(Continue reading)
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Len Sassamanwrote: > > GnuPG of any version produces messages signed with v3 keys encrypted in v3 > format that PGP cannot decrypt. except PGP 2.6.3ia-multi05, I modified it so that it can decrypt/verify these GnuPG produced non OpenPGP compliant messages. > In the implementation nits, it is noted that PGP 5.x cannot verify v4 sigs > on non-v4 material. Actually, 6.x cannot either, but 7.x and greater can. even PGP 7.x have problems with v4 sigs. it can verify v4 clearsignatures and detached signatures but not one pass signatures. PGP 6.5.8ckt06 can verify all v4 signatures. > Then there's the ElGamal signing-keys that GnuPG generates. I don't know > what else supports them. PGP 6.5.8ckt06 does. __ Disastry http://disastry.dhs.org/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^--GPG for Win32 (supports loadable modules and IDEA) ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,(Continue reading)
At 12:29 PM -0800 11/4/01, Len Sassaman wrote: > >I could keep throwing things off the top of my head -- but shouldn't we >have some formal system for listing all of this? Yes. Both Brian Smith and John Kane have volunteered to maintain the information. I've asked them to collaborate on maintaining the pages. My preference is we set something up under openpgp.org site. openpgp.org is a computer at Phil Zimmermann's house. There's other stuff I would like to see there, but interoperability info would be a Real Good Thing to get 2440 to DRAFT. I have a program to contribute which will read openpgp files and report on their structure. John Callas wrote the original version, and I've been updating it for 2440. It's not a complete implementation of 2440. But it locates packet boundaries, identifies packet types, and describes the plaintext portions of packets. If people send me files, I'll run them through my parser, and tell you what happens. The program runs on my Mac, but should be reasonably portable to other systems. I'll publish it on openpgp.org, as soon as we make a suitable place. I've heard tell of similar programs, but I don't have particular knowledge of any. -- -- john noerenberg jwn2 <at> qualcomm.com(Continue reading)
From: John W Noerenberg II <jwn2 <at> qualcomm.com> Subject: Re: pointers to openpgp-interop knowledge base? > I have a program to contribute which will read openpgp files and > report on their structure. John Callas wrote the original version, > and I've been updating it for 2440. It's not a complete > implementation of 2440. But it locates packet boundaries, identifies > packet types, and describes the plaintext portions of packets. Another PGP parser can be found: http://pgp.iijlab.net/pgpdump.html Web interface is also available. --Kazu
----- Original Message ----- From: "Kazu Yamamoto (????)" <kazu <at> iijlab.net> To: <ietf-openpgp <at> imc.org> Sent: Monday, November 05, 2001 11:24 PM Subject: Re: pointers to openpgp-interop knowledge base? > Another PGP parser can be found: > http://pgp.iijlab.net/pgpdump.html > > Web interface is also available. > > --Kazu have tried the web interface, with a peculiar result: encrypted a message to an rsa key using gpg with the preference set to twofish, decrypting with gpg showed algorithm 10, as expected. using the pgp dump web interface, it identified the message as using mdc packets, [also as expected], but listed the algorithm as 1 {a 'default ' listing for 'idea' once an rsa key is identified, even though 'idea' was not used?} is this just the web interface, or does the parser do this too? vedaal(Continue reading)
On Mon, 5 Nov 2001, John W Noerenberg II wrote: > I've heard tell of similar programs, but I don't have particular > knowledge of any. -- GnuPG has such a parser built into it. Also, there's a perl script written by Mark E. Shoulson called pgpacket3.1 that tries to do the same thing.
RSS Feed9 | |
|---|---|
6 | |
11 | |
43 | |
5 | |
5 | |
5 | |
13 | |
30 | |
4 | |
25 | |
4 | |
1 | |
5 | |
14 | |
3 | |
11 | |
60 | |
8 | |
2 | |
62 | |
52 | |
1 | |
1 | |
20 | |
16 | |
14 | |
31 | |
40 | |
68 | |
22 | |
41 | |
1 | |
72 | |
26 | |
1 | |
6 | |
1 | |
26 | |
52 | |
34 | |
1 | |
17 | |
4 | |
7 | |
20 | |
11 | |
32 | |
10 | |
13 | |
23 | |
64 | |
49 | |
32 | |
68 | |
47 | |
63 | |
102 | |
100 | |
49 | |
13 | |
53 | |
47 | |
36 | |
101 | |
73 | |
6 | |
4 | |
51 | |
1 | |
17 | |
2 | |
13 | |
36 | |
101 | |
23 | |
38 | |
41 | |
16 | |
54 | |
3 | |
31 | |
66 | |
72 | |
51 | |
30 | |
121 | |
7 | |
39 | |
1 | |
11 | |
11 | |
81 | |
57 | |
16 | |
5 | |
75 | |
154 | |
6 | |
46 | |
51 | |
26 | |
37 | |
19 | |
50 | |
131 | |
42 | |
7 | |
17 | |
53 | |
62 | |
47 | |
48 | |
34 | |
25 | |
45 | |
13 | |
29 | |
78 | |
65 | |
56 | |
18 | |
30 | |
9 | |
55 | |
26 | |
15 | |
25 | |
11 | |
11 | |
58 | |
37 | |
58 | |
105 | |
47 | |
34 | |
37 | |
23 | |
10 | |
16 | |
96 | |
10 | |
157 | |
121 | |
110 | |
94 | |
201 | |
30 | |
62 | |
136 | |
372 | |
363 | |
127 | |
71 | |
12 | |
1 |
