1

I've just heard of a partner who can't use my PGP key because he says his software is not compatible with PGP keys generated with BCPG 1.45 or earlier. I've been using these keys for a while now and never had any problems. Also, I've been unable to find online any documented case of such matter. So, Is there such a thing? Should I try and upgrade my software so that it can export keys using a more modern BCPG lib?

Thanks for the help.

JuanKB1024
  • 324
  • 1
  • 17
  • IMO: That question is phrased quite badly, the way you're asking it now is basically asking SO to make a business decision for you and that's not what you want to ask I hope. I also see very little in there that says you verified with said partner what specifically is referred to. Without specifics, the only thing you can do is hunt through the release notes and guess away: https://www.bouncycastle.org/releasenotes.html – Gimby May 13 '15 at 14:50
  • @Gimby thanks for your reply. Since updating the BC lib in my software is non trivial, I was wondering wether someone found a workaround to this problem. I've searched through the release notes but there isn't much info to suggest a bugfix or something in bcpg. Sadly, I have not received any specific error details from my partner to troubleshoot. – JuanKB1024 May 13 '15 at 15:46
  • Please give further details on what algorithms and key sizes you chose exactly, and ask the partner what implementation of OpenPGP he's using. If he tells you something like PGP version 6 or earlier, just tell him that software's horribly old and has probably known vulnerabilities (and generally has bad support for current algorithms). Otherwise, there is probably a solution. – Jens Erat May 13 '15 at 19:33
  • BouncyCastle has severe standard-compliance problems in some aspects (eg. wrong size of encrypted data is written to the packet etc), so it's no wonder other software doesn't work with BC products (keys and files) well. – Eugene Mayevski 'Callback Jun 28 '15 at 07:39

0 Answers0