From wk at gnupg.org Fri Oct 1 10:04:17 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 1 10:04:13 2004 Subject: Authenticating TCP connections based on public keys In-Reply-To: <20040929143652.GA513@anthony.ics.uci.edu> (Christian Stork's message of "Wed, 29 Sep 2004 07:36:52 -0700") References: <20040927211255.GB18121@anthony.ics.uci.edu> <20040929103603.GV19831@syjon.fantastyka.net> <20040929143652.GA513@anthony.ics.uci.edu> Message-ID: <87u0tedfum.fsf@wheatstone.g10code.de> On Wed, 29 Sep 2004 07:36:52 -0700, Christian Stork said: > Well, as I said, the GPG keys are already in place and the certs aren't. > Could I use GPG keys as certs? Or how about a nice challenge-responce > protocol based on GPG keys? gnutls allows to use OpenPGP keys. Werner From wk at gnupg.org Fri Oct 1 10:05:51 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 1 10:09:14 2004 Subject: gpg --edit, delsigs and --no-tty In-Reply-To: <20040929195432.GC6293@opium.multi24.com> (Peter Palfrader's message of "Wed, 29 Sep 2004 21:54:32 +0200") References: <20040929190419.GA6293@opium.multi24.com> <20040929194047.GC28944@jabberwocky.com> <20040929195432.GC6293@opium.multi24.com> Message-ID: <87pt42dfs0.fsf@wheatstone.g10code.de> On Wed, 29 Sep 2004 21:54:32 +0200, Peter Palfrader said: > Cool. 1.3.6 doesn't do this yet, is there an ETA for the next 1.3.x > release? Leys hope for today. Werner From jsogo at debian.org Fri Oct 1 11:55:15 2004 From: jsogo at debian.org (Jose Carlos Garcia Sogo) Date: Fri Oct 1 11:52:02 2004 Subject: Fails when compiling [WAS: Re: [Announce] GPGME 1.0.0 released] In-Reply-To: <87acv7a07w.wl@ulysses.g10code.de> References: <87d603agf9.wl@ulysses.g10code.de> <1096564395.13868.3.camel@localhost> <87acv7a07w.wl@ulysses.g10code.de> Message-ID: <1096624516.4620.0.camel@localhost> El jue, 30-09-2004 a las 23:57 +0200, Marcus Brinkmann escribi?: > Ok. Before I make myself a real fool by releasing a GPGME 1.0.1 that > still doesn't work, can you test this patch, please? It fixes the > problem for me. Works for me. -- Jose Carlos Garcia Sogo jsogo@debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente Url : /pipermail/attachments/20041001/7216460d/attachment.bin From jsogo at debian.org Fri Oct 1 11:57:03 2004 From: jsogo at debian.org (Jose Carlos Garcia Sogo) Date: Fri Oct 1 11:53:45 2004 Subject: Fails when compiling [WAS: Re: [Announce] GPGME 1.0.0 released] In-Reply-To: <87brfna1ug.wl@ulysses.g10code.de> References: <87d603agf9.wl@ulysses.g10code.de> <1096564395.13868.3.camel@localhost> <87brfna1ug.wl@ulysses.g10code.de> Message-ID: <1096624623.4620.3.camel@localhost> El jue, 30-09-2004 a las 23:22 +0200, Marcus Brinkmann escribi?: > At Thu, 30 Sep 2004 19:13:15 +0200, > Jose Carlos Garcia Sogo wrote: > > > We are pleased to announce version 1.0.0 of GnuPG Made Easy, > > > > Hi, when trying to compile it in Debian fails. Attached is the build > > log. > > > > I'm not applying any patch (I have disabled 10_relibtoolize patch you > > can find in 0.9.x versions), so it must be a problem in gpgme itself. > > Holy Bartholomeus, there is actually somebody compiling GPGME without > GpgSM support! You'd think I would have thought of testing that > before this major release, but we have worked hard on the Aegypten > project recently, so that was all that was on my mind. > > I guess I have to thank you for this, but you are spoiling my party, grrr :) Sorry for that, but I GpgSM is not even in Debian ;-) But we could solve that as soon as Aegypten is considered stable enough to be "published" in Debian pool. Thanks, -- Jose Carlos Garcia Sogo jsogo@debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente Url : /pipermail/attachments/20041001/4d2afa82/attachment.bin From marcus.brinkmann at ruhr-uni-bochum.de Fri Oct 1 13:11:32 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Oct 1 13:11:21 2004 Subject: Fails when compiling [WAS: Re: [Announce] GPGME 1.0.0 released] In-Reply-To: <1096624623.4620.3.camel@localhost> References: <87d603agf9.wl@ulysses.g10code.de> <1096564395.13868.3.camel@localhost> <87brfna1ug.wl@ulysses.g10code.de> <1096624623.4620.3.camel@localhost> Message-ID: <874qleae1n.wl@ulysses.g10code.de> At Fri, 01 Oct 2004 11:57:03 +0200, Jose Carlos Garcia Sogo wrote: > > Holy Bartholomeus, there is actually somebody compiling GPGME without > > GpgSM support! You'd think I would have thought of testing that > Sorry for that, but I GpgSM is not even in Debian ;-) Doesn't really matter. Just add --with-gpgsm=/usr/bin/gpgsm to the configure line, and when gpgsm is available and installed, *poof*, it will work. Of course, for real usability, you may want to make gpgme suggest or recommend gpgsm. I guess for the current release you might want to compile it without gpgsm support. It doesn't matter, but in either case I think a dependency on the first gpgme version compiled with gpgsm support will need to be added to the gpgsm package manually. > But we could solve that as soon as Aegypten is considered stable enough > to be "published" in Debian pool. It already is, in fact, we are trying to encourage Debian people to package it for months now. There has been some work on it, but no real break-through yet. Are you interested? :) Thanks, Marcus From jsogo at debian.org Fri Oct 1 13:44:45 2004 From: jsogo at debian.org (Jose Carlos Garcia Sogo) Date: Fri Oct 1 13:41:47 2004 Subject: Fails when compiling [WAS: Re: [Announce] GPGME 1.0.0 released] In-Reply-To: <874qleae1n.wl@ulysses.g10code.de> References: <87d603agf9.wl@ulysses.g10code.de> <1096564395.13868.3.camel@localhost> <87brfna1ug.wl@ulysses.g10code.de> <1096624623.4620.3.camel@localhost> <874qleae1n.wl@ulysses.g10code.de> Message-ID: <1096631085.4620.9.camel@localhost> El vie, 01-10-2004 a las 13:11 +0200, Marcus Brinkmann escribi?: > At Fri, 01 Oct 2004 11:57:03 +0200, > Jose Carlos Garcia Sogo wrote: > > > Holy Bartholomeus, there is actually somebody compiling GPGME without > > > GpgSM support! You'd think I would have thought of testing that > > > Sorry for that, but I GpgSM is not even in Debian ;-) > > Doesn't really matter. Just add --with-gpgsm=/usr/bin/gpgsm to the > configure line, and when gpgsm is available and installed, *poof*, it > will work. Ok, will done that. > > Of course, for real usability, you may want to make gpgme suggest or > recommend gpgsm. This will need to wait for a GpgSM package to be ready ;-) > > I guess for the current release you might want to compile it without > gpgsm support. It doesn't matter, but in either case I think a > dependency on the first gpgme version compiled with gpgsm support will > need to be added to the gpgsm package manually. Perhaps a enhaces. Or does gpgsm depends on gpgme (and gpgme on gpgsm, a nice circular dependency) > > > But we could solve that as soon as Aegypten is considered stable enough > > to be "published" in Debian pool. > > It already is, in fact, we are trying to encourage Debian people to > package it for months now. There has been some work on it, but no > real break-through yet. > > Are you interested? :) Yes, but I am not very sure about ?gypten picture. I mean, I don't know which modules are needed, which is the canonical URL to get them, and IIRC Matthias Urlichs was also packaging some of these modules. Cheers, -- Jose Carlos Garcia Sogo jsogo@debian.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente Url : /pipermail/attachments/20041001/4e721768/attachment.bin From smurf at smurf.noris.de Fri Oct 1 14:08:13 2004 From: smurf at smurf.noris.de (Matthias Urlichs) Date: Fri Oct 1 14:04:59 2004 Subject: Fails when compiling [WAS: Re: [Announce] GPGME 1.0.0 released] References: <87d603agf9.wl@ulysses.g10code.de> <1096564395.13868.3.camel@localhost> <87brfna1ug.wl@ulysses.g10code.de> <1096624623.4620.3.camel@localhost> <874qleae1n.wl@ulysses.g10code.de> <1096631085.4620.9.camel@localhost> Message-ID: Hi, Jose Carlos Garcia Sogo wrote: >> It already is, in fact, we are trying to encourage Debian people to >> package it for months now. There has been some work on it, but no >> real break-through yet. >> >> Are you interested? :) > > Yes, but I am not very sure about ?gypten picture. I mean, I don't > know which modules are needed, which is the canonical URL to get them, > and IIRC Matthias Urlichs was also packaging some of these modules. Sorry about that -- I was busy with Debian's gnutls/gcrypt transition, Real Work, and a family vacation. Take your pick as to which task is ultimately responsible. ;-) Debian packages for gnupg2/gpgsm/gpg-agent are currently available at deb http://smurf.noris.de/code/debian/ experimental smurf They'll be in Debian's "official" Experimental archive once one of the Debian FTP administrators acknowledges my latest upload (I have split off the gpgsm binary into its own package). Once that happens, I can upload them to Debian's Unstable, which should allow them to propagate into Sarge. -- Matthias Urlichs From dshaw at jabberwocky.com Sat Oct 2 15:47:23 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 2 16:04:54 2004 Subject: [Announce] GnuPG 1.3.90 released (development) Message-ID: <20041002134723.GB15332@jabberwocky.com> Hello! The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will very soon become GnuPG 1.4. As the version jump from 1.3.6 to 1.3.90 indicates, the 1.4 release is expected soon. We encourage people to try this development release and report any feedback or problems to gnupg-devel@gnupg.org. As always, note that while this code is stable enough for many uses, it is still the development branch. Mission-critical applications should use the 1.2.x stable branch. The files are available from: Gzipped: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.gz (3.6M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.gz.sig Bzip2ed: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.bz2 (2.5M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.bz2.sig MD5 checksums for the files are: c3f1a4b5134ad15aae5f93897c8294fa gnupg-1.3.90.tar.bz2 767cf77145ea4ce0df3b2ca6e86ce0a9 gnupg-1.3.90.tar.bz2.sig e3f8d36309bd63f05bae3b7371bcb994 gnupg-1.3.90.tar.gz 32a4376ae5a7a5b548bacd4d3a14816a gnupg-1.3.90.tar.gz.sig Noteworthy changes in version 1.3.90 (2004-10-01) ------------------------------------------------- * Readline support at all prompts is now available if the systems provides a readline library. The build time option --without-readline may be used to disable this feature. * Support for the OpenPGP smartcard is now enabled by default. Use the option --disable-card-support to build without support for smartcards. * New command "addcardkey" in the key edit menu to add subkeys to a smartcard. New command "keytocard" to transfer a key to a smartcard. The serial number of the card is show in secret key listings. * -K may now be used as an alias for --list-secret-keys. * HTTP Basic authentication is now supported for all HKP and HTTP keyserver functions, either through a proxy or via direct access. Enjoy! The GnuPG team (David, Stefan, Timo and Werner) _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From marcus.brinkmann at ruhr-uni-bochum.de Sat Oct 2 16:23:25 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sat Oct 2 16:21:19 2004 Subject: Fails when compiling [WAS: Re: [Announce] GPGME 1.0.0 released] In-Reply-To: <1096631085.4620.9.camel@localhost> References: <87d603agf9.wl@ulysses.g10code.de> <1096564395.13868.3.camel@localhost> <87brfna1ug.wl@ulysses.g10code.de> <1096624623.4620.3.camel@localhost> <874qleae1n.wl@ulysses.g10code.de> <1096631085.4620.9.camel@localhost> Message-ID: <87wty98ahu.wl@ulysses.g10code.de> At Fri, 01 Oct 2004 13:44:45 +0200, Jose Carlos Garcia Sogo wrote: > > Of course, for real usability, you may want to make gpgme suggest or > > recommend gpgsm. > > This will need to wait for a GpgSM package to be ready ;-) Probably, if Debian Policy demands that. > > I guess for the current release you might want to compile it without > > gpgsm support. It doesn't matter, but in either case I think a > > dependency on the first gpgme version compiled with gpgsm support will > > need to be added to the gpgsm package manually. > > Perhaps a enhaces. Or does gpgsm depends on gpgme (and gpgme on gpgsm, > a nice circular dependency) No, there is no hard-dependency in either direction. GPGME will detect if gpgsm is present or not, and provide proper information to the user of the library. However, let's say you install the GPGME enhanced mutt. Then mutt will depend on gpgme. But to really use encryption, the user needs to install at least either gpg or gpgsm, depending on which protocol he wants to use. Now, if GPGME requires GpgSM, or if GpgSM enhances, GPGME, I'll leave that for the relevant maintainers to decide. The only thing that matters here in my view is that it will have the right consequences in the user interfaces of the package installer frontends. GpgSM will then suck in some libs and gpg-agent, which in turn will suck in a pinentry package. Those are hard dependencies, so it will be OK. > Yes, but I am not very sure about ?gypten picture. I mean, I don't > know which modules are needed, which is the canonical URL to get them, > and IIRC Matthias Urlichs was also packaging some of these modules. Yes. Matthias Urlichs (who already replied, nice!) has also some information about the package structure we sent to him some time ago, and what I saw on his site matched that. So, it's basically already done. The main issues from our point of view are that gpgsm, gpg-agent and gpg should all be in their own packages, as gpg-agent can be used by both (it probably "enhances" gpg, but is required for gpgsm). Then there is the issue of package gpg2, which probably should be in its own package, because of the major differences (some might prefer the old one). But then is the issue how to deal with it in GPGME. You can either make an alternative GPGME package that is configured to use gpg2, or you can manage gpg via alternatives in Debian (the latter looks to me like the better solution). Note that GPGME doesn't allow you to configure the path to the backends at runtime. This is a deliberate decision, for vague security concerns. However, if you look at it critically, there is no real security to be gained from this, so we probably could be talked into changing that, if it is actually helpful. I am just mentioning this as a potential third alternative. Thanks, Marcus From dshaw at jabberwocky.com Sat Oct 2 17:54:20 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 2 17:50:55 2004 Subject: gpg --edit, delsigs and --no-tty In-Reply-To: <20040929195432.GC6293@opium.multi24.com> References: <20040929190419.GA6293@opium.multi24.com> <20040929194047.GC28944@jabberwocky.com> <20040929195432.GC6293@opium.multi24.com> Message-ID: <20041002155419.GC15332@jabberwocky.com> On Wed, Sep 29, 2004 at 09:54:32PM +0200, Peter Palfrader wrote: > On Wed, 29 Sep 2004, David Shaw wrote: > > > On Wed, Sep 29, 2004 at 09:04:19PM +0200, Peter Palfrader wrote: > > > > > When I call gpg --edit with --no-tty then I don't get any information > > > about which signature is about to be removed: > > > > Printing to a TTY despite the user specifying --no-tty would be a > > pretty unpleasant hack. > > Well, of course I meant printing it to stdout, not the tty :) > > > This is fixed properly in 1.3.x, where delsig > > and --with-colons gives you the sig in colon form and the TTY is > > irrelevant. > > Cool. 1.3.6 doesn't do this yet, is there an ETA for the next 1.3.x > release? Right now :) David From gnupg-devel=gnupg.org at lists.palfrader.org Sat Oct 2 19:11:31 2004 From: gnupg-devel=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Sat Oct 2 19:08:09 2004 Subject: gpg --edit, delsigs and --no-tty In-Reply-To: <20041002155419.GC15332@jabberwocky.com> References: <20040929190419.GA6293@opium.multi24.com> <20040929194047.GC28944@jabberwocky.com> <20040929195432.GC6293@opium.multi24.com> <20041002155419.GC15332@jabberwocky.com> Message-ID: <20041002171131.GA10278@opium.multi24.com> On Sat, 02 Oct 2004, David Shaw wrote: > On Wed, Sep 29, 2004 at 09:54:32PM +0200, Peter Palfrader wrote: > > On Wed, 29 Sep 2004, David Shaw wrote: > > > > > On Wed, Sep 29, 2004 at 09:04:19PM +0200, Peter Palfrader wrote: > > > > > > > When I call gpg --edit with --no-tty then I don't get any information > > > > about which signature is about to be removed: > > > > > > Printing to a TTY despite the user specifying --no-tty would be a > > > pretty unpleasant hack. > > > > Well, of course I meant printing it to stdout, not the tty :) > > > > > This is fixed properly in 1.3.x, where delsig > > > and --with-colons gives you the sig in colon form and the TTY is > > > irrelevant. > > > > Cool. 1.3.6 doesn't do this yet, is there an ETA for the next 1.3.x > > release? > > Right now :) Thanks, David and Werner. | weasel@galaxy:~/tmp/keys$ ~/tmp/gpg/gnupg-1.3.90/g10/gpg --with-colons --edit 2719AF35 [..] | pub:-:1024:1:1B080C452719AF35:800361729:0::-: | fpr:::::::::3FD9FA498B6D60955BE3AD83677F9E69: | uid:-::::::::Ben Laurie ::::1,p: | | Command> 1 | | pub:-:1024:1:1B080C452719AF35:800361729:0::-: | fpr:::::::::3FD9FA498B6D60955BE3AD83677F9E69: | uid:-::::::::Ben Laurie ::::1,ps: | | Command> delsig | uid Ben Laurie | sig:!::1:2719AF354042FFA0:1078132640:0::::13x ^^^^^^^^ | Delete this good signature? (y/N/q)n | uid Ben Laurie | sig:!::17:94C09C7F40CB7145:1087074629:0::::13x ^^^^^^^^ | Delete this good signature? (y/N/q) It seems the long keyids are wrong tho. The first 8 digits are the short keyid, the other 8 digits, I don't know. -- Peter From dshaw at jabberwocky.com Sat Oct 2 21:46:29 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 2 21:43:16 2004 Subject: gpg --edit, delsigs and --no-tty In-Reply-To: <20041002171131.GA10278@opium.multi24.com> References: <20040929190419.GA6293@opium.multi24.com> <20040929194047.GC28944@jabberwocky.com> <20040929195432.GC6293@opium.multi24.com> <20041002155419.GC15332@jabberwocky.com> <20041002171131.GA10278@opium.multi24.com> Message-ID: <20041002194629.GD15332@jabberwocky.com> On Sat, Oct 02, 2004 at 07:11:31PM +0200, Peter Palfrader wrote: > | Command> delsig > | uid Ben Laurie > | sig:!::1:2719AF354042FFA0:1078132640:0::::13x > ^^^^^^^^ > | Delete this good signature? (y/N/q)n > | uid Ben Laurie > | sig:!::17:94C09C7F40CB7145:1087074629:0::::13x > ^^^^^^^^ > | Delete this good signature? (y/N/q) > > It seems the long keyids are wrong tho. The first 8 digits are the > short keyid, the other 8 digits, I don't know. Well, you win the prize for 'first bug found in 1.3.90'. Here's a patch. David -------------- next part -------------- Index: keyedit.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/keyedit.c,v retrieving revision 1.145 diff -u -r1.145 keyedit.c --- keyedit.c 29 Sep 2004 17:41:58 -0000 1.145 +++ keyedit.c 2 Oct 2004 19:40:58 -0000 @@ -167,7 +167,7 @@ if( sigrc != '?' || print_without_key ) { printf("sig:%c::%d:%08lX%08lX:%lu:%lu:", - sigrc,sig->pubkey_algo,(ulong)sig->keyid[1],(ulong)sig->keyid[2], + sigrc,sig->pubkey_algo,(ulong)sig->keyid[0],(ulong)sig->keyid[1], (ulong)sig->timestamp,(ulong)sig->expiredate); if(sig->trust_depth || sig->trust_value) From mwood at IUPUI.Edu Fri Oct 1 16:06:12 2004 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Sun Oct 3 18:01:30 2004 Subject: gpgme 1.0 has unchecked dependency on libassuan Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gpgme 1.0 fails to build on a Linux 2.4/glibc 2.3 system when libassuan is not installed: gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/include -g -O2 -Wall -Wcast-align - -Wshadow -Wstrict-prototypes -MT engine-gpgsm.lo -MD -MP -MF .deps/engine-gpgsm.Tpo -c engine-gpgsm.c -fPIC -DPIC -o .libs/engine-gpgsm.o cc1: warning: changing search order for system directory "/usr/include" cc1: warning: as it has already been specified as a non-system directory engine-gpgsm.c:41:20: assuan.h: No such file or directory engine-gpgsm.c:59: parse error before "ASSUAN_CONTEXT" engine-gpgsm.c:59: warning: no semicolon at end of struct or union and so on. I wonder whether engine-gpgsm should be built at all, since I don't have gpgsm either (and this was correctly detected by the configure script). [time passes] Okay, I built and installed libassuan; deleted, re-unpacked, and reconfigured gpgme; and now gpgme compiles but does not link, failing to even request libassuan: /bin/sh ../../libtool --mode=link gcc -g -O2 -Wall -Wcast-align -Wshadow - -Wstrict-prototypes -o t-encrypt t-encrypt.o ../../gpgme/libgpgme.la mkdir .libs gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -o .libs/t-encrypt t-encrypt.o ../../gpgme/.libs/libgpgme.so ../../gpgme/.libs/libgpgme.so: undefined reference to `assuan_get_active_fds' ../../gpgme/.libs/libgpgme.so: undefined reference to `assuan_read_line' ../../gpgme/.libs/libgpgme.so: undefined reference to `assuan_disconnect' ../../gpgme/.libs/libgpgme.so: undefined reference to `assuan_pipe_connect' ../../gpgme/.libs/libgpgme.so: undefined reference to `assuan_pending_line' ../../gpgme/.libs/libgpgme.so: undefined reference to `assuan_transact' ../../gpgme/.libs/libgpgme.so: undefined reference to `assuan_write_line' collect2: ld returned 1 exit status make[3]: *** [t-encrypt] Error 1 make[3]: Leaving directory `/home/mwood/build/gpgme-1.0.0/tests/gpg' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/mwood/build/gpgme-1.0.0/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/mwood/build/gpgme-1.0.0' make: *** [all] Error 2 I read README to mean that gpgsm is supported but not a prerequisite, but this appears to be incorrect. - -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu Open-source executable: $0.00. Source: $0.00 Control: priceless! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQFBXWRYs/NR4JuTKG8RAt1EAJ9PHpCBMJY9ODxMonjFs8dTzLkimACfVuB4 15s5gujU+/R4ZCXLtDEDKwA= =6UYo -----END PGP SIGNATURE----- From marcus.brinkmann at ruhr-uni-bochum.de Sun Oct 3 18:44:39 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sun Oct 3 18:41:18 2004 Subject: gpgme 1.0 has unchecked dependency on libassuan In-Reply-To: References: Message-ID: <87wty7agzs.wl@ulysses.g10code.de> Hi, At Fri, 1 Oct 2004 09:06:12 -0500 (EST), "Mark H. Wood" wrote: > gpgme 1.0 fails to build on a Linux 2.4/glibc 2.3 system when libassuan is > not installed: libassuan is included. The error is that it tries to build engine-gpgsm. > I wonder whether engine-gpgsm should be built at all, since I don't have > gpgsm either (and this was correctly detected by the configure script). Yes, this was reported at friday on gnupg-devel already. I will release gpgme 1.0.1 tonight (likely). > I read README to mean that gpgsm is supported but not a prerequisite, but > this appears to be incorrect. It's a simple bug in the configure check for gpgsm presence. There is a patch on gnupg-devel. As a work around, you could just specify "--with-gpgsm=/usr/bin/gpgsm" to fake gpgsm presence at configure time. Thanks, Marcus From atom at suspicious.org Sun Oct 3 19:03:50 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sun Oct 3 19:00:39 2004 Subject: 1.3.90 Message-ID: <20041003130205.X23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Q: to what extent will bugs in 1.3.90 be addressed in 1.3.x, and to what extent will bug fixes first appear in 1.4.x? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989 [The quote and the source are both disputed] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBYDD8AAoJEAx/d+cTpVciMqgH/irNlDNeYnfQhWl0l6lsgDlf J8xC9RDF6KIh65YNrjOOAgn0FcNhvx8eycOR6wcxps1fQtecHKokU5+709WDqqzs 0x/RvWiu2oMTJwADqjuZNol2baBTVkKvw+kbq3Dn6nqb4Ii/FupaY1hxAnlsq/ek QfHNhjw/UH6nzWHex1zP+8EZfyDzG2ypM3DEdKGGXudh1gSi2cHsKLbNzgRBKNUK 0TISIZxZEBLn5vCnOxUWC/cvnv0jVadC8v5oETvll5Xiw9nvVEDAn0v1mKDs7Cr9 B5ZCUMDaT9pmuP7876ZVssxWYJpRrYKvjAwXlmLUaaLr7TX9fLQIB9AweXJIYcA= =jq4P -----END PGP SIGNATURE----- From wk at gnupg.org Sun Oct 3 19:18:20 2004 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 3 19:19:19 2004 Subject: Fails when compiling In-Reply-To: <87wty98ahu.wl@ulysses.g10code.de> (Marcus Brinkmann's message of "Sat, 02 Oct 2004 16:23:25 +0200") References: <87d603agf9.wl@ulysses.g10code.de> <1096564395.13868.3.camel@localhost> <87brfna1ug.wl@ulysses.g10code.de> <1096624623.4620.3.camel@localhost> <874qleae1n.wl@ulysses.g10code.de> <1096631085.4620.9.camel@localhost> <87wty98ahu.wl@ulysses.g10code.de> Message-ID: <87sm8ven4z.fsf@wheatstone.g10code.de> On Sat, 02 Oct 2004 16:23:25 +0200, Marcus Brinkmann said: > You can either make an alternative GPGME package that is configured to > use gpg2, or you can manage gpg via alternatives in Debian (the latter > looks to me like the better solution). FWIW, I guess that we need at least 6 more months to get gpg2 as matured as gpg 1.3.90. In the meantime there is not much point in having a gpg2 package. Some notes on terminology: GnuPG (or gnupg) is the entire gnupg package consisting of just the gpg utility in package versions < 1.9 and all the tools (gpg2, gpgsm, gpg-agent, scdaemon) in later versions. gpg is the well known OpenPGP utility. In versions 1.9 it gets installed as gpg2, though. gpgsm is the newer CMS/X.509 (S/MIME) counterpart of gpg utility. It is independent of gpg but provides a similar functionality. gpg-agent is part of gnupg > 1.9 but may als be used with any current gpg versions (1.2.6, 1.3.90, gpg2 1.9.11). Shalom-Salam, Werner From wk at gnupg.org Sun Oct 3 23:04:32 2004 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 3 23:04:18 2004 Subject: 1.3.90 In-Reply-To: <20041003130205.X23687@willy_wonka> (atom@suspicious.org's message of "Sun, 3 Oct 2004 13:03:50 -0400 (EDT)") References: <20041003130205.X23687@willy_wonka> Message-ID: <873c0vecnz.fsf@wheatstone.g10code.de> On Sun, 3 Oct 2004 13:03:50 -0400 (EDT), Atom 'Smasher' said: > Q: to what extent will bugs in 1.3.90 be addressed in 1.3.x, and to > what extent will bug fixes first appear in 1.4.x? A: If you report bugs now we will fix them in 1.3.91, that's why we are doing these pre-releases. Even without any bugs there will be a 1.3.91 release to start the translation process. Werner From sebastian at karotte.org Mon Oct 4 23:20:23 2004 From: sebastian at karotte.org (Sebastian Wiesinger) Date: Mon Oct 4 23:17:07 2004 Subject: Bug gpg 1.3.90 Message-ID: <20041004212023.GA21462@data.fire-world.de> Hi, I discovered a bug in 1.3.90: [fire@data:~]$ /usr/bin/gpg --no-options --keyserver subkeys.pgp.net. \ > --keyserver-options include-disabled,include-revoked --refresh-keys gpg: requesting key 76B79F20 from hkp server subkeys.pgp.net gpg: key 76B79F20: "Sebastian Wiesinger " not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: refreshing 36 keys from subkeys.pgp.net. gpg: requesting key 97F5A1D8 from hkp server subkeys.pgp.net. gpg: Ohhhh jeeee: ... this is a bug (keyid.c:250:keystr_from_desc) secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 Aborted [Exit 134 (SIGABRT)] Do you need any further information? Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) Wehret den Anfaengen: http://odem.org/informationsfreiheit/ 'But...I died,' said the shade of Unity. YES, said Death. THIS IS THE NEXT PART... - Terry Pratchett, Thief Of Time From dshaw at jabberwocky.com Tue Oct 5 00:03:35 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 5 00:00:20 2004 Subject: Bug gpg 1.3.90 In-Reply-To: <20041004212023.GA21462@data.fire-world.de> References: <20041004212023.GA21462@data.fire-world.de> Message-ID: <20041004220334.GA4367@jabberwocky.com> On Mon, Oct 04, 2004 at 11:20:23PM +0200, Sebastian Wiesinger wrote: > Hi, > > I discovered a bug in 1.3.90: > > [fire@data:~]$ /usr/bin/gpg --no-options --keyserver subkeys.pgp.net. \ > > --keyserver-options include-disabled,include-revoked --refresh-keys > gpg: requesting key 76B79F20 from hkp server subkeys.pgp.net > gpg: key 76B79F20: "Sebastian Wiesinger " not changed > gpg: Total number processed: 1 > gpg: unchanged: 1 > gpg: refreshing 36 keys from subkeys.pgp.net. > gpg: requesting key 97F5A1D8 from hkp server subkeys.pgp.net. > > gpg: Ohhhh jeeee: ... this is a bug (keyid.c:250:keystr_from_desc) > secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 > Aborted > [Exit 134 (SIGABRT)] > > Do you need any further information? Interesting problem. Try this patch. David -------------- next part -------------- Index: keyserver.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/keyserver.c,v retrieving revision 1.66 diff -u -r1.66 keyserver.c --- keyserver.c 29 Sep 2004 17:41:58 -0000 1.66 +++ keyserver.c 4 Oct 2004 21:57:47 -0000 @@ -884,6 +884,10 @@ else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID) fprintf(spawn->tochild,"0x%08lX\n", (ulong)desc[i].u.kid[1]); + else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE) + continue; + else + BUG(); log_info(_("requesting key %s from %s server %s\n"), keystr_from_desc(&desc[i]), From sebastian at karotte.org Tue Oct 5 00:45:27 2004 From: sebastian at karotte.org (Sebastian Wiesinger) Date: Tue Oct 5 00:42:09 2004 Subject: Bug gpg 1.3.90 In-Reply-To: <20041004220334.GA4367@jabberwocky.com> References: <20041004212023.GA21462@data.fire-world.de> <20041004220334.GA4367@jabberwocky.com> Message-ID: <20041004224527.GA23068@data.fire-world.de> * David Shaw [2004-10-05 00:13]: > > gpg: Ohhhh jeeee: ... this is a bug (keyid.c:250:keystr_from_desc) > > secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 > > Aborted > > [Exit 134 (SIGABRT)] > > > > Do you need any further information? > > Interesting problem. Try this patch. Yes, that fixed it. Regards, Sebastian -- GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) Wehret den Anfaengen: http://odem.org/informationsfreiheit/ 'But...I died,' said the shade of Unity. YES, said Death. THIS IS THE NEXT PART... - Terry Pratchett, Thief Of Time From micron at madlab.it Tue Oct 5 10:11:59 2004 From: micron at madlab.it (micron) Date: Tue Oct 5 10:13:05 2004 Subject: [gpgme] when the password is aked? Message-ID: <200410051012.02658.micron@madlab.it> I'm using gpgme library to add signature/encryption/decryption functionalities to one of my programs. The only gpgme's documentation resource I've found is an info file. In this file, in the section regarding the crypto operations (signature,...) there's nothing about key's password. How the password is retrieved by gpgme? The only thing I've to do is to set the password callback function for my context? If so anybody can explain (maybe with some code) how the function "gpgme_error_t (*gpgme_passphrase_cb_t)(void *HOOK, const char *UID_HINT, const char *PASSPHRASE_INFO, int PREV_WAS_BAD, int FD)" works? Thanks in advance micron -- |? micron<- ICQ #118796665 |? GPG Key: |? ~ Keyserver: pgp.mit.edu |? ~ KeyID: 6D632BED ~ "Progress is merely a realisation of utopias" ~ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041005/daeae416/attachment.bin From mail at joachim-breitner.de Tue Oct 5 13:34:32 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Tue Oct 5 13:59:50 2004 Subject: PIN entry with ASK_PASSPHRASE_SYM Message-ID: <1096976072.24661.5.camel@localhost.localdomain> Hi, currently, gnupg will put "ASK_PASSPHRASE_SYM 0 0 0" on the status fd when it needs the pin for a key on the card. The docs state that ASK_PASSPHRASE_PIN is to be used for asking for passphrases for symetrical pins, and the parameters have some meaning. I suggest you put ASK_PASSPHRASE_PIN 0 on the status line when asking for the master pin, ASK_PASSPHRASE_PIN 1 for the first (the signature) pin and so on. Additionally, currently gpg won't put GOOD_PASSPHRASE or BAD_PASSPHRASE on the status line. If it would be possible to fix these two issues before the release of 1.4, I will try to make sure that evolution will be able to handle this the way it handles gnupg passphrases. Thx, nomeata -- Joachim "nomeata" Breitner mail: mail@joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C JID: joachimbreitner@amessage.de | http://www.joachim-breitner.de/ Debian Developer: nomeata@debian.org Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : /pipermail/attachments/20041005/2aafb2de/attachment.bin From marcus.brinkmann at ruhr-uni-bochum.de Tue Oct 5 15:08:32 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 5 15:06:14 2004 Subject: [gpgme] when the password is aked? In-Reply-To: <200410051012.02658.micron@madlab.it> References: <200410051012.02658.micron@madlab.it> Message-ID: <87zn31z50v.wl@ulysses.g10code.de> At Tue, 5 Oct 2004 10:11:59 +0200, micron wrote: > to one of my programs. > The only gpgme's documentation resource I've found is an info file. In this > file, in the section regarding the crypto operations (signature,...) there's > nothing about key's password. The list of possible error values lists the error GPG_ERR_BAD_PASSPHRASE if the operation requires a passphrase. This is also mentioned explicitely for the symmetric encryption operation. > How the password is retrieved by gpgme? > The only thing I've to do is to set the password callback function for my > context? Right. > If so anybody can explain (maybe with some code) how the function > "gpgme_error_t (*gpgme_passphrase_cb_t)(void *HOOK, const char *UID_HINT, > const char *PASSPHRASE_INFO, int PREV_WAS_BAD, int FD)" works? It's documented in the chapter "Context attributes", node "Passphrase callback". - Data type: gpgme_error_t (*gpgme_passphrase_cb_t)(void *HOOK, const char *UID_HINT, const char *PASSPHRASE_INFO, int PREV_WAS_BAD, int FD) The `gpgme_passphrase_cb_t' type is the type of functions usable as passphrase callback function. ... A very simple example is in gpgme/cvs/tests/gpg/t-support.h Better example code can be found in mutt or other GPGME using applications. Note that storing the passphrase in secured (mlock) memory is a good idea. Newer gpg versions also support use of gpg-agent, in which case the passphrase callback will not be used at all. Thanks, Marcus From anthony.metcalf at anferny.ath.cx Thu Oct 7 13:15:40 2004 From: anthony.metcalf at anferny.ath.cx (Anthony Metcalf) Date: Thu Oct 7 13:17:53 2004 Subject: [gpgme] Moving from 0.3 to 1.0 Message-ID: <20041007121540.3298b74c@localhost> Hi all, I am attempting to help move sylpheed from using gpgme0.3 to 1.0. I am having trouble with the GpgmeRecipients. I notice from the 0.4.1 announce that this is removed, and that I should use "NULL-Terminated lists of keys". How do I go about doing this? At the moment I see GpgmeRecipients gpgmegtk-recipient-selection(GSList *recipients); what should this return? Thanks for any help, and please do bear with me, I *will* ask some silly questions sometimes :) Regards Anthony p.s. if this is not the correct list, which is? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041007/669a83c9/attachment.bin From marcus.brinkmann at ruhr-uni-bochum.de Thu Oct 7 15:15:39 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu Oct 7 15:16:18 2004 Subject: [gpgme] Moving from 0.3 to 1.0 In-Reply-To: <20041007121540.3298b74c@localhost> References: <20041007121540.3298b74c@localhost> Message-ID: <877jq2vfd0.wl@ulysses.g10code.de> At Thu, 7 Oct 2004 12:15:40 +0100, Anthony Metcalf wrote: > > [1 ] > [1.1 ] > Hi all, > I am attempting to help move sylpheed from using gpgme0.3 to > 1.0. > > I am having trouble with the GpgmeRecipients. I notice from the 0.4.1 > announce that this is removed, and that I should use "NULL-Terminated > lists of keys". How do I go about doing this? > > At the moment I see > > GpgmeRecipients gpgmegtk-recipient-selection(GSList *recipients); > > what should this return? Well, you need to change this a bit around. A NULL-terminated list of keys is really a NULL-terminated array of keys, something like this: gpgme_key_t rset[5] = { key1, key2, key3, key4, NULL }; In the case of sylpheed, the first thing you have to do is to change the struct select_key_s to return such an array instead GpgmeRecipient in RSET. malloc and realloc are your friends. I am sorry that it is a bit more work than calling gpgme_recipients_add* in select_btn_cb, but it's not that hard. Once you did that, you can return a pointer to this array from gpgmegtk_recipient_selection. Instead gpgme_recipients_release() the caller of that function just needs to call free() on the malloc'ed block then. That's all I think. The main work will be to handle the allocation of the key-list array. The listing of the keys etc is already in there, so it's not much to do (about this single issue). Keep us in touch with your experiences. It's interesting to hear for me how moving from 0.3.x to 1.0.x is for you. Thanks, Marcus From mo at g10code.com Thu Oct 7 17:32:13 2004 From: mo at g10code.com (Moritz Schulte) Date: Thu Oct 7 17:29:04 2004 Subject: [gpgme] Moving from 0.3 to 1.0 In-Reply-To: <20041007121540.3298b74c@localhost> References: <20041007121540.3298b74c@localhost> Message-ID: <20041007153213.GA1525@cuttysark.lan> On Thu, Oct 07, 2004 at 12:15:40PM +0100, Anthony Metcalf wrote: > I am attempting to help move sylpheed from using gpgme0.3 to 1.0. Uhm, you are aware of the fact that Jens Oberender (whom I CCed:) is already working on a Sylpheed version (named Sylpheed-claws), which is based on the current GPGME API? His current implementation does still contain a couple of bugs, hence you are welcome to help out! Thanks, Moritz -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 192 bytes Desc: not available Url : /pipermail/attachments/20041007/a0eec108/attachment.bin From anthony.metcalf at anferny.ath.cx Thu Oct 7 17:48:53 2004 From: anthony.metcalf at anferny.ath.cx (Anthony Metcalf) Date: Thu Oct 7 17:51:09 2004 Subject: [gpgme] Moving from 0.3 to 1.0 In-Reply-To: <20041007153213.GA1525@cuttysark.lan> References: <20041007121540.3298b74c@localhost> <20041007153213.GA1525@cuttysark.lan> Message-ID: <20041007164853.1e4490ae@localhost> On Thu, 7 Oct 2004 17:32:13 +0200 Moritz Schulte wrote: > Uhm, you are aware of the fact that Jens Oberender (whom I CCed:) is > already working on a Sylpheed version (named Sylpheed-claws), which is > based on the current GPGME API? > > His current implementation does still contain a couple of bugs, hence > you are welcome to help out! It is sylpheed-claws I working on too. Yes I am now aware, there are a few people working on this. He replied to the messages I posted to the sylpheed-claws user list, after I had come to the conclusion that to get claws to compile with gpgme-1.0 I would have to try myself. If he makes it work first(probable) good for him. If I make it work first, good for me. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041007/bc18f947/attachment.bin From mail at joachim-breitner.de Thu Oct 7 19:40:37 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Thu Oct 7 19:37:24 2004 Subject: Optionally don't sync CHV1 and CV2 Message-ID: <1097170837.5216.12.camel@localhost.localdomain> Hi, for my special way of working with my gnupg smartcard, I need to be able to set the values of CHV1 (signing) and CHV2 (encryption and authentication) independently. Currently, gnupg presents the user both of them as just the "PIN", and keeps them in sync. This is very nice for most cases, but special needs should be met :-) Would it be possible to have this functionality in the 1.4 version? If I'd submit a patch for that, would it be (probably) integrated in time for 1.4? If so, what should the option be (maybe "--independent-chvs")? Thx, nomeata -- Joachim "nomeata" Breitner mail: mail@joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C JID: joachimbreitner@amessage.de | http://www.joachim-breitner.de/ Debian Developer: nomeata@debian.org Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : /pipermail/attachments/20041007/d49701a3/attachment.bin From albrecht.dress at arcor.de Thu Oct 7 19:46:11 2004 From: albrecht.dress at arcor.de (=?iso-8859-1?q?Albrecht_Dre=DF?=) Date: Thu Oct 7 19:43:08 2004 Subject: [gpgme] Moving from 0.3 to 1.0 In-Reply-To: <877jq2vfd0.wl@ulysses.g10code.de> (from marcus.brinkmann@ruhr-uni-bochum.de on Thu Oct 7 15:15:39 2004) References: <20041007121540.3298b74c@localhost> <877jq2vfd0.wl@ulysses.g10code.de> Message-ID: <1097171171l.1246l.1l@antares.localdomain> Am 07.10.04 15:15 schrieb(en) Marcus Brinkmann: > Keep us in touch with your experiences. It's interesting to hear for > me how moving from 0.3.x to 1.0.x is for you. Afaict, moving the MUA balsa (http://balsa.gnome.org) from 0.3.x to 0.4.2 (that part of the project has been finished some time ago) went smoothly. One big advantage is the fact that multithreading support seems to be rock-solid now, whereas it had some problems in 0.3. The new (0.4 and above) a[bp]i looks somewhat more logical to me than the old one, but I guess that's a matter of taste. Please let me add here that IMHO gpgme is a really great piece of work, and I would like to thank the whole team for their efforts! Just my ? 0.01... Cheers, Albrecht. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre? - Johanna-Kirchner-Stra?e 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041007/c0641989/attachment.bin From sbt at megacceso.com Thu Oct 7 21:34:59 2004 From: sbt at megacceso.com (Sergi Blanch i =?ISO-8859-1?Q?Torn=E9?=) Date: Thu Oct 7 21:31:44 2004 Subject: Patch EccGnuPG 0.1.4 Message-ID: <1097177699.3067.36.camel@quark.calcurco.org> Hi! We were glad of being able to say that a new elliptic curve patch is available. In previous versions we had some bug, but now everyone what we know are fixed. The module implements an Elliptic Curve Cryptosystem over F_p. The smallest key size that you could choose is 192 bits, equivalent to a 1024 ElGamal. I need to say that code is experimental. If you like to test it, you can download the patch from: http://alumnes.eps.udl.es/~d4372211/download.en.html Thanks for your help. /Sergi. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20041007/01a1b176/attachment.bin From atom at suspicious.org Thu Oct 7 22:37:15 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Thu Oct 7 22:34:08 2004 Subject: Patch EccGnuPG 0.1.4 In-Reply-To: <1097177699.3067.36.camel@quark.calcurco.org> References: <1097177699.3067.36.camel@quark.calcurco.org> Message-ID: <20041007162848.D23687@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I need to say that code is experimental. If you like to test it, you can > download the patch from: > http://alumnes.eps.udl.es/~d4372211/download.en.html ================= something like this really should be signed, not just have an md5 checksum posted. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "All that is necessary for the triumph of evil is for good men to do nothing." -- Edmund Burke -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBZakCAAoJEAx/d+cTpVciAlgH/2mFrSfFSTqs4RaPFo+yaGMI JzLT2PISqEg3Q/Xw4W01qb45ilxtC66WxL390Hk/L9G/+z614ugbEF06n11Id0wA vYkaFbXAokjq1nMNJjLIkYMOwG+iSdunpTBSeuCx+9NR72jOfdYcd+xKLpbqLQls S0+iQGorMvP3Z/gN0A6OBr3ewtGYkeyblWnSracVerTBDWZl+0CharfmepDSzexD 9jHMKbKowfZI8z7IAhifKpaJo3v72qzml0j2LCxFUhrmvgRuxy4uk3IQjh2K+L4b Fq8XAZwTEZy16zBYQn3nD37NQK5WrUUn5cSTkX+Jmd2Fr3/XsakFnBFACrram8c= =oa7f -----END PGP SIGNATURE----- From sbt at megacceso.com Fri Oct 8 16:12:42 2004 From: sbt at megacceso.com (Sergi Blanch i =?ISO-8859-1?Q?Torn=E9?=) Date: Fri Oct 8 16:09:15 2004 Subject: Patch EccGnuPG 0.1.4 In-Reply-To: <20041007162848.D23687@willy_wonka> References: <1097177699.3067.36.camel@quark.calcurco.org> <20041007162848.D23687@willy_wonka> Message-ID: <1097244762.3071.6.camel@quark.calcurco.org> > > I need to say that code is experimental. If you like to test it, you can > > download the patch from: > > http://alumnes.eps.udl.es/~d4372211/download.en.html > ================= > > something like this really should be signed, not just have an md5 checksum > posted. Oh, that's true. I include it now, and my pkey. Also the key is on another server: http://www.calcurco.org/sergi/gpg/sergi.gpg Thanks /Sergi. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20041008/2c991671/attachment.bin From sbt at megacceso.com Fri Oct 8 23:07:17 2004 From: sbt at megacceso.com (Sergi Blanch i =?ISO-8859-1?Q?Torn=E9?=) Date: Fri Oct 8 23:03:48 2004 Subject: Patch EccGnuPG 0.1.5 Message-ID: <1097269637.3071.79.camel@quark.calcurco.org> Hi! Two bugs were found and fixed. You have available a new release of the ecc patch. The web page is updated: http://alumnes.eps.udl.es/~d4372211/download.en.html (the same link). Direct files: http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.6-ecc0.1.4.diff.bz2 http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.6-ecc0.1.4.diff.bz2.asc http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.5-ecc0.1.4.diff.bz2 http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.5-ecc0.1.4.diff.bz2.asc The mistakes are in the functions: 'verify'(l545) and 'duplicatePoint' (l1087). Both they are transcription errors, and exist in all previous versions. They were discovered when the amount of comments was being increased on the code. Now its reading could be easy. /Sergi. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20041008/71a0d897/attachment-0001.bin From sbt at megacceso.com Fri Oct 8 23:41:35 2004 From: sbt at megacceso.com (Sergi Blanch i =?ISO-8859-1?Q?Torn=E9?=) Date: Fri Oct 8 23:38:03 2004 Subject: Patch EccGnuPG 0.1.5 In-Reply-To: <1097269637.3071.79.camel@quark.calcurco.org> References: <1097269637.3071.79.camel@quark.calcurco.org> Message-ID: <1097271694.3071.83.camel@quark.calcurco.org> Sorry i made another mistake, the files are: gnupg-1.3.*-ecc0.1.5.diff.bz2* There are the correct links > http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.6-ecc0.1.5.diff.bz2 > http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.6-ecc0.1.5.diff.bz2.asc > http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.5-ecc0.1.5.diff.bz2 > http://alumnes.eps.udl.es/~d4372211/src/gnupg-1.3.5-ecc0.1.5.diff.bz2.asc /Sergi. From mail at joachim-breitner.de Sat Oct 9 20:00:07 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Sat Oct 9 19:57:11 2004 Subject: gpg-agent not caching card PINs? Message-ID: <1097344807.7019.3.camel@localhost.localdomain> Hullo, I just got gpg-agent (thx to smurfix for packaging for debian). I got version 1.9.11+cvs20040924-3. It works fine for on-disk-keys with passwords, but for my on-card-signature-keys, it asks for the PIN every time. It does ask using pinentry, so it goes through gpg-agent. Here are my commands: gpg-agent --daemon --pinentry-program /usr/lib/pinentry/pinentry-gtk --default-cache-ttl 600 GPG_AGENT_INFO=/tmp/gpg-EhFmNT/S.gpg-agent:6918:1; export GPG_AGENT_INFO; echo hi | gpg --armour --sign --use-agent # he asks for my PIN and signs - ok echo hi | gpg --armour --sign --use-agent # he asks for my PIN and signs - not ok :-) Bug? Intentional? thx, nomeata -- Joachim "nomeata" Breitner mail: mail@joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C JID: joachimbreitner@amessage.de | http://www.joachim-breitner.de/ Debian Developer: nomeata@debian.org Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html From wk at gnupg.org Mon Oct 11 08:26:26 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 11 08:29:28 2004 Subject: gpg-agent not caching card PINs? In-Reply-To: <1097344807.7019.3.camel@localhost.localdomain> (Joachim Breitner's message of "Sat, 09 Oct 2004 20:00:07 +0200") References: <1097344807.7019.3.camel@localhost.localdomain> Message-ID: <87wtxxojn1.fsf@wheatstone.g10code.de> On Sat, 09 Oct 2004 20:00:07 +0200, Joachim Breitner said: > Hullo, > I just got gpg-agent (thx to smurfix for packaging for debian). I got > version 1.9.11+cvs20040924-3. It works fine for on-disk-keys with > passwords, but for my on-card-signature-keys, it asks for the PIN every > time. It does ask using pinentry, so it goes through gpg-agent. Depends on the settings: $ gpg-card-status ... Signature PIN ....: not forced ... with this setting the PIN should get cached; the default however is "forced" which disables the cache for the signature PIN. Werner From micron at madlab.it Mon Oct 11 19:23:40 2004 From: micron at madlab.it (micron) Date: Mon Oct 11 19:24:46 2004 Subject: [gpgme] gpgme_data_seek error Message-ID: <200410111923.43345.micron@madlab.it> I'd like put the read/write position to the beginning of my databuffer (already initialized and filled up with data). So I used the function: gpgme_data_seek (dataBuffer, 0, SEEK_SET); but I get error code 22: "Invalid argument". Any suggestion? bye micron -- |? micron<- ICQ #118796665 |? GPG Key: |? ~ Keyserver: pgp.mit.edu |? ~ KeyID: 6D632BED ~ "Progress is merely a realisation of utopias" ~ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041011/a2275b7f/attachment.bin From wk at gnupg.org Tue Oct 12 14:31:03 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 12 14:34:25 2004 Subject: [gpgme] gpgme_data_seek error Message-ID: <87wtxwjeyg.fsf@wheatstone.g10code.de> On Mon, 11 Oct 2004 19:23:40 +0200, micron said: > (already initialized and filled up with data). > So I used the function: gpgme_data_seek (dataBuffer, 0, SEEK_SET); > but I get error code 22: "Invalid argument". A memory data object I presume? Did you check that DATABUFFER is no NULL? Use a debugger and step through this function. Werner From micron at madlab.it Wed Oct 13 20:46:51 2004 From: micron at madlab.it (micron) Date: Wed Oct 13 20:48:03 2004 Subject: [gpgme] gpgme_data_seek error In-Reply-To: <87wtxwjeyg.fsf@wheatstone.g10code.de> References: <87wtxwjeyg.fsf@wheatstone.g10code.de> Message-ID: <200410132046.53992.micron@madlab.it> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041013/0b1081b7/attachment.bin From wk at gnupg.org Thu Oct 14 11:54:20 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 14 11:54:30 2004 Subject: [gpgme] gpgme_data_seek error In-Reply-To: <200410132046.53992.micron@madlab.it> (micron@madlab.it's message of "Wed, 13 Oct 2004 20:46:51 +0200") References: <87wtxwjeyg.fsf@wheatstone.g10code.de> <200410132046.53992.micron@madlab.it> Message-ID: <87u0sxbp6b.fsf@wheatstone.g10code.de> On Wed, 13 Oct 2004 20:46:51 +0200, micron said: > Try to build the attacched file, it's taken from the cvs but I made a little > modification (it just fills a databuffer and then tries to read it). > You'll encvouter my same error. Hmm, it works for me: wk@wheatstone:~/tmp$ cc `gpgme-config --cflags --libs` -Wall -g t-sign.c t-sign.c: In function `main': t-sign.c:89: warning: unused variable `out' t-sign.c:90: warning: unused variable `result' t-sign.c:92: warning: unused variable `key' t-sign.c: At top level: t-sign.c:39: warning: `check_result' defined but not used wk@wheatstone:~/tmp$ ./a.out wk@wheatstone:~/tmp$ gpgme-config --cflags --libs --version 1.0.0 wk@wheatstone:~/tmp$ gpgme-config --cflags --libs -I/usr/local/include -I/usr/local/include -L/usr/local/lib -lgpgme -L/usr/local/lib -lgpg-error There have been no changes in that area since 0.9.0. Your problem might be due to the use of a non-matching off_t size - see the manual section on Largefile support. Shalom-Salam, Werner From saxon at email.dk Thu Oct 14 15:19:24 2004 From: saxon at email.dk (=?ISO-8859-1?Q?Michel_Thrys=F8e?=) Date: Thu Oct 14 13:15:54 2004 Subject: How to use the function mpi_fromstr? Message-ID: <416E7CDC.6020701@email.dk> Hi everybody.. Can the function mpi_fromstr found in mpicoder.c can somehow be used to generate an mpi from a public in clear text produced by the --armor option in gnupg? and if so how to i convert the key to a format readable by the mpi_fromstr function Currently im am looking for a way of using public key algorithms in the kernel and i found a kernel space conversion of parts of the gnupg lib. done by a security project found at "http://disec.sourceforge.net/". This seems to be able to do the job i need execpt they use the function "MPI mpi_read_from_buffer(...)" to import a key in binary format, which is currently not really pratical for me. Thanks in advance //Michel From micron at madlab.it Thu Oct 14 15:05:44 2004 From: micron at madlab.it (micron) Date: Thu Oct 14 15:07:09 2004 Subject: [gpgme] gpgme_data_seek error In-Reply-To: <87u0sxbp6b.fsf@wheatstone.g10code.de> References: <87wtxwjeyg.fsf@wheatstone.g10code.de> <200410132046.53992.micron@madlab.it> <87u0sxbp6b.fsf@wheatstone.g10code.de> Message-ID: <200410141505.45914.micron@madlab.it> On Thursday 14 October 2004 11:54, Werner Koch wrote: > Hmm, it works for me: [cut] > There have been no changes in that area since 0.9.0. > > Your problem might be due to the use of a non-matching off_t size - > see the manual section on Largefile support. I'm using gpgme on a ppc (ibook G4) and I forget to try this code on a x86 machine, I've always thought it was one of my mistakes... :) But now it seems to be only a ppc bug, anybody can confirm it? Here're my system informations: sytem: ibook G4 running gentoo linux gcc version 3.4.1 20040803 (Gentoo Linux 3.4.1-r3, ssp-3.4-2, pie-8.7.6.5) glibc-2.3.3 gpgme 0.9 IMHO i think the we've to seek the error into this function (taken from data.c): off_t gpgme_data_seek (gpgme_data_t dh, off_t offset, int whence) { printf ("data seek\n"); if (!dh) { errno = EINVAL; return -1; } if (!dh->cbs->read) { errno = EOPNOTSUPP; return -1; } return (*dh->cbs->seek) (dh, offset, whence); } This function doesn't fail into the first or the second if, so something must happen when we call "return (*dh->cbs->seek) (dh, offset, whence)". I wasn't unable to find the definition of dh->cbs->seek function so I'm unable to tell something more useful... What do you think? Cheers micron -- |? micron<- ICQ #118796665 |? GPG Key: |? ~ Keyserver: pgp.mit.edu |? ~ KeyID: 6D632BED ~ "Progress is merely a realisation of utopias" ~ From wk at gnupg.org Thu Oct 14 15:20:01 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 14 15:19:31 2004 Subject: How to use the function mpi_fromstr? In-Reply-To: <416E7CDC.6020701@email.dk> (Michel =?utf-8?q?Thrys=C3=B8e's?= message of "Thu, 14 Oct 2004 13:19:24 +0000") References: <416E7CDC.6020701@email.dk> Message-ID: <871xg1bfni.fsf@wheatstone.g10code.de> On Thu, 14 Oct 2004 13:19:24 +0000, Michel Thrys?e said: > Can the function mpi_fromstr found in mpicoder.c can somehow be used > to generate an mpi from a public in clear text produced by the --armor No. This is just string to binary MPI and not generally useful. To parse the key you need to take the code from parse-packet.c:parse_key. You may also want to look at the code below (from gnupg 1.9) which parses a key in memory to compute the fingerprint. Werner /* Parse a key packet and store the information in KI. */ static gpg_error_t parse_key (const unsigned char *data, size_t datalen, struct _keybox_openpgp_key_info *ki) { gpg_error_t err; const unsigned char *data_start = data; int i, version, algorithm; size_t n; unsigned long timestamp, expiredate; int npkey; unsigned char hashbuffer[768]; const unsigned char *mpi_n = NULL; size_t mpi_n_len = 0, mpi_e_len = 0; gcry_md_hd_t md; if (datalen < 5) return gpg_error (GPG_ERR_INV_PACKET); version = *data++; datalen--; if (version < 2 || version > 4 ) return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */ timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3])); data +=4; datalen -=4; if (version < 4) { unsigned short ndays; if (datalen < 2) return gpg_error (GPG_ERR_INV_PACKET); ndays = ((data[0]<<8)|(data[1])); data +=2; datalen -= 2; if (ndays) expiredate = ndays? (timestamp + ndays * 86400L) : 0; } else expiredate = 0; /* This is stored in the self-signature. */ if (!datalen) return gpg_error (GPG_ERR_INV_PACKET); algorithm = *data++; datalen--; switch (algorithm) { case 1: case 2: case 3: /* RSA */ npkey = 2; break; case 16: case 20: /* Elgamal */ npkey = 3; break; case 17: /* DSA */ npkey = 4; break; default: /* Unknown algorithm. */ return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); } for (i=0; i < npkey; i++ ) { unsigned int nbits, nbytes; if (datalen < 2) return gpg_error (GPG_ERR_INV_PACKET); nbits = ((data[0]<<8)|(data[1])); data += 2; datalen -=2; nbytes = (nbits+7) / 8; if (datalen < nbytes) return gpg_error (GPG_ERR_INV_PACKET); /* For use by v3 fingerprint calculation we need to know the RSA modulus and exponent. */ if (i==0) { mpi_n = data; mpi_n_len = nbytes; } else if (i==1) mpi_e_len = nbytes; data += nbytes; datalen -= nbytes; } n = data - data_start; if (version < 4) { /* We do not support any other algorithm than RSA in v3 packets. */ if (algorithm < 1 || algorithm > 3) return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); err = gcry_md_open (&md, GCRY_MD_MD5, 0); if (err) return err; /* Oops */ gcry_md_write (md, mpi_n, mpi_n_len); gcry_md_write (md, mpi_n+mpi_n_len+2, mpi_e_len); memcpy (ki->fpr, gcry_md_read (md, 0), 16); gcry_md_close (md); ki->fprlen = 16; if (mpi_n_len < 8) { /* Moduli less than 64 bit are out of the specs scope. Zero them out becuase this is what gpg does too. */ memset (ki->keyid, 0, 8); } else memcpy (ki->keyid, mpi_n + mpi_n_len - 8, 8); } else { /* Its a pitty that we need to prefix the buffer with the tag and a length header: We can't simply pass it to the fast hashing function for that reason. It might be a good idea to have a scatter-gather enabled hash function. What we do here is to use a static buffer if this one is large enough and only use the regular hash fucntions if this buffer is not large enough. */ if ( 3 + n < sizeof hashbuffer ) { hashbuffer[0] = 0x99; /* CTB */ hashbuffer[1] = (n >> 8); /* 2 byte length header. */ hashbuffer[2] = n; memcpy (hashbuffer + 3, data_start, n); gcry_md_hash_buffer (GCRY_MD_SHA1, ki->fpr, hashbuffer, 3 + n); } else { err = gcry_md_open (&md, GCRY_MD_SHA1, 0); if (err) return err; /* Oops */ gcry_md_putc (md, 0x99 ); /* CTB */ gcry_md_putc (md, (n >> 8) ); /* 2 byte length header. */ gcry_md_putc (md, n ); gcry_md_write (md, data_start, n); memcpy (ki->fpr, gcry_md_read (md, 0), 20); gcry_md_close (md); } ki->fprlen = 20; memcpy (ki->keyid, ki->fpr+12, 8); } return 0; } From albrecht.dress at arcor.de Thu Oct 14 19:42:25 2004 From: albrecht.dress at arcor.de (=?iso-8859-1?q?Albrecht_Dre=DF?=) Date: Thu Oct 14 19:41:10 2004 Subject: [gpgme] gpgme_data_seek error In-Reply-To: <200410141505.45914.micron@madlab.it> (from micron@madlab.it on Thu Oct 14 15:05:44 2004) References: <87wtxwjeyg.fsf@wheatstone.g10code.de> <200410132046.53992.micron@madlab.it> <87u0sxbp6b.fsf@wheatstone.g10code.de> <200410141505.45914.micron@madlab.it> Message-ID: <1097775752l.1342l.0l@antares.localdomain> Am 14.10.04 15:05 schrieb(en) micron: > I'm using gpgme on a ppc (ibook G4) and I forget to try this code on a > x86 > machine, I've always thought it was one of my mistakes... :) > But now it seems to be only a ppc bug, anybody can confirm it? I don't think so... I developed the GnuPG support for the Gnome MUA balsa completely on a PowerMac G4 Silver running YellowDog Linux 3.01, kernel 2.4.25-ben1, glibc 2.3.1, various gcc 3.2 and 3.3 versions and using almost all gpgme releases between 0.4.1 and 1.0.0 - I never saw any real problem. I only missed at some point in the docs that the large file support had changed (as Werner pointed out in an earlier message), of course leading to problems with gpgme_data_seek() and the seek callback. Adding AC_SYS_LARGEFILE to configure.in fixed the problem. So I guess there is some conflict with Gentoo and large files, i.e. `_FILE_OFFSET_BITS' and `_LARGE_FILES' are not set implicitly? If you have a Gnome 2 installation on your box, you might want to give Balsa a try (see http://balsa.gnome.org), or have a look at the core source file (which does not use the seek methods and should work safely with *and* without large file support): http://cvs.gnome.org/viewcvs/balsa/libbalsa/gmime-gpgme-context.c Hth, Cheers, Albrecht. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre? - Johanna-Kirchner-Stra?e 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041014/5e67e403/attachment.bin From micron at madlab.it Fri Oct 15 10:09:30 2004 From: micron at madlab.it (micron) Date: Fri Oct 15 10:11:22 2004 Subject: [gpgme] gpgme_data_seek error In-Reply-To: <1097775752l.1342l.0l@antares.localdomain> References: <87wtxwjeyg.fsf@wheatstone.g10code.de> <200410141505.45914.micron@madlab.it> <1097775752l.1342l.0l@antares.localdomain> Message-ID: <200410151009.32569.micron@madlab.it> On Thursday 14 October 2004 19:42, Albrecht Dre? wrote: > I only missed at some point in the docs that the large file support had > changed (as Werner pointed out in an earlier message), of course leading > to problems with gpgme_data_seek() and the seek callback. Adding > AC_SYS_LARGEFILE to configure.in fixed the problem. So I guess there is > some conflict with Gentoo and large files, i.e. `_FILE_OFFSET_BITS' and > `_LARGE_FILES' are not set implicitly? You're right, now it works fine. It was only one of my mistakes... ops :) > If you have a Gnome 2 installation on your box, you might want to give > Balsa a try (see http://balsa.gnome.org), or have a look at the core > source file (which does not use the seek methods and should work safely > with *and* without large file support): > http://cvs.gnome.org/viewcvs/balsa/libbalsa/gmime-gpgme-context.c Thanks, I'll study the code. Cheers micron -- |? micron<- ICQ #118796665 |? GPG Key: |? ~ Keyserver: pgp.mit.edu |? ~ KeyID: 6D632BED ~ "Progress is merely a realisation of utopias" ~ From wk at gnupg.org Fri Oct 15 15:10:27 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 15 15:14:33 2004 Subject: PIN entry with ASK_PASSPHRASE_SYM In-Reply-To: <1096976072.24661.5.camel@localhost.localdomain> (Joachim Breitner's message of "Tue, 05 Oct 2004 13:34:32 +0200") References: <1096976072.24661.5.camel@localhost.localdomain> Message-ID: <87zn2o6sak.fsf@wheatstone.g10code.de> On Tue, 05 Oct 2004 13:34:32 +0200, Joachim Breitner said: > I suggest you put > ASK_PASSPHRASE_PIN 0 I have done it this way NEED_PASSPHRASE_PIN Issued whenever a PIN is requested to unlock a card. > Additionally, currently gpg won't put GOOD_PASSPHRASE or BAD_PASSPHRASE > on the status line. I have not yet done this because BAD_PASSPHRASE takes a keyid and the PIN verification may get hidden in sequence of other commands. Not sure what to do here. I need to investigate a couple of other things first, like what to do with readers equipped with a pinpad. Werner From dshaw at jabberwocky.com Sat Oct 16 14:46:21 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Oct 16 15:02:18 2004 Subject: [Announce] GnuPG 1.3.91 released (development) Message-ID: <20041016124621.GA19126@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will extremely soon become the new stable release of GnuPG 1.4. We strongly encourage people to try this development release and report any feedback or problems to gnupg-devel@gnupg.org. If you have been waiting until the 1.4 release is imminent before trying the code, that time is now. The files are available from: Gzipped: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.gz (3.7M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.gz.sig Bzip2ed: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.bz2 (2.5M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.bz2.sig or as a patch against the 1.3.90 source: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90-1.3.91.diff.gz (1.9M) MD5 checksums for the files are: 839e1404fa7b59fb815f44527da2b821 gnupg-1.3.90-1.3.91.diff.gz bc03e5651387e996f122ecfdb970211b gnupg-1.3.91.tar.gz fb0f58ff5392c6c20759cd9de190c659 gnupg-1.3.91.tar.bz2 SHA1 checksums for the files are: eabf07abc4ca2deddfc917d55f340440331e2a0d gnupg-1.3.90-1.3.91.diff.gz d67a2d0fd640b1d38e3e34efa9430698c54e7a55 gnupg-1.3.91.tar.gz f1e9a9c00bd48165f7da0824504f2ee4551a5bf0 gnupg-1.3.91.tar.bz2 Noteworthy changes in version 1.3.91 (2004-10-15) - ------------------------------------------------- * A new configure option --enable-selinux-support disallows processing of confidential files used by gpg (e.g. secring.gpg). This helps writing ACLs for the SELinux kernel. * Support for fetching keys via finger has been added. This is useful for setting a preferred keyserver URL like "finger:wk@g10code.com". * Timeout support has been added to the keyserver helpers. This allows users to set an upper limit on how long to wait for the keyserver before giving up. * New "direct" trust model where users can set key validity directly if they do not want to participate in the web of trust. * Minor bug fixes, code and string cleanups. Enjoy! The GnuPG team (David, Stefan, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.91-cvs (GNU/Linux) iGoEARECACoFAkFxGB0jGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h c2MACgkQ4mZch0nhy8mnQgCfS+jst/eis2ZMQte8KrAvemYruPQAoMGcKpvBXtsO 7yB1ZQEScS64N09d =lVRT -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From petschy at lucifer.kgt.bme.hu Fri Oct 15 13:44:19 2004 From: petschy at lucifer.kgt.bme.hu (Felvegi Peter Andras) Date: Sat Oct 16 15:50:10 2004 Subject: strange gpg / pgp compatibility bug Message-ID: hello, we've run across a strange bug while dealing with pgp/gpg signatures. the scenario: a php script (linux/apache) receives POST data through https, the data is signed w/ pgp. it generates an answer, signs it w/ gpg 1.0.6 (with system()) and sends back. the other party got 'bad signature' messages all the time, using pgp. if we checked the signature w/ gpg, on another linux box, it was okay. if we checked w/ pgp on win32 (pgp fw 6.5.8), it gave 'bad signature'. did a few tests, the strangest thing was that the messages signed on the other linux box w/ gpg were checked fine by pgp on win32. narrowing down the logical reasons led to deal with the unlogical: the only difference between the two linux boxes were that the one with the web server used --homedir for the keyring directory, while the other used the default .gnupg in the user's home dir. the php script ran as www-data, with HOME=/var/www, but /var/www is owned by www-adm, so www-data can't write there. --homedir was /opt/keyring. this directory was creted by me, since gpg don't seem to init the directory passed with --homedir. i touched the keyring files and set the same permissions like on the files in .gnupg, then generated a key and imported public keys. i didn't make an options file. all the signature checks failed when using pgp/win32 for signatures generated with the keys in /opt/keyring, passed to gpg with --homedir. gpg checked them fine on the same box and on another too. after making a www-data dir in /home, and calling gpg as "HOME=/home/www-data gpg ..." (and generating a new key, and importing the needed pub keys) instead of using --homedir, everything was healed. now i wonder if anybody has an idea what the cause for this behaviour could be. please CC me any answers, i'm not on the list. cheers, peter From JPClizbe at comcast.net Sat Oct 16 12:13:34 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Oct 16 19:10:56 2004 Subject: Build Prob: GnuPG 1.3.92-cvs Win32 Message-ID: <4170F44E.8050400@comcast.net> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 432 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20041016/8e4b6314/signature.bin From ccorn at cs.tu-berlin.de Sun Oct 17 11:29:03 2004 From: ccorn at cs.tu-berlin.de (Christian Cornelssen) Date: Sun Oct 17 11:28:11 2004 Subject: gpg-1.3.91: g10/passphrase.c: format string argument type size_t -> int Message-ID: <20041017092903.GC12391@Dachs.Bau> Hi, gcc warned about this; uidlen is declared size_t, but passed as a ".*" (expected int) argument to sprintf. Here is the patch: --- g10/passphrase.c.orig Fri Oct 15 14:55:51 2004 +++ g10/passphrase.c Sun Oct 17 08:59:33 2004 @@ -700,7 +700,7 @@ + uidlen + 15 + strlen(algo_name) + keystrlen() + strlen (timestr) + strlen (maink) ); sprintf (atext, PROMPTSTRING, - uidlen, uid, + (int)uidlen, uid, nbits_from_pk (pk), algo_name, keystr(&keyid[0]), timestr, maink ); m_free (uid); Regards, Christian Cornelssen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: not available Url : /pipermail/attachments/20041017/657b6817/attachment.bin From ccorn at cs.tu-berlin.de Sun Oct 17 12:01:58 2004 From: ccorn at cs.tu-berlin.de (Christian Cornelssen) Date: Sun Oct 17 12:01:13 2004 Subject: gpg-1.3.91: gpg{,v}.info files Message-ID: <20041017100158.GD12391@Dachs.Bau> Hi, For the 1.3.91 release, install-info complains about the direntry lines in doc/gpg{,v}.info; it seems that the docbook2texi setup has changed: --- gnupg-1.2.6/doc/gpg.texi Fri Aug 13 18:40:20 2004 +++ gnupg-1.3.91/doc/gpg.texi Fri Oct 15 11:31:48 2004 @@ -1,28 +1,28 @@ \input texinfo -@c This Texinfo document has been automatically generated by -@c docbook2texi from a DocBook documentation. The tool used -@c can be found at: -@c -@c Please send any bug reports, improvements, comments, -@c patches, etc. to Steve Cheng . - @setfilename gpg.info -@dircategory GnuPG +@documentencoding us-ascii @direntry -* gpg: (gpg). GnuPG encryption and signing tool. +* gpg: . encryption and signing tool @end direntry [...] Regards, Christian Cornelssen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: not available Url : /pipermail/attachments/20041017/dff8d661/attachment-0001.bin From wk at gnupg.org Sun Oct 17 15:19:55 2004 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 17 15:48:05 2004 Subject: gpg-1.3.91: g10/passphrase.c: format string argument type size_t -> int In-Reply-To: <20041017092903.GC12391@Dachs.Bau> (Christian Cornelssen's message of "Sun, 17 Oct 2004 11:29:03 +0200") References: <20041017092903.GC12391@Dachs.Bau> Message-ID: <87fz4dqy6c.fsf@wheatstone.g10code.de> On Sun, 17 Oct 2004 11:29:03 +0200, Christian Cornelssen said: > Hi, > gcc warned about this; uidlen is declared size_t, but passed as a > ".*" (expected int) argument to sprintf. Here is the patch: Thanks. Werner From wk at gnupg.org Mon Oct 18 09:39:42 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 18 09:39:24 2004 Subject: gpg-1.3.91: gpg{,v}.info files In-Reply-To: <20041017100158.GD12391@Dachs.Bau> (Christian Cornelssen's message of "Sun, 17 Oct 2004 12:01:58 +0200") References: <20041017100158.GD12391@Dachs.Bau> Message-ID: <87sm8c79vl.fsf@wheatstone.g10code.de> On Sun, 17 Oct 2004 12:01:58 +0200, Christian Cornelssen said: > For the 1.3.91 release, install-info complains about the direntry > lines in doc/gpg{,v}.info; it seems that the docbook2texi setup I have changed the mk-gpg-texi script and checked that install-info groks the resulting info files. Thanks, Werner From mooney at dogbert.cc.ndsu.NoDak.edu Mon Oct 18 11:39:33 2004 From: mooney at dogbert.cc.ndsu.NoDak.edu (Tim Mooney) Date: Mon Oct 18 11:36:10 2004 Subject: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041016124621.GA19126@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> Message-ID: In regard to: [Announce] GnuPG 1.3.91 released (development), David Shaw...: > We strongly encourage people to try this development release and > report any feedback or problems to gnupg-devel@gnupg.org. If you have > been waiting until the 1.4 release is imminent before trying the code, > that time is now. It fails to compile on Tru64 UNIX 5.1b, in util/vasprintf.c: source='vasprintf.c' object='vasprintf.o' libtool=no \ DEPDIR=.deps depmode=tru64 /bin/sh ../scripts/depcomp \ cc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -I/local/include -std -O2 -g3 -tune host -arch host -portable -readonly_strings -msg_disable inlinestoclsmod,valuepres,trailcomma -I/local/include -msg_disable ptrmismatch -c vasprintf.c cc: Error: vasprintf.c, line 48: In this statement, "args" is of type "struct declared without a tag", and cannot be converted to "pointer to const void". (noconvert) memcpy (&ap, args, sizeof (va_list)); ---------------^ gmake[2]: *** [vasprintf.o] Error 1 gmake[2]: Leaving directory `/local/src/RPM/BUILD/gnupg-1.3.91/util' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/local/src/RPM/BUILD/gnupg-1.3.91' gmake: *** [all] Error 2 It fails on IRIX 6.5.22m, in g10.c: source='g10.c' object='g10.o' libtool=no \ depfile='.deps/g10.Po' tmpdepfile='.deps/g10.TPo' \ depmode=sgi /bin/sh ../scripts/depcomp \ cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -I/local/include -DGNUPG_LIBEXECDIR="\"/local/gnu/libexec/gnupg\"" -n32 -O2 -g3 -xansi -OPT:Olimit=3000 -woff 1185 -I/local/include -c `test -f 'g10.c' || echo './'`g10.c cc-1028 cc: ERROR File = g10.c, Line = 1466 The expression used must have a constant value. {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,&subpackets}, ^ I haven't had a chance to look at workarounds for either of these problems yet, but wanted to report them being the release sounds imminent. Tim -- Tim Mooney mooney@dogbert.cc.ndsu.NoDak.edu Information Technology Services (701) 231-1076 (Voice) Room 242-J6, IACC Building (701) 231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 From flz at xbsd.org Mon Oct 18 17:37:25 2004 From: flz at xbsd.org (Florent Thoumie) Date: Mon Oct 18 17:33:54 2004 Subject: Patch for http proxy support [util/http.c] Message-ID: <20041018153724.GC31085@gw.xbsd.org> Hi, This patch corrects a bug when the password in the following scheme [1] contains a '/'. There's also some style fixes (not much important). Again, thnks for your work. Here is the patch : --- patch-gnupg begins here --- --- util/http.c Sat Oct 16 23:31:36 2004 +++ util/http.c.new Mon Oct 18 17:17:53 2004 @@ -326,16 +326,17 @@ p++; if( *p == '/' ) { /* there seems to be a hostname */ p++; - if( (p2 = strchr(p, '/')) ) - *p2++ = 0; /* Check for username/password encoding */ - if((p3=strchr(p,'@'))) + if( (p3 = strchr(p, '@')) ) { uri->auth=p; *p3++='\0'; p=p3; } + + if( (p2 = strchr(p, '/')) ) + *p2++ = 0; strlwr( p ); uri->host = p; --- patch-gnupg ends here --- [1] http_proxy="http://user:password@proxy:3128" -- Florent Thoumie Epita SRS Promo 2005 web : http://xbsd.org/~flz work : (33 1) xxxxxxxx mail : flz@xbsd.org home : (33 1) 34162095 gpg : 1024D/ADF908C1 cell : (33 6) 76088660 From atom at suspicious.org Mon Oct 18 23:57:12 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Oct 18 23:54:05 2004 Subject: "--verify-options" Re: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041016124621.GA19126@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> Message-ID: <20041018173910.E98120@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 "--verify-options" - 1.3.6 had "show-validity", that's changed to "show-uid-validity"? it doesn't seem to be backwards compatable with a 1.3.6 config file. also "--display-charset" (1.3.6) seems to have changed to "--charset". "--debug-ccid-driver" (1.3.6) seems to be gone. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Aerial bombardment is never proportionate, measured or targeted. It evolves a logic of its own, an escalation of horror similar to that unleashed by the terrorist. Like all distant and indiscriminate violence, it breeds a violent response. It is the dumbest weapon of war." -- Simon Jenkins They Opted to Bomb - It Had Better Work -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBdDw/AAoJEAx/d+cTpVciIxIIAKASnR8egEWSCcsgs8f4dBpl vP1pN/TNZZx9TdeUnqYdbu5ndYzZT12FVRCGJa/CRobpfumZeamKb5HKWBtOCYYv LZRGtXeW+ev5HIjsC8pvYmnPdcwLnxp1FpNaQIMIXeNBejGNRY4HApBrx4jflNt1 0RMQnzyJQwYZtPBoo/W15poaIkeE88lB4WAI72Pi9BI5hb/r/hSkUQh7sccj6eft bLLzckjk04P13mrgl3XqAitoND0zNyTWb176qzb6votKZobMIZZD2MhbsVHq1fsq j6VpHT0oeNPpvYsa2u/42QR+onp66sVlKaDBBJvbIRBjfjEh+51g9DUEmnNg548= =AVv5 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 19 00:40:09 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 19 00:37:19 2004 Subject: "--verify-options" Re: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041018173910.E98120@willy_wonka> References: <20041016124621.GA19126@jabberwocky.com> <20041018173910.E98120@willy_wonka> Message-ID: <20041018224009.GA22391@jabberwocky.com> On Mon, Oct 18, 2004 at 05:57:12PM -0400, Atom 'Smasher' wrote: > "--verify-options" - 1.3.6 had "show-validity", that's changed to > "show-uid-validity"? it doesn't seem to be backwards compatable with a > 1.3.6 config file. also "--display-charset" (1.3.6) seems to have changed > to "--charset". > > "--debug-ccid-driver" (1.3.6) seems to be gone. In general, do not expect backwards compatibility between different flavors of 1.3.x. Are you sure you are running 1.3.91? All of those options still exist. David From atom at suspicious.org Tue Oct 19 00:46:19 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 19 00:43:08 2004 Subject: "--verify-options" Re: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041018224009.GA22391@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> <20041018173910.E98120@willy_wonka> <20041018224009.GA22391@jabberwocky.com> Message-ID: <20041018184442.Y98120@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 18 Oct 2004, David Shaw wrote: > Are you sure you are running 1.3.91? All of those options still exist. ========== $ gpg_1.3.91 --version gpg: unknown option `show-validity' gpg: /home/alpha/.gnupg/gpg.conf:228: invalid list options gpg (GnuPG) 1.3.91 ... - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "That's hard to tell. I think that, you know, I would hope to be able to convince people I could handle the Iraqi situation better." Bush-Gore debate, 11 Oct 2000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBdEfAAAoJEAx/d+cTpVcimIYH/35qGp7lkWhtvd9Uilge67Nr r9Ply3dWPxdPczniw62VpBfFjE1XLq11u9dBfP2SJ8AMLH4RZLJNPM5eV9zytam2 tC9MOgobx4XVDy7UQUYPdwYbYnN6+eYzyTfnBVoY0s8OyIV5nW9TY0ErgGrwVuCG 19Pb9hQ6UhCzTIKJFwkj0vO1tlqLmKq3fsK2yBZoT4nql90xKQ6d+CUC6g+YSajl ZfhO8mwfGTk4PfCp69MF5EUGGVm/Q7FEJoNi/xFf67r5WhFqExUNi/fjbAebkB7g gOaNz9sfo1cEgbLGVBzfMTABla39rXf54nP4sFABSBYKzWNvQJRxPbEXUm56GTo= =al9w -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 19 01:00:32 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 19 00:57:43 2004 Subject: Patch for http proxy support [util/http.c] In-Reply-To: <20041018153724.GC31085@gw.xbsd.org> References: <20041018153724.GC31085@gw.xbsd.org> Message-ID: <20041018230032.GB22391@jabberwocky.com> On Mon, Oct 18, 2004 at 05:37:25PM +0200, Florent Thoumie wrote: > Hi, > > This patch corrects a bug when the password in the following > scheme [1] contains a '/'. There's also some style fixes (not > much important). That is intentional, as the password is not permitted to contain a raw '/'. As per RFC-2396, a slash must be %-encoded to be in the password. David From dshaw at jabberwocky.com Tue Oct 19 01:33:26 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 19 01:30:39 2004 Subject: "--verify-options" Re: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041018184442.Y98120@willy_wonka> References: <20041016124621.GA19126@jabberwocky.com> <20041018173910.E98120@willy_wonka> <20041018224009.GA22391@jabberwocky.com> <20041018184442.Y98120@willy_wonka> Message-ID: <20041018233326.GA23673@jabberwocky.com> On Mon, Oct 18, 2004 at 06:46:19PM -0400, Atom 'Smasher' wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Mon, 18 Oct 2004, David Shaw wrote: > > >Are you sure you are running 1.3.91? All of those options still exist. > ========== > > $ gpg_1.3.91 --version > gpg: unknown option `show-validity' > gpg: /home/alpha/.gnupg/gpg.conf:228: invalid list options > gpg (GnuPG) 1.3.91 The --verify-option is show-validity. The --list-option is show-uid-validity. I may make them the same before 1.4 though to prevent confusion. David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 251 bytes Desc: not available Url : /pipermail/attachments/20041018/cb2ecbda/attachment.bin From atom at suspicious.org Tue Oct 19 01:51:07 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Oct 19 01:47:51 2004 Subject: "--verify-options" Re: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041018233326.GA23673@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> <20041018173910.E98120@willy_wonka> <20041018224009.GA22391@jabberwocky.com> <20041018184442.Y98120@willy_wonka> <20041018233326.GA23673@jabberwocky.com> Message-ID: <20041018194746.R98120@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 18 Oct 2004, David Shaw wrote: > The --verify-option is show-validity. The --list-option is > show-uid-validity. I may make them the same before 1.4 though to > prevent confusion. ================== now i'm confused.... the 1.3.6 man page shows that "--verify-option" and "--list-option" both have a "show-validity" parameter. the 1.3.91 man page shows that "--verify-option" and "--list-option" both have a "show-uid-validity" parameter. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Politics is the art of preventing people from taking part in affairs which properly concern them." -- Paul Valery -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBdFbxAAoJEAx/d+cTpVcieHMH/iWAMlGll3CkF+tfeKlWqJmz KWe4ppNd9OKiNz5tCx/ErPPY4bye8RCVQwVaqZxpIN8R3Vf43hPDehBI5GdaEtRV Ts7qjFpy4ggwSgeJhzrnyMdp9cG0PuQKViuJahBxAI0DedndkYxgFWQvRqDL2+WI 8IjiDgILdMTcFixCP/qZpiB0eeJLIu/DE2R4QMbsAvjJV6kWbzKwEkQF1mqamJGh ZTLcMsszSCrVT5vEt8lDLvhGXhDYVq3lA+leBKtTpHV7vlamCKbaX2QiTcZTjv8S /nVBqkYOqB+vVLBP4C/oAC5hDt2lys+5B8ecW2QvPdUJ9+NO46BIGyQr7uVeUys= =Ko0G -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 19 02:24:51 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 19 02:21:59 2004 Subject: "--verify-options" Re: [Announce] GnuPG 1.3.91 released (development) In-Reply-To: <20041018194746.R98120@willy_wonka> References: <20041016124621.GA19126@jabberwocky.com> <20041018173910.E98120@willy_wonka> <20041018224009.GA22391@jabberwocky.com> <20041018184442.Y98120@willy_wonka> <20041018233326.GA23673@jabberwocky.com> <20041018194746.R98120@willy_wonka> Message-ID: <20041019002451.GA24115@jabberwocky.com> On Mon, Oct 18, 2004 at 07:51:07PM -0400, Atom 'Smasher' wrote: > > On Mon, 18 Oct 2004, David Shaw wrote: > > >The --verify-option is show-validity. The --list-option is > >show-uid-validity. I may make them the same before 1.4 though to > >prevent confusion. > ================== > > now i'm confused.... > > the 1.3.6 man page shows that "--verify-option" and "--list-option" both > have a "show-validity" parameter. > > the 1.3.91 man page shows that "--verify-option" and "--list-option" both > have a "show-uid-validity" parameter. It's a documentation bug, but as I said, I might make the code match the docs in this regard for consistency. David From flz at xbsd.org Tue Oct 19 15:07:25 2004 From: flz at xbsd.org (Florent Thoumie) Date: Tue Oct 19 15:03:57 2004 Subject: Patch for http proxy support [util/http.c] In-Reply-To: <20041018230032.GB22391@jabberwocky.com> References: <20041018153724.GC31085@gw.xbsd.org> <20041018230032.GB22391@jabberwocky.com> Message-ID: <20041019130725.GD31085@gw.xbsd.org> On Mon, Oct 18, 2004 at 07:00:32PM -0400, David Shaw wrote: > That is intentional, as the password is not permitted to contain a raw > '/'. As per RFC-2396, a slash must be %-encoded to be in the > password. Ok, it wasn't clear to me since some application seems to handle '/' in http_proxy properly. -- Florent Thoumie Epita SRS Promo 2005 web : http://xbsd.org/~flz work : (33 1) xxxxxxxx mail : flz@xbsd.org home : (33 1) 34162095 gpg : 1024D/ADF908C1 cell : (33 6) 76088660 From joelb at homeschools.org Wed Oct 20 20:13:32 2004 From: joelb at homeschools.org (Joel Bennett) Date: Wed Oct 20 20:10:41 2004 Subject: CRC error...supress and get a read error? Message-ID: <4176AACC.8060908@homeschools.org> Hello, I am using a php program to interface with our remotely hosted server's pgp program. It emails the encrypted results to me. Everything was working just fine and we were receiving and decrypting messages. Today we got two emails that cannot be decrypted by Thunderbird/Enigmail. I have received encrypted mail since and it has worked. I cannot figure out why these two messages don't work. I jumped on gpg command line and saw that I was getting the following: CRC error; 7a00e7 - 82cded I supressed the CRC error and got this: gpg: block_filter 00908810: read error (size=8872,a->size=1408) gpg: WARNING: message was not integrity protected gpg: block_filter: pending bytes! Here is the message: -----BEGIN PGP MESSAGE----- Version: PGP 6.5.8 qANQR1DBwE4DJBprY+AB5ZoQA/9KK9X/FKurHp9hwswbBuvDSGnT4Hg1FQQXqNEE MPPjOoyts3lhc075qcjNCD+sQ+D0l0KcL4L4yWa/QG9uPWEzG0jmiEHVNsxhj9iM nP27aHpTlSbZKyDSlNTvrCgzviydQBLgh0tslYOx/sgGpD4LW2S0emrjNYIlujlb gk1kLgQAmWH5VTaNdQnjBuWBoi4nQq3etva2ZvS2h2g81sin8MCJMNk6YzZWGoHd a6jyR81q4vqXo1pg4lzbxkocVMmSD0ZM1p47KqGU8yvL8u8VUAzTB9eclYcollAk NTPeC1hQJPqf5BwaMG7+x1JWdEp02q7YUo/qLdw6Zjy5E5yXkafJwiXDtD6cEC+n whuGFAP4o8eVkk3heXqFCHAuVmowaQMAYzcO5xhjHcpx/ogAnOBj/kAiJy3HnGPG uWt9eNM+6MSghEG3QOugrj+yUykTJ0tTtP3TNcQd1wIYowLK0qtIgb/aG9GdPYOV dPxaVas35p0nUbX8beHJsTQVtolLPlL2cjYJVyJ7ZaHXzxCBHiyHgROy1HMNuY6J 5NihV2sVmFlVKm+odpmGyRnJmU1ThXjETgAODhdXmT4eYehLrbOQtfFGotImL295 qkV7uOCrpbTYlJeA0bjH8zWhmeOFP+py2hJ21qMVm8WQSFzIscIlytU63vDr9e1w krIwS75RnhQmV1WqKPd32RVwOjeqwHz4gA4A90CbxMLN3XawVH96ccaDqhg7T441 ImFP5sFNknMflMHK1SlkdVFva/ygdPlrVEe+xtuuuJHE89oIPjETYOtYZ66gd67Q sbx/gZ7jcRFOpFPNqF024U9F3UXoFO/rkzG0d8ui87qxazt+Qrto/LYx1mSSoEOY cUuCFWdv+h5nFlpiCxkSFRxdPXSPhgnh+CRZGfvpLaq08oHsLKxXejKHgK6Potdm WEyT4th9zupD3n2ZRzlX/sXtdxyommj0oL53oyE0+4BwniLP7YpBxVDQcWV1BqSH Kck+Y3R1G3IZFODQmHm8SFqB4XK1zopjC84CvGHtARfGjoFw69aTuOBKAAYGgJ5c eaJWFEu/PgW/XA1CKKU8jn2Y5wCO316A9GyXZMcr3d/+0EYXYrjU7m8Y4ZsD7yn4 CviztqmXHtPWg8QzZDQg4Jfx7tYm2wK4fdBsKWrT28aTx3K6N2HdHYz+e99LcaRm FAYV2cCOkCXJDtg8yvItyoDG55E79y2FQUwQBy5+pv9c1+X2ZJsNAndhern6KdrR vivkqZsbpviam50jTFs= =gs3t -----END PGP MESSAGE----- Any ideas? -- Joel Bennett CLASS Homeschools IT Department 847-259-4444 x157 From dshaw at jabberwocky.com Thu Oct 21 03:11:59 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Oct 21 03:09:14 2004 Subject: Build problems In-Reply-To: References: <20041016124621.GA19126@jabberwocky.com> Message-ID: <20041021011159.GB13939@jabberwocky.com> On Mon, Oct 18, 2004 at 04:39:33AM -0500, Tim Mooney wrote: > It fails on IRIX 6.5.22m, in g10.c: > > source='g10.c' object='g10.o' libtool=no \ > depfile='.deps/g10.Po' tmpdepfile='.deps/g10.TPo' \ > depmode=sgi /bin/sh ../scripts/depcomp \ > cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl -I/local/include > -DGNUPG_LIBEXECDIR="\"/local/gnu/libexec/gnupg\"" -n32 -O2 -g3 -xansi > -OPT:Olimit=3000 -woff 1185 -I/local/include -c `test -f 'g10.c' || echo > './'`g10.c > > cc-1028 cc: ERROR File = g10.c, Line = 1466 > The expression used must have a constant value. > > {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,&subpackets}, > ^ Seems to be a C89 vs C99 thing. I've fixed it, thanks for the report. David From asj at ipa.net Tue Oct 19 04:18:50 2004 From: asj at ipa.net (Alan S. Jones) Date: Thu Oct 21 09:40:06 2004 Subject: GnuPG 1.3.91 Win32 Binary Message-ID: <3.0.5.32.20041018211850.012bd638@popc.ipa.net> Will there be various binaries including Win32 of the 1.3.9x series before the final 1.4? -- Alan S. Jones asj@ipa.net http://users.ipa.net/~asj From wk at gnupg.org Thu Oct 21 11:50:04 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 11:49:23 2004 Subject: GnuPG 1.3.91 Win32 Binary In-Reply-To: <3.0.5.32.20041018211850.012bd638@popc.ipa.net> (Alan S. Jones's message of "Mon, 18 Oct 2004 21:18:50 -0500") References: <3.0.5.32.20041018211850.012bd638@popc.ipa.net> Message-ID: <878ya0flir.fsf@wheatstone.g10code.de> On Mon, 18 Oct 2004 21:18:50 -0500, Alan S Jones said: > Will there be various binaries including Win32 of the 1.3.9x series before > the final 1.4? Yes, we will release them before 1.4 Werner From mooney at dogbert.cc.ndsu.NoDak.edu Thu Oct 21 17:26:10 2004 From: mooney at dogbert.cc.ndsu.NoDak.edu (Tim Mooney) Date: Thu Oct 21 17:22:46 2004 Subject: Build problems In-Reply-To: <20041021011159.GB13939@jabberwocky.com> References: <20041016124621.GA19126@jabberwocky.com> <20041021011159.GB13939@jabberwocky.com> Message-ID: In regard to: Build problems, David Shaw said (at 9:11pm on Oct 20, 2004): > On Mon, Oct 18, 2004 at 04:39:33AM -0500, Tim Mooney wrote: > >> cc-1028 cc: ERROR File = g10.c, Line = 1466 >> The expression used must have a constant value. >> >> {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,&subpackets}, >> ^ > > Seems to be a C89 vs C99 thing. I've fixed it, thanks for the report. Thanks David. How about the Tru64 UNIX build error? I spent some time looking at that issue. - gnupg includes at least three different implementations of asprintf/vasprintf internally. - Using a newer version of vasprintf and asprintf from libiberty (I took them out of gdb-6.2.1) worked to build gnupg. I also needed to add a copy of ansidecl.h from libiberty. asprintf.c and vasprintf.c also include libiberty.h, but it wasn't truly needed so I commented it out. - even with the newer version of vasprintf from newer libiberty, there might be a problem. Either the older or newer version of vasprintf.c will build with IRIX's cc, but I found strong warnings in stdarg.h that programs should not assume that va_list is writeable, and the implementation from libiberty does. Tim -- Tim Mooney mooney@dogbert.cc.ndsu.NoDak.edu Information Technology Services (701) 231-1076 (Voice) Room 242-J6, IACC Building (701) 231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 From wk at gnupg.org Thu Oct 21 18:11:51 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 18:14:26 2004 Subject: GnuPG and smartcards In-Reply-To: <20041021155147.GB22978@opium.multi24.com> (Peter Palfrader's message of "Thu, 21 Oct 2004 17:51:47 +0200") References: <20041002155419.GC15332@jabberwocky.com> <20041002171131.GA10278@opium.multi24.com> <20041002194629.GD15332@jabberwocky.com> <87wty7entu.fsf@wheatstone.g10code.de> <20041003171241.GC513@opium.multi24.com> <877jq7ect3.fsf@wheatstone.g10code.de> <20041021013602.GA31719@opium.multi24.com> <87brewh7c3.fsf@wheatstone.g10code.de> <20041021072524.GB31719@opium.multi24.com> <87u0sofoct.fsf@wheatstone.g10code.de> <20041021155147.GB22978@opium.multi24.com> Message-ID: <87acugdpa0.fsf@wheatstone.g10code.de> On Thu, 21 Oct 2004 17:51:47 +0200, Peter Palfrader said: > It didn't say it for me: I have seen it just yesterday but will check again. > I created an RSA key (1024 bits primary, 1024 encryptiong subkey), and > moved the private keys to the card. > Signing works perfectly, however when I try to decrypt something, I get > the following: Might be related to ... > I also get errors, when I try to generate keys on card: > | gpg: please wait while key is being generated ... > | gpg: pcsc_transmit failed: not transacted (0x80100016) this or there is a real problem. The "not transacted" comes from pcsc and seems to be a catch-all error. I am looking into this with Ludovico (pcsclite) and Carlos (libtowitoko). I don't have these problem with the internal CCID driver. You should try it: make sure that libusb is available at build time and stop pcscd - the internal ccid driver will then be used. You need proper permissions for USB though; see below. I thought it is a problem with libtowitoko but may be the PC/SC CCID driver has the same problem - I didn't tested it due to USB stack problems on the other machine running linux 2.6.8. > [If you feel this should be moved to the gnupg-devel list, please do. > Please CC me in that case] Yep, it might be of interest to others too. Salam-Shalom, Werner ===== Preparing for the inetranl CCID driver ==== The USB stack is here accessed by means of libUSB through the special usbfd. Thus make sure that this file system has been mounted; the suggested way of doing so is by using the following line in /etc/fstab: none /proc/bus/usb usbfs default 0 0 To get the permission right you may use the lazy way of mounting the USB filesystem under your uid. For example if your userID is 1000, you may use this line in /etc/fstab none /proc/bus/usb usbfs default,devuid=1000 0 0 After mounting this file system (using "mount /proc/bus/usb") all files below /proc/bus/usb are owned by you. You may instead use devgid to allow access by a group. There is however a major security problem with this approach: The owner of the files has full permissions to all connected USB devices not matter what type of device. Thus it is strongly suggested to use the follwoing method instead. If your system comes with hotplug support you may assign permissions on a per devices base. Here we want to give permissions to all CCID devises to the user in the group "scard". You need to create the following 2 files. A mapping file to select what script to run for which device: === /etc/hotplug/usb/gnupg-ccid.usermap === # The entries below are used to detect CCID devices and run a script # # USB_MATCH_VENDOR 0x0001 # USB_MATCH_PRODUCT 0x0002 # USB_MATCH_DEV_LO 0x0004 # USB_MATCH_DEV_HI 0x0008 # USB_MATCH_DEV_CLASS 0x0010 # USB_MATCH_DEV_SUBCLASS 0x0020 # USB_MATCH_DEV_PROTOCOL 0x0040 # USB_MATCH_INT_CLASS 0x0080 # USB_MATCH_INT_SUBCLASS 0x0100 # USB_MATCH_INT_PROTOCOL 0x0200 # # script match_flags idVendor idProduct bcdDevice_lo bcdDevice_hi # bDeviceClass bDeviceSubClass bDeviceProtocol # bInterfaceClass bInterfaceSubClass bInterfaceProtocol driver_info # # flags V P Bcd C S Prot Clas Sub Prot Info # # Generic CCID device gnupg-ccid 0x0080 0x0 0x0 0 0 0 0 0x00 0x0B 0x00 0x00 0x00000000 # SPR532 is CCID but without the proper CCID class gnupg-ccid 0x0003 0x04e6 0xe003 0 0 0 0 0x00 0x0B 0x00 0x00 0x00000000 ======= This file states that the script "gnupg-ccid" should be run if a devices matching the parameters comes available by plugging it into the USB. The script to actually assign the permissions is: === /etc/hotplug/usb/gnupg-ccid === #!/bin/sh # This script changes the permissions and ownership of a USB device # under /proc/bus/usb to grant access to this device to users in the # "scard" group. # # Arguments : # ----------- # ACTION=[add|remove] # DEVICE=/proc/bus/usb/BBB/DDD # TYPE=usb # # latest hotplug doesn't set DEVICE on 2.6.x kernels if [ -z "$DEVICE" ] ; then IF=`echo $DEVPATH | sed 's/\(bus\/usb\/devices\/\)\(.*\)-\(.*\)/\2/'` DEV=`echo $DEVPATH | sed 's/\(bus\/usb\/devices\/\)\(.*\)-\(.*\)/\3/'` DEV=`expr $DEV + 1` DEVICE=`printf '/proc/bus/usb/%.03d/%.03d' $IF $DEV` fi if [ "$ACTION" = "add" -a "$TYPE" = "usb" ]; then chgrp scard "$DEVICE" chmod g=rw "$DEVICE" fi ====== Don't forget to "chmod +x" this script. From wk at gnupg.org Thu Oct 21 18:31:51 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 21 18:34:25 2004 Subject: Build problems In-Reply-To: (Tim Mooney's message of "Thu, 21 Oct 2004 10:26:10 -0500 (CDT)") References: <20041016124621.GA19126@jabberwocky.com> <20041021011159.GB13939@jabberwocky.com> Message-ID: <874qkodoco.fsf@wheatstone.g10code.de> On Thu, 21 Oct 2004 10:26:10 -0500 (CDT), Tim Mooney said: > - gnupg includes at least three different implementations of > asprintf/vasprintf internally. There is one used only for Windows and gettext (intl/) comes with its own implementation. The vasprintf under question comes from the 1.9 branch and we know that it works under Solaris. > - even with the newer version of vasprintf from newer libiberty, there > might be a problem. Either the older or newer version of vasprintf.c > will build with IRIX's cc, but I found strong warnings in stdarg.h that > programs should not assume that va_list is writeable, and the > implementation from libiberty does. Well we should take the latest one from gnulib which is the replacement of -liberty. It might be easier to get rid of aprintf entirely for 1.3 - I added the vasprintf just for one simple case which can be modified to not use asprintf. I gu8ess that is what I will do now. Werner From mooney at dogbert.cc.ndsu.NoDak.edu Thu Oct 21 18:42:07 2004 From: mooney at dogbert.cc.ndsu.NoDak.edu (Tim Mooney) Date: Thu Oct 21 18:38:41 2004 Subject: Build problems In-Reply-To: <874qkodoco.fsf@wheatstone.g10code.de> References: <20041016124621.GA19126@jabberwocky.com> <20041021011159.GB13939@jabberwocky.com> <874qkodoco.fsf@wheatstone.g10code.de> Message-ID: In regard to: Re: Build problems, Werner Koch said (at 6:31pm on Oct 21, 2004): >> - even with the newer version of vasprintf from newer libiberty, there >> might be a problem. Either the older or newer version of vasprintf.c >> will build with IRIX's cc, but I found strong warnings in stdarg.h that >> programs should not assume that va_list is writeable, and the >> implementation from libiberty does. > > Well we should take the latest one from gnulib which is the > replacement of -liberty. It might be easier to get rid of aprintf > entirely for 1.3 - I added the vasprintf just for one simple case > which can be modified to not use asprintf. I gu8ess that is what I > will do now. Thanks Werner. BTW, once I got by the vasprintf/asprintf build issue, gnupg 1.3.91 passed all its checks on Tru64 UNIX 5.1b. Tim -- Tim Mooney mooney@dogbert.cc.ndsu.NoDak.edu Information Technology Services (701) 231-1076 (Voice) Room 242-J6, IACC Building (701) 231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 From peter at palfrader.org Thu Oct 21 17:51:47 2004 From: peter at palfrader.org (Peter Palfrader) Date: Thu Oct 21 18:54:39 2004 Subject: GnuPG and smartcards In-Reply-To: <87u0sofoct.fsf@wheatstone.g10code.de> References: <20041002155419.GC15332@jabberwocky.com> <20041002171131.GA10278@opium.multi24.com> <20041002194629.GD15332@jabberwocky.com> <87wty7entu.fsf@wheatstone.g10code.de> <20041003171241.GC513@opium.multi24.com> <877jq7ect3.fsf@wheatstone.g10code.de> <20041021013602.GA31719@opium.multi24.com> <87brewh7c3.fsf@wheatstone.g10code.de> <20041021072524.GB31719@opium.multi24.com> <87u0sofoct.fsf@wheatstone.g10code.de> Message-ID: <20041021155147.GB22978@opium.multi24.com> On Thu, 21 Oct 2004, Werner Koch wrote: > On Thu, 21 Oct 2004 09:25:24 +0200, Peter Palfrader said: > > > Thanks, that did it. Is this documented somewhere? I couldn't find it > > on the web and gpg didn't print it for me. > > It should print it if the Displayed Name and no fingerprint has been > stored on the card. When I sent out cards I also document the PINs. It didn't say it for me: | weasel@galaxy:~/local/gnupg-1.3/bin$ ./gpg --card-edit | gpg: NOTE: THIS IS A DEVELOPMENT VERSION! | gpg: It is only intended for test purposes and should NOT be | gpg: used in a production environment or with production keys! | gpg: WARNING: using insecure memory! | gpg: please see http://www.gnupg.org/faq.html for more information | | gpg: detected reader `SCR 335 00 00' | Application ID ...: D27600012401000700000000000B0000 | Version ..........: 0.7 | Manufacturer .....: test card | Serial number ....: 0000000B | Name of cardholder: [not set] | Language prefs ...: de | Sex ..............: unspecified | URL of public key : [not set] | Login data .......: [not set] | Signature PIN ....: forced | Max. PIN lengths .: 254 254 254 | PIN retry counter : 3 3 3 | Signature counter : 0 | Signature key ....: [none] | Encryption key....: [none] | Authentication key: [none] | General key info..: [none] | | Command> admin | | Command> name | Cardholder's surname: Palfrader | Cardholder's given name: Peter | gpg: DBG: setting Name to `Palfrader< And yes, I am writing on a short HOWTO. That'ld be great. I created an RSA key (1024 bits primary, 1024 encryptiong subkey), and moved the private keys to the card. Signing works perfectly, however when I try to decrypt something, I get the following: | weasel@galaxy:~/local/gnupg-1.3/bin$ ./gpg msg.asc [..] | gpg: detected reader `SCR 335 00 00' | gpg: DBG: asking for PIN 'PIN' | | PIN | gpg: encrypted with 1024-bit RSA key, ID 0AA7A3EB, created 2004-10-21 | "test key #2" | gpg: public key decryption failed: general error | gpg: decryption failed: secret key not available However, the key is shown to be on the card: | weasel@galaxy:~/local/gnupg-1.3/bin$ ./gpg --card-edit [..] | gpg: detected reader `SCR 335 00 00' | Application ID ...: D27600012401000700000000000B0000 | Version ..........: 0.7 | Manufacturer .....: test card | Serial number ....: 0000000B | Name of cardholder: Peter Palfrader | Language prefs ...: de | Sex ..............: unspecified | URL of public key : [not set] | Login data .......: [not set] | Signature PIN ....: not forced | Max. PIN lengths .: 254 254 254 | PIN retry counter : 3 3 3 | Signature counter : 2 | Signature key ....: C6D5 0824 A809 7BE4 A361 C32F 093F F6DC C866 6A7F | Encryption key....: 507C 70C6 8356 7B18 7129 BDF0 DCD9 30F3 0AA7 A3EB | Authentication key: [none] | General key info..: | pub 1024R/C8666A7F 2004-10-21 test key #2 | I also get errors, when I try to generate keys on card: | weasel@galaxy:~/local/gnupg-1.3/bin$ ./gpg --card-edit | gpg: NOTE: THIS IS A DEVELOPMENT VERSION! | gpg: It is only intended for test purposes and should NOT be | gpg: used in a production environment or with production keys! | gpg: WARNING: using insecure memory! | gpg: please see http://www.gnupg.org/faq.html for more information | | gpg: detected reader `SCR 335 00 00' | Application ID ...: D27600012401000700000000000B0000 | Version ..........: 0.7 | Manufacturer .....: test card | Serial number ....: 0000000B | Name of cardholder: Peter Palfrader | Language prefs ...: de | Sex ..............: unspecified | URL of public key : [not set] | Login data .......: [not set] | Signature PIN ....: not forced | Max. PIN lengths .: 254 254 254 | PIN retry counter : 3 3 3 | Signature counter : 0 | Signature key ....: 5F4B 8822 9505 F0AB FCF9 B42E A539 7028 2348 6CE9 | Encryption key....: 971F 6CF0 3EA3 2224 A16B 07E6 197A 596B C16B 0A8A | Authentication key: [none] | General key info..: [none] | | Command> generate | | Admin-only command | | Command> admin | | Command> generate | Make off-card backup of encryption key? (Y/n) n | | gpg: NOTE: keys are already stored on the card! | | Replace existing keys? (y/N) y | gpg: DBG: asking for PIN 'PIN' | | PIN | Please specify how long the key should be valid. | 0 = key does not expire | = key expires in n days | w = key expires in n weeks | m = key expires in n months | y = key expires in n years | Key is valid for? (0) 2w | Key expires at Thu Nov 4 08:40:39 2004 CET | Is this correct? (y/N) y | | You need a user ID to identify your key; the software constructs the user ID | from the Real Name, Comment and Email Address in this form: | "Heinrich Heine (Der Dichter) " | | Real name: test key | Email address: | Comment: | You selected this USER-ID: | "test key" | | Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o | gpg: existing key will be replaced | gpg: 3 Admin PIN attempts remaining before card is permanently locked | gpg: DBG: asking for PIN 'Admin PIN' | | Admin PIN | gpg: please wait while key is being generated ... | gpg: pcsc_transmit failed: not transacted (0x80100016) | gpg: apdu_send_simple(0) failed: card I/O error | gpg: generating key failed | gpg: key generation failed: general error | gpg: pcsc_transmit failed: not transacted (0x80100016) | gpg: apdu_send_simple(0) failed: card I/O error | gpg: error reading application data | gpg: key generation failed: general error | gpg: pcsc_transmit failed: not transacted (0x80100016) | gpg: apdu_send_simple(0) failed: card I/O error | gpg: error reading application data | gpg: key generation failed: general error | Key generation failed: general error | | weasel@galaxy:~/local/gnupg-1.3/bin$ Is my card broken, or is there some other problem? Thanks for your great help. [If you feel this should be moved to the gnupg-devel list, please do. Please CC me in that case] -- Peter From mc_mc_mc at lycos.de Thu Oct 21 21:06:46 2004 From: mc_mc_mc at lycos.de (Markus Bauer) Date: Thu Oct 21 21:03:51 2004 Subject: GPG file format Message-ID: <1098385606000492@lycos-europe.com> Hi, Sorry that I post here now but I've already posted to the users list but could not get any information. I have an over-formatted hard drive (14GB) here containing a 130MB gpg file. I think the chance is small to find any blocks of the GPG file. But I'd like to know if there's somewhere a file specification. Do gpg files have a signature or a magic-string so that I may find a gpg file? And is the whole 130MB file encrypted at once or is it encrypted in "blocks" so that I may have the chance to recover at least a few blocks? If a gpg file is divided into blocks: Does each block have a "header" so that I may identify a GPG block? I hope there's anyone who could provide me with information about the file format... Thank you very much Markus PS: Sorry for writing OT but I do not know where to search. I aksed in the users-list and searched the web but I could not find anything null 1 Gigabyte für Ihre E-Mails! Premium E-Mail-Adresse bei Lycos: Profi-Antispam und AntiVirus, 1000 MB Mailspeicher, 100 free SMS, POP3, Weiterleitung und viele Extras: http://mail.lycos.de From alex at bofh.net.pl Fri Oct 22 00:54:14 2004 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Fri Oct 22 00:51:07 2004 Subject: GPG file format In-Reply-To: <1098385606000492@lycos-europe.com> References: <1098385606000492@lycos-europe.com> Message-ID: <20041021225413.GJ11815@syjon.fantastyka.net> On Thu, Oct 21, 2004 at 07:06:46PM +0000, Markus Bauer wrote: > Sorry that I post here now but I've already posted to the users list but > could not get any information. > But I'd like to know if there's somewhere a file specification. Do gpg > files have a signature or a magic-string so that I may find a gpg file? I guess you haven'teven managed to use google not to mention reading GnuPG's FM. OpenPGP format absolute definition is in RFCs 1991 and 2440. This is relevant section from GNU file(1) magic database: #------------------------------------------------------------------------------ # pgp: file(1) magic for Pretty Good Privacy # 0 beshort 0x9900 PGP key public ring 0 beshort 0x9501 PGP key security ring 0 beshort 0x9500 PGP key security ring 0 beshort 0xa600 PGP encrypted data 0 string -----BEGIN\040PGP PGP armored text >15 string PUBLIC\040KEY\040BLOCK- public key block >15 string MESSAGE- message >15 string SIGNED\040MESSAGE- signed message >15 string PGP\040SIGNATURE- signature > And is the whole 130MB file encrypted at once or is it encrypted in > "blocks" Sometimes. Sometimes not. The application is free to do it either way when creating the file. > so that I may have the chance to recover at least a few blocks? It is simple. Restore it from the backup, you do have backups, don't you? That's the simpliest method. OpenPGP format is quite compact and there is not much redundancy in it. No visible headers > If a gpg file is divided into blocks: Does each block have a "header" so > that I may identify a GPG block? If there are multiple packets in the mesage, yes. Read the RFCs. Alex -- 0x46399138 From fscheerer1 at gmx.de Thu Oct 21 20:33:02 2004 From: fscheerer1 at gmx.de (Franz Scheerer) Date: Fri Oct 22 10:52:53 2004 Subject: GnuPG and smartcards Message-ID: <200410212033.02179.fscheerer1@gmx.de> If I'm correctly informed GnuPG and smartcards use 1024 Bit RSA. The security level of RSA-1024 is comparable too about 80 Bit symmetric key and cannot be recarded as highly secure. From wk at gnupg.org Fri Oct 22 15:47:29 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Oct 22 15:49:25 2004 Subject: GnuPG and smartcards In-Reply-To: <200410212033.02179.fscheerer1@gmx.de> (Franz Scheerer's message of "Thu, 21 Oct 2004 20:33:02 +0200") References: <200410212033.02179.fscheerer1@gmx.de> Message-ID: <87acuezwy6.fsf@wheatstone.g10code.de> On Thu, 21 Oct 2004 20:33:02 +0200, Franz Scheerer said: > If I'm correctly informed GnuPG and smartcards use 1024 Bit RSA. The security > level of RSA-1024 is comparable too about 80 Bit symmetric key and cannot be > recarded as highly secure. Sorry, that is nonsense. The security is limited by the weakest link and for sure this is not the length of the key but the quality and security of the implementation and the entire environemt where it is used. A smartcard has the real advantage of protecting the secret key against a compromise by any non-physical attack. 2048 bit RSA is possible but chips for that are not available in masses and far too expensive. If you don't think so, build a 2048 smartcard - the specs and the implementation allows for that. Werner From zuxy.meng at gmail.com Fri Oct 22 20:18:33 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Fri Oct 22 20:15:10 2004 Subject: Could someone explain "DEK" for me? Message-ID: As in "public key encrypted data: good DEK". I'm a translator:-) -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From marcus.brinkmann at ruhr-uni-bochum.de Fri Oct 22 21:17:47 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Oct 22 21:43:31 2004 Subject: [Announce] GPGME 1.0.1 released References: <87d603agf9.wl@ulysses.g10code.de> Message-ID: <87pt3a4l5w.wl@ulysses.g10code.de> We are pleased to announce version 1.0.1 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file (about 795 KB compressed) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.0.1.tar.gz The following files are also available: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.0.1.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/alpha/gpgme/gpgme-1.0.0-1.0.1.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel@gnupg.org The md5sum checksums for this distibution are f9acf829e1d2821e62da8832e0bebf44 gpgme-1.0.0-1.0.1.diff.gz 915045809b729998e4b7cb58856550a4 gpgme-1.0.1.tar.gz f5d4961abc805d8f393893d86482b576 gpgme-1.0.1.tar.gz.sig Noteworthy changes in version 1.0.1 (2004-10-22) ------------------------------------------------ * Only bug fixes. Marcus Brinkmann mb@g10code.de _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From gnupg-devel=gnupg.org at lists.palfrader.org Sat Oct 23 04:19:14 2004 From: gnupg-devel=gnupg.org at lists.palfrader.org (Peter Palfrader) Date: Sat Oct 23 04:15:47 2004 Subject: GnuPG and smartcards In-Reply-To: <87acugdpa0.fsf@wheatstone.g10code.de> References: <20041002194629.GD15332@jabberwocky.com> <87wty7entu.fsf@wheatstone.g10code.de> <20041003171241.GC513@opium.multi24.com> <877jq7ect3.fsf@wheatstone.g10code.de> <20041021013602.GA31719@opium.multi24.com> <87brewh7c3.fsf@wheatstone.g10code.de> <20041021072524.GB31719@opium.multi24.com> <87u0sofoct.fsf@wheatstone.g10code.de> <20041021155147.GB22978@opium.multi24.com> <87acugdpa0.fsf@wheatstone.g10code.de> Message-ID: <20041023021914.GA25399@opium.multi24.com> On Thu, 21 Oct 2004, Werner Koch wrote: > > I also get errors, when I try to generate keys on card: > > > | gpg: please wait while key is being generated ... > > | gpg: pcsc_transmit failed: not transacted (0x80100016) > > this or there is a real problem. > > The "not transacted" comes from pcsc and seems to be a catch-all > error. I am looking into this with Ludovico (pcsclite) and Carlos > (libtowitoko). I don't have these problem with the internal CCID > driver. You should try it: make sure that libusb is available at > build time and stop pcscd - the internal ccid driver will then be > used. You need proper permissions for USB though; see below. > > I thought it is a problem with libtowitoko but may be the PC/SC CCID > driver has the same problem - I didn't tested it due to USB stack > problems on the other machine running linux 2.6.8. As before, signing works. However, it only works once, then I have to restart hotplug (which unloads and reloads the modules). Decryption never works: | gpg: apdu_send_simple(0) failed: card I/O error | Please insert the card and hit return or enter 'c' to cancel: Maybe I find the time to try it on a 32 bit system with 2.6.9 soon. This is 2.6.7 x86_64 with 64 bit userland. -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ From marc.mutz at uni-bielefeld.de Sat Oct 23 10:41:16 2004 From: marc.mutz at uni-bielefeld.de (Marc Mutz) Date: Sat Oct 23 10:37:57 2004 Subject: [gpgme cvs] compile error in tests/ Message-ID: <200410231041.16844.Marc.Mutz@uni-bielefeld.de> Hi, it's only in tests/, but before running "make check", so it's hard to install the library this way (w/o hacking Makefile.am to exclude the test, which I did). GpgME CVS from a few mins ago: gcc-3.3 -g -O2 -I/usr/include -Wall -Wcast-align -Wshadow -Wstrict-prototypes -o .libs/t-encrypt t-encrypt.o ../../gpgme/.libs/libgpgme.so ../../gpgme/.libs/libgpgme.so: undefined reference to `_gpgme_engine_ops_gpgsm' collect2: ld returned 1 exit status make[3]: *** [t-encrypt] Error 1 make[3]: Leaving directory `/home/marc/gpgme/tests/gpg' Other tests fail to compile equally... Marc -- Ein Grundrecht auf Sicherheit steht bewusst nicht in der Verfassung. -- Sabine Leutheusser-Schnarrenberger (ehem. Bundesjustizministerin) From marcus.brinkmann at ruhr-uni-bochum.de Sat Oct 23 12:43:12 2004 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sat Oct 23 12:40:39 2004 Subject: [gpgme cvs] compile error in tests/ In-Reply-To: <200410231041.16844.Marc.Mutz@uni-bielefeld.de> References: <200410231041.16844.Marc.Mutz@uni-bielefeld.de> Message-ID: <87k6th4svz.wl@ulysses.g10code.de> At Sat, 23 Oct 2004 10:41:16 +0200, Marc Mutz wrote: > it's only in tests/, but before running "make check", so it's hard to > install the library this way (w/o hacking Makefile.am to exclude the > test, which I did). It was a small glitch in the configure test. A fix is in since yesterday, and actually I released 1.0.1 last night, so you can use that. (The Too_Long_Line vs Ambiguous_Name glitch is also fixed in 1.0.1, btw). Thanks, Marcus From venona at gmx.ch Sat Oct 23 19:08:03 2004 From: venona at gmx.ch (Kazuya Matsumoto) Date: Sat Oct 23 19:05:14 2004 Subject: Could someone explain "DEK" for me? In-Reply-To: References: Message-ID: <20041024020803.4638073e.venona@gmx.ch> On Sat, 23 Oct 2004 02:18:33 +0800 Zuxy wrote: > As in "public key encrypted data: good DEK". I'm a translator:-) DEK stands for "Data Encryption Key" :-) See pubkey-enc.c of version 1.3.91 at line 182. From zuxy.meng at gmail.com Sun Oct 24 06:00:43 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sun Oct 24 05:57:19 2004 Subject: Could someone explain "DEK" for me? In-Reply-To: <20041024020803.4638073e.venona@gmx.ch> References: <20041024020803.4638073e.venona@gmx.ch> Message-ID: On Sun, 24 Oct 2004 02:08:03 +0900, Kazuya Matsumoto wrote: > On Sat, 23 Oct 2004 02:18:33 +0800 > DEK stands for "Data Encryption Key" :-) > See pubkey-enc.c of version 1.3.91 at line 182. Thanks! Or can I call it a session key? -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From albrecht.dress at arcor.de Sun Oct 24 18:49:28 2004 From: albrecht.dress at arcor.de (=?iso-8859-1?q?Albrecht_Dre=DF?=) Date: Sun Oct 24 18:46:12 2004 Subject: BUG: gpg(2)/pinentry-curses interaction faulty Message-ID: <1098636576l.14586l.4l@antares.localdomain> Hi all, apparently gpg and gpg2 have problems to determine the TTY for interaction with pinentry-curses. Whereas gpgsm passes e.g. "OPTION ttyname=/dev/ pts/1" to pinentry-curses, gpg always sends "OPTION ttyname=/dev/tty", which makes pinentry-curses and in turn gpg(2) fail. X11 pinentry's (gtk, gtk-2) work perfectly with gpg, gpg2 and gpgsm. The workaround for this problem is adding something like GPG_TTY=$(tty) to e.g. .bashrc, but of course it would be better if gpg(2) like gpgsm would set ttyname correctly. My system is a PowerMac running Linux 2.4.25, glibc 2.3.1 and gnupg 1.9.11 and 1.2.6, if this is important. Cheers, Albrecht. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre? - Johanna-Kirchner-Stra?e 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041024/694202b3/attachment.bin From pragai at rubin.hu Sun Oct 24 19:35:23 2004 From: pragai at rubin.hu (=?ISO-8859-2?Q?=22Pr=E1gai=2C_R=F3bert=22?=) Date: Sun Oct 24 19:32:03 2004 Subject: cryptoflex egate cards Message-ID: <417BE7DB.3060904@rubin.hu> Hi, has anyone tried gpg 1.9x with Schlumberger Cryptoflex cards? Could anyone describe the method briefly how to install the openpgp application into such a card? thanks, Robert From mail at joachim-breitner.de Mon Oct 25 01:08:37 2004 From: mail at joachim-breitner.de (Joachim Breitner) Date: Mon Oct 25 01:08:19 2004 Subject: gpg-agent not caching card PINs? In-Reply-To: <87wtxxojn1.fsf@wheatstone.g10code.de> References: <1097344807.7019.3.camel@localhost.localdomain> <87wtxxojn1.fsf@wheatstone.g10code.de> Message-ID: <1098659317.15785.5.camel@localhost.localdomain> Hi Werner, Am Montag, den 11.10.2004, 08:26 +0200 schrieb Werner Koch: > On Sat, 09 Oct 2004 20:00:07 +0200, Joachim Breitner said: > > Hullo, > > I just got gpg-agent (thx to smurfix for packaging for debian). I got > > version 1.9.11+cvs20040924-3. It works fine for on-disk-keys with > > passwords, but for my on-card-signature-keys, it asks for the PIN every > > time. It does ask using pinentry, so it goes through gpg-agent. > > Depends on the settings: > > $ gpg-card-status > ... > Signature PIN ....: not forced > ... > > with this setting the PIN should get cached; the default however is > "forced" which disables the cache for the signature PIN. I don't remember changeing it, but gpg --card-status tells me it is not forced. Still, gpg-agent does not seem to cache my PINs. Only option set is the pinentry program. Is there anything you want me to check here? Thanks, nomeata -- Joachim Breitner e-Mail: mail@joachim-breitner.de Homepage: http://www.joachim-breitner.de ICQ#: 74513189 Bitte senden Sie mir keine Word- oder PowerPoint-Anh?nge. Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html From alex at bofh.net.pl Mon Oct 25 02:06:22 2004 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Mon Oct 25 02:03:16 2004 Subject: Could someone explain "DEK" for me? In-Reply-To: References: <20041024020803.4638073e.venona@gmx.ch> Message-ID: <20041025000621.GR11815@syjon.fantastyka.net> On Sun, Oct 24, 2004 at 12:00:43PM +0800, Zuxy wrote: > On Sun, 24 Oct 2004 02:08:03 +0900, Kazuya Matsumoto wrote: > > On Sat, 23 Oct 2004 02:18:33 +0800 > > DEK stands for "Data Encryption Key" :-) > > See pubkey-enc.c of version 1.3.91 at line 182. > > Thanks! Or can I call it a session key? No, 'session key' implies existence of a session of some kind. Just call it 'encryption key'. I did the same. Alex -- 0x46399138 From zuxy.meng at gmail.com Mon Oct 25 04:02:02 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Mon Oct 25 03:58:36 2004 Subject: Could someone explain "DEK" for me? In-Reply-To: <20041025000621.GR11815@syjon.fantastyka.net> References: <20041024020803.4638073e.venona@gmx.ch> <20041025000621.GR11815@syjon.fantastyka.net> Message-ID: Thanks a lot. Could you explain these two terms further for me? On Mon, 25 Oct 2004 02:06:22 +0200, Janusz A. Urbanowicz wrote: > No, 'session key' implies existence of a session of some kind. Just call it > 'encryption key'. I did the same. Are both of them (DEK and session key) symmetrical encryption key? I once believed use of public key encryption implies a session. -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From wk at gnupg.org Mon Oct 25 10:07:56 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 25 10:09:25 2004 Subject: Could someone explain "DEK" for me? In-Reply-To: (zuxy.meng@gmail.com's message of "Mon, 25 Oct 2004 10:02:02 +0800") References: <20041024020803.4638073e.venona@gmx.ch> <20041025000621.GR11815@syjon.fantastyka.net> Message-ID: <87oeiruso3.fsf@wheatstone.g10code.de> On Mon, 25 Oct 2004 10:02:02 +0800, Zuxy said: > Are both of them (DEK and session key) symmetrical encryption key? DEK is OpenPGP parlance and in particular the structure: typedef struct { int algo; int keylen; int algo_info_printed; int use_mdc; byte key[32]; /* this is the largest used keylen (256 bit) */ } DEK; "session key" would be fine with me. I can't recall why I used "DEK" in the error message - its too long ago. Werner From alex at bofh.net.pl Mon Oct 25 10:25:24 2004 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Mon Oct 25 10:22:52 2004 Subject: Could someone explain "DEK" for me? In-Reply-To: <87oeiruso3.fsf@wheatstone.g10code.de> References: <20041024020803.4638073e.venona@gmx.ch> <20041025000621.GR11815@syjon.fantastyka.net> <87oeiruso3.fsf@wheatstone.g10code.de> Message-ID: <20041025082524.GU11815@syjon.fantastyka.net> On Mon, Oct 25, 2004 at 10:07:56AM +0200, Werner Koch wrote: > On Mon, 25 Oct 2004 10:02:02 +0800, Zuxy said: > > > Are both of them (DEK and session key) symmetrical encryption key? > > DEK is OpenPGP parlance and in particular the structure: > > typedef struct { > int algo; > int keylen; > int algo_info_printed; > int use_mdc; > byte key[32]; /* this is the largest used keylen (256 bit) */ > } DEK; > > "session key" would be fine with me. I can't recall why I used "DEK" > in the error message - its too long ago. I also encountered DEK term before while reading on PEM, and possibly Kerberos too. From my understanding the term means always trhe actual symmetrical key the data is encrypting with as opposed to various keys and like named entities in upper layers of given protocol. In PEM this was the symmetrical key used for encryption of data, as opposed to symmetrical keys being assigned to sender/recipient. And yes, I agree that sometimes, GnuPG messages are somewhat baroque in the language. :-) Alex -- 0x46399138 From john at johnrshannon.com Mon Oct 25 10:29:13 2004 From: john at johnrshannon.com (John R. Shannon) Date: Mon Oct 25 10:25:57 2004 Subject: crls via proxy Message-ID: <200410250229.13974.john@johnrshannon.com> What must I do to configure dirmngr to use a http proxy? If I execute: env http_proxy=http://192.168.1.4:3128/ dirmngr --fetch-crl http://onsitecrl.verisign.com/USGovernmentDODIECA3G2Encryption/LatestCRL.crl my firewall log shows a blocked attempt to access port 80 indicating the http_proxy environment variable is not honored. -- John R. Shannon john@johnrshannon.com From wk at gnupg.org Mon Oct 25 10:25:32 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 25 10:29:26 2004 Subject: GnuPG and smartcards In-Reply-To: <20041023021914.GA25399@opium.multi24.com> (Peter Palfrader's message of "Sat, 23 Oct 2004 04:19:14 +0200") References: <20041002194629.GD15332@jabberwocky.com> <87wty7entu.fsf@wheatstone.g10code.de> <20041003171241.GC513@opium.multi24.com> <877jq7ect3.fsf@wheatstone.g10code.de> <20041021013602.GA31719@opium.multi24.com> <87brewh7c3.fsf@wheatstone.g10code.de> <20041021072524.GB31719@opium.multi24.com> <87u0sofoct.fsf@wheatstone.g10code.de> <20041021155147.GB22978@opium.multi24.com> <87acugdpa0.fsf@wheatstone.g10code.de> <20041023021914.GA25399@opium.multi24.com> Message-ID: <87fz43urur.fsf@wheatstone.g10code.de> On Sat, 23 Oct 2004 04:19:14 +0200, Peter Palfrader said: > Maybe I find the time to try it on a 32 bit system with 2.6.9 soon. Please try it on a Linux 2.4 > This is 2.6.7 x86_64 with 64 bit userland. Don't think that the 64 bits are the reason. I encounter the same problem on plain ia32 under 2.6.9 Werner From wk at gnupg.org Mon Oct 25 10:40:32 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 25 10:44:27 2004 Subject: BUG: gpg(2)/pinentry-curses interaction faulty In-Reply-To: <1098636576l.14586l.4l@antares.localdomain> (Albrecht =?utf-8?q?Dre=C3=9F's?= message of "Sun, 24 Oct 2004 16:49:28 +0000") References: <1098636576l.14586l.4l@antares.localdomain> Message-ID: <87brerur5r.fsf@wheatstone.g10code.de> On Sun, 24 Oct 2004 16:49:28 +0000, Albrecht Dre? said: > The workaround for this problem is adding something like GPG_TTY=$(tty) to > e.g. .bashrc, but of course it would be better if gpg(2) like gpgsm would > set ttyname correctly. They only try to set the tty correctly but they won't be able to do this reliable. As stated in the manual, setting GPG_TTY before running a program using gpg or gpgsm is the only way to go. The problem is that ttyname(3) needs a file descriptor connected to the TTY - this is not always the case. It is also not possible to use /dev/tty because the pinentry is called from a process without a controlling terminal. getenv("GPG_TTY") must always return a filename which can be opened as a terminal. That is, it shall return what you expect tty(1) to return - even if there is no associated tty. Remember that we are writing to a tty from an unrelated background process. Shalom-Salam, Werner From wk at gnupg.org Mon Oct 25 10:41:38 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 25 10:44:37 2004 Subject: cryptoflex egate cards In-Reply-To: <417BE7DB.3060904@rubin.hu> =?utf-8?q?=28R=C3=B3bert_Pr=C3=A1gai's?= message of "Sun, 24 Oct 2004 19:35:23 +0200") References: <417BE7DB.3060904@rubin.hu> Message-ID: <877jpfur3x.fsf@wheatstone.g10code.de> On Sun, 24 Oct 2004 19:35:23 +0200, Pr?gai, R?bert said: > has anyone tried gpg 1.9x with Schlumberger Cryptoflex cards? > Could anyone describe the method briefly how to install the openpgp > application into such a card? You can't. Werner From wk at gnupg.org Mon Oct 25 10:44:40 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 25 10:44:50 2004 Subject: gpg-agent not caching card PINs? In-Reply-To: <1098659317.15785.5.camel@localhost.localdomain> (Joachim Breitner's message of "Mon, 25 Oct 2004 01:08:37 +0200") References: <1097344807.7019.3.camel@localhost.localdomain> <87wtxxojn1.fsf@wheatstone.g10code.de> <1098659317.15785.5.camel@localhost.localdomain> Message-ID: <873c03uqyv.fsf@wheatstone.g10code.de> On Mon, 25 Oct 2004 01:08:37 +0200, Joachim Breitner said: > I don't remember changeing it, but gpg --card-status tells me it is not > forced. Still, gpg-agent does not seem to cache my PINs. Only option set > is the pinentry program. [gnupg 1.9] I gues you don't have gpg-agent running in the background. As a fallback the agent gets forked by gpg and thus it will terminate when gpg terminates - no way to cache anything then. Run just "gpg-agent"; it should tell you whether there is an instance of it running in the background. Werner From wk at gnupg.org Mon Oct 25 11:03:11 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Oct 25 11:04:25 2004 Subject: crls via proxy In-Reply-To: <200410250229.13974.john@johnrshannon.com> (John R. Shannon's message of "Mon, 25 Oct 2004 02:29:13 -0600") References: <200410250229.13974.john@johnrshannon.com> Message-ID: <87u0sjtbjk.fsf@wheatstone.g10code.de> On Mon, 25 Oct 2004 02:29:13 -0600, John R Shannon said: > What must I do to configure dirmngr to use a http proxy? Sorry, there is no proxy support yet. However it is easy to patch: src/http.c:send_request change if ((hd->flags & HTTP_FLAG_TRY_PROXY) && (http_proxy = getenv (HTTP_PROXY_ENV))) to if ((http_proxy = getenv (HTTP_PROXY_ENV))) I'll add the missing option --honor-http-proxy to the next release. Hth, Werner From pragai at rubin.hu Mon Oct 25 12:11:30 2004 From: pragai at rubin.hu (=?UTF-8?B?IlByw6FnYWksIFLDs2JlcnQi?=) Date: Mon Oct 25 12:08:19 2004 Subject: cryptoflex egate cards In-Reply-To: <877jpfur3x.fsf@wheatstone.g10code.de> References: <417BE7DB.3060904@rubin.hu> <877jpfur3x.fsf@wheatstone.g10code.de> Message-ID: <417CD152.4050206@rubin.hu> Hi, OK I see, but what could I do to make it working. I mean isn't there an option to include support for it? thanks, Robert > On Sun, 24 Oct 2004 19:35:23 +0200, Pr?gai, R?bert said: > > >> has anyone tried gpg 1.9x with Schlumberger Cryptoflex cards? >>Could anyone describe the method briefly how to install the openpgp >>application into such a card? > > > You can't. > > Werner > From shannonjr at netbsd.org Sat Oct 23 13:45:35 2004 From: shannonjr at netbsd.org (John R. Shannon) Date: Mon Oct 25 14:53:24 2004 Subject: crls via proxy Message-ID: <200410230545.35166.shannonjr@netbsd.org> What must I do to configure dirmngr to use a http proxy? If I execute: env http_proxy=http://192.168.1.4:3128/ dirmngr --fetch-crl http://onsitecrl.verisign.com/USGovernmentDODIECA3G2Encryption/LatestCRL.crl my firewall log shows a blocked attempt to access port 80 indicating the http_proxy environment variable is not honored. -- John R. Shannon shannonjr@netbsd.org From zuxy.meng at gmail.com Mon Oct 25 15:27:37 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Mon Oct 25 15:51:23 2004 Subject: Could someone explain "DEK" for me? In-Reply-To: <87oeiruso3.fsf@wheatstone.g10code.de> References: <20041024020803.4638073e.venona@gmx.ch> <20041025000621.GR11815@syjon.fantastyka.net> <87oeiruso3.fsf@wheatstone.g10code.de> Message-ID: On Mon, 25 Oct 2004 10:07:56 +0200, Werner Koch wrote: > "session key" would be fine with me. I can't recall why I used "DEK" > in the error message - its too long ago. g10/mainproc.c:428 in 1.3.91. This isnt't an error message but printed when you decrypt a message verbosely. -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From albrecht.dress at arcor.de Mon Oct 25 21:14:10 2004 From: albrecht.dress at arcor.de (=?iso-8859-1?q?Albrecht_Dre=DF?=) Date: Mon Oct 25 21:28:29 2004 Subject: BUG: gpg(2)/pinentry-curses interaction faulty In-Reply-To: <87brerur5r.fsf@wheatstone.g10code.de> (from wk@gnupg.org on Mon Oct 25 10:40:32 2004) References: <1098636576l.14586l.4l@antares.localdomain> <87brerur5r.fsf@wheatstone.g10code.de> Message-ID: <1098731651l.1406l.1l@antares.localdomain> Am 25.10.04 10:40 schrieb(en) Werner Koch: > They only try to set the tty correctly but they won't be able to do > this reliable. As stated in the manual, setting GPG_TTY before [snipped problem description] > - even if there is no associated tty. Remember that we are writing to > a tty from an unrelated background process. I know, and I know the workaround with setting the tty in .bashrc. My point was that gpgsm *does* figure out the right ttyname and gpg doesn't, so it's just the suggestion (and I agree with you that "bug" isn't the right description) that gpg might use the same way like gpgsm... Cheers, Albrecht. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre? - Johanna-Kirchner-Stra?e 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041025/296599b7/attachment.bin From wk at gnupg.org Tue Oct 26 09:26:04 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 26 09:29:30 2004 Subject: BUG: gpg(2)/pinentry-curses interaction faulty In-Reply-To: <1098731651l.1406l.1l@antares.localdomain> (Albrecht =?utf-8?q?Dre=C3=9F's?= message of "Mon, 25 Oct 2004 19:14:10 +0000") References: <1098636576l.14586l.4l@antares.localdomain> <87brerur5r.fsf@wheatstone.g10code.de> <1098731651l.1406l.1l@antares.localdomain> Message-ID: <871xfmlz3n.fsf@wheatstone.g10code.de> On Mon, 25 Oct 2004 19:14:10 +0000, Albrecht Dre? said: > I know, and I know the workaround with setting the tty in .bashrc. My > point was that gpgsm *does* figure out the right ttyname and gpg doesn't, Okay, if the gpgsm thing really works for you I'll see whether I can add it to gpg too. Werner From fscheerer1 at gmx.de Tue Oct 26 18:39:24 2004 From: fscheerer1 at gmx.de (Franz Scheerer) Date: Wed Oct 27 11:51:13 2004 Subject: MD5 collisions Message-ID: <200410261839.25317.fscheerer1@gmx.de> http://eprint.iacr.org/2004/199/ FYI From alex at bofh.net.pl Wed Oct 27 13:16:41 2004 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Wed Oct 27 13:13:38 2004 Subject: MD5 collisions In-Reply-To: <200410261839.25317.fscheerer1@gmx.de> References: <200410261839.25317.fscheerer1@gmx.de> Message-ID: <20041027111641.GD14998@syjon.fantastyka.net> On Tue, Oct 26, 2004 at 06:39:24PM +0200, Franz Scheerer wrote: > http://eprint.iacr.org/2004/199/ Well, my answer to this situation is placed in ~/.gnupg/gpg.conf and goes like this: personal-digest-preferences sha256 ripemd160 Alex -- mors ab alto 0x46399138 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20041027/96fbe124/attachment-0001.bin From atom at suspicious.org Wed Oct 27 18:27:00 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Oct 27 18:23:45 2004 Subject: --with-fingerprint(s) Message-ID: <20041027162709.25009.qmail@suspicious.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 testing with 1.3.6 ## readinbg stdin $ gpg --with-fingerprints < keyfile gpg: Invalid option "--with-fingerprints" $ gpg --with-fingerprint < keyfile ## this works as expected ## ## reading from keyring file $ gpg --list-keys smasher --with-fingerprints $ gpg --list-keys smasher --with-fingerprint ## these both work as expected ## why does --with-fingerprint(s) work with list-keys but only - --with-fingerprint works with stdin? - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Simply stated, there is no doubt that Saddam Hussein now has weapons of mass destruction." -- Dick Cheney, 26 August 2002 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBf8xaAAoJEAx/d+cTpVcifN4H/jbcwL5kb4JB/Xf1qvarRrCS dIIh41tr3t84hrle4toZ4bzLIH1OEnwvTT8wKkV02z+DBH2AROdJYlvUjh09JkWe Nl/0xOXKORnxCJjl2WXbvRZYZB8Ze/GFNW/9ZYWp99r59eeEBxNiKHsmZVs11jHW fXo4CPV43V2FQAKwxgwabLIJ6gI5CK6Y7qTuxwgXYJbvuZjpBswkQJqaQvQckEst /oG1gifXhcTKgb/6QVt0kIPL/vy4bMcloReUfqLgTeWSJiGQvY7V7I1nG98LcDvJ HIvgfrOZYrSr+b86C3g7hUAaq/xBVSp7cvMYMv3kkMZePJiBY9bXkVzjXLWDyOw= =zK+2 -----END PGP SIGNATURE----- From wk at gnupg.org Thu Oct 28 12:48:16 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 28 12:49:29 2004 Subject: --with-fingerprint(s) In-Reply-To: <20041027162709.25009.qmail@suspicious.org> (atom@suspicious.org's message of "Wed, 27 Oct 2004 12:27:00 -0400 (EDT)") References: <20041027162709.25009.qmail@suspicious.org> Message-ID: <87y8hrce4v.fsf@wheatstone.g10code.de> On Wed, 27 Oct 2004 12:27:00 -0400 (EDT), Atom 'Smasher' said: > ## reading from keyring file > $ gpg --list-keys smasher --with-fingerprints > $ gpg --list-keys smasher --with-fingerprint > ## these both work as expected ## > why does --with-fingerprint(s) work with list-keys but only > - --with-fingerprint works with stdin? With gpg you can't mix options and arguments. As soon as a non-option is recognized the remaining words on the line are not checked for beeing an option. What you want is: > $ gpg --list-keys --with-fingerprint smasher > Version: GnuPG v1.3.6 (FreeBSD) Still using 1.3.6 ? I just released 1.3.92. Salam-Shalom, Werner From wk at gnupg.org Thu Oct 28 12:42:14 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 28 13:12:20 2004 Subject: [Announce] GnuPG 1.3.92 released (development) Message-ID: <873bzzdszd.fsf@wheatstone.g10code.de> Skipped content of type multipart/signed-------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From wk at gnupg.org Thu Oct 28 14:30:58 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 28 14:43:38 2004 Subject: [Announce] GnuPG 1.3.92 released (development) Message-ID: <87d5z3c9dp.fsf@wheatstone.g10code.de> [Obviously Mailman broke the PGP/MIME signature again. Therefore I see no other way than to repost it using the plain old clear sign format] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! The latest release from the development branch of GnuPG is ready for public consumption. This is a branch to create what will extremely soon become the new stable release of GnuPG 1.4. We strongly encourage people to try this development release and report any feedback or problems to gnupg-devel@gnupg.org. If you have been waiting until the 1.4 release is imminent before trying the code, that time is now. The files are available from: Gzipped: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz (3.8M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz.sig Bzip2ed: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2 (2.6M) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2.sig or as a patch against the 1.3.91 source: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92-1.3.92.diff.gz (602k) MD5 checksums for the files are: 285789af00856a12354fd3d967cf61b4 gnupg-1.3.92.tar.gz bc9ee1f97d22dc727a00dfbfe2ebbf5e gnupg-1.3.92.tar.bz2 4ea581339dcf46cd8c21d928d4f9b759 gnupg-1.3.91-1.3.92.diff.gz SHA1 checksums for the files are: e03bb8d584fcf6c2a4567027012ce8012d6f85ec gnupg-1.3.92.tar.gz e208f9db3fcab4b0c9afc089b6eff49a739289dc gnupg-1.3.92.tar.bz2 620f045f49d02f210edb95e3f2c6f9a42b72632c gnupg-1.3.91-1.3.92.diff.gz A compiled version for MS Windows is available: ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip (1.5M) ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip.sig For proper internationalization you should have the GNU iconv.dll installed. For convenience we make this DLL available at: ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip (644k) ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip.sig MD5 checksums for the files are: a5967c5b466e7fb3cf176a30623f55bd gnupg-w32cli-1.3.92.zip f3582d28862c539d2f655ade5e141f2f libiconv-1.9.1.dll.zip Noteworthy changes in version 1.3.92 (2004-10-28) - ------------------------------------------------- * Added Russian man page. Thanks to Pawel I. Shajdo. * libiconv is now used to support other character sets other than UTF-8, Latin-1,-2 and KOI8-2. The W32 version will only work correctly when iconv.dll is installed on the system. A binary version is available at all GNU mirror sites under libiconv. * gettext for Windows has been simplified. The MO files are now distributed UTF-8 encoded and gpg translates on the fly. Enjoy! The GnuPG team (David, Stefan, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (GNU/Linux) iEYEARECAAYFAkGA5cYACgkQYHhOlAEKV+3tHACfVCC7nAQBcaFseqI/F5onSnDT wccAn0RofBK6+v2cDHt3NrL6iojgaY5+ =OtpX -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From mooney at dogbert.cc.ndsu.NoDak.edu Thu Oct 28 18:32:20 2004 From: mooney at dogbert.cc.ndsu.NoDak.edu (Tim Mooney) Date: Thu Oct 28 18:29:01 2004 Subject: new build problem with 1.3.92 (iconv) Message-ID: With 1.3.92, I get a (new) link failure for gpgsplit and other tools: cc -std -O2 -g3 -tune host -arch host -portable -readonly_strings -msg_disable inlinestoclsmod,valuepres,trailcomma -I/local/include -msg_disable ptrmismatch -L/local/lib -o gpgsplit gpgsplit.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -lz -lbz2 -lrt ld: Unresolved: iconv_open iconv iconv_close gmake[2]: *** [gpgsplit] Error 1 gmake[2]: Leaving directory `/local/src/RPM/BUILD/gnupg-1.3.92/tools' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/local/src/RPM/BUILD/gnupg-1.3.92' gmake: *** [all] Error 2 Bad exit status from /var/tmp/rpm-tmp.30588 (%build) Tru64 and a few other platforms have iconv in libiconv, not in libc. gnupg is correctly detecting this, and the various Makefiles have LIBICONV = -liconv the problem is that $(LIBICONV) isn't included after libutil.a in any of the LDADD lines. The included patch fixed it for me. Tim -- Tim Mooney mooney@dogbert.cc.ndsu.NoDak.edu Information Technology Services (701) 231-1076 (Voice) Room 242-J6, IACC Building (701) 231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 --- gnupg-1.3.92.orig/tools/Makefile.am 2003-10-25 10:03:13.000000000 -0500 +++ gnupg-1.3.92/tools/Makefile.am 2004-10-28 11:01:28.000000000 -0500 @@ -25,9 +25,9 @@ bin_PROGRAMS = gpgsplit noinst_PROGRAMS = mpicalc bftest clean-sat mk-tdata shmtest -gpgsplit_LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ @ZLIBS@ -mpicalc_LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ @W32LIBS@ -bftest_LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ @W32LIBS@ @DLLIBS@ @NETLIBS@ -shmtest_LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ +gpgsplit_LDADD = $(needed_libs) $(LIBICONV) @LIBINTL@ @CAPLIBS@ @ZLIBS@ +mpicalc_LDADD = $(needed_libs) $(LIBICONV) @LIBINTL@ @CAPLIBS@ @W32LIBS@ +bftest_LDADD = $(needed_libs) $(LIBICONV) @LIBINTL@ @CAPLIBS@ @W32LIBS@ @DLLIBS@ @NETLIBS@ +shmtest_LDADD = $(needed_libs) $(LIBICONV) @LIBINTL@ @CAPLIBS@ gpgsplit mpicalc bftest shmtest: $(needed_libs) --- gnupg-1.3.92.orig/g10/Makefile.am 2004-04-27 02:48:53.000000000 -0500 +++ gnupg-1.3.92/g10/Makefile.am 2004-10-28 11:13:08.000000000 -0500 @@ -131,7 +131,7 @@ # ks-db.h \ # $(common_source) -LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ @ZLIBS@ @W32LIBS@ +LDADD = $(needed_libs) $(LIBICONV) @LIBINTL@ @CAPLIBS@ @ZLIBS@ @W32LIBS@ gpg_LDADD = $(LDADD) @DLLIBS@ @NETLIBS@ @LIBUSB_LIBS@ $(PROGRAMS): $(needed_libs) --- gnupg-1.3.92.orig/keyserver/Makefile.am 2004-10-15 04:53:34.000000000 -0500 +++ gnupg-1.3.92/keyserver/Makefile.am 2004-10-28 11:15:30.000000000 -0500 @@ -32,10 +32,10 @@ gpgkeys_http_SOURCES = gpgkeys_http.c ksutil.c ksutil.h gpgkeys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h -gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ -gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ -gpgkeys_http_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ -gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ +gpgkeys_ldap_LDADD = ../util/libutil.a $(LIBICONV) @LDAPLIBS@ @NETLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ +gpgkeys_hkp_LDADD = ../util/libutil.a $(LIBICONV) @NETLIBS@ @SRVLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ +gpgkeys_http_LDADD = ../util/libutil.a $(LIBICONV) @NETLIBS@ @SRVLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ +gpgkeys_finger_LDADD = ../util/libutil.a $(LIBICONV) @NETLIBS@ @LIBINTL@ @CAPLIBS@ @GETOPT@ @W32LIBS@ install-exec-hook: if GPGKEYS_LDAP From wk at gnupg.org Thu Oct 28 20:51:59 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Oct 28 20:54:32 2004 Subject: new build problem with 1.3.92 (iconv) In-Reply-To: (Tim Mooney's message of "Thu, 28 Oct 2004 11:32:20 -0500 (CDT)") References: Message-ID: <87y8hq8yls.fsf@wheatstone.g10code.de> On Thu, 28 Oct 2004 11:32:20 -0500 (CDT), Tim Mooney said: > the problem is that $(LIBICONV) isn't included after libutil.a in > any of the LDADD lines. The included patch fixed it for me. Thanks, I haved fixed it. Werner From atom at suspicious.org Thu Oct 28 23:38:13 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Thu Oct 28 23:34:59 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: <87d5z3c9dp.fsf@wheatstone.g10code.de> References: <87d5z3c9dp.fsf@wheatstone.g10code.de> Message-ID: <20041028213821.16844.qmail@suspicious.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 i haven't torture-tested it but it seems to build and run fine on freeBSD 4.9. one request: include the version number in the man page. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "As long as war is regarded as wicked, it will always have its fascination. When it is looked upon as vulgar, it will cease to be popular." -- Oscar Wilde -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBgWbLAAoJEAx/d+cTpVcip2YH/ivlON5Nq0+CJBauGXL0zHgn rACvpGrQX9Hoc3qRpL98FSDBx509CeeXMZPKQW6zityf6MTuJK1l9/HTLBMSJBkb UDdCjJHpY3lknJV6by2Kyju5aMWvW/OLvKHPT/nojlawfIIlocCIn1o/O7ovnQzG u4zgLn5AGDRmyJEQ0jkeYhYFrV5LMgmDtLzSvijAMYgXlLgMr0PTFTrkd6T15ClP ktq/IxNZHB77Go8zYICnLX3fAY46Hk/dinV6cIgzSo8bJc60WkEG/xHfPdVdcOKT SD3tkknyJZSRYALPgpdC5EV2ftNVqoz1nWsTg5bc+Ab/1iPsJTH4Bl8QbSG7/cQ= =nhlM -----END PGP SIGNATURE----- From jvender at owensboro.net Fri Oct 29 14:26:11 2004 From: jvender at owensboro.net (Joe Vender) Date: Fri Oct 29 14:23:33 2004 Subject: iconv.dll-GnuPG question Message-ID: <200410290726110010.001231BD@216.135.2.37> How do I native build GnuPG 1.3.92 on windows using MSYS/MingW32 so that GnuPG doesn't require the iconv.dll in the system path but builds the iconv dependencies into the GnuPG binaries? My MSYS/MingW32 is set up as per http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html Thanks From JPClizbe at comcast.net Sat Oct 30 07:15:06 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Oct 30 07:12:25 2004 Subject: iconv.dll-GnuPG question In-Reply-To: <200410290726110010.001231BD@216.135.2.37> References: <200410290726110010.001231BD@216.135.2.37> Message-ID: <4183235A.1030505@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe Vender wrote: > How do I native build GnuPG 1.3.92 on windows using MSYS/MingW32 so > that GnuPG doesn't require the iconv.dll in the system path but builds the > iconv dependencies into the GnuPG binaries? > > My MSYS/MingW32 is set up as per > http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html There are four distros of libiconv available for Windows. Three are hosted on SourceForge as part of the gettext, gnuwin32, and mingw projects. The fourth is hosted at Gnu.org. The gettext and gnu.org binary packages ship iconv.dll. The other two ship with libiconv-2.dll. You /could/ grab the libiconv source and configure it to do a static build of the libraries, but that would be a *lot* of bloat (~600-850kB) to include into your GnuPG binaries. (It's also not a very pretty process - see the source READMEs for details.) - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.93-cvs (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBgyNZHQSsSmCNKhARAlbaAKCcUN17LIjbc5UkBF49Npx+CPmjLQCgv4gB AWpqfanNc0pep/GWrNQGMHk= =xKIm -----END PGP SIGNATURE----- From JPClizbe at comcast.net Sat Oct 30 08:14:51 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Oct 30 08:12:05 2004 Subject: [Announce] GnuPG 1.3.92 released (development) In-Reply-To: <873bzzdszd.fsf@wheatstone.g10code.de> References: <873bzzdszd.fsf@wheatstone.g10code.de> Message-ID: <4183315B.6020107@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: > Hello! > > The latest release from the development branch of GnuPG is ready for > public consumption. This is a branch to create what will extremely > soon become the new stable release of GnuPG 1.4. > > We strongly encourage people to try this development release and > report any feedback or problems to gnupg-devel@gnupg.org. If you have > been waiting until the 1.4 release is imminent before trying the code, > that time is now. W00T!!!!! Y'all fixed the HAVE_INTTYPES_H configure glitch that showed up in MinGW starting with mingw-runtime-3.3. I used to just patch config.h to get around it. Next you'll take away the 'touch po/all' "bug", and I'll be left with nothing but (./configure && make) which IMO is a *GOOD THING*(tm). (THANK YOU!!!)**4 I was tracking that one down in *my spare time*, but work has been keeping me swamped. BTW, the 1.3.92 release and 1.3.93-cvs built without anything unexpected. Oh, even with conditionally included in gpgkeys_ldap.c, is still needed by MinGW for -lwldap32 to pass the LDAPLIBS test in configure and for gpgkeys_ldap to build. Perhaps the same conditional should be in configure when testing for LDAPLIBS: +++ #ifdef _WIN32 #include #include #else #include #endif +++ Once again, THANK YOU to the entire GnuPG team. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.91 (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBgzFaHQSsSmCNKhARAglpAJ0aCXQMklBwcsJlOdBi6Tc5EiQzTwCgrSKr RUKq0uoEmxEnu4xGXM3dNEU= =9htS -----END PGP SIGNATURE----- From fscheerer1 at gmx.de Sat Oct 30 16:19:24 2004 From: fscheerer1 at gmx.de (Franz Scheerer) Date: Sat Oct 30 17:05:22 2004 Subject: Weakness in MD5 or SHA-1 ? Message-ID: <200410301619.24829.fscheerer1@gmx.de> It is funny to read about a weakness in SHA-1, which is considered to be a secure, collision resistant hash function, while MD5 is proven to be not collision resistant and still used. >with all this talk of (allegedly!) weak and broken hashes, i'd like to >throw out a construct to combine 2 or more hashes and (it seems) make the >construct more secure than either one of the hashes independently: take >two or more hashes and XOR them. >if i XOR the output of an SHA-1 and RIPEMD-160 hash, the only way to >"break" the resulting hash would require breaking *both* SHA-1 and >RIPEMD-160. SHA-1 and RIPEMD-160 are collision resistant hash functions. Therefore, not any attack is known, which may allow to find two differnent messages having the same SHA-1 or RIPEMD-160 value. There is your problem ? This does'nt prove that h = SHA-1 XOR RIPEMD-160 is collision resistant. This might not be true in case SHA-1 and RIPEMD-160 are correlated. For a message M h(M) = 0 <=> SHA-1(M) = RIPEMD-160(M). It might be possible to find two such messages even if SHA-1 and RIPEMD-160 are collision resistant. >the same mechanism can apply to more than two hashes as input, but i'm not >enough of a math guy to figure out where is the point of diminishing >return (or if there is such a point). intuitively, it seems (to me) that >if N hashes are used as input, the protocol is secure as long as any one >of the input hashes can not be broken. i'm also not enough of a math guy That is certainly not generally true. Consider two collision resistant hash functions h1, h2 and define h:= h1 XOR h2. If you can find two messages M1,M2 with h1(M1) = h2(M1) and h1(M2) = h2(M2) there is a collision in h, since h(M1) = h(M2) = 0. >to figure out (quantifiably) what would be gained (or lost) by combining >hashes of different sizes, and maybe even truncating the output. Don't worry about SHA-1 and replace MD5. From atom at suspicious.org Sat Oct 30 17:52:51 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sat Oct 30 17:49:48 2004 Subject: Weakness in MD5 or SHA-1 ? In-Reply-To: <200410301619.24829.fscheerer1@gmx.de> References: <200410301619.24829.fscheerer1@gmx.de> Message-ID: <20041030155302.68451.qmail@suspicious.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sat, 30 Oct 2004, Franz Scheerer wrote: > Don't worry about SHA-1 ============= famous last words. not that i think an attack is around the corner... but it's unlikely that research will make FIPS 180-1 any stronger. > and replace MD5. ============= agreed. MD5 is well on its way to becoming more of a 128 bit checksum and less of a secure hash. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Those who make peaceful revolution impossible will make violent revolution inevitable." -- John F. Kennedy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBg7jaAAoJEAx/d+cTpVciCF8IALIWRl+uEWPeEtzWNFQuWKOf 7Ypui9d8URrXqua34RAjd5xbloj8JuZd0oN/J8uI5CoBJsLagP+b8o6d2PwDNbsA 9qmD1WncYi19O+D5EJtEWWLxWvbv0QFmVhnbThaHZvqWXoYQNDsGdLUIZeaYnUcO Pf0fy+1bzv1tc3vFKh++ASBxwvEkGgUymbXKu6ApOc+JzH3Htp3Mk+gy6Lhyb8Vx zDC67bpXN6oZDv3dby8teZ7AKqEIuc0PGfQdHqQ575lSx+d7t5weyzM6uRjKixkw 8cirpQnsQtrHWAg+FW29FvdR+z3CXmv41O+H+XmmXYYtlrlHsKA6p9/e1we8/X8= =0nPJ -----END PGP SIGNATURE----- From zuxy.meng at gmail.com Sat Oct 30 18:48:32 2004 From: zuxy.meng at gmail.com (Zuxy) Date: Sat Oct 30 18:45:01 2004 Subject: GnuPG 1.3.92: Debug info left in simple-text.c In-Reply-To: References: Message-ID: A misterious static variable 'debug_hack' was left in function 'get_string( struct loaded_domain *domain, u32 idx )' in 'simple-text.c', and it causes the output messed up every 3 times....After I commented it out the output became normal. So maybe someone has forgotten something? :-) -- Zuxy Beauty is truth, While truth is beauty. PGP KeyID: E8555ED6 From wk at gnupg.org Sun Oct 31 00:43:32 2004 From: wk at gnupg.org (Werner Koch) Date: Sun Oct 31 10:08:43 2004 Subject: GnuPG 1.3.92: Debug info left in simple-text.c In-Reply-To: (zuxy.meng@gmail.com's message of "Sun, 31 Oct 2004 00:48:32 +0800") References: Message-ID: <87k6t7vncb.fsf@wheatstone.g10code.de> On Sun, 31 Oct 2004 00:48:32 +0800, Zuxy said: > A misterious static variable 'debug_hack' was left in function > 'get_string( struct loaded_domain *domain, u32 idx )' in > 'simple-text.c', and it causes the output messed up every 3 Ah sorry. I probably forgot to remove it. It was intended to test the code because usually it won't get hit because in general a utf-8 message should be larger than the translated text and thus we can do it in place. Thanks, Werner