missing keys in "key selection dialog" - PGP

This is a discussion on missing keys in "key selection dialog" - PGP ; hi there, I'm still using version 5.5 of PGP I once purchased. why shouldn't I, there have never been problems with it. until recently... I've replaced two expired keys with their successors and deleted the old ones. in PGPkeys I ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: missing keys in "key selection dialog"

  1. missing keys in "key selection dialog"

    hi there,

    I'm still using version 5.5 of PGP I once purchased. why shouldn't I,
    there have never been problems with it. until recently...

    I've replaced two expired keys with their successors and deleted the old
    ones. in PGPkeys I can access, sign, view, export them and so on.
    everything just looks normal.

    when trying to encrypt files using either the pop-up menus from the
    windows exlorer or PGPtools, I get the "PGP key selection dialog" to
    select the recipients. in this list those two new keys are missing. all
    others are still there.

    I've already exported, deleted and re-imported them once, the problem
    remains.

    what else could I do to "sync" the PGPkeys data with the "key selection
    dialog" list? is it a bug of v5.5 (which I doubt) or could there be
    something wrong with the keys? (BTW, one key is DH/DSS 1024 IDEA, the
    other is a DH/DSS 1024 CAST. both were issued in 2003.)

    any hints greatly welcome.

    many thanks, Xn.
    --
    Christian Karpp _______ Sr. SecurITy Consultant, IBM Mannheim, Germany
    fon: +49-172-735-7707, +49-621-469-379 ____ email: xn@heidelbg.ibm.com
    =-=-=-=-=-=-= "In God we trust. The rest we monitor." =-=-=-=-=-=-=


  2. Re: missing keys in "key selection dialog"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    "Christian Karpp" wrote in message
    news:bu0ru4$10o6$1@sp15en20.hursley.ibm.com...

    [...]

    > I've replaced two expired keys with their successors and deleted the old
    > ones. in PGPkeys I can access, sign, view, export them and so on.
    > everything just looks normal.
    >
    > when trying to encrypt files using either the pop-up menus from the
    > windows exlorer or PGPtools, I get the "PGP key selection dialog" to
    > select the recipients. in this list those two new keys are missing. all
    > others are still there.


    [...]

    > is it a bug of v5.5 (which I doubt) or could there be
    > something wrong with the keys? (BTW, one key is DH/DSS 1024 IDEA, the
    > other is a DH/DSS 1024 CAST. both were issued in 2003.)


    if only the subkey expired, and what you imported was a new subkey,
    then maybe 5.5 cannot deal with that, as it still thinks the keypair
    'expired'
    and refuses to encrypt to it

    try backing up your keys,
    make a new key-ring
    export all but the expired key from the backup, and re-importing them into
    the new one
    then importing the new replacement for the expired key

    hth,

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: { Acts of Kindness better the World, and protect the Soul }
    Comment: KeyID: 0x6A05A0B785306D25
    Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

    iQEVAwUBQAQqUGoFoLeFMG0lAQM/VAf+KYTOc++3anKdIRme1yjneDTVDIdXDKzZ
    YMxbX809tANP6KZBDbR1+wCUk45I5QHeTqeYMpPlfxMGGdnF8T +CWANb+qrNf/67
    TTcC3CbaTuUqKzZBsZgDRREyHRgD3V+mKOE4m4tt2qdDTwGOti dybjfpYvti3wrB
    pMPE3tf+DshAmxA1PWefOWRUddjeCmHtRwSiQngqomTa/EWj/Q2nKmGo7fXM+ktU
    qfkpEqK/qbIJ+D6INGcDuihIYRr1I3O1MKjdJ5SnE86l5qVUVXBDNK7A4d a1C64M
    V66Y2mVi4P9bOsAmHrlUuFW8RvIJPCu10xNqASBhGDxg1fvtB/vHJg==
    =Vgab
    -----END PGP SIGNATURE-----



  3. Re: missing keys in "key selection dialog"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Christian Karpp wrote in
    news:bu0ru4$10o6$1@sp15en20.hursley.ibm.com:

    > hi there,
    >
    > I'm still using version 5.5 of PGP I once purchased. why shouldn't I,
    > there have never been problems with it. until recently...
    >
    > I've replaced two expired keys with their successors and deleted the
    > old ones. in PGPkeys I can access, sign, view, export them and so on.
    > everything just looks normal.
    >
    > when trying to encrypt files using either the pop-up menus from the
    > windows exlorer or PGPtools, I get the "PGP key selection dialog" to
    > select the recipients. in this list those two new keys are missing. all
    > others are still there.
    >
    > I've already exported, deleted and re-imported them once, the problem
    > remains.
    >
    > what else could I do to "sync" the PGPkeys data with the "key selection
    > dialog" list? is it a bug of v5.5 (which I doubt) or could there be
    > something wrong with the keys? (BTW, one key is DH/DSS 1024 IDEA, the
    > other is a DH/DSS 1024 CAST. both were issued in 2003.)
    >
    > any hints greatly welcome.


    Make sure your computer clock is set correctly.

    Review http://www.mccune.cc/PGPpage2.htm#NewKeys

    If that doen't do it, I'd be glad to take a look at the public keys.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQARzxWDeI9apM77TAQKa6Qf+OlDUdS4y+QjiL7PQQ/qaZMViZiB3sIfU
    ylpnrF5eJxyodOiWLpM5Xg1nl9rShgULU8deeM8/FEJsXFJMzinozp0mKu+bbUGw
    jQvG6LYDHcMXhYd9RJdZdy67+XCciNbR9JlO0zESvASkG3gUJO 99LKgrL881Ltic
    QXAbqVnrcZlRITH9pY1LRia01QNZDXq0Rsmy5a1YQ3m0aNSZ4r EbH9an+/i0T5bb
    uVxW+qLXyeWDNzhpNvvI2COpCVV3LF3tqhSjgg/kfiJgJZgbHpjd59FQwMKMqcF7
    3u44gMH+TRXYP3A+WA8rJeZfHyLCI/dgNzMOwqYBCmn0t6Y0KAvmxw==
    =9Opf
    -----END PGP SIGNATURE-----

  4. Re: missing keys in "key selection dialog"

    Christian Karpp wrote:

    > new key-ring? those are not my keys.


    sorry vedaal,

    I assume you suggested I should recreate the "pubring.pkr" file.
    I'll try that...

    thanks, Xn.
    --
    Christian Karpp _______ Sr. SecurITy Consultant, IBM Mannheim, Germany
    fon: +49-172-735-7707, +49-621-469-379 ____ email: xn@heidelbg.ibm.com
    =-=-=-=-=-=-= "In God we trust. The rest we monitor." =-=-=-=-=-=-=


  5. Re: missing keys in "key selection dialog"

    vedaal wrote:
    > try backing up your keys,
    > make a new key-ring
    > export all but the expired key from the backup, and re-importing them into
    > the new one
    > then importing the new replacement for the expired key


    new key-ring? those are not my keys. I could try to ask the persons if
    they're willing to recreate their key pair, but I doubt they will do so.
    it seems that I'm the only one having problems with their new keys.

    l8r, Xn.
    --
    Christian Karpp _______ Sr. SecurITy Consultant, IBM Mannheim, Germany
    fon: +49-172-735-7707, +49-621-469-379 ____ email: xn@heidelbg.ibm.com
    =-=-=-=-=-=-= "In God we trust. The rest we monitor." =-=-=-=-=-=-=


  6. Re: missing keys in "key selection dialog"

    Tom McCune wrote:

    > Make sure your computer clock is set correctly.


    it is.
    funny thing is that both keys have been created in 2003. one never
    expires the other one will expire in 2008.
    but everything works fine with other keys that have been created in
    2003. so maybe I should kindly ask the persons to re-created their keys
    and send them to me again...

    l8r, Xn.
    --
    Christian Karpp _______ Sr. SecurITy Consultant, IBM Mannheim, Germany
    fon: +49-172-735-7707, +49-621-469-379 ____ email: xn@heidelbg.ibm.com
    =-=-=-=-=-=-= "In God we trust. The rest we monitor." =-=-=-=-=-=-=


  7. Re: missing keys in "key selection dialog"

    Christian Karpp wrote:

    > so maybe I should kindly ask the persons to re-created their keys
    > and send them to me again...


    I've investigated this thingie a bit further:
    the missing keys in the selection dialog show up in the PGPkeys window
    with only one key size even though they're DH/DSS keys.
    correct DH/DSS keys show up as "2048/1024" for example but the one's
    that are giving me headaches are only listed as e.g. "1024".

    I still haven't found out though wether this is because they've been
    created wrongly, something went awry during transmission or it's simply
    a bug in PGP 5.5...

    l8r, Xn.
    --
    Christian Karpp _______ Sr. SecurITy Consultant, IBM Mannheim, Germany
    fon: +49-172-735-7707, +49-621-469-379 ____ email: xn@heidelbg.ibm.com
    =-=-=-=-=-=-= "In God we trust. The rest we monitor." =-=-=-=-=-=-=


  8. Re: missing keys in "key selection dialog"

    Christian Karpp wrote in news:bugovb$44km$1
    @sp15en20.hursley.ibm.com:

    > I've investigated this thingie a bit further:
    > the missing keys in the selection dialog show up in the PGPkeys window
    > with only one key size even though they're DH/DSS keys.
    > correct DH/DSS keys show up as "2048/1024" for example but the one's
    > that are giving me headaches are only listed as e.g. "1024".
    >
    > I still haven't found out though wether this is because they've been
    > created wrongly, something went awry during transmission or it's simply
    > a bug in PGP 5.5...


    It sounds like the following from the URL I gave previously:

    "Check DH/DSS key properties to make sure they have a subkey that has
    reached its start date, is not expired, and is not revoked."

    --
    Tom McCune
    My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

  9. Re: missing keys in "key selection dialog"

    On Mon, 19 Jan 2004 15:19:31 +0100, Christian Karpp
    wrote:

    >I've investigated this thingie a bit further:
    >the missing keys in the selection dialog show up in the PGPkeys window
    >with only one key size even though they're DH/DSS keys.


    Then they're not DH/DSS keys, despite what PGPKeys says.

    >correct DH/DSS keys show up as "2048/1024" for example but the one's
    >that are giving me headaches are only listed as e.g. "1024".


    That's a DSS master key, not a DH/DSS key. That key won't show as a
    choice for encryption because it can't encrypt. It has no DH subkey
    for encrypting.

    >I still haven't found out though wether this is because they've been
    >created wrongly, something went awry during transmission or it's simply
    >a bug in PGP 5.5...


    I'd call the first two options very unlikely, but you could say
    PGPKeys has a bug. All versions of PGPKeys that I've seen will report
    a DSS signing-only key as "DH/DSS" (for example, 0xD77B2094, the key
    Network Associates used for signing PGP releases).


  10. Re: missing keys in "key selection dialog"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Steve H. wrote in news:buhhge$gre$0@216.39.144.168:


    > I'd call the first two options very unlikely, but you could say
    > PGPKeys has a bug. All versions of PGPKeys that I've seen will report
    > a DSS signing-only key as "DH/DSS" (for example, 0xD77B2094, the key
    > Network Associates used for signing PGP releases).


    I don't think it is really a bug, but rather the result of unintended
    behavior by the user. Official PGP has never supported the concept of
    having a sign only DSS key. The only way official PGP has of creating
    one is by generating a DH/DSS key, and then deleting the DH subkey, which
    results in PGP presenting it as a DH/DSS key without an encryption subkey
    (a new subkey can be generated, and will be a DH key).

    BTW, the key you cite has a valid subkey.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQAxWOmDeI9apM77TAQKT2wf/SNbodnWA/XfmFvfr3/r8ViRDySDoAxcA
    pb6uhuZv7TOb6PIAFd83r5BkkyRB54yuBriTu/zjFqpDR3VAEq8N8ZxdhFwiYaXW
    ZkGy9XsyfcYnAEqz9DlfjDMHoZJZJqZeP58Cbi2bXz998VOGBr 7xvEwBsPhax+OK
    ka/ErG1CAQlZonIc3q6haj5x3L5UnZqlxsmv0YlmzSuy+YFJqlKTw jQixfO8JGCl
    JauoLKa/5GQ7VRFGawEF8yzZEQQauXSVCo3D/88JHk8a1FY1RGIdvSPbCD2DYMFv
    pbY+T3NcxjOqBtZ/smjpvVTrdmkZTSAcU+AB9i7/34xcwvR/qnks+Q==
    =Cite
    -----END PGP SIGNATURE-----

  11. Re: missing keys in "key selection dialog"

    On Mon, 19 Jan 2004 22:12:15 GMT, Tom McCune
    wrote:

    >I don't think it is really a bug, but rather the result of unintended
    >behavior by the user. Official PGP has never supported the concept of
    >having a sign only DSS key. The only way official PGP has of creating
    >one is by generating a DH/DSS key, and then deleting the DH subkey, which
    >results in PGP presenting it as a DH/DSS key without an encryption subkey
    >(a new subkey can be generated, and will be a DH key).


    I'm sure the behavior is reasonable and not careless, but PGPKeys is
    reporting what the key ought to be, rather than what it is. I don't
    care whether that's called a bug or not, I think it's wrong.

    >BTW, the key you cite has a valid subkey.


    If you say so. My copy doesn't.


  12. Re: missing keys in "key selection dialog"

    Steve H. wrote:

    > That's a DSS master key, not a DH/DSS key. That key won't show as a
    > choice for encryption because it can't encrypt. It has no DH subkey
    > for encrypting.


    bingo, steve!
    while talking to the resp. person yesterday it turned out to be exactly
    like this. they've created this key as a signing-only key. why they're
    distributing it seperately via PGP still puzzles me though.

    I'd rather expect such a key as a signing for other keys that can be
    used to encrypt data instead of a "stand-alone" key...

    anyway, you guys really helped to solve my problem.
    many thanks and respect to the forum.
    --
    Christian Karpp _______ Sr. SecurITy Consultant, IBM Mannheim, Germany
    fon: +49-172-735-7707, +49-621-469-379 ____ email: xn@heidelbg.ibm.com
    =-=-=-=-=-=-= "In God we trust. The rest we monitor." =-=-=-=-=-=-=


+ Reply to Thread