Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 23 Dec 2017 09:09:16 +0530
From: Dhiru Kholia <>
Subject: Re: Recommendations GnuPG-2 replacement

On Fri, Dec 22, 2017 at 08:52:52PM +0100, Solar Designer wrote:
> On Sun, Dec 17, 2017 at 09:06:08AM +0000, halfdog wrote:
> > > You may process the private key file with gpg2john, then try to crack it
> > > with john.  This will output the actual value, as well as show you the
> > > speed at which passphrases can be tested against that key on your system
> > > and with that version of JtR.  To use a GPU, add "--format=gpg-opencl".
> > > Please use latest bleeding-jumbo off GitHub for all of this.
> >
> > Done that, but still fighting how to use "gpg2john" with the new
> > gpgv2 "private-keys-v1.d" key format. Exporting the private keys
> > using gpgv2 does not help as that requires the passphrase already,
> > thus removing the gpgv2-encryption, we want to test.
> I tried asking a JtR jumbo contributor to look into this, but
> unfortunately I got no response yet, and I had no time to look into it
> myself.  This is something we ought to have an answer to, but I
> currently don't.

Please see (Add
support for the new GPG 2.1 "format") regarding this topic.

To summarize,

* Currently, gpg2john does not understand the "private-keys-v1.d" key

* We have a very rough cracking implementation for "private-keys-v1.d"
  key format at the moment. See "filter.c" on that GitHub issue.

I can start working on a proper native cracking implementation (with GPU
support likely), if there is interest in this stuff.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.