From ken.takusagawa.2 at gmail.com Fri Aug 1 09:43:36 2008 From: ken.takusagawa.2 at gmail.com (Ken Takusagawa) Date: Fri, 1 Aug 2008 03:43:36 -0400 Subject: preprocessor bug in tdbio Message-ID: <4dcea1d80808010043k7f0b28d1o348fa3aae4309315@mail.gmail.com> The following code tdbio.c (gnupg 1.4.7) will not compile if EROFS is not set because the close paren is inside the ifdef. (I have not encountered this as a problem in practice.) if (db_fd == -1 && (errno == EACCES #ifdef EROFS || errno == EROFS) #endif ) { From wk at gnupg.org Fri Aug 1 12:13:21 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 01 Aug 2008 12:13:21 +0200 Subject: preprocessor bug in tdbio In-Reply-To: <4dcea1d80808010043k7f0b28d1o348fa3aae4309315@mail.gmail.com> (Ken Takusagawa's message of "Fri, 1 Aug 2008 03:43:36 -0400") References: <4dcea1d80808010043k7f0b28d1o348fa3aae4309315@mail.gmail.com> Message-ID: <878wvhcabi.fsf@wheatstone.g10code.de> On Fri, 1 Aug 2008 09:43, ken.takusagawa.2 at gmail.com said: > The following code tdbio.c (gnupg 1.4.7) will not compile if EROFS is > not set because the close paren is inside the ifdef. (I have not > encountered this as a problem in practice.) Thanks. Fixed in 1.4. and 2.0. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bjk at luxsci.net Sat Aug 2 04:22:20 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Fri, 1 Aug 2008 22:22:20 -0400 Subject: cacheid and preset_passphrase Message-ID: <200808020223.m722N1aX003189@rs49.luxsci.com> I have a couple of questions about gpg-agent. First, how do I determine an unused cache ID? Another application may be using a specified cache ID and I wouldn't want to meddle with it or retrieve an invalid value. Second, is there an equivalent PRESET_PASSPHRASE to update an existing cache ID rather than a key grip? -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From p.hoffmann at berlin.de Sun Aug 3 01:34:17 2008 From: p.hoffmann at berlin.de (Patrick Hoffmann) Date: Sun, 03 Aug 2008 01:34:17 +0200 Subject: Searching information about using gpgme within a visual studio project Message-ID: Hi, I'm searching useful hints about how to link the gpgme (including gnupg) against our open source MS Visual Studio project. I'd hoped to find a .lib or .dll file that I can use - but I didn't found anything that helps me. -- best regards, Patrick Hoffmann From wk at gnupg.org Sun Aug 3 14:00:26 2008 From: wk at gnupg.org (Werner Koch) Date: Sun, 03 Aug 2008 14:00:26 +0200 Subject: Searching information about using gpgme within a visual studio project In-Reply-To: (Patrick Hoffmann's message of "Sun, 03 Aug 2008 01:34:17 +0200") References: Message-ID: <873almxq91.fsf@wheatstone.g10code.de> On Sun, 3 Aug 2008 01:34, p.hoffmann at berlin.de said: > I'm searching useful hints about how to link the gpgme (including > gnupg) against our open source MS Visual Studio project. I'd hoped to > find a .lib or .dll file that I can use - but I didn't found anything > that helps me. We do not distribute such binaries because you can easily build them yourself as long as you have a proper cross-build system setup. if you install the beta version from www.gpg4win.org, A gpgme.dll will be installed, however we do not install a .lib file. If you need the def file: It can be found in the gpgme tarball. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tony_caduto at amsoftwaredesign.com Tue Aug 5 18:03:29 2008 From: tony_caduto at amsoftwaredesign.com (Tony Caduto) Date: Tue, 05 Aug 2008 11:03:29 -0500 Subject: problem with pyme Message-ID: <489879D1.4080402@amsoftwaredesign.com> I don't know if this is the correct place to ask this question, but the pyme project on sourceforge appears to be dead(mailing list is read only). Anyway the latest version appears to have a problem working with private keys that have a pass phrase. I am using it on win32 and I can only decrypt if I use a private key that has no pass phrase. It appears the callback for the pass phrase is not getting the pass phrase to the dll. See this link for more information on the problem (this is from another user who is having the same problem): http://www.codeguru.com/forum/showthread.php?p=1743350 Hopefully the developer of pyme hangs out on this list and sees this. Basically I have a callback like this: def Callback(x, y, z): """ Callback to give password """ return "mypassword\n" Then after I get the key I do: c.set_passphrase_cb(Callback) c.op_decrypt(file_in, data_out) #<------ freezes on this line The callback function gets called, but it then hangs forever. Thanks, Tony Caduto // From bjk at luxsci.net Thu Aug 7 02:16:17 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Wed, 6 Aug 2008 20:16:17 -0400 Subject: cacheid and preset_passphrase In-Reply-To: <200808020223.m722N1aX003189@rs49.luxsci.com> References: <200808020223.m722N1aX003189@rs49.luxsci.com> Message-ID: <200808070017.m770H2jY026981@rs49.luxsci.com> On Fri, Aug 01, 2008 at 10:22:20PM -0400, Ben Kibbey wrote: > I have a couple of questions about gpg-agent. First, how do I determine > an unused cache ID? Another application may be using a specified cache > ID and I wouldn't want to meddle with it or retrieve an invalid value. > > Second, is there an equivalent PRESET_PASSPHRASE to update an existing > cache ID rather than a key grip? Anyone working on gpg-agent have comments about this? I could write a patch if whoever is maintaining gpg-agent is willing to include it. I need this feature for my app which doesn't use a key grip. I'd rather use gpg-agent and not my own pinentry method because it's well tested and probably more secure. -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From wk at gnupg.org Thu Aug 7 08:42:55 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Aug 2008 08:42:55 +0200 Subject: cacheid and preset_passphrase In-Reply-To: <200808070017.m770H2jY026981@rs49.luxsci.com> (Ben Kibbey's message of "Wed, 6 Aug 2008 20:16:17 -0400") References: <200808020223.m722N1aX003189@rs49.luxsci.com> <200808070017.m770H2jY026981@rs49.luxsci.com> Message-ID: <87od455nrk.fsf@wheatstone.g10code.de> On Thu, 7 Aug 2008 02:16, bjk at luxsci.net said: > On Fri, Aug 01, 2008 at 10:22:20PM -0400, Ben Kibbey wrote: >> I have a couple of questions about gpg-agent. First, how do I determine >> an unused cache ID? Another application may be using a specified cache >> ID and I wouldn't want to meddle with it or retrieve an invalid value. The cache ID is currently just a hash and as such there is virtually no chance that you get into problems. Weel, unless you assign severeal passphrases to a keygrip. >> Second, is there an equivalent PRESET_PASSPHRASE to update an existing >> cache ID rather than a key grip? As of now any hex string will do as cache ID. > Anyone working on gpg-agent have comments about this? I could write a > patch if whoever is maintaining gpg-agent is willing to include it. I > need this feature for my app which doesn't use a key grip. I'd rather There is definitely room to extend the caching system. My id would be to use a namespaces in the form of: gnupg:hexdigits foo:any_kind_of_string_without_spaces_or_control_characters. That is pretty simple and implementation will be pretty easy. I won't object to a command creating a new cache ID, however a cache ID created by the client from a timestamp and some other data should always work. Just let me know and I implement it; you my also send a patch as long as you do the FSF paperwork. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bjk at luxsci.net Thu Aug 7 12:30:33 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Thu, 7 Aug 2008 06:30:33 -0400 Subject: cacheid and preset_passphrase In-Reply-To: <87od455nrk.fsf@wheatstone.g10code.de> References: <200808020223.m722N1aX003189@rs49.luxsci.com> <200808070017.m770H2jY026981@rs49.luxsci.com> <87od455nrk.fsf@wheatstone.g10code.de> Message-ID: <200808071031.m77AV2rw021503@rs49.luxsci.com> On Thu, Aug 07, 2008 at 08:42:55AM +0200, Werner Koch wrote: > On Thu, 7 Aug 2008 02:16, bjk at luxsci.net said: > > > On Fri, Aug 01, 2008 at 10:22:20PM -0400, Ben Kibbey wrote: > >> I have a couple of questions about gpg-agent. First, how do I determine > >> an unused cache ID? Another application may be using a specified cache > >> ID and I wouldn't want to meddle with it or retrieve an invalid value. > > The cache ID is currently just a hash and as such there is virtually no > chance that you get into problems. Weel, unless you assign severeal > passphrases to a keygrip. What I'm trying to do is use gpg-agent to cache a passphrase with the GET_PASSPHRASE command. The command needs a cache ID to use but how do I know I won't overwrite an existing cache ID that was previously used by the command? > > >> Second, is there an equivalent PRESET_PASSPHRASE to update an existing > >> cache ID rather than a key grip? > > As of now any hex string will do as cache ID. I was meaning to update a cache ID that was used with GET_PASSPHRASE. For example, to change a passphrase associated with a cache ID. Something like SET_PASSPHRASE . -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From wk at gnupg.org Thu Aug 7 16:46:14 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Aug 2008 16:46:14 +0200 Subject: cacheid and preset_passphrase In-Reply-To: <200808071031.m77AV2rw021503@rs49.luxsci.com> (Ben Kibbey's message of "Thu, 7 Aug 2008 06:30:33 -0400") References: <200808020223.m722N1aX003189@rs49.luxsci.com> <200808070017.m770H2jY026981@rs49.luxsci.com> <87od455nrk.fsf@wheatstone.g10code.de> <200808071031.m77AV2rw021503@rs49.luxsci.com> Message-ID: <878wv83mtl.fsf@wheatstone.g10code.de> On Thu, 7 Aug 2008 12:30, bjk at luxsci.net said: > What I'm trying to do is use gpg-agent to cache a passphrase with the > GET_PASSPHRASE command. The command needs a cache ID to use but how do I > know I won't overwrite an existing cache ID that was previously used by Than you need your onw namespace. > For example, to change a passphrase associated with a cache ID. > Something like SET_PASSPHRASE . This command may be used: PRESET_PASSPHRASE Set the cached passphrase/PIN for the key identified by the keygrip to passwd for the given time, where -1 means infinite and 0 means the default (currently only a timeout of -1 is allowed, which means to never expire it). If passwd is not provided, ask for it via the pinentry module. The ony problem uis that it checks that the first agruments is actualy a hexstring. So it is not usable right now to you. My proposal ist to allow an arbitrary string instead of hexstring_with_keygrip. The only required code change should be for this command. The other commands CLEAR_PASSPHRASE and GET_PASSPHRASE should accept any string as a cache ID. You would then use : Do not use GNUPG or similar for . For example: To cache a login passphrase for user "joe", use this cache ID: GNOMOVISION:login_joe It is really up to you. A well, we need to implement a default timeout. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bjk at luxsci.net Fri Aug 8 01:41:20 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Thu, 7 Aug 2008 19:41:20 -0400 Subject: cacheid and preset_passphrase In-Reply-To: <878wv83mtl.fsf@wheatstone.g10code.de> References: <200808020223.m722N1aX003189@rs49.luxsci.com> <200808070017.m770H2jY026981@rs49.luxsci.com> <87od455nrk.fsf@wheatstone.g10code.de> <200808071031.m77AV2rw021503@rs49.luxsci.com> <878wv83mtl.fsf@wheatstone.g10code.de> Message-ID: <200808072342.m77Ng2L2023393@rs49.luxsci.com> On Thu, Aug 07, 2008 at 04:46:14PM +0200, Werner Koch wrote: [...] > My proposal ist to allow an arbitrary string instead of > hexstring_with_keygrip. The only required code change should be for > this command. The other commands CLEAR_PASSPHRASE and GET_PASSPHRASE > should accept any string as a cache ID. > > You would then use > > : > > Do not use GNUPG or similar for . For example: To cache a login > passphrase for user "joe", use this cache ID: > > GNOMOVISION:login_joe This is what I need. This would be great to have added. Thanks for the help. -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From mo at g10code.com Fri Aug 8 02:05:56 2008 From: mo at g10code.com (Moritz Schulte) Date: Fri, 08 Aug 2008 02:05:56 +0200 Subject: [Announce] Poldi 0.4 released Message-ID: <489B8DE4.7020301@g10code.com> Poldi 0.4 has been released. Poldi is our PAM module, which implements authentication through the OpenPGP smartcard. It can be fetched from: ftp://ftp.gnupg.org/gcrypt/alpha/poldi/poldi-0.4.tar.bz2 ftp://ftp.gnupg.org/gcrypt/alpha/poldi/poldi-0.4.tar.bz2.asc Changes since version 0.3 are: * Many parts have been rewritten and/or reorganized * GPLv3+ Changed License to GPL v3 or later. * SCdaemon support Poldi uses the scdaemon from now on instead of talking to the smartcard directly. * Authentication methods Implemented abstraction layer for "authentication methods". The previous authentication process is now encapsulated in an authentication method named "localdb". * X509 Added another authentication method named "x509", which interacts with Dirmngr in order to provide authentication through a X509 PKI. * i18n Added support for internationalization. Added german translation. Please note that Poldi is still marked as experimental. Happy Hacking, moritz -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From f.schwind at chili-radiology.com Fri Aug 8 13:41:57 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Fri, 08 Aug 2008 13:41:57 +0200 Subject: Passphrase caching with gpgme and gpg2 Message-ID: <489C3105.6050803@chili-radiology.com> Hi. With gpg-1.4.9 I used the passphrase_cb() from gpgme to handle passphrases. What is the recommended way to handle the passphrase with gpgme and gpg2? Since I'm building a server application I can not use any form of dialog-box. Thanks Florian From marcus.brinkmann at ruhr-uni-bochum.de Mon Aug 11 19:32:42 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Mon, 11 Aug 2008 19:32:42 +0200 Subject: Passphrase caching with gpgme and gpg2 In-Reply-To: <489C3105.6050803@chili-radiology.com> References: <489C3105.6050803@chili-radiology.com> Message-ID: <87profxxs5.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Fri, 08 Aug 2008 13:41:57 +0200, Florian Schwind wrote: > > Hi. > > With gpg-1.4.9 I used the passphrase_cb() from gpgme to handle > passphrases. What is the recommended way to handle the passphrase with > gpgme and gpg2? Since I'm building a server application I can not use > any form of dialog-box. Use gpg-agent and gpg-preset-passphrase. That should already work, but if it doesn't, it shouldn't be too hard to make it work (we only tested it for smart cards so far). Then your key is at least protected when the machine is off. However, you have to call gpg-preset-passphrase interactively. If you can't do that, why bother have a passphrase at all? The simplest solution is to leave the key unprotected (as it is anyway if you keep the password on the machine). Alternatively, you can script your own pinentry replacement for use with gpg-agent. See gpgme test suite for an example how to do this. There are more ways, but this should get you started. Marcus From bernhard at intevation.de Mon Aug 11 19:41:54 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 11 Aug 2008 19:41:54 +0200 Subject: problem with pyme In-Reply-To: <489879D1.4080402@amsoftwaredesign.com> References: <489879D1.4080402@amsoftwaredesign.com> Message-ID: <200808111941.58279.bernhard@intevation.de> On Tuesday 05 August 2008 18:03, Tony Caduto wrote: > I don't know if this is the correct place to ask this question, but the > pyme project on sourceforge appears to be dead(mailing list is read only). For people on gnupg-devel@: pyme-help at lists.sourceforge.net of course is still active. Tony posted his question there and got an answer already. Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From bernhard at intevation.de Wed Aug 13 14:16:16 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 13 Aug 2008 14:16:16 +0200 Subject: empty trust field for --with-colons and CMS Message-ID: <200808131416.20617.bernhard@intevation.de> What does an empty second field for "crt" and "uid" --with-colons mean? Current documentation http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?rev=4811 does not seem to have a hint about this. My problem is that I do get an extra warning when trying to encrypt with a gpgme using application (Kontact enterprise35, see compare kolab/issue2976 (Irritating trust warning when selecting keys for encryption)) On the command line encryption works fine as it should. The root cert is in there an trusted, also all CRLs are fine, still LANG=C gpgsm --with-colons --list-keys bernhard at intevation.de BUG: trying to release an already released cert /home/etch3/.gnupg/pubring.kbx ------------------------------ crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS 8,O=Intevation GmbH,C=DE::escESC: fpr:::::::::9CF8E2A00B1EE4BF02662A693B85F74F46C65E78:::0CBB157CBE5ACD8F343DBA0AEAE22FA0BD659BB2: uid:::::::::CN=Bernhard Reiter,O=Intevation GmbH,C=DE:: uid::::::::::: secmem usage: 0/16384 bytes in 0 blocks The empty field seems to be undefined. Gpgme will interpret this as GPGME_VALIDITY_UNKNOWN = 0. It looks incorrect to me. What am I missing? Best, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From wk at gnupg.org Wed Aug 13 14:59:12 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 13 Aug 2008 14:59:12 +0200 Subject: empty trust field for --with-colons and CMS In-Reply-To: <200808131416.20617.bernhard@intevation.de> (Bernhard Reiter's message of "Wed, 13 Aug 2008 14:16:16 +0200") References: <200808131416.20617.bernhard@intevation.de> Message-ID: <87k5elhxzz.fsf@wheatstone.g10code.de> On Wed, 13 Aug 2008 14:16, bernhard at intevation.de said: > What does an empty second field for "crt" and "uid" --with-colons mean? No validation has been done. If you try this on the command line, add option --with-validation. > LANG=C gpgsm --with-colons --list-keys bernhard at intevation.de > BUG: trying to release an already released cert That bug needs to be tracked down. Can you provide me a test case? Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bernhard at intevation.de Wed Aug 13 15:55:41 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 13 Aug 2008 15:55:41 +0200 Subject: empty trust field for --with-colons and CMS In-Reply-To: <87k5elhxzz.fsf@wheatstone.g10code.de> References: <200808131416.20617.bernhard@intevation.de> <87k5elhxzz.fsf@wheatstone.g10code.de> Message-ID: <200808131555.45453.bernhard@intevation.de> On Wednesday 13 August 2008 14:59, Werner Koch wrote: > On Wed, 13 Aug 2008 14:16, bernhard at intevation.de said: > > What does an empty second field for "crt" and "uid" --with-colons mean? > > No validation has been done. ?If you try this on the command line, add > option --with-validation. No change, see below. But this means that GPGME_VALIDITY_UNKNOWN that an application gets back from gpgme is not a reason to warn before using a key? What is the result if validation fails? UNDEFINED? NEVER? LANG=C gpgsm --with-validation --with-colons --list-keys bernhard at intevation.de gpgsm: DBG: connection to dirmngr established gpgsm[19687]: can't connect to `/home/etch3/.gnupg/S.gpg-agent': No such file or directory gpgsm: no running gpg-agent - starting one gpgsm: DBG: connection to agent established BUG: trying to release an already released cert /home/etch3/.gnupg/pubring.kbx ------------------------------ crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS 8,O=Intevation GmbH,C=DE::escESC: fpr:::::::::9CF8E2A00B1EE4BF02662A693B85F74F46C65E78:::0CBB157CBE5ACD8F343DBA0AEAE22FA0BD659BB2: uid:::::::::CN=Bernhard Reiter,O=Intevation GmbH,C=DE:: uid::::::::::: secmem usage: 0/16384 bytes in 0 blocks -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From bernhard at intevation.de Wed Aug 13 16:04:33 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 13 Aug 2008 16:04:33 +0200 Subject: BUG: trying to release an already released cert (was: empty trust field for --with-colons and CMS) In-Reply-To: <87k5elhxzz.fsf@wheatstone.g10code.de> References: <200808131416.20617.bernhard@intevation.de> <87k5elhxzz.fsf@wheatstone.g10code.de> Message-ID: <200808131604.37495.bernhard@intevation.de> On Wednesday 13 August 2008 14:59, Werner Koch wrote: > > LANG=C gpgsm --with-colons --list-keys bernhard at intevation.de > > BUG: trying to release an already released cert > > That bug needs to be tracked down. ?Can you provide me a test case? I've tried, send it to you by personal email. -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From bernhard at intevation.de Wed Aug 13 16:05:36 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 13 Aug 2008 16:05:36 +0200 Subject: doc, gpgme: should'nt GPGME_DEBUG be mentioned Message-ID: <200808131605.37133.bernhard@intevation.de> Just checking the gpgme docs, shouldn't GPGME_DEBUG be mentioned there? There are some traces of if in the NEWS file, but nothing in the .info. -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From wk at gnupg.org Wed Aug 13 17:09:55 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 13 Aug 2008 17:09:55 +0200 Subject: empty trust field for --with-colons and CMS In-Reply-To: <200808131555.45453.bernhard@intevation.de> (Bernhard Reiter's message of "Wed, 13 Aug 2008 15:55:41 +0200") References: <200808131416.20617.bernhard@intevation.de> <87k5elhxzz.fsf@wheatstone.g10code.de> <200808131555.45453.bernhard@intevation.de> Message-ID: <87hc9pgddo.fsf@wheatstone.g10code.de> On Wed, 13 Aug 2008 15:55, bernhard at intevation.de said: > LANG=C gpgsm --with-validation --with-colons --list-keys > bernhard at intevation.de > crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS > 8,O=Intevation GmbH,C=DE::escESC: Okay, I fixed that in svn revision 4813. For X.509 certificates an 'u' is used for a trusted root certificate (i.e. for the trust anchor) and an 'f' for all other valid certificates. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From m.heneka at googlemail.com Tue Aug 19 16:33:38 2008 From: m.heneka at googlemail.com (M. Heneka) Date: Tue, 19 Aug 2008 16:33:38 +0200 Subject: BUG: Segmentation fault with gnupg-1.4.x on Solaris with "--debug 16" Message-ID: <002301c90208$b638cee0$21b2a8c0@lukefilewalker> Hello, I discovered a bug in gnupg-1.4.x and possibly in later versions. The segmentation fault occurs on Solaris when decrypting/encrypting a file with the debug mode for IO-buffers ("--debug 16"). The problem is in the following line of "iobuf.c: iofbuf_close()": log_debug ("iobuf-%d.%d: close `%s'\n", a->no, a->subno, a->desc); An IO-buffer with desc==NULL causes the crash. The glibc feature "printf("%s", NULL);" is not available in the Solaris implementation of glibc. The bug can be fixed with: log_debug ("iobuf-%d.%d: close `%s'\n", a->no, a->subno, a->desc ? a->desc : "(null)" ); or by introducing a function gpg_nonullstr() like in http://blogs.gnome.org/desrt/2007/10/01/gcc%20feature%20breaks%20glibc%20feature/#comment-382 This article describes problems with this glibc feature. See also the links specific to Solaris. M. Heneka From wk at gnupg.org Tue Aug 19 21:00:44 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 19 Aug 2008 21:00:44 +0200 Subject: BUG: Segmentation fault with gnupg-1.4.x on Solaris with "--debug 16" In-Reply-To: <002301c90208$b638cee0$21b2a8c0@lukefilewalker> (M. Heneka's message of "Tue, 19 Aug 2008 16:33:38 +0200") References: <002301c90208$b638cee0$21b2a8c0@lukefilewalker> Message-ID: <87pro4eso3.fsf@wheatstone.g10code.de> On Tue, 19 Aug 2008 16:33, m.heneka at googlemail.com said: > log_debug ("iobuf-%d.%d: close `%s'\n", a->no, a->subno, a->desc); > > An IO-buffer with desc==NULL causes the crash. The glibc feature Right. Fixed in svn revision 4816. > This article describes problems with this glibc feature. See also the links It is well known that old libcs segfault on this, although POSIX does not require such a behaviopus (iirc, it is undefined). This is the same class of problems as with passing a negative value to isfoo() - glibc is robust enough to work correctly but HPUX will always segfault. Anyway, it needs to be fixed as we aim for portable software. Thanks, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bernhard at intevation.de Thu Aug 21 16:20:04 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 21 Aug 2008 16:20:04 +0200 Subject: trust field for CMS (was: empty trust field for --with-colons and CMS) In-Reply-To: <87hc9pgddo.fsf@wheatstone.g10code.de> References: <200808131416.20617.bernhard@intevation.de> <200808131555.45453.bernhard@intevation.de> <87hc9pgddo.fsf@wheatstone.g10code.de> Message-ID: <200808211620.08481.bernhard@intevation.de> On Wednesday 13 August 2008 17:09, Werner Koch wrote: > On Wed, 13 Aug 2008 15:55, bernhard at intevation.de said: > > LANG=C gpgsm --with-validation --with-colons --list-keys > > bernhard at intevation.de > > > > crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS > > 8,O=Intevation GmbH,C=DE::escESC: > > Okay, I fixed that in svn revision 4813. > > ? ? ? ? ? ? For X.509 certificates an 'u' is used for a trusted root > ? ? ? ? ? ? certificate (i.e. for the trust anchor) and an 'f' for all > ? ? ? ? ? ? other valid certificates. What about using 'm' in CMS (X.509) to indicate that --disable-crl-checks OR --disable-policy-checks is active? It would trigger a question with many gpgme using applications which IMO would be correct in the situation. -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From nd at syndicat.com Mon Aug 25 12:13:32 2008 From: nd at syndicat.com (Niels Dettenbach) Date: Mon, 25 Aug 2008 12:13:32 +0200 Subject: GnuPG Port for Symbian Message-ID: <200808251213.33796.nd@syndicat.com> Dear List readers and devels, im still wondering if the is no GnuPG port today for Symbian OS wich is widely spread on mobile phones worldwide - even as GnuPG still seems to be ported for a lot of difference operating systems. The last posting / thread I've found about this issue was in 2000: http://lists.gnupg.org/pipermail/gnupg-users/2000-March/005097.html Since Symbian published their developement kit (for windows and linux afaik) plus more and more API docs, the phones got more memory and cpu power - i assume GnuPG porting to it should be a much easier task then a few years ago. Even Perl and Python got a OS port on Symbian. The Python port still has wide access to all phone and GUI functions of the phones (may be could be used for GnuPG GUI interoperability) - or see asex. the mobile webserver project. Many users today are using their phones for email communication and the storage of (may be) sensible files on their phones - and many users (if they knwo it or not) are using Symbian based phones. With the USB storage capability the phone could be used as a "secure" smart crypt or signing device over USB storage with not trusted PCs o.o. hardware too. The only (commercial) "email crypto" software product i've found was "CryptoGraf" wich seems not working properly and is no OS product (so not trustful for me and most other GPG users). Is there anyone who is currently working on a GnuPG port for Symbian OS or knows a working port? many thanks for your time... cheers, Niels. -- --- Niels Dettenbach --- Syndicat IT&Internet http://www.syndicat.com T.-Muentzer.-Str. 2, 37308 Heilbad Heiligenstadt - DE --- Kryptoinfo: PGP public key ID 651CA20D Fingerprint: 55E0 4DCD B04C 4A49 1586 88AE 54DC 4465 651C A20D https://syndicat.com/pub_key.asc --- From nd at syndicat.com Mon Aug 25 12:00:53 2008 From: nd at syndicat.com (Niels Dettenbach) Date: Mon, 25 Aug 2008 12:00:53 +0200 Subject: GnuPG Port for Symbian Message-ID: <200808251200.58684.nd@syndicat.com> Dear List readers and devels, im still wondering if the is no GnuPG port today for Symbian OS wich is widely spread on mobile phones worldwide - even as GnuPG still seems to be ported for a lot of difference operating systems. The last posting / thread I've found about this issue was in 2000: http://lists.gnupg.org/pipermail/gnupg-users/2000-March/005097.html Since Symbian published their developement kit (for windows and linux afaik) plus more and more API docs, the phones got more memory and cpu power - i assume GnuPG porting to it should be a much easier task then a few years ago. Even Perl and Python got a OS port on Symbian. The Python port still has wide access to all phone and GUI functions of the phones (may be could be used for GnuPG GUI interoperability) - or see asex. the mobile webserver project. Many users today are using their phones for email communication and the storage of (may be) sensible files on their phones - and many users (if they knwo it or not) are using Symbian based phones. With the USB storage capability the phone could be used as a "secure" smart crypt or signing device over USB storage with not trusted PCs o.o. hardware too. The only (commercial) "email crypto" software product i've found was "CryptoGraf" wich seems not working properly and is no OS product (so not trustful for me and most other GPG users). Is there anyone who is currently working on a GnuPG port for Symbian OS or knows a working port? many thanks for your time... cheers, Niels. -- --- Niels Dettenbach --- Syndicat IT&Internet http://www.syndicat.com T.-Muentzer.-Str. 2, 37308 Heilbad Heiligenstadt - DE --- Kryptoinfo: PGP public key ID 651CA20D Fingerprint: 55E0 4DCD B04C 4A49 1586 88AE 54DC 4465 651C A20D https://syndicat.com/pub_key.asc --- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: From kissg at ssg.ki.iif.hu Tue Aug 26 17:48:50 2008 From: kissg at ssg.ki.iif.hu (Kiss Gabor (Bitman)) Date: Tue, 26 Aug 2008 17:48:50 +0200 (CEST) Subject: missing hexstrint->plaintext conversion Message-ID: Dear Werner et al., At 2006-07-29 (svn revision 4209) gpg-preset-passphrases was changed in order to send passphrases as hexstring. Unfortunately the receiver side did not follow this change well. Received hexstring is cached without converting back to plaintext. This patch below fixes the problem. Regards Gabor --- command.c-orig 2008-08-26 14:43:16.037456000 +0200 +++ command.c 2008-08-26 17:44:36.935945453 +0200 @@ -263,6 +263,28 @@ return 0; } +/* Convert (in place) an already parsed hexstring of + * 'len' digits to native bytes. */ +#define fromhex(h) ( (h)<='9' ? (h)-'0' : ((h)|0x20)-'a'+10 ) +static char * +decode_hexstring (char *string, int len) +{ + unsigned char *from, *to; + + for (from=to=(unsigned char*)string; len>0; to++) + { + unsigned char value; + value = fromhex(*from); + from++; + value <<= 4; + value |= fromhex(*from); + from++; + *to = value; + len -= 2; + } + return string; +} + /* Parse the keygrip in STRING into the provided buffer BUF. BUF must provide space for 20 bytes. BUF is not changed if the function returns an error. */ @@ -1135,7 +1157,10 @@ /* If there is a passphrase, use it. Currently, a passphrase is required. */ if (*line) - passphrase = line; + { + passphrase = decode_hexstring(line, len); + passphrase[len/2] = '\0'; + } else return gpg_error (GPG_ERR_NOT_IMPLEMENTED); From carlo.bramix at libero.it Tue Aug 26 18:40:27 2008 From: carlo.bramix at libero.it (carlo.bramix) Date: Tue, 26 Aug 2008 18:40:27 +0200 Subject: fixes for Msys+Mingw Message-ID: Hello, I tried to compile gnupg 2.0.9 under Mingw+Msys. I got some little troubles that I fixed in my build. I attached a patch to this email. Description of changes: 1- /jnlib/utf8conv.c was compiled successfully, but it was not working because because "iconv.dll" was not found during runtime. But it exists just with a different name, mine is called "libiconv-2.dll". I believe that it's a good idea to use ICONV correctly if it's found. Since Msys is a posix-like enviroment under Windows, AM_ICONV detects its presence at configure time and it adds "-liconv" to LDFLAGS. So, if that shared library exists, the executables are linked directly with the import library and it is absolutely not required to dynamically load it. 2- compilation of scd/ccid-driver.c failed because ETIMEDOUT is undefined in Windows. However, LibUSB-Win32 do not set errno, but it encodes the error code directly into the return value of the functions. So the test on errno happens only on platforms different from W32. I hope you will find it useful. Sincerely, Carlo Bramini. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: gnupg.txt URL: From wk at gnupg.org Wed Aug 27 15:55:23 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 27 Aug 2008 15:55:23 +0200 Subject: [svn] GnuPG - r4817 - trunk In-Reply-To: (svn author dshaw's message of "Wed, 27 Aug 2008 07:58:30 +0200") References: Message-ID: <8763pmh8ac.fsf@wheatstone.g10code.de> On Wed, 27 Aug 2008 07:58, cvs at cvs.gnupg.org said: > * configure.ac: Darwin's /bin/sh has a builtin echo that doesn't > understand '-n'. Use tr to trim the carriage return instead. David, it seems that you are using Darwin as the development platform. Although GnuPG should be buildable on any POSIX alike system, I doubt that we should start to fix all the small glitches that Apple introduced in their OS again. In particular not the maintainer versions; running autoconf is maintainer task and not needed on supported platforms. In this particular case we may better replace echo(1) by printf(1) as suggested by POSIX to overcome the problems with echo(1). Does Darwin feature a printf(1) as required by POSIX 2001? The m4_esyscmd([echo $( (svn info 2>/dev/null || echo 'Revision: 0') \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)| tr -d '\n']) could thus be replaced by m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]) Note that we do not need the "echo 'Revision: 0'" anymore because a printf "%d" implicily adds a 0 to its argument list. What do you think? Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Wed Aug 27 18:41:53 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 27 Aug 2008 18:41:53 +0200 Subject: missing hexstrint->plaintext conversion In-Reply-To: (Kiss Gabor's message of "Tue, 26 Aug 2008 17:48:50 +0200 (CEST)") References: Message-ID: <87zlmye7fy.fsf@wheatstone.g10code.de> On Tue, 26 Aug 2008 17:48, kissg at ssg.ki.iif.hu said: > At 2006-07-29 (svn revision 4209) gpg-preset-passphrases was changed > in order to send passphrases as hexstring. > Unfortunately the receiver side did not follow this change well. > Received hexstring is cached without converting back to plaintext. You mean, it does not work at all? Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kissg at ssg.ki.iif.hu Wed Aug 27 19:17:23 2008 From: kissg at ssg.ki.iif.hu (Kiss Gabor (Bitman)) Date: Wed, 27 Aug 2008 19:17:23 +0200 (CEST) Subject: missing hexstring->plaintext conversion In-Reply-To: <87zlmye7fy.fsf@wheatstone.g10code.de> References: <87zlmye7fy.fsf@wheatstone.g10code.de> Message-ID: > > At 2006-07-29 (svn revision 4209) gpg-preset-passphrases was changed > > in order to send passphrases as hexstring. > > Unfortunately the receiver side did not follow this change well. > > Received hexstring is cached without converting back to plaintext. > > You mean, it does not work at all? Yes, it DID not work at all. Until I decoded the hex string. Now it is like a dream. :-) Regards Gabor From cswiger at mac.com Wed Aug 27 18:26:47 2008 From: cswiger at mac.com (Chuck Swiger) Date: Wed, 27 Aug 2008 09:26:47 -0700 Subject: [svn] GnuPG - r4817 - trunk In-Reply-To: <8763pmh8ac.fsf@wheatstone.g10code.de> References: <8763pmh8ac.fsf@wheatstone.g10code.de> Message-ID: Howdy-- On Aug 27, 2008, at 6:55 AM, Werner Koch wrote: > On Wed, 27 Aug 2008 07:58, cvs at cvs.gnupg.org said: >> * configure.ac: Darwin's /bin/sh has a builtin echo that doesn't >> understand '-n'. Use tr to trim the carriage return instead. > > David, it seems that you are using Darwin as the development platform. > Although GnuPG should be buildable on any POSIX alike system, I doubt > that we should start to fix all the small glitches that Apple > introduced > in their OS again. Glitches in Bash? After all, Darwin is using Bash as /bin/sh; specifically 2.05b.0(1)-release for Darwin 8 (corresponding with OS X 10.4) or 3.2.17(1)-release for Darwin 9 aka 10.5... > In this particular case we may better replace echo(1) by printf(1) as > suggested by POSIX to overcome the problems with echo(1). Does Darwin > feature a printf(1) as required by POSIX 2001? Yes, in /usr/bin and/or as a shell builtin. Regards, -- -Chuck From dshaw at jabberwocky.com Wed Aug 27 20:03:50 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 27 Aug 2008 14:03:50 -0400 Subject: [svn] GnuPG - r4817 - trunk In-Reply-To: References: <8763pmh8ac.fsf@wheatstone.g10code.de> Message-ID: <20080827180350.GA34031@jabberwocky.com> On Wed, Aug 27, 2008 at 09:26:47AM -0700, Chuck Swiger wrote: > Howdy-- > > On Aug 27, 2008, at 6:55 AM, Werner Koch wrote: >> On Wed, 27 Aug 2008 07:58, cvs at cvs.gnupg.org said: >>> * configure.ac: Darwin's /bin/sh has a builtin echo that doesn't >>> understand '-n'. Use tr to trim the carriage return instead. >> >> David, it seems that you are using Darwin as the development platform. >> Although GnuPG should be buildable on any POSIX alike system, I doubt >> that we should start to fix all the small glitches that Apple >> introduced >> in their OS again. > > Glitches in Bash? After all, Darwin is using Bash as /bin/sh; > specifically 2.05b.0(1)-release for Darwin 8 (corresponding with OS X > 10.4) or 3.2.17(1)-release for Darwin 9 aka 10.5... It's not a glich. POSIX doesn't require echo to support -n. It's very commonly supported, but not required. Darwin (well, OSX) is POSIX compliant, and chooses to not support -n. The gotcha is that configure (from autoconf) runs via /bin/sh, and thus: cat > echotest.sh echo -n foo echo bar ^D $ sh echotest.sh -n foo bar $ bash echotest.sh foobar Optional, but legal behavior. David From buanzo at buanzo.com.ar Wed Aug 27 22:08:50 2008 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Wed, 27 Aug 2008 17:08:50 -0300 Subject: No Hidden-Recipient support in GPGME? Message-ID: <48B5B452.2030200@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi! I wonder... will hidden-recipient support be implemented into GPGME... ever? Thanks! - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItbRSAlpOsGhXcE0RCuy+AJwI/lgYqiVx46utAUxQAVIjkjo6PgCfftES XhHnbC6sJrbdsHDbH4zk0FU= =9qug -----END PGP SIGNATURE----- From wk at gnupg.org Thu Aug 28 09:59:46 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Aug 2008 09:59:46 +0200 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <48B5B452.2030200@buanzo.com.ar> (Arturo Busleiman's message of "Wed, 27 Aug 2008 17:08:50 -0300") References: <48B5B452.2030200@buanzo.com.ar> Message-ID: <87fxopefil.fsf@wheatstone.g10code.de> On Wed, 27 Aug 2008 22:08, buanzo at buanzo.com.ar said: > I wonder... will hidden-recipient support be implemented into GPGME... ever? That would require a new feature in gpgme to mark a key as hidden. Due to the reference counting we use with key objects we would at least need a deep copy operation for keys and a function to set such a flag. Do you really think that this is required? What we could add far easier is an encryption flags which sets the --throw-keyid option of gpg and thus all recipients would be hidden. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From buanzo at buanzo.com.ar Thu Aug 28 14:26:59 2008 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Thu, 28 Aug 2008 09:26:59 -0300 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <87fxopefil.fsf@wheatstone.g10code.de> References: <48B5B452.2030200@buanzo.com.ar> <87fxopefil.fsf@wheatstone.g10code.de> Message-ID: <48B69993.50509@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Werner Koch wrote: > What we could add far easier is an encryption flags which sets the > --throw-keyid option of gpg and thus all recipients would be hidden. That would work too! Jacob Appelbaum and I are working on the Web-of-Trust solution to the OpenPGP for HTTP Bootstrapping issue, and we discovered that --throw-keyids would be great as a simple counter-measure against traffic analysis. Yours, - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItpmTAlpOsGhXcE0RCpauAJ0Vy7pE3rTMu+7ztTjD0ZyOj1blrQCfU0J1 Oe50kVIcdplmF0XKsWuESto= =xhxu -----END PGP SIGNATURE----- From wk at gnupg.org Thu Aug 28 14:48:06 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Aug 2008 14:48:06 +0200 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <48B69993.50509@buanzo.com.ar> (Arturo Busleiman's message of "Thu, 28 Aug 2008 09:26:59 -0300") References: <48B5B452.2030200@buanzo.com.ar> <87fxopefil.fsf@wheatstone.g10code.de> <48B69993.50509@buanzo.com.ar> Message-ID: <87ljyhcnll.fsf@wheatstone.g10code.de> On Thu, 28 Aug 2008 14:26, buanzo at buanzo.com.ar said: > for HTTP Bootstrapping issue, and we discovered that --throw-keyids would be great as a simple > counter-measure against traffic analysis. But is has the drawback of making decryption slow if you have several secret keys. It needs to do trial decryptiopn for all of them. With just one encryption key in your secring, it does not matter of course. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From buanzo at buanzo.com.ar Thu Aug 28 14:53:37 2008 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Thu, 28 Aug 2008 09:53:37 -0300 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <87ljyhcnll.fsf@wheatstone.g10code.de> References: <48B5B452.2030200@buanzo.com.ar> <87fxopefil.fsf@wheatstone.g10code.de> <48B69993.50509@buanzo.com.ar> <87ljyhcnll.fsf@wheatstone.g10code.de> Message-ID: <48B69FD1.90909@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Werner Koch wrote: > But is has the drawback of making decryption slow if you have several > secret keys. It needs to do trial decryptiopn for all of them. With > just one encryption key in your secring, it does not matter of course. That's true. We'll point that out in the RFC. Thanks WK! - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItp/IAlpOsGhXcE0RCn5bAJ0VLRXOZsGNPcqGPku18GxT7ZEVkQCfe+1H IJft62VXBLglbqyRtOgfmv0= =96sh -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Aug 28 14:59:51 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 28 Aug 2008 08:59:51 -0400 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <48B69993.50509@buanzo.com.ar> References: <48B5B452.2030200@buanzo.com.ar> <87fxopefil.fsf@wheatstone.g10code.de> <48B69993.50509@buanzo.com.ar> Message-ID: <8349801F-F870-47D1-B48A-144BDA28BBC4@jabberwocky.com> On Aug 28, 2008, at 8:26 AM, Arturo 'Buanzo' Busleiman wrote: > Werner Koch wrote: >> What we could add far easier is an encryption flags which sets the >> --throw-keyid option of gpg and thus all recipients would be hidden. > > That would work too! Jacob Appelbaum and I are working on the Web-of- > Trust solution to the OpenPGP > for HTTP Bootstrapping issue, and we discovered that --throw-keyids > would be great as a simple > counter-measure against traffic analysis. Emphasis on 'simple', though. Hidden keyids do work, but read http://www.imc.org/ietf-openpgp/mail-archive/msg10923.html for one potential gotcha and workaround. David From anuj_shrma at hotmail.com Mon Aug 4 18:10:17 2008 From: anuj_shrma at hotmail.com (anuj sharma) Date: Mon, 04 Aug 2008 16:10:17 -0000 Subject: PGP Support/Help Message-ID: Hi Werner, I found your name and some comments on this website. I'm having a hard time installing GPG v1.07 on Linux Rehdat ES-4. But it fails during 'make' with the following error: Making all in mpimake[2]: Entering directory `/home/asharma/gpg/gnupg-1.0.7/mpi'source='mpi-bit.c' object='mpi-bit.o' libtool=no \depfile='.deps/mpi-bit.Po' tmpdepfile='.deps/mpi-bit.TPo' \depmode=gcc3 /bin/sh ../scripts/depcomp \gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -g -O2 -Wall -c `test -f mpi-bit.c || echo './'`mpi-bit.cIn file included from mpi-bit.c:26:longlong.h:439: error: syntax error before '%' tokenlonglong.h:439: error: missing terminating " characterlonglong.h:448: error: missing terminating " charactermake[2]: *** [mpi-bit.o] Error 1make[2]: Leaving directory `/home/asharma/gpg/gnupg-1.0.7/mpi'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/home/asharma/gpg/gnupg-1.0.7'make: *** [all] Error 2[root at torapp-04 gnupg-1.0.7]# gcc -versiongcc: unrecognized option `-version'gcc: no input files[root at torapp-04 gnupg-1.0.7]# gcc --versiongcc (GCC) 3.4.6 20060404 (Red Hat 3.4.6-8)Copyright (C) 2006 Free Software Foundation, Inc.This is free software; see the source for copying conditions. There is NOwarranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. In on the threads I noticed that you had written a patch to solve this problem but I couldn't find the patch online. Could you please let me know if PGP is compatible with Linux ES-4 and if yes then how can I solve this problem and compile it successfully. I would appreciate your quick response as our production is down :( Thanks. _________________________________________________________________ Searching for the best deals on travel? Visit MSN Travel. http://msn.coxandkings.co.in/cnk/cnk.do -------------- next part -------------- An HTML attachment was scrubbed... URL: From jingz.bit at gmail.com Mon Aug 25 17:47:15 2008 From: jingz.bit at gmail.com (=?GB2312?B?1cW+uA==?=) Date: Mon, 25 Aug 2008 15:47:15 -0000 Subject: Fwd: How can I encrypt with a PGP pub key In-Reply-To: <4257be120808250833m2299f858ydc68ae3161bee71e@mail.gmail.com> References: <4257be120808250254u6b1f16cau11ea540154f3aaf2@mail.gmail.com> <48B28F05.8030407@sixdemonbag.org> <4257be120808250812t666f5adaqd145c044903c0119@mail.gmail.com> <48B2CEE5.2040302@sixdemonbag.org> <4257be120808250833m2299f858ydc68ae3161bee71e@mail.gmail.com> Message-ID: <4257be120808250844o2eb6536cu5936809340312b9a@mail.gmail.com> Hi I'm now working on encrypt files with the public key which was exported from PGP FW 6.5.8 But pgp still could not decrypt the gpg file correctly. Following is my command lines: $ gpg --import pgp_public_key.asc $ gpg --pgp6 -r UID --encrypt test.txt $ pgp test.txt.gpg -o test_decr.txt Unrecognized characters appeared in test_decr.txt Thanks. ---------- Forwarded message ---------- From: Robert J. Hansen Date: 2008/8/25 Subject: Re: How can I encrypt with a PGP pub key To: ? > But pgp still could not decrypt the gpg file correctly. > following is my command lines: > > $ gpg --pgp6 -r UID --encrypt test.txt > $ pgp test.txt.gpg -o test_decr.txt > > Messy codes appeared in test_decr.txt First, explain "messy codes". Second, this should be asked on the GnuPG list. That way the entire list has the chance to help you out with your problem. -- Best Regards -------------------------- Zhang Jing -- Best Regards -------------------------- Zhang Jing -------------- next part -------------- An HTML attachment was scrubbed... URL: