Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

Gpg4win & IDEA

Huge PGP files, an ancient version of PGP, and errors every time they tried to decrypt a file – that was my completely unexpected challenge on Friday. Dealing with file processing issues really isn’t part of my job description, but I’m the closest thing my company has to an expert when it comes to encryption, so the task fell to me.

After looking at the options and issues to get the server upgraded to a non-stone-age version of the PGP software, the easiest answer looked like decrypting the files with GPG – it wasn’t as easy as expected, but I did get some useful information that may help others.

IDEA #

If it wasn’t for IDEA this would have been easy, but the keys used for this transfer were old (thankfully the data isn’t sensitive) and IDEA it was. GPG doesn’t support IDEA due to various patents (most if not all of which are now expired), so that leaves us to use a rather old plug-in to fill in the gap. Unfortunately for me, the server that hosts up that plug-in is misconfigured, making it impossible to retrieve the file.

Thankfully there are other sources (plug-in, mirror).

Gpg4win #

I used Gpg4win so I could decrypt the files from Windows – which had unexpected consequences. The current version of Gpg4win uses gpg version 2.0, which isn’t compatible with the IDEA plug-in – a fact that isn’t pointed out anywhere.

The key to making this work was to use an older version of Gpg4win – I used v1.1.4, which thankfully is compatible with the plug-in. Though I do wish I found this out a few hours sooner than I did.

Setup #

The setup for this is pretty simple, it’s documented in a few places, but here is a quick wrap-up:

  1. Install Gpg4win v1.1.4
  2. Download the plug-in, and copy to C:\Program Files (x86)\GNU\GnuPG\lib
  3. Update (or create if it’s not there) the C:\Users\<user>\AppData\Roaming\gnupg\gpg.conf file to include the following:

load-extension "C:\Program Files (x86)\GNU\GnuPG\lib\idea.dll"

Once this is done, you can run gpg --version which will give you information about what algorithms are supported. It should look like this:

>gpg --version
gpg (GnuPG) 1.4.9 (Gpg4win 1.1.4)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/Adam/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

If you note the first item on the “Cipher” line is IDEA, that means it worked. If you don’t see that – something went wrong, probably a bad path.

This version is able to handle the large files that old versions of PGP can’t, and it allowed for a quick solution to the problem until we can upgrade the server.

Adam Caudill


Related Posts

  • Assange, Ecuador, and the Cyberarmy

    ALERT: Julian Assange has requested political asylum and is under the protection of the Ecuadorian embassy in London http://t.co/bz4O9bjF — WikiLeaks (@wikileaks) June 19, 2012 The news that Julian Assange has asked Ecuador for political asylum is flooding twitter as his supporters do their best to attract attention to his cause, and rally everyone they can to contact Ecuador’s embassy in London to urge them to grant Assange’s request. While I’ve watched the Assange case since before the first allegations came out of Sweden – that’s not my interest here, my interest is in what Ecuador could do if they wanted to.

  • On Apple, Privacy, and Device Control

    If you’ve bothered to look at Twitter or any technology news source, you’ve seen that Apple made a major announcement: Expanded Protections for Children. This has been written about by countless outlets, so I’ll assume you’re familiar with the basics. The announcement covered a few new features being added to the next version of Apple’s operating systems, namely: Scanning of inbound and outbound messages for sexually explicit images. Scanning images being uploaded to iCloud for CSAM.

  • Millions of Jobs

    It has been 20 years since I first used machine learning to solve a complex business problem. The underlying problem was simple: the company was selling a new service and wanted to know who was most likely to buy it. We had millions of records, and each record had hundreds of fields. A vast amount of data, but no idea how to extract insight from it. Countless hours from various data analysts had been invested into finding a pattern, but none was forthcoming.

  • Revisiting Snapchat API & Security

    As Shapchat has increased in popularity, I’ve been asked several times to revisit my Snapchat API & Security post, to address the changes that they made in response to my complaints. So, here is it – sorta. I started making detailed notes and looking at the changes they made – but yesterday @tlack made that mostly irrelevant with his release of Snaphax, a PHP library to interact with the undocumented Shapchat API.

  • Google Chrome Leaking Credit Card Data?

    While testing ccsrch I noticed a number that looked familiar – my debit card number. Now, being just a little paranoid, I don’t leave such information on my system unencrypted – so seeing it was a real surprise. But, here’s the real kicker: it was on my work PC, where it never should have been. But there it was, plain as day, in clear text. I spent a couple of minutes staring at the log trying to figure out why it would be there.