Switching from PGP to GnuPG

Why?

Why not?

Seriously, GnuPG is open source cryptographic software similar to PGP, though much less restricted by licenses, free for the downloading, and just good software!

When I tried to switch from PGP 2.6.3 to GnuPG 1.0.6 I ran into a number of issues for which a solution was difficult to track down. Having finally succeeded 100% with the switch from PGP to GnuPG I'm passing on the solution to the issues for anyone else who might be in a similar situation.

If you don't use PGP currently and are starting fresh with GnuPG then you don't need this document.

Issues

The following two issues are closely related. Please read both subsections to see if the second issue is important, and its solution is available to you. By installing and loading an extension you are likely to eliminate the need for the solution presented first:

Password: Unsupported Algorithm

GnuPG has an --import option, and even --allow-secret-key-import, which appear to be exactly what you need for importing the keys from your existing PGP public and secret key rings. Trouble arises if your PGP keys have passwords on them. You should have passwords on your keys, unless your account and your computer are extremely secure! Most of us are not in that situation, so a password on the keys is a healthy second line of defense if your key ring files are stolen. At least that should give you time to issue ``compromised key certificates'' and invalidate your old keys.

What happens if your PGP keys have passwords on them? Easy: if PGP encrypted your password with an algorithm that is not supported by GnuPG then GnuPG will not be able to access your key once it has been imported. Oh, it imports it fine, but it will just not be able to get at the key, complaining about some unsupported algorithm.

The solution is to use PGP to drop the password on all your PGP keys using the pgp -ke uid command before you import the key into GnuPG. When it asks you for the new password, just press the [Enter] key. After you've imported the keys into GnuPG you can restore the passwords on your original PGP keys, as well as assign passwords to the keys maintained by GnuPG.

General Use: Unsupported Algorithm

The above wouldn't be necessary if you had the proper algorithm installed, such as ``IDEA'', ``RSA'', etc. ``Algorithm 1'' (when referred to by GnuPG) happens to be ``IDEA''; if you had an implementation of the ``IDEA'' algorithm compiled for GnuPG you could add a line such as ``load-extension ~/.gnupg/idea'' to your ~/.gnupg/options file to load the ~/.gnupg/idea extension software and that would take care of the problem.

In fact, this is necessary if you want to verify signatures or view encrypted data with GnuPG that was signed or encrypted with PGP using an algorithm not directly supported by GnuPG. You will get the same kind of message as above (about an unsupported encryption algorithm 1) when trying to view encrypted messages or verifying signatures on messages that were produced with PGP.

Thanks go out to my friend Uwe ``Hoover'' Schuerkamp for the solution involving the installation of a new cipher algorithm.