Help Needed: PGP Key Exchange Between gpg4win and GnuPG VS-Desktop

LeoSmith1379 · July 2, 2024, 4:48pm

Hello,

We have a client who requested that we exchange files using PGP encryption. They asked us to send them a public key for encryption purposes.

I installed GPG4WIN (version 4.3.1 with GnuPG 2.4.5). I created a key pair using the default settings (ECDSA/EdDSA) and sent the public key to the client. The client reported that they could not import the key and received the following error:

3013:no Keys found

(By the way, in the screenshot they sent, I noticed they are using the pgp command while I am using the gpg command).

We asked the client what they are using, and they said they are working with GnuPG VS-Desktop.

I tried creating another key pair, this time using RSA with 3072 bits. This time the client did not receive an import error, but they got an error related to a weak cipher/hash. The error they received was:

Weak cipher/hash found key below:
       Hash: Unknown 0x0B
       Hash: SHA-1
   Compress: BZIP2
   Compress: Zip

Expected cipher list example below:
     Cipher: AES-128
     Cipher: AES-192
     Cipher: AES-256
     Cipher: TripleDES
       Hash: SHA-256
       Hash: SHA-512
   Compress: ZLIB
      Photo: No
  Revocable: No
      Token: No
  Keyserver: Absent
    Default: No
    Wrapper: No
Prop Flags: Sign user IDs
Prop Flags: Sign messages
Prop Flags: PGP NetShare
Prop Flags: PGP WDE
Prop Flags: PGP ZIP
Prop Flags: PGP Messaging
Ksrv Flags: Absent

What am I missing? Is it possible to work with GPG4WIN and GnuPG VS-Desktop together? Is there something I can change in the gpg4win settings to make it compatible?

It’s important to note that I have no prior experience with PGP, so I might be missing something obvious. I would greatly appreciate any help. Thank you!

eebb · July 3, 2024, 10:33am

Hello Leo, welcome to the forum!

You are missing nothing, you hit it on the spot when mentioning the “pgp” on their command line screenshot. Your client does not use GnuPG VS-Desktop, where the command line executable is gpg.

And GnuPG VS-Desktop can import a ECDSA/EdDSA public key and use it for encryption, too, although that certificate would be marked as not VS-compliant. Which is ok, as you are not using a VS-NfD compliant software. But RSA 3072 bit keys are the ones used most widely with GnuPG VS-Desktop, as those are the ones created there by default.

I have no idea what the error message of your clients software refers to, I’m pretty sure that it is wrong. The preferences of an RSA key created with a recent gpg4win look like this:

gpg> showpref
[ ultimativ ] (1). g10code-RSA
     Verschlü.: AES256, AES192, AES, 3DES
     AEAD: OCB
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Komprimierung: ZLIB, BZIP2, ZIP, nicht komprimiert
     Eigenschaften: MDC, AEAD, Keyserver no-modify

So you see SHA1 is only the last fallback and it is required by the OpenPGP standard.

To check your own key call
gpg --edit-key KEYID and then enter showpref

LeoSmith1379 · July 3, 2024, 7:22pm

Hi eebb,

Thank you for the detailed response!

It did seem strange to me that the screenshot showed pgp, but he mentioned that he works with GnuPG VS-Desktop. Unfortunately, I didn’t receive direct answers, so I left it as is.

I am happy to report that it seems we are making progress. I created a new key with RSA 3072. This time, I edited the public key with edit-key:

gpg --edit-key key-id

Using the pref command, I updated the “Expected cipher list” to match what the client sent:

Cipher: AES-128
Cipher: AES-192
Cipher: AES-256
Cipher: TripleDES
  Hash: SHA-256
  Hash: SHA-512
Compress: ZLIB

gpg> setpref S7 S8 S9 S2 H8 H10 Z2

I saved, exported, and ran:

gpg --list-packets public.key

I confirmed that all the pref fields were updated:

pgp

The client sent me the encrypted file, so it seems to have worked! I haven’t decrypted it yet due to technical reasons, but I am optimistic.

Thank you very much! I hope the explanation above will help someone if they encounter this issue.