[pass] Dependency on gpg v2

Dahlberg, David david.dahlberg at fkie.fraunhofer.de
Fri Feb 13 13:53:57 CET 2015


Am Freitag, den 13.02.2015, 11:10 +0100 schrieb Jason A. Donenfeld:
> > keys, some feature of the password store commands (esp. gpg init) do
> > indeed work with the version 1 of GnuPG /only/ :-(
> 
> Can you elaborate?

At some time in 2014, WK disabled MD5 for gpg2. This update found it's
way to Debian Jessie two or three weeks ago. According to the man page
of gpg2, there is an "--allow-weak-digest-algos" switch, which should be
usable to temporarily reenable MD5.

I had a password store, encrypted with an old PGP2 key. (Be aware: I am
talking about a "Phil Zimmermann PGP version 2"-type key which has been
used in the "Werner Koch GPG version 2" software). Unfortunately, even
with that "weak-algo" switch, newer versions of GnuPG seem not support
old PGP2 keys any more at all, which is especially annoying when you try
to convert a password store from an old-style key to a newer one ("pass
init NEWID"). So the gpg update effectively broke that password store
and no easy upgrade path was possible using the distro's gpg2
version :-(

Let's jump a bit in time. After I managed to convert that database to be
encrypted with the new key by using gpg version 1, the actual
distribution's version of gpg2 will still throw a lot of confusing
errors and occasionally refuse to work or not, seemingly just because of
the fact there is an PGP2 key somewhere in the keyring and even though
it should not be used at all.

I do not consider this to be a problem of the password-store, but one of
gnupg and there are other problems that I encountered too (changing key
properties/signing keys does not always work either). I have not filed a
bug report there yet because what I wrote above is still a bit of
half-reproducable issues glued together with half-knowledge and bad
guesswork. I will have dig into the issue when I have some spare time.

-- 
David Dahlberg     

Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845
Fraunhoferstr. 20, 53343 Wachtberg, Germany        | Fax: +49-228-856277


More information about the Password-Store mailing list