Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 159870 - dev-libs/libgcrypt-1.5.0 (Used by app-crypt/gnupg-2.X) does not support IDEA cipher
Summary: dev-libs/libgcrypt-1.5.0 (Used by app-crypt/gnupg-2.X) does not support IDEA ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Crypto team [DISABLED]
URL: http://www.kfwebs.net/articles/articl...
Whiteboard:
Keywords:
: 264313 (view as bug list)
Depends on:
Blocks: 159851
  Show dependency tree
 
Reported: 2007-01-03 08:53 UTC by Ulrich Müller
Modified: 2012-02-18 20:59 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Example PGP 2.6.3 public key (public.asc,658 bytes, text/plain)
2007-06-17 20:35 UTC, Ulrich Müller
Details
Example PGP 2.6.3 secret key (secret.asc,910 bytes, text/plain)
2007-06-17 20:36 UTC, Ulrich Müller
Details
Secret key with passphrase removed (secret2.asc,814 bytes, text/plain)
2007-06-17 20:51 UTC, Ulrich Müller
Details
gnupg-2.0.4-idea.patch (gnupg-2.0.4-idea.patch,582 bytes, text/plain)
2007-06-22 15:19 UTC, Alon Bar-Lev (RETIRED)
Details
test.msg (test.msg,177 bytes, text/plain)
2008-03-27 06:01 UTC, Alon Bar-Lev (RETIRED)
Details
Re-add IDEA support to libgcrypt-1.5.0 (libgcrypt-1.5.0-idea.patch,8.07 KB, patch)
2012-01-09 22:06 UTC, Ulrich Müller
Details | Diff
Re-add IDEA support to libgcrypt-1.5.0 (libgcrypt-1.5.0-idea.patch,12.04 KB, patch)
2012-02-16 21:44 UTC, Ulrich Müller
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ulrich Müller gentoo-dev 2007-01-03 08:53:04 UTC
gnupg-2.0.1-r2 seems to break compatibility with old key files:

$ gpg -vv test.gpg
:pubkey enc packet: version 3, algo 1, keyid 0123456789ABCDEF
        data: [1024 bits]
gpg: public key is 98765432
gpg: protection algorithm 1 (IDEA) is not supported
:encrypted data packet:
        length: 30
gpg: encrypted with 1024-bit RSA key, ID 98765432, created 1995-05-02
      "Abcd Efgh <ijk@domain.invalid>"
gpg: public key decryption failed: Invalid cipher algorithm
gpg: decryption failed: No secret key

With gnupg-1.4.6, everything used to work fine.
 

$ emerge --info
Portage 2.1.2_rc4-r5 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r2 i686)
=================================================================
System uname: 2.6.19-gentoo-r2 i686 Intel(R) Pentium(R) M processor 1.73GHz
Gentoo Base System version 1.12.8
Last Sync: Wed, 03 Jan 2007 16:00:03 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.19
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium-m -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib/fax /usr/share/X11/xkb /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/spool/fax/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium-m -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://mirrors.sec.informatik.tu-darmstadt.de/gentoo http://gentoo.osuosl.org http://gentoo.inode.at"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/ulm /usr/portage/local/layman/sunrise /usr/portage/local/layman/a1 /usr/portage/local/layman/xeffects"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X Xaw3d aalib acpi alsa amr asf berkdb bitmap-fonts bzip2 cairo caps cdparanoia cdr cli clisp cracklib crypt dbus directfb dlloader dri dvd dvdr eds emacs emacs-w3 emboss encode exif expat fam fbcon ffmpeg firefox fortran gcj gdbm gif glitz glut gnome gpm gstreamer gtk gtkhtml guile iconv idea ieee1394 imap ipv6 irda isdnlog java jbig jpeg libcaca libg++ logrotate mad mikmod mmx mng motif mozbranding mp3 mpeg ncurses nls nocd nptl nptlonly nsplugin offensive ogg opengl oss pcmcia pcre pdf perl png postgres ppds pppd python qt3 qt4 quicktime readline real recode reflection sdl session skey sox spell spl sse sse2 ssl tcpd tetex tiff truetype truetype-fonts type1-fonts udev unicode userlocales vorbis wifi win32codecs x86 xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics" KERNEL="linux" USERLAND="GNU" VIDEO_CARDS="fbdev i810 vesa vga"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Alon Bar-Lev (RETIRED) gentoo-dev 2007-01-03 12:22:40 UTC
Right.
IDEA is not supported by gcrypt.
I could not find any patch to add idea support into gcrypt.
I will continue looking.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2007-01-03 14:19:27 UTC
alonbl:
here is IDEA support for libgcrypt
http://www.kfwebs.net/articles/article/42/GnuPG-2.0---IDEA-support

It was discussed on the gnupg-devel mailing list.
Comment 3 Alon Bar-Lev (RETIRED) gentoo-dev 2007-01-04 11:41:42 UTC
Thanks!
I had to do some modification to this patch, did not work as-is it couldn't have worked...

But it should be OK now, please add idea USE flag to libgcrypt and try it out.
Comment 4 Christer Ekholm 2007-01-04 14:59:33 UTC
I can't emerge world now, and I suspect that this somehow migt be responsible for that. (But I might be wrong also, I don't know enough about ebuilds)

When I do

  sudo emerge -DuavN --with-bdeps y world

I get 

These are the packages that would be merged, in order:

Calculating world dependencies... done!
Traceback (most recent call last):
  File "/usr/bin/emerge", line 5254, in ?
    retval = emerge_main()
  File "/usr/bin/emerge", line 5249, in emerge_main
    myopts, myaction, myfiles, spinner)
  File "/usr/bin/emerge", line 4605, in action_build
    mydepgraph.display(
  File "/usr/bin/emerge", line 2472, in display
    debug=self.edebug)
  File "/usr/lib/portage/pym/portage.py", line 5748, in getfetchsizes
    myuris, myfiles = self.getfetchlist(mypkg,useflags=useflags)
  File "/usr/lib/portage/pym/portage.py", line 5725, in getfetchlist
    myurilist = portage_dep.use_reduce(myurilist,uselist=useflags,matchall=all)
  File "/usr/lib/portage/pym/portage_dep.py", line 193, in use_reduce
    additions = use_reduce(target, uselist, masklist, matchall, excludeall)
  File "/usr/lib/portage/pym/portage_dep.py", line 200, in use_reduce
    raise portage_exception.InvalidDependString(
portage_exception.InvalidDependString: "Conditional without parenthesis: 'idea?'"

This is my 'emerge --info'

Portage 2.1.2_rc4-r5 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r2 i686)
=================================================================
System uname: 2.6.19-gentoo-r2 i686 AMD Athlon(tm) MP 2000+
Gentoo Base System version 1.13.0_alpha10
Last Sync: Thu, 04 Jan 2007 20:50:01 +0000
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.19
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=athlon-mp"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O3 -march=athlon-mp"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="sv_SE.utf8"
LINGUAS="sv"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X Xaw3d alsa ao apache2 audiofile berkdb bitmap-fonts bonobo bzip2 bzlib cairo caps cdda cddb cdio cdparanoia cdr cdrom chroot cli crypt curl dba dbus dlloader dri dvd dvdr dvdread eds emacs emboss encode esd fam firefox flac fluidsynth fortran ftp gcj gd gdbm gif glx gnome gphoto2 gstreamer gtk gtk2 gtkhtml hal iconv idea imagemagick imap innodb isdnlog ithreads jack java jikes jpeg kde libg++ mad mbox mikmod mime mmx mmxext mng motif mozilla mp3 mpeg musicbrainz ncurses net network nls noamazon nptl nptlonly nsplugin offensive ogg oggvorbis opengl pcre pda pdf perl plotutils png postgres ppds pppd python qt4 quicktime radeon readline real reflection sdl session sndfile sox spell spl sse ssl svg tcltk tcpd threads tiff timidity truetype truetype-fonts type1-fonts udev unicode usb userlocales utf8 visualization vorbis win32codecs x86 xfs xine xinerama xml xml2 xorg xosd xpm xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="sv" USERLAND="GNU" VIDEO_CARDS="fbdev radeon fglrx"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 5 Christer Ekholm 2007-01-04 15:02:07 UTC
Just one more little bit of info

I just removed the file /usr/portage/dev-libs/libgcrypt/libgcrypt-1.2.3-r1.ebuild

And now I can emerge world again.
Comment 6 Erik Zeek 2007-01-04 15:13:07 UTC
There is a missing set of parentheses around the idea srource:
 !bindist? ( idea? (mirror://gentoo/${P}-idea.diff.bz2 ))
Comment 7 Ulrich Müller gentoo-dev 2007-01-04 15:38:50 UTC
(In reply to comment #3)
> But it should be OK now, please add idea USE flag to libgcrypt and try it out.

There is no more message about the unsupported IDEA algorithm. But the program now complains that the passphrase would be wrong. (I have _definitely_ used the correct passphrase and I have double checked this.)

$ gpg -vv test.gpg 
:pubkey enc packet: version 3, algo 1, keyid 0123456789ABCDEF
        data: [1024 bits]
gpg: public key is 98765432

You need a passphrase to unlock the secret key for
user: "Xxx Yyy <zzz@domain.invalid>"
1024-bit RSA key, ID 98765432, created 1995-05-02

gpg: no running gpg-agent - starting one
gpg: DBG: connection to agent established
gpg: Invalid passphrase; please try again ...

[repeated two times]

:encrypted data packet:
        length: 32
gpg: encrypted with 1024-bit RSA key, ID 98765432, created 1995-05-02
      "Xxx Yyy <zzz@domain.invalid>"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key

Again, gnupg-1.4.6 has no problem with this file/key/passphrase.
Comment 8 Kristian Fiskerstrand 2007-01-04 15:59:34 UTC
hmm, I'll have to look into that. 
Comment 9 Kristian Fiskerstrand 2007-01-04 16:27:35 UTC
btw, the workaround is to remove the passphrase from the key, it works then, but obviously not when the key is protected itself. 
Comment 10 Kristian Fiskerstrand 2007-01-05 02:00:02 UTC
Ok. will have to much around in gnupg / libgcrypt to fix this at a later point. Let me just say that this is not related to the IDEA package, but errors out before that. Easiest way to debug that is to do a gpg --show-session-key --homedir . -vv file.pgp using gpg 1.4 and get the session key, like gpg: session key: `1:9E1805541D862FBAAABBF1BABBF4F589' that you can throw into the libgcrypt addon as gpg2 --override-session-key 1:9E1805541D862FBAAABBF1BABBF4F589 --homedir . -vv file.pgp

a gpg --verson will give Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA while gpg2 --version Pubkey: RSA, ELG, DSA, ELG . It is not a problem of password hashing differences, as it then would function if setting the password in gpg 2 in the first place (removing the password in pgp 2 or gnupg 1.4)

I tried to re-encrypt the key using gnupg 1.4 gpg --s2k-cipher-algo=Blowfish --s2k-digest-algo=sha1 --compress-algo=1 --homedir . --edit-key test , but it still bugs out. 

Historically key decryption has been handled by gnupg and the unencrypted key is  used by libgcrypt. the issue is probably either the un-encryption of the key in gnupg, although I would have presumed in this case that re-encrypting the secret key using gnupg1.4 would have fixed it. so I'm starting to wonder if the troublemaker is RSA, with reference to the differences in the --version .

Anyone that is more familiar to gnupg that have an insight?
Comment 11 Alon Bar-Lev (RETIRED) gentoo-dev 2007-01-05 03:43:01 UTC
Hmmm....
Thanks for the description!

From libgcrypt

./src/gcrypt.h:
enum gcry_pk_algos
  {
    GCRY_PK_RSA = 1,
    GCRY_PK_RSA_E = 2,      /* deprecated */
    GCRY_PK_RSA_S = 3,      /* deprecated */
    GCRY_PK_ELG_E = 16,     /* use only for OpenPGP */
    GCRY_PK_DSA   = 17,
    GCRY_PK_ELG   = 20
  };
cipher/rsa.c:
gcry_pk_spec_t _gcry_pubkey_spec_rsa =
  {
    "RSA", rsa_names,
    "ne", "nedpqu", "a", "s", "n",
    GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
<snip>

So the RSA_E, RSA_S are not implemented, only previous "RSA" is implemented.
Can you please verify that the key that is not working is part of RSA_E or RSA_S algorithms?
Comment 12 Kristian Fiskerstrand 2007-01-05 05:34:15 UTC
Please keep in mind though, that if no password is set on the secret key, everything works. So at least something is implemented. So it has to be related to decryption of the secret key at one point or another. 
Comment 13 Kristian Fiskerstrand 2007-01-05 06:18:14 UTC
looking at the output from --debug-all across the two versions I notice that gpg2 comes to +gpg: DBG: parse_packet(iob=1): type=9 length=28 (parse.mainproc.c.1192)
 gpg: encrypted with 1024-bit RSA key, ID AAB61C01, created 2007-01-04
       "test"
+gpg: public key decryption failed: Bad passphrase

while gnupg 1.4.6 goes through -gpg: DBG: iobuf-1.1: push `decode_filter'
-gpg: DBG: iobuf chain: 1.1 `decode_filter' filter_eof=0 start=0 len=0
-gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=157 len=175
-gpg: DBG: iobuf-1.1: underflow: req=8192
 after -gpg: DBG: parse_packet(iob=1): type=9 length=28 (parse.mainproc.c.1203)

type=9 here represents conventionally encrypted data, id est the secret key.

gpg 1.4.6 does say gpg: DBG: pubkey_decrypt: algo=1 , so that indicate an ordinary RSA key, not RSA-E. 
Comment 14 Alon Bar-Lev (RETIRED) gentoo-dev 2007-01-24 20:14:18 UTC
Hello All,
Tried to get some help from gnupg mailing list, but got no response...
Can you please try to do this individually? I mean try to get some reply from upstream/user community?
Thanks!
Comment 15 Kristian Fiskerstrand 2007-01-24 20:24:17 UTC
I tried to get some info from gnupg-devel ( http://lists.gnupg.org/pipermail/gnupg-devel/2007-January/023511.html ). I'm currently trying to debug it myself by altering the source systematically to try to find where it errors, but have so far been unsuccessful. 

Again, I would like to mention that everything works if the secret key is not password protected. Which makes it even more bizarre that it errors when a password is added to the private key.

Sadly I don't have too much available time, but I'll keep looking for a reason it fails, as it tickles my curiosity. 
Comment 16 Alon Bar-Lev (RETIRED) gentoo-dev 2007-01-24 20:41:03 UTC
Thanks for your help!

I am curios... Upstream does not support IDEA... Any reason why you all use this algorithm?
Comment 17 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2007-01-24 20:48:16 UTC
alonbl: upstream doesn't support it because it's patented, but there is a usage case for it because PGP2.0 uses it, and if you want to interoperate between GnuPG and PGP2.0, you need it :-(.
Comment 18 Kristian Fiskerstrand 2007-01-24 20:53:14 UTC
There are several existing / old systems using pgp back to version 2.x, not to mention old emails in my archive encrypted to an old key of mine. I keep the ~/.gnupg folder and the emails in an encrypted volume itself, so I'm not particulary worried of anyone grabbing the old PGP key (which is only used to get some archived messages anyways these days), so I can live with it not having a password I guess.

I still have difficulty believing the problem is with the IDEA part of it all, if that was the case it wouldn't have worked at all. I tried to eliminate that option by using another s2k cipher to encrypt the private asymmetric key using CAST5 instead of IDEA (although it resulted in annoyingly many replies on that specific element in gnupg-devel ) :p

At this point the motivation is really my annoyance of it not working as I want it to, though. 
Comment 19 Ulrich Müller gentoo-dev 2007-03-26 06:31:06 UTC
Given that no immediate solution seems to be at hand, would it be possible to reconsider SLOTting for the gnupg package?
Comment 20 Alon Bar-Lev (RETIRED) gentoo-dev 2007-06-17 19:38:19 UTC
Hello all,

Unfortunately, The original patch author will not fix this problem any soon.

As I have never used IDEA, can someone create a scenario of:
1. Creating IDEA encrypted keys or IDEA keys (gpg1)
2. Testing these keys working (gpg1).
3. Showing the same keys are not working (gpg2).
4. Remove IDEA encryption from key (gpg1), show that works (gpg2).

This will save much time for me.
I have some free time this week-end.

Thanks!
Comment 21 Ulrich Müller gentoo-dev 2007-06-17 20:35:24 UTC
Created attachment 122353 [details]
Example PGP 2.6.3 public key
Comment 22 Ulrich Müller gentoo-dev 2007-06-17 20:36:00 UTC
Created attachment 122355 [details]
Example PGP 2.6.3 secret key
Comment 23 Ulrich Müller gentoo-dev 2007-06-17 20:44:35 UTC
(In reply to comment #20)
> As I have never used IDEA, can someone create a scenario of:
> 1. Creating IDEA encrypted keys or IDEA keys (gpg1)

I have attached a key pair, generated with PGP 2.6.3in. Passphrase is "abc" (without the quotes).

> 2. Testing these keys working (gpg1).
> 3. Showing the same keys are not working (gpg2).

Hm, it's the same messages as in comment #7.

> 4. Remove IDEA encryption from key (gpg1), show that works (gpg2).

I've never done that before, but will try and attach the unencrypted key if I succeed.
Comment 24 Ulrich Müller gentoo-dev 2007-06-17 20:51:26 UTC
Created attachment 122357 [details]
Secret key with passphrase removed

This works for decrypting with gpg-2.
Comment 25 Ulrich Müller gentoo-dev 2007-06-19 07:23:22 UTC
Maybe I should summarize the behaviour for gpg 1 and 2, w.r.t. the attached keys:

- gnupg-1.4.7-r1 works well with all three attached keys.
- gnupg-2.0.4 works with the public key from attachment #122353 [details].
- gnupg-2.0.4 also works with the secret key from attachment #122357 [details] where the
  passphrase was removed.
- However, gnupg-2.0.4 does _not_ work with the secret key from
  attachment #122355 [details]. For this one, it does not accept the passphrase
  (message "invalid passphrase").
Comment 26 Alon Bar-Lev (RETIRED) gentoo-dev 2007-06-22 15:19:18 UTC
Created attachment 122810 [details]
gnupg-2.0.4-idea.patch

OK... There are two bytes that are part of the checksum but not part of the key.
So remove them before the key decode seems like a solution.
Can you please check it out with your configuration?
Comment 27 Ulrich Müller gentoo-dev 2007-06-22 15:59:57 UTC
(In reply to comment #26)
> Created an attachment (id=122810) [edit]
> gnupg-2.0.4-idea.patch

Good work!

> OK... There are two bytes that are part of the checksum but not part of the
> key.
> So remove them before the key decode seems like a solution.
> Can you please check it out with your configuration?

Yes, it is functioning nicely with all test cases that I have here.
Comment 28 Alon Bar-Lev (RETIRED) gentoo-dev 2007-06-22 16:47:31 UTC
Great!
Thank you.
Comment 29 Alon Bar-Lev (RETIRED) gentoo-dev 2008-03-27 06:01:35 UTC
Created attachment 147425 [details]
test.msg

$ GNUPGHOME=. gpg --decrypt < test.msg
Comment 30 Ulrich Müller gentoo-dev 2011-05-16 16:16:41 UTC
Unfortunately, the IDEA patches have been removed again from recent versions.

I take today's expiry of the IDEA patent (see <http://www.pgp.net/pgpnet/pgp-faq/#PATENT-IDEA>) as an occasion for reopening this bug.
Comment 31 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2011-05-16 16:59:08 UTC
Could you discuss support for IDEA on gcrypt-devel@gnupg.org mailing list?
Comment 32 Ulrich Müller gentoo-dev 2011-05-16 20:19:15 UTC
(In reply to comment #31)
> Could you discuss support for IDEA on gcrypt-devel@gnupg.org mailing list?

See <http://marc.info/?l=gcrypt-devel&m=130556964612440&w=3>

What was the reason for dropping IDEA support from Gentoo releases? It breaks backwards compatibility with PGP.
Comment 33 Ulrich Müller gentoo-dev 2012-01-09 21:55:46 UTC
*** Bug 264313 has been marked as a duplicate of this bug. ***
Comment 34 Ulrich Müller gentoo-dev 2012-01-09 22:06:02 UTC
Created attachment 298427 [details, diff]
Re-add IDEA support to libgcrypt-1.5.0

Also the U.S. patent on IDEA has expired now (no later than 2012-01-07).
Upstream will consider re-adding IDEA support for version 2.1.

In the meantime, could attached patch be applied please? It adds IDEA support to libgcrypt-1.5.0.
Comment 35 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-01-11 00:23:47 UTC
Has the patch been submitted/approved with upstream?
Comment 36 Ulrich Müller gentoo-dev 2012-01-11 09:21:20 UTC
(In reply to comment #35)
> Has the patch been submitted/approved with upstream?

Yes, it's been submitted upstream. I've been asked for some minor polishing and for an FSF copyright assignment.
Comment 37 Ulrich Müller gentoo-dev 2012-02-16 21:44:56 UTC
Created attachment 302205 [details, diff]
Re-add IDEA support to libgcrypt-1.5.0

Updated patch.

This has been accepted upstream: <http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=318fd85f377c060908d371f792d41e599b3b7483>
Comment 38 Ulrich Müller gentoo-dev 2012-02-18 20:56:46 UTC
Committed as libgcrypt-1.5.0-r2 with permission from Flameeyes.