How to encrypt and sign a message that PGP 2.6.x versions can decode it

GnuPG is potentially able to sign and encrypt files in a PGP 2.6.x
compatible format. The extensions for the required crypto algorithms
RSA and IDEA must be installed - take care of licensing issues, because
they are patented. This document's purpose is to help working in an
environment of PGP 2.6.x dominance, where people have practically no
choice which crypto methods to use. There are free replacements for
the patented algorithms, so help to convince others to switch over to
GnuPG.

Signing only and encrypting only is easy by following the instructions
scatterd over the GnuPG documentation files (look for the options
--rfc1991, --compress-algo, --cipher-algo).

Signing and encrypting at the same time, however, isn't simple and can't
be made in one pass, because GnuPG and PGP 2.6.x operate differently,
aside from the differing crypto algorithms.


Requirements

I assume you have the following setup:

 <> Configured GnuPG to use keys of types DSA/ElGamal (not RSA!) by
     default
 <> Private and public key of type RSA available for signing and
     encrypting in PGP 2.6.x compatible fashion (these can't be
     generated by GnuPG, you have to use PGP for this)
 <> Extensions idea and rsa configured in your GnuPG options file
     (you can get these from the contrib area of the GnuPG ftp site)
 <> The file you want to sign and encrypt has the name top-secret.txt,
     your RSA key has the ID 0x11BEAF11, the (RSA) key of your friend
     expecting the file has a key with the ID 0x0FF77777 and decryption
     should be possible by both, you and your friend. All values should
     be substituted by the "real" ones.


Steps


1) Create the signature (stored in the file top-secret.txt.sig).

    gpg --detach-sign --default-key 0x11BEAF11 top-secret.txt

2) Convert the cleartext to internal literal structure
   (stored in top-secret.txt.lit).

    gpg --store -z 0 --output top-secret.txt.lit top-secret.txt

3) Compress the signature and literal in the order required by PGP 2.6.x
   (stored in top-secret.txt.z)

    cat top-secret.txt.sig top-secret.txt.lit | gpg --no-literal \
     --store --compress-algo 1 --output top-secret.txt.z

4) Encrypt all (stored in the final file top-secret.txt.gpg).

    gpg --no-options --load-extension idea --load-extension rsa \
      --no-literal --encrypt --rfc1991 --cipher-algo idea \
      --encrypt-to 0x11BEAF11 --recipient 0x0FF77777 \
      --output top-secret.txt.gpg top-secret.txt.z


Things to avoid

When you play around, avoid the following things, or PGP 2.6.x
versions will fail to deal with the files:

 <> Don't use a cipher algorithm other than idea, a compression method
     other than 1 (=ZIP) and a digest algorithm (for signing) other
     than md5.
 <> Don't involve a key other than type RSA in the process.
 <> Don't use the --textmode or -t option.
 <> Don't feed data to an encrypting command from a pipe, only files!
