lotus

previous page: 3.13. How do I verify that my copy of PGP has not been tampered with?
  
page up: PGP FAQ
  
next page: 3.15. How do I know that there is no trap door in the program? (PGP)

3.14. I can't verify the signature on my new copy of MIT PGP with my old PGP 2.3a!




Description

This article is from the PGP FAQ, by Jeff Licquia jalicqui@prairienet.org with numerous contributions by others.

3.14. I can't verify the signature on my new copy of MIT PGP with my old PGP 2.3a!

The reason for this, of course, is that the signatures generated by
MIT PGP (which is what Jeff Schiller uses to sign his copy) are no
longer readable with PGP 2.3a.

You may, first of all, not verify the signature and follow other
methods for making sure you aren't getting a bad copy. This isn't as
secure, though; if you're not careful, you could get passed a bad copy
of PGP.

If you're intent on checking the signature, you may do an intermediate
upgrade to MIT PGP 2.6. This older version was signed before the
"time bomb" took effect, so its signature is readable by the older
versions of PGP. Once you have validated the signature on the
intermediate version, you can then use that version to check the
current version.

As another alternative, you may upgrade to PGP 2.6.2i or 2.6ui,
checking their signatures with 2.3a, and use them to check the
signature on the newer version. People living in the USA who do this
may be violating the RSA patent in doing so; then again, you may have
been violating it anyway by using 2.3a, so you're not in much worse
shape.

 

Continue to:













TOP
previous page: 3.13. How do I verify that my copy of PGP has not been tampered with?
  
page up: PGP FAQ
  
next page: 3.15. How do I know that there is no trap door in the program? (PGP)