From dshaw at jabberwocky.com Tue Jun 1 02:43:49 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Jun 5 11:15:01 2004 Subject: Preferred keyservers part II In-Reply-To: <20040531013801.GA12978@jabberwocky.com> References: <20040531013801.GA12978@jabberwocky.com> Message-ID: <20040601004349.GB12978@jabberwocky.com> On Sun, May 30, 2004 at 09:38:02PM -0400, David Shaw wrote: > So now that 1.3.6 is out and people are playing with it, here's some > info on preferred keyservers. There are actually two uses for > preferred keyservers, but I'll cover the second use in a later mail. Here's part II. The first mail covered how to put a preferred keyserver on your key. Since this is located on the key, it doesn't help anyone get the key for the first time (it's a chicken-and-the-egg problem). You're probably all familiar with the auto-key-retrieve feature which automatically fetches the appropriate key when GnuPG verifies a signature from a key it does not currently have in the keyring. This is similar, except that the person making the signature gets to say where to get the key from. Way back in 1.3.3, the option --sig-preferred-keyserver was added. This is an alternative to the common "x-pgp" mail headers that people use to indicate where their key is. It allows you to specify a URL to your key which is then embedded in any signature you make. If the person verifying the signature does not have your key, a message pops up telling them the URL so they can go get the key. As of 1.3.6, retrieval of the key can happen automatically. In 1.2.x, the message appears. To use it, just set the keyserver-option "auto-key-retrieve" and "honor-keyserver-url". Note that honor-keyserver-url is on by default in 1.3.6. To add keyservers to your own signatures, use "sig-keyserver-url". The keyserver URL can point to a keyserver: sig-keyserver-url hkp://subkeys.pgp.net sig-keyserver-url ldap://keyserver.pgp.com or it can be a HTTP URL (this is what I use): sig-keyserver-url http://www.jabberwocky.com/key.asc You can even point to CGIs on places like Biglumber: sig-keyserver-url http://www.biglumber.com/x/web?pk=8B93F0C84A9E88B2CAB478DAA6112E1D14B0A058 David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 250 bytes Desc: not available Url : /pipermail/attachments/20040531/119a74d4/attachment-0001.bin From atom at suspicious.org Tue Jun 1 06:21:55 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sat Jun 5 11:15:15 2004 Subject: block vs stream ciphers Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 curious... why doesn't OpenPGP (or GnuPG) include any stream ciphers? thanks... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- George Bernard Shaw -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkC8BGgACgkQnCgLvz19QeMV8ACfaFAJ5z8WuRNio5P67hDU6XiJ MFsAoI+gV9/QoeP5kMzm7BlbIvXAQLVn =wfC+ -----END PGP SIGNATURE----- From boldyrev+nospam at cgitftp.uiggm.nsc.ru Tue Jun 1 06:40:56 2004 From: boldyrev+nospam at cgitftp.uiggm.nsc.ru (Ivan Boldyrev) Date: Sat Jun 5 11:15:21 2004 Subject: How to use preferred keyservers References: <20040531013801.GA12978__17684.1409564533$1085968743@jabberwocky.com> Message-ID: > Note also that a stolen key has a similar problem - the thief can > try and prevent the real owner from revoking the key. How can it be done? I know revoked ID can be restored when it is signed again by owner (i.e. key prefs or keyserver is changed). Is it doable with revoked key as well? -- Ivan Boldyrev Violets are red, Roses are blue. // I'm schizophrenic, And so am I. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20040601/fd730dc9/attachment-0001.bin From bh at intevation.de Tue Jun 1 16:43:02 2004 From: bh at intevation.de (Bernhard Herzog) Date: Sat Jun 5 11:15:26 2004 Subject: gpgme compile problem (ld too old?) Message-ID: I have a problem compiling the current CVS version of gpgme: gcc -shared .libs/ath-compat.o .libs/ath-pth-compat.o .libs/ath-pthread-compat.o .libs/funopen.o -Wl,--whole-archive ./.libs/libgpgme-real.a ../assuan/.libs/libassuan.a -Wl,--no-whole-archive -Wl,--rpath -Wl,/usr/local/aegypten/lib -Wl,--rpath -Wl,/usr/local/aegypten/lib -L/usr/local/aegypten/lib /usr/local/aegypten/lib/libgpg-error.so -Wl,--version-script=./libgpgme.vers -Wl,-soname -Wl,libgpgme.so.11 -o .libs/libgpgme.so.11.2.2 /usr/bin/ld:./libgpgme.vers:128: ignoring invalid character `/' in script /usr/bin/ld:./libgpgme.vers:128: parse error in VERSION script collect2: ld returned 1 exit status AFAICT, the problem is the c-style comment in gpgme/libgpgme.vers. Is my ld version too old: $ /usr/bin/ld --version GNU ld version 2.12.90.0.1 20020307 Debian/GNU Linux Bernhard -- Intevation GmbH http://intevation.de/ Skencil http://sketch.sourceforge.net/ Thuban http://thuban.intevation.org/ From dshaw at jabberwocky.com Tue Jun 1 17:33:22 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Jun 5 11:15:29 2004 Subject: How to use preferred keyservers In-Reply-To: <200405311927.14823.malte.gell@gmx.de> References: <20040531013801.GA12978@jabberwocky.com> <200405311927.14823.malte.gell@gmx.de> Message-ID: <20040601153322.GB31589@jabberwocky.com> On Mon, May 31, 2004 at 07:28:16PM +0200, Malte Gell wrote: > On Monday 31 May 2004 03:38, David Shaw wrote: > > So now that 1.3.6 is out and people are playing with it, here's some > > info on preferred keyservers. There are actually two uses for > > preferred keyservers, but I'll cover the second use in a later mail. > > Remember that preferred keyservers is a new feature in 1.3.6. It > > does not exist in 1.2.x. > > > > The main idea behind preferred keyservers is that the key owner is > > often the best person to decide how their key is distributed. They > > thus set a preferred keyserver on the key, and anyone who wants to > > refresh the key can get it from there automatically. Obviously, > > since the preferred keyserver lives on the key itself, it doesn't > > help anyone get the key for the first time (it's a > > chicken-and-the-egg problem). > > This is really a nice feature, but can't it be expanded to fetching a > key for the first time? With something like > "gpg --keyserver http://homepage.foo/key.asc --recv-key 0x123456" ? You can actually do that now, but it's more of a side-effect of how keyservers are implemented than a feature. The key ID isn't significant (it can be anything), but it has to be present. Don't rely on this though. It's not a feature. I may allow for "gpg --recv-key http://foo" in a future version. > I just saw that --list-options show-keyserver-urls works only > together with --list-sigs, is this correct? Why not show such things > as well with --list-key if someone only wants to see such > information and not the whole list of signatures? IIRC the same > applies as well to things like show-policy-url or notations which > need --list-sigs and don't work with --list-key. All of those items (keyserver URLs, policy URLs, notations) are actually located on signatures. David From dshaw at jabberwocky.com Tue Jun 1 17:34:38 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Jun 5 11:15:31 2004 Subject: How to use preferred keyservers In-Reply-To: References: <20040531013801.GA12978__17684.1409564533$1085968743@jabberwocky.com> Message-ID: <20040601153438.GC31589@jabberwocky.com> On Tue, Jun 01, 2004 at 11:40:56AM +0700, Ivan Boldyrev wrote: > > Note also that a stolen key has a similar problem - the thief can > > try and prevent the real owner from revoking the key. > > How can it be done? > > I know revoked ID can be restored when it is signed again by owner > (i.e. key prefs or keyserver is changed). Is it doable with revoked > key as well? No, but that doesn't matter since the attacker can just edit the key and remove the revocation packet. Since the attacker also can control the keyserver, he can try and prevent the real key owner from putting that packet back. David From marcus.brinkmann at ruhr-uni-bochum.de Wed Jun 2 03:29:12 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sat Jun 5 11:15:40 2004 Subject: gpgme compile problem (ld too old?) In-Reply-To: References: Message-ID: <87ekoylpcn.wl@ulysses.g10code.de> At Tue, 01 Jun 2004 16:43:02 +0200, Bernhard Herzog wrote: > I have a problem compiling the current CVS version of gpgme: > > gcc -shared .libs/ath-compat.o .libs/ath-pth-compat.o .libs/ath-pthread-compat.o .libs/funopen.o -Wl,--whole-archive ./.libs/libgpgme-real.a ../assuan/.libs/libassuan.a -Wl,--no-whole-archive -Wl,--rpath -Wl,/usr/local/aegypten/lib -Wl,--rpath -Wl,/usr/local/aegypten/lib -L/usr/local/aegypten/lib /usr/local/aegypten/lib/libgpg-error.so -Wl,--version-script=./libgpgme.vers -Wl,-soname -Wl,libgpgme.so.11 -o .libs/libgpgme.so.11.2.2 > /usr/bin/ld:./libgpgme.vers:128: ignoring invalid character `/' in script > /usr/bin/ld:./libgpgme.vers:128: parse error in VERSION script > collect2: ld returned 1 exit status > > > AFAICT, the problem is the c-style comment in gpgme/libgpgme.vers. Is > my ld version too old: > > $ /usr/bin/ld --version > GNU ld version 2.12.90.0.1 20020307 Debian/GNU Linux It looks quite old to me, but if you can confirm that it works ok if you remove the /* */ comment, then I will remove it from CVS, as it is not really needed. Thanks, Marcus From marcus.brinkmann at ruhr-uni-bochum.de Wed Jun 2 03:26:41 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sat Jun 5 11:15:42 2004 Subject: gpgme_op_edit?!? In-Reply-To: <20040529172740.GA1112@antares.localdomain> References: <20040529172740.GA1112@antares.localdomain> Message-ID: <87fz9elpgu.wl@ulysses.g10code.de> At Sat, 29 May 2004 19:27:40 +0200, Albrecht Dre? wrote: > > [1 ] > [1.1 ] > Hi all, > > I'm currently trying to port a Gnome keymanager app (seahorse) from gpgme > 0.3 to gpgme 0.4.7, and I ran into the function gpgme_op_edit(). However, > I can not find any documentation about it, although it's in the header > file, and it's not marked as depracted. > > Now, where can I find the doc of the function? gpgme_op_edit is a cheater function that allows us to implement cool features into GPA without adding proper interfaces to GPGME for them. That's why it is undocumented, and thus we don't claim it to be a proper part of the interface. However, between you and me, we are likely going to stick with it for quite a while, as it is needed in GPA. However, you must deal with engine specific communcation, so you will also have to deal with changes in gpg itself. It's use should be pretty obvious. It just passes through the command fd stuff from gpg (except passphrase and progress, if you install handlers for them). If you need it, feel free to use it, but be careful about the above limitations (expect breakage). Thanks, Marcus From bh at intevation.de Wed Jun 2 15:11:13 2004 From: bh at intevation.de (Bernhard Herzog) Date: Sat Jun 5 11:16:02 2004 Subject: gpgme compile problem (ld too old?) References: <87ekoylpcn.wl@ulysses.g10code.de> Message-ID: Marcus Brinkmann writes: > At Tue, 01 Jun 2004 16:43:02 +0200, > Bernhard Herzog wrote: >> $ /usr/bin/ld --version >> GNU ld version 2.12.90.0.1 20020307 Debian/GNU Linux > > It looks quite old to me, Well, it's the version from debian woody :) > but if you can confirm that it works ok if > you remove the /* */ comment, then I will remove it from CVS, as it is > not really needed. Removing that comment works. Bernhard -- Intevation GmbH http://intevation.de/ Skencil http://sketch.sourceforge.net/ Thuban http://thuban.intevation.org/ From marcus.brinkmann at ruhr-uni-bochum.de Wed Jun 2 16:20:52 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sat Jun 5 11:16:07 2004 Subject: gpgme compile problem (ld too old?) In-Reply-To: References: <87ekoylpcn.wl@ulysses.g10code.de> Message-ID: <87y8n6ghx7.wl@ulysses.g10code.de> At Wed, 02 Jun 2004 15:11:13 +0200, Bernhard Herzog wrote: > Marcus Brinkmann writes: > >> GNU ld version 2.12.90.0.1 20020307 Debian/GNU Linux > > > > It looks quite old to me, > > Well, it's the version from debian woody :) But I am riding the highway to the bleeding edge with no safe-belts or rear-view mirrors ;) > > but if you can confirm that it works ok if > > you remove the /* */ comment, then I will remove it from CVS, as it is > > not really needed. > > Removing that comment works. Thanks a lot for trying that, I removed the comment from CVS. Marcus From deepak.kolhar at patni.com Mon Jun 7 15:26:32 2004 From: deepak.kolhar at patni.com (Deepak Kolhar) Date: Mon Jun 7 15:22:56 2004 Subject: Welcome to the "Gnupg-devel" mailing list In-Reply-To: Message-ID: <001b01c44c93$0d40f1c0$fd60d103@ttcnt.com> my email is deepak.kolhar@patni.com I want to subscribe to this list. also i must be able unsubscribe in future. -----Original Message----- From: gnupg-devel-bounces@gnupg.org [mailto:gnupg-devel-bounces@gnupg.org]On Behalf Of gnupg-devel-request@gnupg.org Sent: Monday, June 07, 2004 6:47 PM To: deepak.kolhar@patni.com Subject: Welcome to the "Gnupg-devel" mailing list Welcome to the Gnupg-devel@gnupg.org mailing list! To post to this list, send your email to: gnupg-devel@gnupg.org General information about the mailing list is at: http://lists.gnupg.org/mailman/listinfo/gnupg-devel If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lists.gnupg.org/mailman/options/gnupg-devel/deepak.kolhar%40patni.com You can also make such adjustments via email by sending a message to: Gnupg-devel-request@gnupg.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: gpg123 Normally, Mailman will remind you of your gnupg.org mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you. From t.schorpp at gmx.de Mon Jun 7 17:48:04 2004 From: t.schorpp at gmx.de (Thomas Schorpp) Date: Mon Jun 7 17:42:27 2004 Subject: [Announce] GnuPG 1.3.6 released (development), Card Support Development In-Reply-To: <20040522134540.GB13121@jabberwocky.com> References: <20040522134540.GB13121@jabberwocky.com> Message-ID: <40C48E34.5060402@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: | Hello! | | The latest release from the development branch of GnuPG is ready for | public consumption. This is a branch to create what will eventually | become GnuPG 1.4. It will change with greater frequency than the | 1.2.x "stable" branch, which will mainly be updated for bug fix | reasons. | | The more GnuPG-familiar user is encouraged try this release (and the | ones that will follow in the 1.3.x branch), and report back any | problems to gnupg-devel@gnupg.org. In return, you get the latest code | with the latest features. hi david and werner, i miss some remarks about Your lately OpenPGP Card dev efforts, is it held back for some reason? i'd like to question You about roadmap, targets, release critical bugs, (politics), risks and target applications etc. maybe You've noticed the proprietary efforts on electronic sigs and their growing applications in biz and official administration. i've seen more and more city administrations introducing "electronic office" for official queries even on well known security hazard risky proprietary platforms... y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAxI401L8Hg/0A/fwRAua2AJwO+gaH8NJNE7f4xqMcAjzc9+l81wCfcS6u 47Drr4lixQ1BlNmZX3C/ijk= =DgOi -----END PGP SIGNATURE----- From t.schorpp at gmx.de Mon Jun 7 20:49:16 2004 From: t.schorpp at gmx.de (Thomas Schorpp) Date: Mon Jun 7 20:43:25 2004 Subject: OpenPGP card tests 1.3.6 In-Reply-To: <87d69bx8ix.fsf@alberti.g10code.de> References: <8765jlvzd5.fsf@alberti.g10code.de> <400EF569.9070603@gmx.de> <1074799935.29019.4.camel@simulacron> <4010A24E.8070803@gmx.de> <87d69bx8ix.fsf@alberti.g10code.de> Message-ID: <40C4B8AC.9000201@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: | On Fri, 23 Jan 2004 05:25:50 +0100, thomas schorpp said: | | |>is full charset handled for PINs or only numbers ? | | | Bye definition the PIN should be UTF-8 encoded, thus all characters | except for 0x00 are allowed. For pragmatic reasons I'd suggest to use | ASCII only for now - at least for the Admin PIN. | | Werner | ok, first 2 issues: C001-L1: "No typing verification on pin entries in --edit-card >passwd, dangerous..." C002-L3: "gpg needs to be restarted to verify unblocked pin retry counter - >list shows false count 0 instead of 3 without" (proceeding further provocation test) ... i could fix that, if im allowed(?) y tom tom1:/usr/local/src/gnupg-1.3.6# gpg --card-edit --allow-admin gpg: DBG: asking for PIN 'New PIN' New PIN PIN unblocked and new PIN set. Admin PIN gpg: DBG: asking for PIN 'New Admin PIN' New Admin PIN PIN changed. Command> list Application ID ...: xxxxxxxxxxxxxxxxxxxxxxxxxxxx Version ..........: 1.0 Manufacturer .....: PPC Card Systems Serial number ....: 000000xx Name of cardholder: thomas schorpp Language prefs ...: de Sex ..............: male URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Max. PIN lengths .: 254 254 254 PIN retry counter : 0 3 3 xxxxxxxxxxxxxxxxxxxx^ should be 3 at this time. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAxLis1L8Hg/0A/fwRAmM4AJ4nd+QxmIxioTwgFKewx9yhVOsJegCeLwl3 rzkFliyU6MLb0dQ3Z9mlaq0= =qOBS -----END PGP SIGNATURE----- From jack at netgate.net Tue Jun 8 06:46:39 2004 From: jack at netgate.net (Jack Repenning) Date: Tue Jun 8 06:43:50 2004 Subject: Bus Error on certain keys [Patch provided] Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gpg --list-secret-keys --with-colons crashes (bus error). Seems to be related to one of my keys in particular. Maybe: if I do gpg --list-secret-keys --with-colons KeyID for every secret key ID, there's no problem. But if I let it walk the list of secret keys, it crashes at the same place every time. (Tried to check the archives first, but SF won't let me in ... perhaps because I just joined up because of this situation. Sorry if this has been discussed!) This is a big problem for me, because wrappers like GPGMail depend on the "--with-colons" feature. I have found a patch that makes it not crash. I found the patch by local inspection (the crashing line is using a pointer that's NULL; no other line in its block uses that pointer; I switched it to use the pointer everyone else does). But I don't follow the code well enough to understand the meaning of this change, and its effect on the output surprises me a bit (lines come out in different order, I only expected processing to not crash). Oddly, on my G4 TiBook with Panther (and the same keys), the problem does not occur. So I'm not real sure about this... Platform is OS 10.2.8 (iMac flat panel 833MHz, 1Gb RAM) gpg versions showing the problem: - - - - 1.2.3 (latest download for Jaguar) - - - - 1.2.4 (built it myself from ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.4.tar.gz) The patch: > diff -w -U10 g10/keylist.c~ g10/keylist.c - - - --- g10/keylist.c~ Fri Oct 3 05:50:30 2003 +++ g10/keylist.c Mon May 24 21:17:49 2004 @@ -806,22 +806,22 @@ printf("%c", trustletter ); } printf(":%u:%d:%08lX%08lX:%s:%s:", nbits_from_pk( pk2 ), pk2->pubkey_algo, (ulong)keyid2[0],(ulong)keyid2[1], colon_datestr_from_pk( pk2 ), colon_strtime (pk2->expiredate) /* fixme: add LID and ownertrust here */ ); - - - - if( pk->local_id ) /* use the local_id of the main key??? */ - - - - printf("%lu", pk->local_id ); + if( pk2->local_id ) /* use the local_id of the main key??? */ + printf("%lu", pk2->local_id ); putchar(':'); putchar(':'); putchar(':'); putchar(':'); print_capabilities (pk2, NULL, NULL); putchar('\n'); if( fpr > 1 ) print_fingerprint( pk2, NULL, 0 ); if( opt.with_key_data ) print_key_data( pk2, keyid2 ); The symptoms: > g10/gpg --list-secret-keys --with-colons ... sec::1024:17:51F13EED3B82E870:1997-07-12::::Jack Repenning (Permanent DSS key) ::: uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::At-work Jack: uid:::::::::Jack Repenning : uid:::::::::Thawte Freemail Member : uat:::::::::1 3321: uid:::::::::John Allan Repenning : uid:::::::::Jack Repenning (work DSS) : Bus error And yet: > g10/gpg --list-secret-keys --with-colons 51F13EED3B82E870 sec::1024:17:51F13EED3B82E870:1997-07-12::::Jack Repenning ::scSC: uid:::::::::Jack Repenning (work DSS) : uid:::::::::Jack Repenning (Permanent DSS key) : uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::At-work Jack: uid:::::::::Jack Repenning : uat:::::::::1 3321: uid:::::::::John Allan Repenning : uid:::::::::Thawte Freemail Member : uid:::::::::Jack Repenning : After the patch: ... sec::1024:17:51F13EED3B82E870:1997-07-12::::Jack Repenning (Permanent DSS key) ::: uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::At-work Jack: uid:::::::::Jack Repenning : uid:::::::::Thawte Freemail Member : uat:::::::::1 3321: uid:::::::::John Allan Repenning : uid:::::::::Jack Repenning (work DSS) : sub:i:2048:16:A5EF280B1A877C4F:1997-07-12::::::: sub:i:3072:16:D895FC426A299E29:2000-02-18::::::: ... What gdb has to say about the matter: ... sec::1024:17:51F13EED3B82E870:1997-07-12::::Jack Repenning (Permanent DSS key) ::: uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::Jack Repenning : uid:::::::::At-work Jack: uid:::::::::Jack Repenning : uid:::::::::Thawte Freemail Member : uat:::::::::1 3321: uid:::::::::John Allan Repenning : uid:::::::::Jack Repenning (work DSS) : Program received signal EXC_BAD_ACCESS, Could not access memory. list_keyblock_colon (keyblock=0x2280e0, secret=536643, fpr=0) at keylist.c:816 816 if( pk->local_id ) /* use the local_id of the main key??? */ (gdb) where #0 list_keyblock_colon (keyblock=0x2280e0, secret=536643, fpr=0) at keylist.c:816 #1 0x0002719c in list_all (secret=2259792) at keylist.c:225 #2 0x0002719c in list_all (secret=1) at keylist.c:225 #3 0x00006820 in main (argc=0, argv=0xbffffc54) at g10.c:2360 #4 0x00002078 in _start (argc=3, argv=0xbffffc48, envp=0xbffffc58) at /SourceCache/Csu/Csu-45/crt.c:267 #5 0x00001ef8 in start () <>< Jack Repenning And the next thing you know, you're sucking down Darjeeling with Marie Antoinette and her little sister! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: GPG-encrypted email preferred iD8DBQFAxUS3UfE+7TuC6HARAvHJAKDSll3W4RN0hwinH6xC0VyJ/FFP3ACgzNKf r0QZQLTy6tYpKH7ZTPY73d0= =tMFo -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 8 14:05:09 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 8 14:02:13 2004 Subject: Bus Error on certain keys [Patch provided] In-Reply-To: References: Message-ID: <20040608120508.GD19978@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jun 07, 2004 at 09:46:39PM -0700, Jack Repenning wrote: > gpg --list-secret-keys --with-colons > crashes (bus error). Seems to be related to one of my keys in > particular. Maybe: if I do > gpg --list-secret-keys --with-colons KeyID > for every secret key ID, there's no problem. But if I let it walk the > list of secret keys, it crashes at the same place every time. [..] > After the patch: > ... > sec::1024:17:51F13EED3B82E870:1997-07-12::::Jack Repenning (Permanent > DSS key) ::: > uid:::::::::Jack Repenning : > uid:::::::::Jack Repenning : > uid:::::::::Jack Repenning : > uid:::::::::At-work Jack: > uid:::::::::Jack Repenning : > uid:::::::::Thawte Freemail Member : > uat:::::::::1 3321: > uid:::::::::John Allan Repenning : > uid:::::::::Jack Repenning (work DSS) : > sub:i:2048:16:A5EF280B1A877C4F:1997-07-12::::::: > sub:i:3072:16:D895FC426A299E29:2000-02-18::::::: I see what the problem is, but I'm baffled as how you made that key. The problem is that the key is a secret key with public subkeys. There is no such thing. Of course, GnuPG shouldn't bus error on it, but at the same time, this key is likely corrupt. What happens when you try this with the 1.2.5 release candidate? David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6-cvs (GNU/Linux) iGoEARECACoFAkDFq3QjGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h c2MACgkQ4mZch0nhy8kSyQCfbvQJnXR+QYVtO8jXvFlPjw1SU48AoI/u26/XnZde 8ElH+y7kAJ+/wNLC =aTSN -----END PGP SIGNATURE----- From andreas.bergen at in-jesus.de Tue Jun 8 17:08:24 2004 From: andreas.bergen at in-jesus.de (Andreas Bergen) Date: Tue Jun 8 17:11:08 2004 Subject: gpgsm-Problems Message-ID: <200406081708.24556.andreas.bergen@in-jesus.de> Hi, I've got a problem using gpgsm. If I understand it correctly then there's RC2-support in the newest gnupg-1.9-version. But unfortunately I seem to be unable to compile it in a way that it works. I downloaded, compiled and installed libassuan-0.6.4 libgcrypt-1.1.94 libgpg-error (newest from CVS) libksba-0.9.6 and gnupg-1.9.8 Compilation and installation worked fine but as I wrote above there's still the message that RC2 is not supported: gpgsm: unsupported algorithm `1.2.840.113549.3.2' Another interesting thing is that (though 3DES works) gpgsm gives an empty list of supported algorithms: Secure memory is not locked into core gpgsm (GnuPG) 1.9.8 Copyright (C) 2004 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Unterst?tzte Algorithmen: Have I done anything wrong? Do I have to activate rc2-support? where? And I've got one final question: Is there anywhere a cryptplug-version which supports this new gnupg/gpgsm? Thanks for any help Yours Andreas Bergen P.S. Please reply also by email as I'm not subscribed to the list. -- Andreas Bergen E-Mail: andreas.bergen in-jesus de PGP/GnuPG-encrypted / -signed Email welcome. PGP-key-ID: 8CDEC18F Gott ist Liebe, und wer in der Liebe bleibt, bleibt in Gott und Gott in ihm. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2122 bytes Desc: signature Url : /pipermail/attachments/20040608/793dcad1/smime.bin From patrick.brunschwig at gmx.net Tue Jun 8 21:27:47 2004 From: patrick.brunschwig at gmx.net (Patrick Brunschwig) Date: Tue Jun 8 21:25:29 2004 Subject: HKP Server Question Message-ID: <40C61333.2020402@gmx.net> I'm looking into the HKP protocol to find out how I could best implement a key searching function in Enigmail. My main reasons are that the frontend offered by gpg would need an unnecessarily complex implementation from my side, and that Mozilla obviously can easily use HTTP, and can also traverse proxies where you need user authentication. I have found some drafts of a proposed HKP standard by David, and I have tried a couple of keyservers to see their output. It seems to me that even though many keyservers support the "options=mr" flag, the output can be quite different (e.g. concerning revoked keys). My question now is: does gpg parse the human readable code and try to interpret it, or does it use the machine readable format? And is there some documentation available on how gpg interprets the output? I would like to implement this as simliarly as possible. Thanks -Patrick -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 257 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040608/88924bf0/signature.bin From dshaw at jabberwocky.com Tue Jun 8 23:09:58 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 8 23:07:10 2004 Subject: HKP Server Question In-Reply-To: <40C61333.2020402@gmx.net> References: <40C61333.2020402@gmx.net> Message-ID: <20040608210958.GC29607@jabberwocky.com> On Tue, Jun 08, 2004 at 09:27:47PM +0200, Patrick Brunschwig wrote: > I'm looking into the HKP protocol to find out how I could best implement > a key searching function in Enigmail. My main reasons are that the > frontend offered by gpg would need an unnecessarily complex > implementation from my side, and that Mozilla obviously can easily use > HTTP, and can also traverse proxies where you need user authentication. > > I have found some drafts of a proposed HKP standard by David, and I have > tried a couple of keyservers to see their output. It seems to me that > even though many keyservers support the "options=mr" flag, the output > can be quite different (e.g. concerning revoked keys). This should not be. Can you give me an example? > My question now is: does gpg parse the human readable code and try > to interpret it, or does it use the machine readable format? And is > there some documentation available on how gpg interprets the output? > I would like to implement this as simliarly as possible. The best thing you could do is look at the gpgkeys_hkp.c file in the GnuPG 1.3.x release. However, the LDAP servers are becoming more important these days (as "PGP Universal" has one built in). Rather than just implement HKP, since you know that anyone using Enigmail has GnuPG installed, why not call the gpgkeys_xxxx programs directly? That way you get support for all keyserver types, current and future. David From t.schorpp at gmx.de Wed Jun 9 00:53:40 2004 From: t.schorpp at gmx.de (Thomas Schorpp) Date: Wed Jun 9 00:47:52 2004 Subject: OpenPGP card tests 1.3.6 In-Reply-To: <40C4B8AC.9000201@gmx.de> References: <8765jlvzd5.fsf@alberti.g10code.de> <400EF569.9070603@gmx.de> <1074799935.29019.4.camel@simulacron> <4010A24E.8070803@gmx.de> <87d69bx8ix.fsf@alberti.g10code.de> <40C4B8AC.9000201@gmx.de> Message-ID: <40C64374.9040804@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Schorpp wrote: | | ok, first 2 issues: | | C001-L1: "No typing verification on pin entries in --edit-card >passwd, | dangerous..." | should be fixed, patch attached, please review, thank you. y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAxkNz1L8Hg/0A/fwRAhsNAJwI8QFr38QHnTZ235uZEjKM5f8EWgCZAQf7 4HyLkYgWwqVMo4RVZ5IAzmo= =hieK -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: gpg-1.3.6-PinTypeVerify.patch Type: text/x-patch Size: 2995 bytes Desc: not available Url : /pipermail/attachments/20040609/107e5c73/gpg-1.3.6-PinTypeVerify-0001.bin From jack at netgate.net Wed Jun 9 06:33:38 2004 From: jack at netgate.net (Jack Repenning) Date: Wed Jun 9 06:30:52 2004 Subject: Bus Error on certain keys [Patch provided] In-Reply-To: <20040608120508.GD19978@jabberwocky.com> Message-ID: <2DA70E42-B9CE-11D8-9772-000393765E02@netgate.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, June 8, 2004, at 05:05 AM, David Shaw wrote: > I see what the problem is, but I'm baffled as how you made that key. > The problem is that the key is a secret key with public subkeys. > There is no such thing. Of course, GnuPG shouldn't bus error on it, > but at the same time, this key is likely corrupt. Huh. Fairly new key, too (I have keys reaching back to PGP 2.1...). > What happens when you try this with the 1.2.5 release candidate? Sorry, I'm new around here, how do I do that? I looked around a bit, but couldn't find an RC tarball. I assume I should check out tag RC-1-2-5rc1? I speak fairly fluent CVS, and found advice at www.gnupg.org on fetching the sources via anoncvs, but I get server connection refusals (which, I suppose, might mean "too busy," or "temporary server problems," or might mean "I need to negotiate with someone to add my from-host to an access list"): > cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg login (Logging in to anoncvs@cvs.gnupg.org) CVS password: cvs [login aborted]: connect to cvs.gnupg.org:2401 failed: Connection refused <>< Jack Repenning 186,262 miles per second -- Not just a good idea ... it's the LAW!!! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: GPG-encrypted email preferred iD8DBQFAxpMpUfE+7TuC6HARAr4bAJsFbY18JZ75q+3hLSBMfUQB717wiQCfcxSq I8X965FousuVUzjzJGEyiQs= =CDZy -----END PGP SIGNATURE----- From patrick.brunschwig at gmx.net Wed Jun 9 10:04:23 2004 From: patrick.brunschwig at gmx.net (Patrick Brunschwig) Date: Wed Jun 9 10:13:53 2004 Subject: HKP Server Question In-Reply-To: References: Message-ID: <40C6C487.4090201@gmx.net> >> I'm looking into the HKP protocol to find out how I could best >> implement a key searching function in Enigmail. My main reasons are >> that the frontend offered by gpg would need an unnecessarily >> complex implementation from my side, and that Mozilla obviously can >> easily use HTTP, and can also traverse proxies where you need user >> authentication. >> >> I have found some drafts of a proposed HKP standard by David, and I >> have tried a couple of keyservers to see their output. It seems to >> me that even though many keyservers support the "options=mr" flag, >> the output can be quite different (e.g. concerning revoked keys). > > This should not be. Can you give me an example? Compare the "mr" outputs for your own address at pgp.mit.edu with keyserver.sks.penguin.de The sks server does not seem to provide the revoked flag (or maybe I don't know how to interpret the output), whereas pgp.mit.edu doesn't have the info line, and provides less info about uid's. >> My question now is: does gpg parse the human readable code and try >> to interpret it, or does it use the machine readable format? And is >> there some documentation available on how gpg interprets the >> output? I would like to implement this as simliarly as possible. > > The best thing you could do is look at the gpgkeys_hkp.c file in the > GnuPG 1.3.x release. > > However, the LDAP servers are becoming more important these days (as > "PGP Universal" has one built in). Rather than just implement HKP, > since you know that anyone using Enigmail has GnuPG installed, why not > call the gpgkeys_xxxx programs directly? That way you get support for > all keyserver types, current and future. Indeed you're right, although an LDAP implementation is available for Mozilla as well. Thanks for the hint, I wasn't really aware of gpgkeys :-( I have studied the code a bit and I tried to use it, but I don't seem to be able to search for a key. This is my script, is there anything I'm missing? HOST keyserver.sks.penguin.de PORT 11371 COMMAND search patrick.brunschwiggmx.net In addidion, I just checked my SuSE 8.2 Linux, and it looks like gpgkeys_xxx for v1.2.2 isn't installed by dfault :-( -Patrick -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 257 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040609/4070fe23/signature.bin From t.schorpp at gmx.de Wed Jun 9 14:28:45 2004 From: t.schorpp at gmx.de (Thomas Schorpp) Date: Wed Jun 9 14:38:15 2004 Subject: [PATCH] OpenPGP card 1.3.6, Pin typing verification In-Reply-To: <40C4B8AC.9000201@gmx.de> References: <8765jlvzd5.fsf@alberti.g10code.de> <400EF569.9070603@gmx.de> <1074799935.29019.4.camel@simulacron> <4010A24E.8070803@gmx.de> <87d69bx8ix.fsf@alberti.g10code.de> <40C4B8AC.9000201@gmx.de> Message-ID: <40C7027D.8000701@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Schorpp wrote: | | ok, first 2 issues: | | C001-L1: "No typing verification on pin entries in --edit-card >passwd, | dangerous..." | should be fixed, patch attached, please review, thank you. y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAxwJ91L8Hg/0A/fwRAh+yAJ46/cWIoedtrZnVgJvP8yBBymosswCfdbAT gwehdoz/u1F2qbNvdmkC67o= =Jqh3 -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: gpg-1.3.6-PinTypeVerify.patch Type: text/x-patch Size: 2996 bytes Desc: not available Url : /pipermail/attachments/20040609/133a1df9/gpg-1.3.6-PinTypeVerify.bin From patrick.brunschwig at gmx.net Wed Jun 9 19:48:34 2004 From: patrick.brunschwig at gmx.net (Patrick Brunschwig) Date: Wed Jun 9 19:45:41 2004 Subject: HKP Server Question In-Reply-To: <40C6C487.4090201@gmx.net> References: <40C6C487.4090201@gmx.net> Message-ID: <40C74D72.8060205@gmx.net> >>>I'm looking into the HKP protocol to find out how I could best >>>implement a key searching function in Enigmail. My main reasons are >>>that the frontend offered by gpg would need an unnecessarily >>>complex implementation from my side, and that Mozilla obviously can >>>easily use HTTP, and can also traverse proxies where you need user >>>authentication. >>> >>>I have found some drafts of a proposed HKP standard by David, and I >>>have tried a couple of keyservers to see their output. It seems to >>>me that even though many keyservers support the "options=mr" flag, >>>the output can be quite different (e.g. concerning revoked keys). >> >>This should not be. Can you give me an example? > > > Compare the "mr" outputs for your own address at pgp.mit.edu with > keyserver.sks.penguin.de > > The sks server does not seem to provide the revoked flag (or maybe I > don't know how to interpret the output), whereas pgp.mit.edu doesn't > have the info line, and provides less info about uid's. > > >>>My question now is: does gpg parse the human readable code and try >>>to interpret it, or does it use the machine readable format? And is >>> there some documentation available on how gpg interprets the >>>output? I would like to implement this as simliarly as possible. >> >>The best thing you could do is look at the gpgkeys_hkp.c file in the >>GnuPG 1.3.x release. >> >>However, the LDAP servers are becoming more important these days (as >>"PGP Universal" has one built in). Rather than just implement HKP, >>since you know that anyone using Enigmail has GnuPG installed, why not >>call the gpgkeys_xxxx programs directly? That way you get support for >>all keyserver types, current and future. > > > Indeed you're right, although an LDAP implementation is available for > Mozilla as well. Thanks for the hint, I wasn't really aware of gpgkeys > :-( I have studied the code a bit and I tried to use it, but I don't > seem to be able to search for a key. This is my script, is there > anything I'm missing? > > HOST keyserver.sks.penguin.de > PORT 11371 > COMMAND search > patrick.brunschwiggmx.net OK, I found the problem with my script. I think I'll do both: use gpgkeys_xxx programs by default, and implement the http stuff from within Mozilla as fallback solution (because it's quite easy and I already have quite a good prototype). -Patrick -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 257 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040609/d757f1c3/signature.bin From npcole at yahoo.co.uk Thu Jun 10 14:03:03 2004 From: npcole at yahoo.co.uk (=?iso-8859-1?q?Nicholas=20Cole?=) Date: Tue Jun 15 08:47:26 2004 Subject: revocation signatures Message-ID: <20040610120303.1605.qmail@web25404.mail.ukl.yahoo.com> Please forgive two questions that I suspect have simple answers. 1) If a user has signed a key, and then revokes the signature, GPG currently prints out both the signature and the revocation signature when doing --check-sigs. The two are not necessarily printed next to each other, nor does the original signature have any mark alerting the user to the fact that it has been revoked. While I do see the logic in printing both, is there any good reason not just to print the revocation certificate, or to put a clear message next to the original signature? 2) When revoking a signature, the user is invited to enter a free-form explanation of the revokation. I have looked through both the code (which I don't pretend to follow well) and the documentation, and I can't find a way of telling gpg to list these explanations when printing signatures (I'm most interested in the --with-colons output). With best wishes, N. ____________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html From smurf at smurf.noris.de Sat Jun 12 16:12:50 2004 From: smurf at smurf.noris.de (Matthias Urlichs) Date: Tue Jun 15 08:53:07 2004 Subject: CVS outage? Message-ID: Hi, >>> cvs [checkout aborted]: connect to cvs.gnupg.org(217.69.76.44):2401 failed: Connection refused -- Matthias Urlichs From wk at gnupg.org Mon Jun 14 12:34:20 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 15 08:59:46 2004 Subject: OpenPGP card tests 1.3.6 In-Reply-To: <40C4B8AC.9000201@gmx.de> (Thomas Schorpp's message of "Mon, 07 Jun 2004 20:49:16 +0200") References: <8765jlvzd5.fsf@alberti.g10code.de> <400EF569.9070603@gmx.de> <1074799935.29019.4.camel@simulacron> <4010A24E.8070803@gmx.de> <87d69bx8ix.fsf@alberti.g10code.de> <40C4B8AC.9000201@gmx.de> Message-ID: <87fz8y77ir.fsf@vigenere.g10code.de> On Mon, 07 Jun 2004 20:49:16 +0200, Thomas Schorpp said: > C001-L1: "No typing verification on pin entries in --edit-card >passwd, > dangerous..." Well, it makes sense to have a verification for a new PIN. > C002-L3: "gpg needs to be restarted to verify unblocked pin retry > counter - >list shows false count 0 instead of 3 without" Okay, will fix this. > i could fix that, if im allowed(?) Sure you are allowed. However, we need a copyright assignment for inclusion into the main line. That takes a while and thus it might be better when I fix this. Thanks, Werner From wk at gnupg.org Mon Jun 14 12:38:53 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 15 08:59:54 2004 Subject: Bus Error on certain keys [Patch provided] In-Reply-To: <2DA70E42-B9CE-11D8-9772-000393765E02@netgate.net> (Jack Repenning's message of "Tue, 8 Jun 2004 21:33:38 -0700") References: <2DA70E42-B9CE-11D8-9772-000393765E02@netgate.net> Message-ID: <87brjm77b6.fsf@vigenere.g10code.de> On Tue, 8 Jun 2004 21:33:38 -0700, Jack Repenning said: > Sorry, I'm new around here, how do I do that? I looked around a bit, ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz Note the /alpha/ > www.gnupg.org on fetching the sources via anoncvs, but I get server > connection refusals (which, I suppose, might mean "too busy," or > "temporary server problems," or might mean "I need to negotiate with I have been on vacation for the last 3 weeks. When I got advanced note of the new CVS bugs I only had time to disable pserver. Updated CVS this morning and re-enabled pserver. Werner From wk at gnupg.org Mon Jun 14 12:50:19 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 15 09:00:01 2004 Subject: gpgsm-Problems In-Reply-To: <200406081708.24556.andreas.bergen@in-jesus.de> (Andreas Bergen's message of "Tue, 8 Jun 2004 17:08:24 +0200") References: <200406081708.24556.andreas.bergen@in-jesus.de> Message-ID: <877jua76s4.fsf@vigenere.g10code.de> On Tue, 8 Jun 2004 17:08:24 +0200, Andreas Bergen said: > Compilation and installation worked fine but as I wrote above there's still > the message that RC2 is not supported: > gpgsm: unsupported algorithm `1.2.840.113549.3.2' Well. The RC2 support is only 40 bit as used by pkcs#12. > Another interesting thing is that (though 3DES works) gpgsm gives an empty > list of supported algorithms: This is simply not implemented. I should at a list of supported algorithms to the documentation though. > And I've got one final question: Is there anywhere a cryptplug-version which > supports this new gnupg/gpgsm? There should be one because this is the reason I released gpgme 0.3.16 quite some time ago. Salam-Shalom, Werner From wk at gnupg.org Mon Jun 14 17:36:02 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 15 09:00:44 2004 Subject: gpgsm-Problems In-Reply-To: <200406141448.00037.andreas.bergen@in-jesus.de> (Andreas Bergen's message of "Mon, 14 Jun 2004 14:47:59 +0200") References: <200406081708.24556.andreas.bergen@in-jesus.de> <877jua76s4.fsf@vigenere.g10code.de> <200406141448.00037.andreas.bergen@in-jesus.de> Message-ID: <877jua2lul.fsf@vigenere.g10code.de> On Mon, 14 Jun 2004 14:47:59 +0200, Andreas Bergen said: > As I'm not a crypto-expert this is probably a stupid question, but, as far as > I understand 1.2.840.113549.3.2 stands for the 40bit and the 128bit version > of the rc2-algorithm, doesn't it? Maybe - I have not checked. Frankly due to the lack of a test message I was not able to test the RC2 decryption - it is after all a feature of Libgcrypt. > 1.2.840.113549.3.2 is called RC2CBC > and > 1.2.840.113549.1.12.1.6 is called pbeWithSHA1And40BitRC2_CBC > What's the difference between these two? There are probably other OIDs referring to the same cipher too. IIRC, I had to fix something in the implementation for pkcs#12 (pbeWithSHA1And40BitRC2_CBC) > Are both 40bit? There is a parameter giving trhe actual key length. > Is there any way to decrypt outlook-40bit-messages? Send me a test message. Here is my test key: -----BEGIN CERTIFICATE----- MIIDbDCCAtWgAwIBAgIBCTANBgkqhkiG9w0BAQQFADA2MQswCQYDVQQGEwJERTEY MBYGA1UECgwPSW50ZXZhdGlvbiBHbWJIMQ0wCwYDVQQDDARaUyA0MB4XDTA0MDEw NTE4NDkwOFoXDTA2MDEwNDE4NDkwOFowRTELMAkGA1UEBhMCZGUxETAPBgNVBAoT CGcxMCBDb2RlMQ0wCwYDVQQLEwR0ZXN0MRQwEgYDVQQDEwtXZXJuZXIgS29jaDCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwWtugHxHu6MocThGAMlC6JLt2hc4 T0uChucmjF7x/HMtWP9iYPAlm7nEzv7lgmacX11TTmUBQfbpnUMLvisioOfBRh6A qm+APkmMrAwyPFK5INPkEQrNZNE3/oPzpaZoiDPbz7bBRtCH0/raCOU9uEIHlTXc aQbYwOxNWwGxBIcCAwEAAaOCAXkwggF1MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/ BAQDAgXgMGQGA1UdHwRdMFswWaBXoFWGU2xkYXA6Ly9jYS5pbnRldmF0aW9uLm9y Zy9jbj1aUyA0LCBvPUludGV2YXRpb24gR21iSCwgYz1ERT9jZXJ0aWZpY2F0ZVJl dm9jYXRpb25MaXN0ME8GCWCGSAGG+EIBDQRCFkBFLU1haWwgQ2VydGlmaWNhdGVz IGZvciBJbnRldmF0aW9uIGFuZCBmcmllbmRzIChub24tcHJvZHVjdGlvbikuMB0G A1UdDgQWBBR9zg6e0liS4fCaY8nxl2tCNnEmVjBlBgNVHSMEXjBcgBTpC2Y1APyb Xfobl6bvbeeiCAqfFqFBpD8wPTELMAkGA1UEBhMCREUxGDAWBgNVBAoMD0ludGV2 YXRpb24gR21iSDEUMBIGA1UEAwwLV3VyemVsIFpTIDOCAQEwGAYDVR0RBBEwD4EN d2tAZzEwY29kZS5kZTANBgkqhkiG9w0BAQQFAAOBgQDTq/KtNcWX2hTINGj2VRNW DeOXRLzoNrhIYwxK1aWJvjiEDQhTXv93kqAIfep7sqK+cmaUiEtx8E21yAGeC1iW 7PP+4ibjU52JTHjnfStJ8Xibpj6aAq6y4x2pAc1PBdI0JZTFlTS3a6Y7stbQerO7 PGW5Z1R0vZsjwnFVNzDg8Q== -----END CERTIFICATE----- Shalom-Salam, Werner From atom at suspicious.org Tue Jun 15 01:33:14 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 15 09:03:01 2004 Subject: 1.3.6 // original file name='is' Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 after creating a message in gpg 1.2.4 using STDIN/STDOUT i noticed something strange when reading the message with 1.3.6... 1.2.4 says: gpg: original file name='' 1.3.6 says: gpg: original file name='is' since the message was created using STDIN/STDOUT it seems that 1.2.4 is displaying the correct information and 1.3.6 is not. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila." -- Mitch Ratliffe, Technology Review, April, 1992 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDONb8ACgkQnCgLvz19QeP28ACZAWucOpBBd+2txI9eq2d6XylD tzkAnRV9aqLO7ykGm6W+DdkoKqHdVTkF =vByU -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 15 17:48:11 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 17:45:19 2004 Subject: revocation signatures In-Reply-To: <20040610120303.1605.qmail@web25404.mail.ukl.yahoo.com> References: <20040610120303.1605.qmail@web25404.mail.ukl.yahoo.com> Message-ID: <20040615154811.GB25161@jabberwocky.com> On Thu, Jun 10, 2004 at 01:03:03PM +0100, Nicholas Cole wrote: > Please forgive two questions that I suspect have > simple answers. > > 1) If a user has signed a key, and then revokes the signature, GPG > currently prints out both the signature and the revocation signature > when doing --check-sigs. The two are not necessarily printed next > to each other, nor does the original signature have any mark > alerting the user to the fact that it has been revoked. While I do > see the logic in printing both, is there any good reason not just to > print the revocation certificate, or to put a clear message next to > the original signature? Currently, there is no binding between a revocation and a signature. That is, the revocation could refer to any signature issued by that key and dated before the revocation. A future revision of OpenPGP does allow for 'signature targets' but they aren't that useful in this case. > 2) When revoking a signature, the user is invited to enter a > free-form explanation of the revokation. I have looked through both > the code (which I don't pretend to follow well) and the > documentation, and I can't find a way of telling gpg to list these > explanations when printing signatures (I'm most interested in the > --with-colons output). There is no current way to get the revocation text in a key listing. It is only shown when you try to encrypt to the revoked key. David From npcole at yahoo.co.uk Tue Jun 15 20:54:57 2004 From: npcole at yahoo.co.uk (=?iso-8859-1?q?Nicholas=20Cole?=) Date: Tue Jun 15 20:52:23 2004 Subject: revocation signatures In-Reply-To: <20040615154811.GB25161@jabberwocky.com> Message-ID: <20040615185457.64367.qmail@web25401.mail.ukl.yahoo.com> --- David Shaw wrote: > There is no current way to get the revocation text > in a key listing. > It is only shown when you try to encrypt to the > revoked key. Dear David, Thanks as ever for your full and helpful replies. Perhaps I could add this as a feature request for somewhere in the "with-colons" listing? Field 10 is taken, of course. Would field 12 make as much sense as anywhere? Best, Nicholas ___________________________________________________________ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself http://uk.messenger.yahoo.com From atom at suspicious.org Tue Jun 15 21:00:57 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 15 20:58:11 2004 Subject: revocation signatures In-Reply-To: <20040615154811.GB25161@jabberwocky.com> References: <20040610120303.1605.qmail@web25404.mail.ukl.yahoo.com> <20040615154811.GB25161@jabberwocky.com> Message-ID: <20040615141519.N90479@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 15 Jun 2004, David Shaw wrote: > Currently, there is no binding between a revocation and a signature. > That is, the revocation could refer to any signature issued by that > key and dated before the revocation. ================ wait a minute..! does that mean that if bob revokes his signature of alice's key, then mallory could use ~that~ revocation and revoke bob's signature from any key that bob had previously signed key (except for bob's key)? > There is no current way to get the revocation text in a key listing. > It is only shown when you try to encrypt to the revoked key. ================ pgpdump. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "80% of air pollution comes not from chimneys and auto exhaust pipes, but from plants and trees." -- Ronald Reagan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDPR3QACgkQnCgLvz19QeOGwACcCW/gAUFlxqfPXoIGJsJrXP/p eboAoI0iKgCidnXDl6zYr2iu3avPJx0n =52xQ -----END PGP SIGNATURE----- From atom at suspicious.org Tue Jun 15 21:03:23 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 15 21:00:24 2004 Subject: 1.3.6 // original file name='is' Message-ID: <20040615150300.A94362@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 after creating a message in gpg 1.2.4 using STDIN/STDOUT i noticed something strange when reading the message with 1.3.6... 1.2.4 says: gpg: original file name='' 1.3.6 says: gpg: original file name='is' since the message was created using STDIN/STDOUT it seems that 1.2.4 is displaying the correct information and 1.3.6 is not. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila." -- Mitch Ratliffe, Technology Review, April, 1992 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDONb8ACgkQnCgLvz19QeP28ACZAWucOpBBd+2txI9eq2d6XylD tzkAnRV9aqLO7ykGm6W+DdkoKqHdVTkF =vByU -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 15 21:25:01 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 21:22:09 2004 Subject: revocation signatures In-Reply-To: <20040615141519.N90479@willy_wonka> References: <20040610120303.1605.qmail@web25404.mail.ukl.yahoo.com> <20040615154811.GB25161@jabberwocky.com> <20040615141519.N90479@willy_wonka> Message-ID: <20040615192501.GB26323@jabberwocky.com> On Tue, Jun 15, 2004 at 03:00:57PM -0400, Atom 'Smasher' wrote: > On Tue, 15 Jun 2004, David Shaw wrote: > > > Currently, there is no binding between a revocation and a signature. > > That is, the revocation could refer to any signature issued by that > > key and dated before the revocation. > ================ > > wait a minute..! does that mean that if bob revokes his signature of > alice's key, then mallory could use ~that~ revocation and revoke bob's > signature from any key that bob had previously signed key (except for > bob's key)? No, it means that Mallory could use the revocation to revoke any signature of Bob's on Alice's key that was dated before the revocation. In other words, Mallory can't do anything that Bob or Alice couldn't do. The revocation hash includes the public key, so it is not transferable. > > There is no current way to get the revocation text in a key listing. > > It is only shown when you try to encrypt to the revoked key. > ================ > > pgpdump. Sure, or gpg --list-packets. It's not nice and machine parseable though. David From dshaw at jabberwocky.com Tue Jun 15 21:26:46 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 21:23:53 2004 Subject: 1.3.6 // original file name='is' In-Reply-To: <20040615150300.A94362@willy_wonka> References: <20040615150300.A94362@willy_wonka> Message-ID: <20040615192646.GC26323@jabberwocky.com> On Tue, Jun 15, 2004 at 03:03:23PM -0400, Atom 'Smasher' wrote: > after creating a message in gpg 1.2.4 using STDIN/STDOUT i noticed > something strange when reading the message with 1.3.6... > > 1.2.4 says: > gpg: original file name='' > > 1.3.6 says: > gpg: original file name='is' > > since the message was created using STDIN/STDOUT it seems that 1.2.4 is > displaying the correct information and 1.3.6 is not. I can't duplicate this. Can you post specific steps to take to recreate the problem? David From atom at suspicious.org Tue Jun 15 21:36:49 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 15 21:34:08 2004 Subject: 1.3.6 // original file name='is' In-Reply-To: <20040615192646.GC26323@jabberwocky.com> References: <20040615150300.A94362@willy_wonka> <20040615192646.GC26323@jabberwocky.com> Message-ID: <20040615153051.J94362@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 15 Jun 2004, David Shaw wrote: > I can't duplicate this. Can you post specific steps to take to > recreate the problem? =============================== gpg = 1.3.6 gpg_1.2.4 = 1.2.4 ## create a clearsigned file: $ date | gpg_1.2.4 --clearsign > file ## using 1.2.4 check the signature and only look at the file name $ gpg_1.2.4 -v < file > /dev/null 2>&1 | egrep file gpg: original file name='' ## using 1.3.6 check the signature and only look at the file name $ gpg -v < file > /dev/null 2>&1 | egrep file gpg: original file name='is' make sure "-v" is there.... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "80% of air pollution comes not from chimneys and auto exhaust pipes, but from plants and trees." -- Ronald Reagan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDPT9cACgkQnCgLvz19QeN+NACffg/jlzUJxIdcS+7AoiCCjV2k R78An2qtLxzuZR6PDlzhZIdF73uQSURE =bxlY -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 15 22:13:28 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 22:10:43 2004 Subject: 1.3.6 // original file name='is' In-Reply-To: <20040615153051.J94362@willy_wonka> References: <20040615150300.A94362@willy_wonka> <20040615192646.GC26323@jabberwocky.com> <20040615153051.J94362@willy_wonka> Message-ID: <20040615201328.GD26323@jabberwocky.com> On Tue, Jun 15, 2004 at 03:36:49PM -0400, Atom 'Smasher' wrote: > On Tue, 15 Jun 2004, David Shaw wrote: > > > I can't duplicate this. Can you post specific steps to take to > > recreate the problem? > =============================== > > gpg = 1.3.6 > gpg_1.2.4 = 1.2.4 > > > ## create a clearsigned file: > $ date | gpg_1.2.4 --clearsign > file > > ## using 1.2.4 check the signature and only look at the file name > $ gpg_1.2.4 -v < file > /dev/null 2>&1 | egrep file > gpg: original file name='' > > ## using 1.3.6 check the signature and only look at the file name > $ gpg -v < file > /dev/null 2>&1 | egrep file > gpg: original file name='is' Ah, you didn't say it was a clearsigned file. That's pretty funny. It has to do with the way clearsigned messages are handled internally, and that partial length encoding must be a power of two. Try this patch. It uses 2^1 + 2^2 rather than 2^3. David -------------- next part -------------- Index: armor.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/armor.c,v retrieving revision 1.72 diff -u -r1.72 armor.c --- armor.c 4 Mar 2004 20:40:12 -0000 1.72 +++ armor.c 15 Jun 2004 20:07:18 -0000 @@ -925,11 +925,10 @@ bytes. Of course, we'll accept it anyway ;) */ buf[n++] = 0xCB; /* new packet format, type 11 */ - buf[n++] = 0xE3; /* 2^3 */ + buf[n++] = 0xE1; /* 2^1 */ buf[n++] = 't'; /* canonical text mode */ - buf[n++] = 2; /* namelength */ - buf[n++] = 'i'; /* padding to get us to 2^3 bytes */ - buf[n++] = 's'; /* this comment intentionally left blank */ + buf[n++] = 0; /* namelength */ + buf[n++] = 0xE2; /* 2^2 */ memset(buf+n, 0, 4); /* timestamp */ n += 4; } From atom at suspicious.org Tue Jun 15 22:34:47 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 15 22:31:52 2004 Subject: 1.3.6 // original file name='is' In-Reply-To: <20040615201328.GD26323@jabberwocky.com> References: <20040615150300.A94362@willy_wonka> <20040615192646.GC26323@jabberwocky.com> <20040615153051.J94362@willy_wonka> <20040615201328.GD26323@jabberwocky.com> Message-ID: <20040615162051.Q94362@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 15 Jun 2004, David Shaw wrote: > Ah, you didn't say it was a clearsigned file. That's pretty funny. > It has to do with the way clearsigned messages are handled internally, > and that partial length encoding must be a power of two. Try this > patch. It uses 2^1 + 2^2 rather than 2^3. ====================== i'm not sure if/when i'll be able to patch... you seem to have fixed it on your end? *if* i get it patched, i'll let you know... i'm curious why/when did that got changed from the version that works in 1.2.4? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "80% of air pollution comes not from chimneys and auto exhaust pipes, but from plants and trees." -- Ronald Reagan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDPXWwACgkQnCgLvz19QeNZ6wCePV4GhKrdIYlYrR+Mm1zMJilo 8qwAnjqyD22dhTjCnB8xNLxWVvUFDFA7 =HuY0 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 15 22:50:25 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 22:47:29 2004 Subject: 1.3.6 // original file name='is' In-Reply-To: <20040615162051.Q94362@willy_wonka> References: <20040615150300.A94362@willy_wonka> <20040615192646.GC26323@jabberwocky.com> <20040615153051.J94362@willy_wonka> <20040615201328.GD26323@jabberwocky.com> <20040615162051.Q94362@willy_wonka> Message-ID: <20040615205025.GA27728@jabberwocky.com> On Tue, Jun 15, 2004 at 04:34:47PM -0400, Atom 'Smasher' wrote: > On Tue, 15 Jun 2004, David Shaw wrote: > > > Ah, you didn't say it was a clearsigned file. That's pretty funny. > > It has to do with the way clearsigned messages are handled internally, > > and that partial length encoding must be a power of two. Try this > > patch. It uses 2^1 + 2^2 rather than 2^3. > ====================== > > i'm not sure if/when i'll be able to patch... > > you seem to have fixed it on your end? > *if* i get it patched, i'll let you know... > > i'm curious why/when did that got changed from the version that works in > 1.2.4? It's a side-effect of: * Support for the old quasi-1991 partial length encoding has been removed. David From foskey at optushome.com.au Fri Jun 11 15:07:13 2004 From: foskey at optushome.com.au (Ken Foskey) Date: Wed Jun 16 09:53:10 2004 Subject: release of 1.25 Message-ID: <1086959233.21984.9.camel@froddo.foskey.org.au> I am currently having some problems with the 1.24 release on AIX and I have compiled 1.25rc1 and run this successfully. I am confused about the release schedule for 1.25 which was RC1 some months ago. Is there a new RC or will this one be declared soon. There has not been a lot of comments on the mailing list. -- Thanks KenF OpenOffice.org developer From andreas.bergen at in-jesus.de Mon Jun 14 14:47:59 2004 From: andreas.bergen at in-jesus.de (Andreas Bergen) Date: Wed Jun 16 09:53:18 2004 Subject: gpgsm-Problems In-Reply-To: <877jua76s4.fsf@vigenere.g10code.de> References: <200406081708.24556.andreas.bergen@in-jesus.de> <877jua76s4.fsf@vigenere.g10code.de> Message-ID: <200406141448.00037.andreas.bergen@in-jesus.de> > On Tue, 8 Jun 2004 17:08:24 +0200, Andreas Bergen said: > > Compilation and installation worked fine but as I wrote above there's > > still the message that RC2 is not supported: > > > > gpgsm: unsupported algorithm `1.2.840.113549.3.2' > > Well. The RC2 support is only 40 bit as used by pkcs#12. As I'm not a crypto-expert this is probably a stupid question, but, as far as I understand 1.2.840.113549.3.2 stands for the 40bit and the 128bit version of the rc2-algorithm, doesn't it? (http://www.jensign.com/JavaScience/dotnet/AuthAttr/clientcaps.txt) Why can't I decrypt a message sent from outlook express, though it complains that it can only encrypt using 40bit? Are there different RC2 (40bit)-Algorithms? On http://www.betrusted.com/downloads/products/keytools/v51/pro/c-docs/html/devguide/procdevguide-Appendix-2.html I found a list of crypto-algorithms with oid (what does this stand for?) and there's at least two versions of the rc2-algorithm: 1.2.840.113549.3.2 is called RC2CBC and 1.2.840.113549.1.12.1.6 is called pbeWithSHA1And40BitRC2_CBC What's the difference between these two? Are both 40bit? Is there any way to decrypt outlook-40bit-messages? > > And I've got one final question: Is there anywhere a cryptplug-version > > which supports this new gnupg/gpgsm? > > There should be one because this is the reason I released gpgme 0.3.16 > quite some time ago. Now I recompiled everything and things are sort of working but not really good. - rc2 still doesn't work (s. above) - encryption-capabilities seem not to be part of the signature-certificate (at least they aren't imported into the gpgsm-keybox (gpgsm --dump-keys doesn't show any after verifying a self-signed text) and outlook express still doesn't know how to encrypt mail it wants to send to me and encrypts using 40bit rc2 (which I can't decrypt, s. above) - signing and encryption takes very (!) long using kmail (sometimes several minutes). There seem to be thousands of gpgsm-instances started and immediately finished (can be seen using ps) until I get the gpg-agent-window to enter the passphrase. Is there a problem in the communication between kmail and gpgsm? Thanks again for any help Yours Andreas (Please reply by Email as I'm still not subscribed to the mailing-list -- slow modem user) (this is in part a restating of questions I already had sent to WK but haven't got an answer, yet, so I put it all together in another email so that everyone on the mailing-list can see it, please don't feel pressed by it...) -- Andreas Bergen E-Mail: andreas.bergen in-jesus de PGP/GnuPG-encrypted / -signed Email welcome. PGP-key-ID: 8CDEC18F Gott ist Liebe, und wer in der Liebe bleibt, bleibt in Gott und Gott in ihm. From wk at gnupg.org Wed Jun 16 12:03:27 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 16 12:00:28 2004 Subject: release of 1.25 In-Reply-To: <1086959233.21984.9.camel@froddo.foskey.org.au> (Ken Foskey's message of "Fri, 11 Jun 2004 23:07:13 +1000") References: <1086959233.21984.9.camel@froddo.foskey.org.au> Message-ID: <871xkfyg40.fsf@vigenere.g10code.de> On Fri, 11 Jun 2004 23:07:13 +1000, Ken Foskey said: > I am confused about the release schedule for 1.25 which was RC1 some > months ago. Is there a new RC or will this one be declared soon. There I'll prepare a new release candidate today. We changed some minor things in the meantime and thus be better give you all something to test. Salam-Shalom, Werner From wk at gnupg.org Wed Jun 16 16:43:38 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 16 17:09:23 2004 Subject: [Announce] GnuPG 1.2.5 second release candidate Message-ID: <877ju7tvfp.fsf@vigenere.g10code.de> Hi! We are pleased to announce the availability of the second release candidate for GnuPG 1.2.5: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc2.tar.gz (3496k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc2.tar.gz.sig or as a patch against the first RC ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1-1.2.5rc2.diff.gz (439k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html MD5 sums are: f915790e3e2d13256cc49e3f08b77e1b gnupg-1.2.5rc2.tar.gz 9f15c912f40c14daf4fa3d612eece938 gnupg-1.2.5rc1-1.2.5rc2.diff.gz As this is the stable branch, this release contains mostly bug and portability fixes. Please test this release and report any problems. Noteworthy changes since 1.2.4: * New --ask-cert-level/--no-ask-cert-level option to turn on and off the prompt for signature level when signing a key. Defaults to off. * New --min-cert-level option to disregard key signatures that are under a specified level. Defaults to 1 (i.e. don't disregard anything). * New --max-output option to limit the amount of plaintext output generated by GnuPG. This option can be used by programs which call GnuPG to process messages that may result in plaintext larger than the calling program is prepared to handle. This is sometimes called a "Decompression Bomb". * New --list-config command for frontends and other programs that call GnuPG. See doc/DETAILS for the specifics of this. * New --gpgconf-list command for internal use by the gpgconf utility from gnupg 1.9.x. * Some performance improvements with large keyrings. See --enable-key-cache=SIZE in the README file for details. * Some portability fixes for the OpenBSD/i386, HPPA, and AIX platforms. * Simplified Chinese translation. Since RC1 we fixed a couple more portability issues as well as some other glitches. If we don't get serious complaints on this release, 1.2.5 will be released soon. Happy hacking, The GnuPG Team _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From jvender at owensboro.net Wed Jun 16 20:09:59 2004 From: jvender at owensboro.net (Joe Vender) Date: Wed Jun 16 19:07:41 2004 Subject: Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes Message-ID: <40D03897.4591.2E2A3B@localhost> Is there some internal incompatibility between the SHA512 and SHA384 hashs in GnuPG and the same hashes in the new PGP sdk 3.x of PGP 8.x? According to information at http://www.pgp.com/products/sdk.html , the new PGP sdk 3.x supports the large hash functions including SHA256, SHA384 and SHA512. However, when I sign a message in GnuPG 1.2.5rc2 (with SHA512 compiled read/write for testing) using SHA512 as the hash, PGP returns "BAD Signature" when verifying. Same with SHA384 signed GnuPG messages. PGP *DOES* verify signatures correctly when GnuPG uses SHA256 as the hash. Any idea what the problem might be? --- PGP Encrypted/Signed Email Preferred See the kludge (full email headers) for my PGP key From dshaw at jabberwocky.com Thu Jun 17 14:56:17 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 17 14:53:22 2004 Subject: Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes In-Reply-To: <40D03897.4591.2E2A3B@localhost> References: <40D03897.4591.2E2A3B@localhost> Message-ID: <20040617125617.GA15379@jabberwocky.com> On Wed, Jun 16, 2004 at 12:09:59PM -0600, Joe Vender wrote: > Is there some internal incompatibility between the SHA512 and SHA384 > hashs in GnuPG and the same hashes in the new PGP sdk 3.x of PGP > 8.x? According to information at > http://www.pgp.com/products/sdk.html , the new PGP sdk 3.x supports > the large hash functions including SHA256, SHA384 and > SHA512. However, when I sign a message in GnuPG 1.2.5rc2 (with > SHA512 compiled read/write for testing) using SHA512 as the hash, > PGP returns "BAD Signature" when verifying. Same with SHA384 signed > GnuPG messages. PGP *DOES* verify signatures correctly when GnuPG > uses SHA256 as the hash. Any idea what the problem might be? It's an open question, and one of the reasons (aside from the need for a compiler that can handle 64-bit math), that the 512 and 384 hashes are not enabled by default. The implementation in GnuPG matches all of the SHA test vectors, so I doubt there is a implementation bug. I suspect that PGP 8 doesn't allow for these hashes for some reason, but don't know for sure. David From jvender at owensboro.net Thu Jun 17 20:40:08 2004 From: jvender at owensboro.net (Joe Vender) Date: Thu Jun 17 19:37:53 2004 Subject: Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes In-Reply-To: <20040617125617.GA15379@jabberwocky.com> References: <40D03897.4591.2E2A3B@localhost> Message-ID: <40D19128.23060.157886@localhost> On 17 Jun 2004 at 8:56, David Shaw wrote: > It's an open question, and one of the reasons (aside from the need for a > compiler that can handle 64-bit math), that the 512 and 384 hashes are > not enabled by default. Since the version of GnuPG that I compiled using MSYS/MingW on Win98SE seems to work without returning any errors when using these hashes, I assume my compiler handles the 64-bit math ok. > The implementation in GnuPG matches all of the SHA test vectors, so I > doubt there is a implementation bug. I suspect that PGP 8 doesn't allow > for these hashes for some reason, but don't know for sure. > You may be right about PGP not handling these hashes, but that would be in conflict with the information that PGP Corp. has posted on their website regarding what the new SDK handles starting with 3.0. They explicitly state : __________ The PGP SDK supports the following algorithms: * Ciphers o IDEA o TripleDES o CAST5 o AES (128-, 182-, and 256-bit key lengths) o Twofish (256-bit key length) * Hashes o MD5 o SHA-1 o RIPEMD160 o SHA-2 (256-, 384-, and 512-bit lengths) * Public Key Algorithms o RSA o Diffie-Hellman o DSA __________ From dshaw at jabberwocky.com Thu Jun 17 20:55:46 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 17 20:52:49 2004 Subject: Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes In-Reply-To: <40D19128.23060.157886@localhost> References: <40D03897.4591.2E2A3B@localhost> <40D19128.23060.157886@localhost> Message-ID: <20040617185546.GB16228@jabberwocky.com> On Thu, Jun 17, 2004 at 12:40:08PM -0600, Joe Vender wrote: > On 17 Jun 2004 at 8:56, David Shaw wrote: > > > It's an open question, and one of the reasons (aside from the need for a > > compiler that can handle 64-bit math), that the 512 and 384 hashes are > > not enabled by default. > > Since the version of GnuPG that I compiled using MSYS/MingW on Win98SE > seems to work without returning any errors when using these hashes, I > assume my compiler handles the 64-bit math ok. If it builds and passes "make check", then that's a safe assumption. > > The implementation in GnuPG matches all of the SHA test vectors, so I > > doubt there is a implementation bug. I suspect that PGP 8 doesn't allow > > for these hashes for some reason, but don't know for sure. > > > > You may be right about PGP not handling these hashes, but that would be > in conflict with the information that PGP Corp. has posted on their > website regarding what the new SDK handles starting with 3.0. They > explicitly state : I've seen that, but in all of my testing with various versions of PGP, it does not handle 384 and 512. It's always possible that I got something wrong in the hash code, but like I said, it matches the test vectors from NIST. Plus, it interoperates with the Nullify GPG patches (back when they did their own SHA-384/512 implementation) and the PGP 263multi code as well. Three different implementations of SHA-512 that all interoperate makes it unlikely that we all got it equally wrong. ;) Not that this means that the PGP people made a mistake in their code. They're sharp people, and I really doubt they'd have shipped code with such a mistake in it. Without any other information (I keep meaning to ask the PGP folks about it), I am assuming that just because the SDK supports SHA-512, and PGP 8 uses that SDK, doesn't necessarily mean that PGP 8 supports SHA-512 as well. David From jvender at owensboro.net Fri Jun 18 01:34:58 2004 From: jvender at owensboro.net (Joe Vender) Date: Fri Jun 18 00:32:41 2004 Subject: Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes In-Reply-To: <20040617185546.GB16228@jabberwocky.com> References: <40D19128.23060.157886@localhost> Message-ID: <40D1D642.31020.6F7F0@localhost> On 17 Jun 2004 at 14:55, David Shaw wrote: > Without any other information (I keep meaning to ask the PGP folks > about it), I am assuming that just because the SDK supports SHA-512, and > PGP 8 uses that SDK, doesn't necessarily mean that PGP 8 supports > SHA-512 as well. Yes, I wondered the same thing. Maybe, PGP 8 just isn't build with the support for 384 & 512 even though the SDK supports it. I sent Will Price an email this morning asking about it, but haven't heard back from him yet. I'll post his response if any relevant info is given. Joe From dshaw at jabberwocky.com Fri Jun 18 04:10:40 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Jun 18 04:08:12 2004 Subject: Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes In-Reply-To: <40D1D642.31020.6F7F0@localhost> References: <40D19128.23060.157886@localhost> <40D1D642.31020.6F7F0@localhost> Message-ID: <20040618021040.GA2923@jabberwocky.com> On Thu, Jun 17, 2004 at 05:34:58PM -0600, Joe Vender wrote: > On 17 Jun 2004 at 14:55, David Shaw wrote: > > > > Without any other information (I keep meaning to ask the PGP folks > > about it), I am assuming that just because the SDK supports SHA-512, and > > PGP 8 uses that SDK, doesn't necessarily mean that PGP 8 supports > > SHA-512 as well. > > Yes, I wondered the same thing. Maybe, PGP 8 just isn't build with the > support for 384 & 512 even though the SDK supports it. I sent Will > Price an email this morning asking about it, but haven't heard back > from him yet. I'll post his response if any relevant info is given. You might ask on the pgp-users list as well. A number of people there work at pgp.com, and/or have access to the PGP sdk source code (something which I'm reluctant to look at for obvious reasons). Note, by the way, that while the sdk datasheet does claim SHA-512 as a supported hash, the PGP 8 datasheet does not. David From jvender at owensboro.net Fri Jun 18 05:33:06 2004 From: jvender at owensboro.net (Joe Vender) Date: Fri Jun 18 04:30:50 2004 Subject: Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes In-Reply-To: <20040618021040.GA2923@jabberwocky.com> References: <40D1D642.31020.6F7F0@localhost> Message-ID: <40D20E12.10044.CBA4E@localhost> I've just heard back from Will Price. Here's his statement. It's as you suspected. The SDK has the large hash capability at a low level, but the frontends don't officially support them. *** PGP SIGNATURE VERIFICATION *** *** Status: Good Signature *** Signer: Will Price (0xCF73EC4C) *** Signed: 6/17/04 8:14:58 PM *** Verified: 6/17/04 9:30:24 PM *** BEGIN PGP DECRYPTED/VERIFIED MESSAGE *** We don't officially support any of the new hashes in message encoding/decoding even though the SDK may provide access to the low-level algorithms and you may find that some usages of these things more or less work in the front ends. We'll look into this at some point. On Jun 17, 2004, at 12:06 PM, Joe Vender wrote: > Hello Will, > I notice that at , PGP Corp > states that PGPSDK 3.0 handles the large SHA2 hash functions including > SHA384 & SHA512. Are these enabled in the freeware build? > > I've been personally testing GnuPG against PGP. Having compiled GnuPG > with the three SHA2 hashes enabled read/write, I've found that PGP 8.1 > freeware returns "Bad Signature" when verifying a GnuPG signed message > which was signed using either SHA384 or SHA512 as the hash. PGP 8.1 > will, however, verify a GnuPG signed message which was signed using > SHA256. Any idea what is going on here? Thanks. > > Best, > Joe -- Will Price, VP Engineering PGP Corporation *** END PGP DECRYPTED/VERIFIED MESSAGE *** From Derek.Hagen at mhccom.com Fri Jun 18 18:06:47 2004 From: Derek.Hagen at mhccom.com (Derek.Hagen@mhccom.com) Date: Mon Jun 21 13:11:15 2004 Subject: gpg question Message-ID: <1431.204.181.247.220.1087574807.squirrel@webmail.mhcchom.com> I am using GPG and want to send a passphrase throught a command line argument. For example right now we have: "c:\program files\gnu\gnu pgp\GPG.EXE" -o "C:\Program Files\Document Express\ppay.GPG" --force-v3-sigs --sign --armor --text --encrypt --recipient FletBston "C:\Program Files\Document Express\ppay.pay keith" When this line is executed we get a box up asking for the passphrase. We want to be able to ignore this and put the passphrase in the above command line argument so that the box does not come up. Any help would be greatly appreciated. thank derek MHC Software From jerry.windrel at verizon.net Mon Jun 21 14:49:20 2004 From: jerry.windrel at verizon.net (Jerry Windrel) Date: Mon Jun 21 14:45:41 2004 Subject: gpg question References: <1431.204.181.247.220.1087574807.squirrel@webmail.mhcchom.com> Message-ID: <002201c4578e$2bfd9c70$6401a8c0@Windows> I think you have to put the passphrase in a file and pass it into gpg through the file descriptor number (not the file name). This is for security reasons. Command lines are sometimes logged and also often visible by non-priveleged users (through the "ps" command for example), so it's bad to put passphrases in them. Some people have suggested that if you have a need to store a pass phrase for a script, you should just delete the pass phrase from the private key and rely solely on the security of the file containing the private key, since the pass phrase in that case is just causing extra complexity without adding any extra security. ----- Original Message ----- From: To: Sent: Friday, June 18, 2004 12:06 PM Subject: gpg question > I am using GPG and want to send a passphrase throught a command line > argument. For example right now we have: > > "c:\program files\gnu\gnu pgp\GPG.EXE" -o "C:\Program Files\Document > Express\ppay.GPG" --force-v3-sigs --sign --armor --text --encrypt > --recipient FletBston "C:\Program Files\Document Express\ppay.pay keith" > > When this line is executed we get a box up asking for the passphrase. We > want to be able to ignore this and put the passphrase in the above command > line argument so that the box does not come up. > > Any help would be greatly appreciated. > > thank > derek > MHC Software > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel > From jerry.windrel at verizon.net Mon Jun 21 14:52:12 2004 From: jerry.windrel at verizon.net (Jerry Windrel) Date: Mon Jun 21 14:48:31 2004 Subject: gpg question Message-ID: <002801c4578e$92b64d90$6401a8c0@Windows> I would further suggest that the user id of the key used by the script should not be labeled with any person's name but rather with the name of the server, web site, program, etc. that is using it. That way, people who see the key will know that it may not be as secure as it would normally be, since a program is in control of it, not a person. ----- Original Message ----- From: "Jerry Windrel" To: ; Sent: Monday, June 21, 2004 8:49 AM Subject: Re: gpg question > I think you have to put the passphrase in a file and pass it into gpg > through the file descriptor number (not the file name). This is for > security reasons. Command lines are sometimes logged and also often visible > by non-priveleged users (through the "ps" command for example), so it's bad > to put passphrases in them. > > Some people have suggested that if you have a need to store a pass phrase > for a script, you should just delete the pass phrase from the private key > and rely solely on the security of the file containing the private key, > since the pass phrase in that case is just causing extra complexity without > adding any extra security. > > > ----- Original Message ----- > From: > To: > Sent: Friday, June 18, 2004 12:06 PM > Subject: gpg question > > > > I am using GPG and want to send a passphrase throught a command line > > argument. For example right now we have: > > > > "c:\program files\gnu\gnu pgp\GPG.EXE" -o "C:\Program Files\Document > > Express\ppay.GPG" --force-v3-sigs --sign --armor --text --encrypt > > --recipient FletBston "C:\Program Files\Document Express\ppay.pay keith" > > > > When this line is executed we get a box up asking for the passphrase. We > > want to be able to ignore this and put the passphrase in the above command > > line argument so that the box does not come up. > > > > Any help would be greatly appreciated. > > > > thank > > derek > > MHC Software > > > > _______________________________________________ > > Gnupg-devel mailing list > > Gnupg-devel@gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-devel > > > From atom at suspicious.org Fri Jun 25 06:48:15 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Jun 25 07:34:22 2004 Subject: --list-only and asymmetric encryption Message-ID: <20040625003558.L27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 if i receive a message encrypted to me, bob and alice, why does "--list-only" show that the message is encrypted to bob and alice, but not me? the output here is the same, whether or not the message is encrypted to me: if it's encrypted to me, bob and alice; or only encrypted to bob and alice; it will only show that it's encrypted to bob and alice. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- Bob Woodward: "How do you think history will regard the war in Iraq?" George "dubya" Bush: "It won't matter. We'll all be dead." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDbrpUACgkQnCgLvz19QeO+VQCeNp/E20UhRUK1uNwpRK8HLJ09 J5kAnAuBZEwmTElvaIWbLZSPF1t5zYbE =dA2x -----END PGP SIGNATURE----- From atom at suspicious.org Fri Jun 25 06:52:29 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Jun 25 08:39:36 2004 Subject: --list-only and symmetric encryption Message-ID: <20040625004829.Y27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 using "--list-only" to learn more about a symmetrically encrypted file, it tells me (something like): gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase it says it's "encrypted with 1 passphrase"... can it be encrypted with multiple passphrases? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "For every dollar the boss has and didn't work for, one of us worked for a dollar and didn't get it." -- William 'Big Bill' Haywood -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDbr5MACgkQnCgLvz19QeM7ugCeJTeyA1x3JARGZy7rTuc6gDiP tacAoIdSfTFL2LjXCiAGmvUHV8mjl9SV =r+5T -----END PGP SIGNATURE----- From atom at suspicious.org Fri Jun 25 07:26:58 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Jun 25 08:40:45 2004 Subject: signed symmetric message Message-ID: <20040625012302.M27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 if i create a message using "gpg -sc", and then read the message, i'm told: gpg: Good signature from "xxx " gpg: WARNING: message was not integrity protected is it just me, or do those two messages seem to contradict each other? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The Army is the Indian's best friend." -- General George Armstron Custer, 1870 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDbt6cACgkQnCgLvz19QeMQ3ACgh97Jo7wtEATiljZ3EJDFpekU +i0AoJA3YJ055YONMNo9BExgeXEQuhKx =+T44 -----END PGP SIGNATURE----- From atom at suspicious.org Fri Jun 25 07:45:59 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Jun 25 08:41:17 2004 Subject: signed symmetric message In-Reply-To: <20040625012302.M27888@willy_wonka> References: <20040625012302.M27888@willy_wonka> Message-ID: <20040625014507.P27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (responding to self) > if i create a message using "gpg -sc", and then read the message, i'm told: > gpg: Good signature from "xxx " > gpg: WARNING: message was not integrity protected > > is it just me, or do those two messages seem to contradict each other? ================ creating the message using "gpg --force-mdc -sc" seems to produce the same results. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Everyone thinks of changing the world, but no one thinks of changing himself." -- Tolstoy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDbvB0ACgkQnCgLvz19QePkfQCghKd/T2zOreyvLWbRirL4Oxke I64AmgK/X0YDPL67n8gXmEBLXMnB07lq =X71o -----END PGP SIGNATURE----- From mail at joachim-breitner.de Fri Jun 25 13:09:49 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Fri Jun 25 13:06:49 2004 Subject: Adding subkey on card to existing key (w/ failing code :-)) Message-ID: <1088161789.722.14.camel@barney.ehbuehl.net> Hi, I bought one of those cool OpenGPG-cards on LinuxTag. I'd like to continue using my current key, but have a subkey on the card for encryption and file/mail signing. Since there is no code yet for this, I tried to hack something to gether. It seems to work a bit, but in the end gnupg will choke on the final thing, saying: gpg: error getting main key 00000000 of subkey CD50AFED: public key not found gpg: error getting main key 00000000 of subkey CD50AFED: public key not found (complete log attached) I attached the patch, please have a look at it and point me to things to fix, or tell me that I did it horribly wrong :-) nomeata -- Joachim "nomeata" Breitner mail: mail@joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C JID: joachimbreitner@amessage.de | http://www.joachim-breitner.de/ Debian Developer: nomeata@debian.org Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : /pipermail/attachments/20040625/3c8bb15a/attachment.bin From mail at joachim-breitner.de Fri Jun 25 13:21:34 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Fri Jun 25 13:18:39 2004 Subject: Adding subkey on card... (w/attachements) Message-ID: <1088162494.724.21.camel@barney.ehbuehl.net> Hi, I bought one of those cool OpenGPG-cards on LinuxTag. I'd like to continue using my current key, but have a subkey on the card for encryption and file/mail signing. Since there is no code yet for this, I tried to hack something to gether. It seems to work a bit, but in the end gnupg will choke on the final thing, saying: gpg: error getting main key 00000000 of subkey CD50AFED: public key not found gpg: error getting main key 00000000 of subkey CD50AFED: public key not found (complete log attached) I attached the patch, please have a look at it and point me to things to fix, or tell me that I did it horribly wrong :-) nomeata -- Joachim "nomeata" Breitner mail: mail@joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C JID: joachimbreitner@amessage.de | http://www.joachim-breitner.de/ Debian Developer: nomeata@debian.org Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -- Joachim "nomeata" Breitner mail: mail@joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C JID: joachimbreitner@amessage.de | http://www.joachim-breitner.de/ Debian Developer: nomeata@debian.org Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-add-card-subkey.diff Type: application/octet-stream Size: 6464 bytes Desc: not available Url : /pipermail/attachments/20040625/4726f7d2/gnupg-add-card-subkey.exe -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-add-card-subkey.log Type: application/octet-stream Size: 3798 bytes Desc: not available Url : /pipermail/attachments/20040625/4726f7d2/gnupg-add-card-subkey-0001.exe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : /pipermail/attachments/20040625/4726f7d2/attachment.bin From atom at suspicious.org Fri Jun 25 17:21:37 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Jun 25 17:18:54 2004 Subject: OT - problems with gnupg mailing lists Message-ID: <20040625111541.F27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i ~thought~ this happened to me before, but i wasn't sure, so i didn't say anything.... this time i'm sure.... of these four messages i sent to the [devel] list: http://lists.gnupg.org/pipermail/gnupg-devel/2004-June/021077.html http://lists.gnupg.org/pipermail/gnupg-devel/2004-June/021078.html http://lists.gnupg.org/pipermail/gnupg-devel/2004-June/021079.html http://lists.gnupg.org/pipermail/gnupg-devel/2004-June/021080.html all four of them are in the www archives, but i only received one of them [the last one] via email. something is horribly wrong with the mailing lists. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989 [The quote and the source are both disputed] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDcQwkACgkQnCgLvz19QePwiwCePmbyRMY1ST5WKhTgsMA7uGKi YqYAniRGVt9Xs+X5qL4sd5D2pKCw4NLV =rJM0 -----END PGP SIGNATURE----- From t.schorpp at gmx.de Sat Jun 26 09:42:53 2004 From: t.schorpp at gmx.de (Thomas Schorpp) Date: Sat Jun 26 09:40:59 2004 Subject: OT - problems with gnupg mailing lists In-Reply-To: <20040625111541.F27888@willy_wonka> References: <20040625111541.F27888@willy_wonka> Message-ID: <40DD28FD.701@gmx.de> hi man, Atom 'Smasher' wrote: > something is horribly wrong with the > mailing lists. maybe your name triggers the spam filters intermittently. > > > "Computer games don't affect kids; I mean if Pac-Man > affected us as kids, we'd all be running around in > darkened rooms, munching magic pills and listening to > repetitive electronic music." > -- Kristian Wilson, Nintendo, Inc, 1989 > [The quote and the source are both disputed] that's a very trivial statement, "political correct" it has to be: " Society is NOT the mirror of culture since culture IS the mirror of society. " -- A politics and socials researcher in the german newspaper "konkret" a few years ago. y tom -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3383 bytes Desc: S/MIME Cryptographic Signature Url : /pipermail/attachments/20040626/9e60a994/smime-0001.bin From mo at g10code.com Sun Jun 27 01:35:31 2004 From: mo at g10code.com (Moritz Schulte) Date: Sun Jun 27 01:32:24 2004 Subject: Poldi 0.1 released Message-ID: <86y8m9sxj0.wl@duesseldorf.ccc.de> Poldi 0.1 has been released. Poldi is a PAM module implementing authentication via OpenPGP smart cards. Files: ftp://ftp.gnupg.org/people/moritz/poldi/poldi-0.1.tar.gz (254k) ftp://ftp.gnupg.org/people/moritz/poldi/poldi-0.1.tar.gz.asc MD5 sums are: 74b9d4aa37628fbe55fbed2a0350e34c poldi-0.1.tar.gz 392677785e23c4f2184c73f254c7de02 poldi-0.1.tar.gz.asc Happy hacking, Moritz -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040627/f35d2ae7/attachment.bin From mail at joachim-breitner.de Sun Jun 27 15:59:12 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Sun Jun 27 15:56:34 2004 Subject: Adding subkey on card to existing key (w/ failing code :-)) In-Reply-To: <86wu1t2urr.wl@duesseldorf.ccc.de> References: <1088161789.722.14.camel@barney.ehbuehl.net> <86wu1t2urr.wl@duesseldorf.ccc.de> Message-ID: <1088344752.1030.1.camel@barney.ehbuehl.net> Am So, den 27.06.2004 schrieb Moritz Schulte um 11:51: > At Fri, 25 Jun 2004 13:09:49 +0200, Joachim Breitner wrote: > > Hello, > > > I attached the patch > Are you sure? I'm sure I attached it the second time, mail is in the archive (but not send out by the mailinglist). As "atom" pointed out, something seems to be wrong with the list... Joachim -- Joachim Breitner e-Mail: mail@joachim-breitner.de Homepage: http://www.joachim-breitner.de ICQ#: 74513189 Bitte senden Sie mir keine Word- oder PowerPoint-Anh?nge. Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : /pipermail/attachments/20040627/89963a0c/attachment.bin From jm2meulien at free.fr Thu Jun 24 21:46:54 2004 From: jm2meulien at free.fr (Meulien) Date: Mon Jun 28 10:11:26 2004 Subject: [nPATCH] GpgME namespace for C++ Message-ID: <000001c45ae4$77962b30$01c64352@nomfha60kknn64> From wk at gnupg.org Mon Jun 28 10:45:39 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 28 10:48:23 2004 Subject: OT - problems with gnupg mailing lists In-Reply-To: <20040625111541.F27888@willy_wonka> (atom@suspicious.org's message of "Fri, 25 Jun 2004 11:21:37 -0400 (EDT)") References: <20040625111541.F27888@willy_wonka> Message-ID: <87u0ww5avg.fsf@wheatstone.g10code.de> On Fri, 25 Jun 2004 11:21:37 -0400 (EDT), Atom 'Smasher' said: > all four of them are in the www archives, but i only received one of > them [the last one] via email. something is horribly wrong with the > mailing lists. I think I found the problem. Some time ago I changed the exim configuration to do only queue messages on high system load. All queued messages should be processed every 30 minutes, however the cron command used to read: if [ -x /usr/sbin/exim -a -f /etc/exim.conf ]; then ... but exim.conf is /etc/exim/exim.conf - so this never worked which was no problem because exim did the queue run anway when queuing new messages. Until I added the load limit. Bummer. Should be fixed now. Shalom-Salam, Werner From atom at suspicious.org Mon Jun 28 10:59:56 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 28 10:57:02 2004 Subject: --list-only and symmetric encryption (fwd) Message-ID: <20040628045923.U92142@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (resending this now that this list should be working better) using "--list-only" to learn more about a symmetrically encrypted file, it tells me (something like): gpg: CAST5 encrypted data gpg: encrypted with 1 passphrase it says it's "encrypted with 1 passphrase"... can it be encrypted with multiple passphrases? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "For every dollar the boss has and didn't work for, one of us worked for a dollar and didn't get it." -- William 'Big Bill' Haywood -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDf3hIACgkQnCgLvz19QeMLdwCglRJ7Nahbi4C5JJ2rNlZDeWyn r/kAoISU6T8Oii3e94YDuC1Cvdsh6LCK =zaoy -----END PGP SIGNATURE----- From atom at suspicious.org Mon Jun 28 11:02:08 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 28 10:59:15 2004 Subject: signed symmetric message (fwd) Message-ID: <20040628050046.Q92142@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (resending this now that this list should be working better) > if i create a message using "gpg -sc", and then read the message, i'm told: > gpg: Good signature from "xxx " > gpg: WARNING: message was not integrity protected > > is it just me, or do those two messages seem to contradict each other? ================ creating the message using "gpg --force-mdc -sc" seems to produce the same results. is there integrity protection for symmetrically encrypted messages? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Everyone thinks of changing the world, but no one thinks of changing himself." -- Tolstoy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDf3pUACgkQnCgLvz19QePoJwCgoXuj5ECIk0pe+VmJ1OPCWsHU IpAAniRyqzt5hjIgeHtIP8Zx29TT/tde =SmdZ -----END PGP SIGNATURE----- From mail at joachim-breitner.de Mon Jun 28 11:32:13 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Mon Jun 28 11:29:24 2004 Subject: Adding subkey on card... (w/attachements) Message-ID: <1088415133.700.5.camel@barney.ehbuehl.net> (hope this gets through this time, with fixed ml) Hi, I bought one of those cool OpenGPG-cards on LinuxTag. I'd like to continue using my current key, but have a subkey on the card for encryption and file/mail signing. Since there is no code yet for this, I tried to hack something to gether. It seems to work a bit, but in the end gnupg will choke on the final thing, saying: gpg: error getting main key 00000000 of subkey CD50AFED: public key not found gpg: error getting main key 00000000 of subkey CD50AFED: public key not found (complete log attached) I attached the patch, please have a look at it and point me to things to fix, or tell me that I did it horribly wrong :-) nomeata -- Joachim "nomeata" Breitner mail: mail@joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C JID: joachimbreitner@amessage.de | http://www.joachim-breitner.de/ Debian Developer: nomeata@debian.org Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-add-card-subkey.diff Type: application/octet-stream Size: 6464 bytes Desc: not available Url : /pipermail/attachments/20040628/05c3996d/gnupg-add-card-subkey-0002.exe -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-add-card-subkey.log Type: application/octet-stream Size: 3798 bytes Desc: not available Url : /pipermail/attachments/20040628/05c3996d/gnupg-add-card-subkey-0003.exe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : /pipermail/attachments/20040628/05c3996d/attachment-0001.bin From alex at syjon.fantastyka.net Mon Jun 28 13:13:28 2004 From: alex at syjon.fantastyka.net (Janusz A. Urbanowicz) Date: Mon Jun 28 13:11:56 2004 Subject: --list-only and symmetric encryption (fwd) In-Reply-To: <20040628045923.U92142@willy_wonka> References: <20040628045923.U92142@willy_wonka> Message-ID: <20040628111328.GB30058@syjon.fantastyka.net> On Mon, Jun 28, 2004 at 04:59:56AM -0400, Atom 'Smasher' wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > (resending this now that this list should be working better) > > > using "--list-only" to learn more about a symmetrically encrypted file, it > tells me (something like): > gpg: CAST5 encrypted data > gpg: encrypted with 1 passphrase > > it says it's "encrypted with 1 passphrase"... can it be encrypted with > multiple passphrases? I Guess, yes, as with multiple pubkeys & pashpresses at the same time - a feature promised for some time. Alex -- 0x46399138 From dshaw at jabberwocky.com Mon Jun 28 13:58:30 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Jun 28 13:55:40 2004 Subject: signed symmetric message (fwd) In-Reply-To: <20040628050046.Q92142@willy_wonka> References: <20040628050046.Q92142@willy_wonka> Message-ID: <20040628115830.GA30539@jabberwocky.com> On Mon, Jun 28, 2004 at 05:02:08AM -0400, Atom 'Smasher' wrote: > (resending this now that this list should be working better) > > > > if i create a message using "gpg -sc", and then read the message, i'm told: > > gpg: Good signature from "xxx " > > gpg: WARNING: message was not integrity protected > > > > is it just me, or do those two messages seem to contradict each other? > ================ > > creating the message using "gpg --force-mdc -sc" seems to produce the same > results. > > is there integrity protection for symmetrically encrypted messages? There is now ;) David From t.schorpp at gmx.de Mon Jun 28 19:20:28 2004 From: t.schorpp at gmx.de (Thomas Schorpp) Date: Tue Jun 29 15:06:54 2004 Subject: Bug in Mailman version 2.1.4 on subscribe gpa-dev Message-ID: <40E0535C.8080203@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bug in Mailman version 2.1.4 We're sorry, we hit a bug! If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks! Traceback: Traceback (most recent call last): ~ File "/home/mailman/scripts/driver", line 80, in run_main ~ pkg = __import__('Mailman.Cgi', globals(), locals(), [scriptname]) ~ File "/home/mailman/Mailman/Cgi/subscribe.py", line 26, in ? ~ from Mailman import MailList ImportError: cannot import name MailList Python information: Variable Value sys.version 2.1.3 (#1, Sep 7 2002, 15:29:56) [GCC 2.95.4 20011002 (Debian prerelease)] sys.executable /usr/bin/python sys.prefix /usr sys.exec_prefix /usr sys.path /usr sys.platform linux2 Environment variables: Variable Value VAR_pw krise HTTP_ACCEPT_ENCODING gzip,deflate REMOTE_HOST p83.x.x.51.tisdip.tiscali.de SUPPORTS_images true SUPPORTS_ssl true HTTP_CONTENT_LENGTH 89 QUERY_email_button Subscribe SCRIPT_NAME /mailman/subscribe SUPPORTS_fontcolor true QUERY_pw_conf ***** SUPPORTS_autogunzip true SUPPORTS_layer true QUERY_fullname VAR_pw_conf ***** VAR_fullname COOKIES HTTP_ACCEPT text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 HTTP_CONTENT_TYPE application/x-www-form-urlencoded SCRIPT_FILENAME /home/mailman/cgi-bin/subscribe SUPPORTS_gifinline true HTTP_HOST lists.gnupg.org LAST_MODIFIED Thu, 11 Mar 2004 19:33:58 GMT SUPPORTS_mailto true DOCUMENT_URI /mailman/subscribe SUPPORTS_backgrounds true SUPPORTS_pjpeginline true SUPPORTS_font true PYTHONPATH /home/mailman SUPPORTS_jpeginline true SUPPORTS_imagealign true SUPPORTS_tablecolor true SUPPORTS_cookies true VAR_email_button Subscribe DOCUMENT_ROOT /home/mailman/public_html/ HTTP_KEEP_ALIVE 300 SUPPORTS netscape_javascript tables font javascript cookies ssl ilayer layer tablecolor some_html3 fontcolor pjpeginline autogunzip pull push java pnginline imagealign mailto gifinline forms images jpeginline backgrounds backgrounds frames javascript1.2 tableimages stylesheets VAR_email t.schorpp@gmx.de SERVER_PORT 80 PATH_TRANSLATED /home/mailman/public_html/gpa-dev SUPPORTS_ilayer true SUPPORTS_stylesheets true GATEWAY_INTERFACE CGI/1.1 QUERY_digest 0 CONTENT_TYPE application/x-www-form-urlencoded SERVER_URL http://lists.gnupg.org/ QUERY_pw ***** SUPPORTS_some_html3 true VARIABLES digest pw_conf pw email email_button fullname REMOTE_ADDR 83.x.x.51 SUPPORTS_java true HTTP_CONNECTION keep-alive HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7 CONTENT_LENGTH 89 SUPPORTS_tableimages true SUPPORTS_push true SUPPORTS_javascript1.2 true SUPPORTS_netscape_javascript true SERVER_PROTOCOL HTTP/1.0 SUPPORTS_frames true PATH_INFO /gpa-dev REMOTE_PORT 32906 REQUEST_METHOD POST SUPPORTS_tables true SUPPORTS_forms true SERVER_SOFTWARE Caudium/1.2.9 STABLE QUERY_email t.schorpp@gmx.de SUPPORTS_javascript true HTTP_REFERER http://lists.gnupg.org/mailman/listinfo/gpa-dev SUPPORTS_pnginline true VAR_digest 0 SUPPORTS_pull true SERVER_NAME lists.gnupg.org DOCUMENT_NAME subscribe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFA4FNc1L8Hg/0A/fwRAuBQAJwPtyMrcgn5Wqylhd30uipaT24qJQCeO2fK 8wBAE+NsDZz4EdjXASIMJs8= =4Mjp -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 29 00:48:57 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 29 15:08:08 2004 Subject: --list-only and symmetric encryption (fwd) In-Reply-To: <20040628045923.U92142@willy_wonka> References: <20040628045923.U92142@willy_wonka> Message-ID: <20040628224857.GA6406@jabberwocky.com> On Mon, Jun 28, 2004 at 04:59:56AM -0400, Atom 'Smasher' wrote: > (resending this now that this list should be working better) > > > using "--list-only" to learn more about a symmetrically encrypted file, it > tells me (something like): > gpg: CAST5 encrypted data > gpg: encrypted with 1 passphrase > > it says it's "encrypted with 1 passphrase"... can it be encrypted with > multiple passphrases? Yes and no. GnuPG will properly handle a message encrypted with multiple passphrases. However, it will not currently generate a multiple passphrase message for the usual reasons. Note that this is different than a message that can be decrypted with both passphrases and public keys. That feature exists today in 1.3.x: just do --encrypt --symmetric. David From joachim.gruhn at snap.de Wed Jun 23 14:17:27 2004 From: joachim.gruhn at snap.de (Joachim Gruhn) Date: Tue Jun 29 15:23:56 2004 Subject: gpgme: Problem while releasing context after decryption Message-ID: <40D974D7.70108@snap.de> Hello, I have created a windows dll from gpgme v0.3.16 using i.e. encryption and decryption from within my application. Everything seems to work fine except the decryption. It seems that the decryption itself is ok but when "gpgme_release(ctx);" is called, the application hangs up. If I step through the code with my debugger this problem did not accure. Any idea is welcome. Using GnuPG v1.2.4, OpenPGP, VC6 on Win XP prof. Joachim -- ------------------------------------------------------------------ Joachim Gruhn mailto: Joachim.Gruhn@snap.de SNAP Innovation Software GmbH Web: http://www.snap.de ------------------------------------------------------------------ From atom at suspicious.org Wed Jun 30 05:46:53 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 30 11:35:25 2004 Subject: --list-only and symmetric encryption (fwd) In-Reply-To: <20040628224857.GA6406@jabberwocky.com> References: <20040628045923.U92142@willy_wonka> <20040628224857.GA6406@jabberwocky.com> Message-ID: <20040629234329.N92142@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 28 Jun 2004, David Shaw wrote: > On Mon, Jun 28, 2004 at 04:59:56AM -0400, Atom 'Smasher' wrote: >> (resending this now that this list should be working better) >> >> >> using "--list-only" to learn more about a symmetrically encrypted file, it >> tells me (something like): >> gpg: CAST5 encrypted data >> gpg: encrypted with 1 passphrase >> >> it says it's "encrypted with 1 passphrase"... can it be encrypted with >> multiple passphrases? > > Yes and no. GnuPG will properly handle a message encrypted with > multiple passphrases. However, it will not currently generate a > multiple passphrase message for the usual reasons. > > Note that this is different than a message that can be decrypted with > both passphrases and public keys. That feature exists today in 1.3.x: > just do --encrypt --symmetric. =================== i'm curious how that works... i understand how a message can be encrypted to multiple public keys, since the bulk encryption is only done using one key. i don't understand how a message can be efficiently ("efficiently", meaning that the message is only encrypted once) encrypted to multiple symmetric keys. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- We got around to the subject of war again and I said that, contrary to his attitude, I did not think that the common people are very thankful for leaders who bring them war and destruction. "Why, of course, the people don't want war," [he] shrugged. "Why would some poor slob on a farm want to risk his life in a war when the best that he can get out of it is to come back to his farm in one piece. Naturally, the common people don't want war; neither in Russia nor in England nor in America, nor for that matter in Germany. That is understood. But, after all, it is the leaders of the country who determine the policy and it is always a simple matter to drag the people along, whether it is a democracy or a fascist dictatorship or a Parliament or a Communist dictatorship." "There is one difference," I pointed out. "In a democracy the people have some say in the matter through their elected representatives, and in the United States only Congress can declare wars." "Oh, that is all well and good, but, voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country." -- conversation on April 18, 1946 between Hermann Goering (Nazi Reichsmarshall and Luftwaffe-Chief) and Gustave Gilbert, a psychologist and journalist who met regularly with Goering during the Nuremberg trails. These conversations were published in the "Nuremberg Diary" in 1947 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDiN7YACgkQnCgLvz19QeNQ1ACfSSenerCeM3+uadopvUoOFviR +fMAnA+ouRgiMj2EHST2mowlB8N+zbW7 =s3j3 -----END PGP SIGNATURE----- From t.schorpp at gmx.de Wed Jun 30 09:20:52 2004 From: t.schorpp at gmx.de (Thomas Schorpp) Date: Wed Jun 30 15:32:12 2004 Subject: Bug in Mailman version 2.1.4 on subscribe gpa-dev In-Reply-To: <87brj11q4d.fsf@wheatstone.g10code.de> References: <40E0535C.8080203@gmx.de> <87brj11q4d.fsf@wheatstone.g10code.de> Message-ID: <40E269D4.3050708@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: | On Mon, 28 Jun 2004 19:20:28 +0200, Thomas Schorpp said: | | |>Traceback (most recent call last): |>~ File "/home/mailman/scripts/driver", line 80, in run_main |>~ pkg = __import__('Mailman.Cgi', globals(), locals(), [scriptname]) |>~ File "/home/mailman/Mailman/Cgi/subscribe.py", line 26, in ? |>~ from Mailman import MailList | | | Why at all is Mailman not able to print regular system error messages? | I am pretty sure that the message would have been "Too many open | files". We have this problem from time to time under high system | load. | | Please try again. | | Werner | | moin, not neccessary, got through, issue is not reproducable for me, thank You. y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFA4mnU1L8Hg/0A/fwRAr33AKCNzgLjDrYRUwNlMyYiPpkNCQLQVgCfbD9v zlXiUYk/LGlI7argOv5p9aA= =5j0c -----END PGP SIGNATURE----- From wk at gnupg.org Wed Jun 30 09:06:42 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 30 15:34:18 2004 Subject: Bug in Mailman version 2.1.4 on subscribe gpa-dev In-Reply-To: <40E0535C.8080203@gmx.de> (Thomas Schorpp's message of "Mon, 28 Jun 2004 19:20:28 +0200") References: <40E0535C.8080203@gmx.de> Message-ID: <87brj11q4d.fsf@wheatstone.g10code.de> On Mon, 28 Jun 2004 19:20:28 +0200, Thomas Schorpp said: > Traceback (most recent call last): > ~ File "/home/mailman/scripts/driver", line 80, in run_main > ~ pkg = __import__('Mailman.Cgi', globals(), locals(), [scriptname]) > ~ File "/home/mailman/Mailman/Cgi/subscribe.py", line 26, in ? > ~ from Mailman import MailList Why at all is Mailman not able to print regular system error messages? I am pretty sure that the message would have been "Too many open files". We have this problem from time to time under high system load. Please try again. Werner From muehlber at fh-brandenburg.de Wed Jun 30 19:11:32 2004 From: muehlber at fh-brandenburg.de (Jan Tobias Muehlberg) Date: Tue Jul 6 16:39:44 2004 Subject: libgcrypt on windows Message-ID: <20040630171131.GB27967@fh-brandenburg.de> Hello, I'm actually developing a small application using libgcrypt 1.1.94. This works really nice on Linux and Solaris. Today I tried to compile it on windows (the cygwin environment) but failed to build the library. It compiled nicely but failed to link the tests due to several undefined references. It seems as if somebody prepends some underscores to most of the function names. Did somebody of you made the same experience? Is there a known sollution? BTW: I read somewhere that '#define WITH_SYMBOL_UNDERSCORE 1' should help -- it didn't work for me. Yours, J. Tobias -- Privacy is the right to be let alone. -- Thomas M. Cooley, 19th century -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 193 bytes Desc: not available Url : /pipermail/attachments/20040630/5e5b4531/attachment-0001.bin From twoaday at freakmail.de Wed Jun 30 20:46:57 2004 From: twoaday at freakmail.de (Timo Schulz) Date: Tue Jul 6 16:41:12 2004 Subject: --list-only and symmetric encryption (fwd) In-Reply-To: <20040629234329.N92142@willy_wonka> References: <20040628045923.U92142@willy_wonka> <20040628224857.GA6406@jabberwocky.com> <20040629234329.N92142@willy_wonka> Message-ID: <20040630184657.GB362@daredevil.joesixpack.net> On Tue Jun 29 2004; 23:46, Atom 'Smasher' wrote: > key. i don't understand how a message can be efficiently ("efficiently", > meaning that the message is only encrypted once) encrypted to multiple > symmetric keys. That's not difficult, but I've to admit you need to know the OpenPGP format in detail to see it without thinking too much. Tag 3 "Symmetric-Key Encrypted Session Key Packets" has an optional field to hold the encrypted session key. This key is used to encrypt the message. The session key itself is encrypted via the S2K key derrived from a passphrase. If you have more passphrases, the same session key is encrypted with different passphrases (S2Ks). Tag3 (- Optionally, the encrypted session key itself, which is decrypted with the string-to-key object.) You see the key for the _message_ is always the same, while the key to protect the session key itself is different for each passphrase. If you know one passphrase, you can decipher the message. Hope my achievement is clear to you. Timo From dshaw at jabberwocky.com Wed Jun 30 20:31:17 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jul 6 16:42:54 2004 Subject: --list-only and symmetric encryption (fwd) In-Reply-To: <20040629234329.N92142@willy_wonka> References: <20040628045923.U92142@willy_wonka> <20040628224857.GA6406@jabberwocky.com> <20040629234329.N92142@willy_wonka> Message-ID: <20040630183117.GC7180@jabberwocky.com> On Tue, Jun 29, 2004 at 11:46:53PM -0400, Atom 'Smasher' wrote: > >>using "--list-only" to learn more about a symmetrically encrypted file, it > >>tells me (something like): > >> gpg: CAST5 encrypted data > >> gpg: encrypted with 1 passphrase > >> > >>it says it's "encrypted with 1 passphrase"... can it be encrypted with > >>multiple passphrases? > > > >Yes and no. GnuPG will properly handle a message encrypted with > >multiple passphrases. However, it will not currently generate a > >multiple passphrase message for the usual reasons. > > > >Note that this is different than a message that can be decrypted with > >both passphrases and public keys. That feature exists today in 1.3.x: > >just do --encrypt --symmetric. > =================== > > i'm curious how that works... i understand how a message can be encrypted > to multiple public keys, since the bulk encryption is only done using one > key. i don't understand how a message can be efficiently ("efficiently", > meaning that the message is only encrypted once) encrypted to multiple > symmetric keys. It works the same way that it does with public keys. The data is encrypted using a random session key, then that session key is encrypted using the passphrase. If you want to use multiple passphrases, just encrypt the random session key to as many passphrases as you like. David