We have a client who requested that we exchange files using PGP encryption. They asked us to send them a public key for encryption purposes.
I installed GPG4WIN (version 4.3.1 with GnuPG 2.4.5). I created a key pair using the default settings (ECDSA/EdDSA) and sent the public key to the client. The client reported that they could not import the key and received the following error:
3013:no Keys found
(By the way, in the screenshot they sent, I noticed they are using the pgp command while I am using the gpg command).
We asked the client what they are using, and they said they are working with GnuPG VS-Desktop.
I tried creating another key pair, this time using RSA with 3072 bits. This time the client did not receive an import error, but they got an error related to a weak cipher/hash. The error they received was:
Weak cipher/hash found key below:
Hash: Unknown 0x0B
Hash: SHA-1
Compress: BZIP2
Compress: Zip
Expected cipher list example below:
Cipher: AES-128
Cipher: AES-192
Cipher: AES-256
Cipher: TripleDES
Hash: SHA-256
Hash: SHA-512
Compress: ZLIB
Photo: No
Revocable: No
Token: No
Keyserver: Absent
Default: No
Wrapper: No
Prop Flags: Sign user IDs
Prop Flags: Sign messages
Prop Flags: PGP NetShare
Prop Flags: PGP WDE
Prop Flags: PGP ZIP
Prop Flags: PGP Messaging
Ksrv Flags: Absent
What am I missing? Is it possible to work with GPG4WIN and GnuPG VS-Desktop together? Is there something I can change in the gpg4win settings to make it compatible?
It’s important to note that I have no prior experience with PGP, so I might be missing something obvious. I would greatly appreciate any help. Thank you!
You are missing nothing, you hit it on the spot when mentioning the “pgp” on their command line screenshot. Your client does not use GnuPG VS-Desktop, where the command line executable is gpg.
And GnuPG VS-Desktop can import a ECDSA/EdDSA public key and use it for encryption, too, although that certificate would be marked as not VS-compliant. Which is ok, as you are not using a VS-NfD compliant software. But RSA 3072 bit keys are the ones used most widely with GnuPG VS-Desktop, as those are the ones created there by default.
I have no idea what the error message of your clients software refers to, I’m pretty sure that it is wrong. The preferences of an RSA key created with a recent gpg4win look like this:
It did seem strange to me that the screenshot showed pgp, but he mentioned that he works with GnuPG VS-Desktop. Unfortunately, I didn’t receive direct answers, so I left it as is.
I am happy to report that it seems we are making progress. I created a new key with RSA 3072. This time, I edited the public key with edit-key:
gpg --edit-key key-id
Using the pref command, I updated the “Expected cipher list” to match what the client sent: