Silk Road forums
Discussion => Security => Topic started by: kwmi on October 10, 2013, 10:19 pm
-
I basically followed the tutorial on this forum to install PGP (using GPG4WIN) and it always crashes when I try to load certain PGP keys. I've noticed this type of "version" will crash the program:
Version: BCPG C# v1.6.1.0
While this type of key will be accepted:
Version: GnuPG v1.4.12 (MingW32)
When it crashes, I actually get a windows error, "GNUPG's OpenPGP tool has stopped working".
the details show as:
Problem signature:
Problem Event Name: APPCRASH
Application Name: gpg2.exe
Application Version: 2.0.21.40179
Application Timestamp: 52134107
Fault Module Name: libgcrypt-11.dll
Fault Module Version: 1.5.3.41962
Fault Module Timestamp: 52133e17
Exception Code: 40000015
Exception Offset: 000031c6
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: c792
Additional Information 2: c792570bd9512592c8a3db3c01fa3bc3
Additional Information 3: 9829
Additional Information 4: 9829b176c08fc032933d3320b2692f24
After I accept the error dialogue box, it just returns that "0 keys were found".
I uninstalled and re-installed latest version. Also tried with Kleopatria, since it comes with GPG4WIN.
Anybody have any idea how I can get these types of keys to load without crashing?
-
I don't think you're using the latest version. My version (released today) is Version: GnuPG v2.0.22 (MingW32)
there was also a release a couple of days ago. the version I had before that was from may and was GnuPG v2.0.20 (MingW32)
The crash happens usually when you done a couple of encrypts/decrypts/message creates. your version was very unstable for me and it did improve with the last one and I haven't had a chance to really give this new install a try.
Everyone should update to the latest one - there was a security flaw in the previous versions that meant you could be compromised - the latest release fixes that.
Here's the download link: http://www.gpg4win.org/download.html it says 7/10/13 but the update I downloaded today from that link was dated the 10th.
-
If you post a key I'll give it a try and see what happens - GnuPG v1.4.12 ( and 14 I think) were pretty iffy so it could be it really is a dodgy key.
-
I basically followed the tutorial on this forum to install PGP (using GPG4WIN) and it always crashes when I try to load certain PGP keys. I've noticed this type of "version" will crash the program:
Version: BCPG C# v1.6.1.0
While this type of key will be accepted:
Version: GnuPG v1.4.12 (MingW32)
When it crashes, I actually get a windows error, "GNUPG's OpenPGP tool has stopped working".
the details show as:
Problem signature:
Problem Event Name: APPCRASH
Application Name: gpg2.exe
Application Version: 2.0.21.40179
Application Timestamp: 52134107
Fault Module Name: libgcrypt-11.dll
Fault Module Version: 1.5.3.41962
Fault Module Timestamp: 52133e17
Exception Code: 40000015
Exception Offset: 000031c6
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: c792
Additional Information 2: c792570bd9512592c8a3db3c01fa3bc3
Additional Information 3: 9829
Additional Information 4: 9829b176c08fc032933d3320b2692f24
After I accept the error dialogue box, it just returns that "0 keys were found".
I uninstalled and re-installed latest version. Also tried with Kleopatria, since it comes with GPG4WIN.
Anybody have any idea how I can get these types of keys to load without crashing?
BCPG refers to the BouncyCastle Java crypto libraries. These are used by pieces of shit software like Portable PGP. Frankly, anyone who uses a version of PGP (BCPG) is an idiot -- the software is grossly unsafe. Some BCPG (1.4.x) versions actually generate 512-bit encryption keys by default. (Such keys were broken by people a dozen years ago using spare machines they had laying about the office.) Even later versions such as the 1.6.x version you mentioned tend to have no encryption sub-keys.
If someone's computer skills are so weak that they have to use a Java-based implementation like that, then I would seriously wonder about their other security practices.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0