4

We recently upgraded the server we use to gpg encrypt files with public key encryption.

Old server had gnupg version 1.2.6. On the new server, gnupg version 2.0.18, we imported our gpg keyring from the old server.

On our old server we have a clients public key that encrypts with ELG-E/CAST5 (shown by enabling verbose mode when encrypting files.

On our new server, the same public key uses ELG/CAST5 when encrypting files. gpg --version on the new server also only shows ELG, not ELG-E.

Is there any way to enable ELG-E on our new server? Should we ask for a newer public key from this client?

Old server gpg --version:

-bash-3.00$ gpg --version
gpg (GnuPG) 1.2.6
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256
Compression: Uncompressed, ZIP, ZLIB, BZIP2

New server gpg --version:

-bash-4.1$ gpg --version
gpg (GnuPG) 2.0.18
libgcrypt 1.4.5
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, 
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
mgorven
  • 30,615
  • 7
  • 79
  • 122
user129545
  • 73
  • 2
  • 9

1 Answers1

2

ELG-E refers to an ElGamal key which can only be used for encryption (not for signing), whereas ELG refers to an ElGamal key which can be used for both encryption and signing. The new GnuPG version should be able to work with ELG-E keys, so there's no need to generate new keys because of this.

mgorven
  • 30,615
  • 7
  • 79
  • 122
  • Thanks, the problem I have is that an identical file (matching md5sum) is encrypting differently on the old server vs the new server. The file size is 1 or 2 bytes more on the new server, and the md5sums of the encrypted files don't match on the old server and new server. Even though same public key and syntax is being used to encrypt the file on both. – user129545 Jul 25 '12 at 14:28
  • @user129545 But what's the problem with that? – mgorven Jul 25 '12 at 16:14
  • problem is client still saying they can't decrypt the file. Today I reimported their public key on the new server, and sent the file to them again. Should know if that helped tomm. – user129545 Jul 25 '12 at 21:25
  • 1
    update : client was able to decrypt a file late today after we used the --pgp6 option to encrypt. So perhaps that's all we needed. – user129545 Jul 26 '12 at 01:45