From swalker at bynari.net Mon Feb 11 20:44:15 2008 From: swalker at bynari.net (Shawn Walker) Date: Mon, 11 Feb 2008 13:44:15 -0600 Subject: Invalid crypto engine on GPGME_PROTOCOL_OpenPGP? Message-ID: <47B0A58F.7020508@bynari.net> Why would I all of the sudden getting "GPGME Invalid crypto engine" (0x07000096) when I called gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP)? Shawn From marcus.brinkmann at ruhr-uni-bochum.de Tue Feb 12 02:35:44 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue, 12 Feb 2008 02:35:44 +0100 Subject: Invalid crypto engine on GPGME_PROTOCOL_OpenPGP? In-Reply-To: <47B0A58F.7020508@bynari.net> References: <47B0A58F.7020508@bynari.net> Message-ID: <878x1rnehb.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Mon, 11 Feb 2008 13:44:15 -0600, Shawn Walker wrote: > > Why would I all of the sudden getting "GPGME Invalid crypto engine" > (0x07000096) when I called > gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP)? Maybe because your gpg configuration changed and is broken. You might want to try with GPGME_DEBUG=9, which gives a lot of debug output. Thanks, Marcus From wk at gnupg.org Tue Feb 12 17:25:28 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 12 Feb 2008 17:25:28 +0100 Subject: [Announce] Libksba 1.0.3 released Message-ID: <87bq6mgn0n.fsf@wheatstone.g10code.de> Hello! We are pleased to announce version 1.0.3 of Libksba. Libksba is an X.509 and CMS (PKCS#7) library. It is for example required to build the S/MIME part of GnuPG-2 (gpgsm). The only build requirement for Libksba itself is the libgpg-error package. There are no other dependencies; actual cryptographic operations need to be done by the user. Libksba is distributed under the GPLv3+. There are no user tools accompanying this software, thus it is mostly relevant to developers. This is a bug fix release. You may download the library and its OpenPGP signature from: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.3.tar.bz2 (513k) ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.3.tar.bz2.sig As an alternative you may use a patch file to upgrade the previous version of the library: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.2-1.0.3.diff.bz2 (13k) or from any mirror of that server (http://www.gnupg.org/mirrors.html). SHA-1 checksums are: 7a4b3a8340087ed360269b567881ebfb9b67441b libksba-1.0.3.tar.bz2 ecbeb0f381db55f387753f5c873e20be59c9b65f libksba-1.0.2-1.0.3.diff.bz2 Noteworthy changes in version 1.0.3 (2008-02-12) ------------------------------------------------ * Minor bug fixes. * Include the used hash algorithm in sig-val structures. * Fix for unknown tags in issuerAltName and subjectAltName. Commercial support contracts for Libksba are available, and they help finance continued maintenance. g10 Code, a Duesseldorf based company owned and headed by Libksba's principal author, is currently funding its development. We are always looking for interesting development projects. See also http://www.gnupg.org/service.html . Happy hacking, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From uzytkownik2 at gmail.com Sun Feb 17 11:50:49 2008 From: uzytkownik2 at gmail.com (Maciej Piechotka) Date: Sun, 17 Feb 2008 11:50:49 +0100 Subject: pinentry - unproper use of glib allocation Message-ID: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> With the newest glib it is impossible to compile pinentry: i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/freetype2 -I/usr/include/libpng12 -I../secmem -I../pinentry -Wall -O2 -march=pentium-m -mfpmath=sse -pipe -momit-leaf-frame-pointer -ggdb -w -ftree-vectorize -ftree-loop-optimize -Wall -Wcast-align -Wshadow -Wstrict-prototypes -c gtksecentry.c gtksecentry.c:274: error: conflicting types for 'g_malloc' /usr/include/glib-2.0/glib/gmem.h:47: error: previous declaration of 'g_malloc' was here gtksecentry.c:292: error: conflicting types for 'g_malloc0' /usr/include/glib-2.0/glib/gmem.h:48: error: previous declaration of 'g_malloc0' was here gtksecentry.c:312: error: conflicting types for 'g_realloc' /usr/include/glib-2.0/glib/gmem.h:50: error: previous declaration of 'g_realloc' was here Since the gmem api was misused. It should be done by setting GMemVTable instead of definition of g_*alloc* in file. Best regards From uzytkownik2 at gmail.com Sun Feb 17 13:47:33 2008 From: uzytkownik2 at gmail.com (Maciej Piechotka) Date: Sun, 17 Feb 2008 13:47:33 +0100 Subject: pinentry - unproper use of glib allocation In-Reply-To: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> References: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> Message-ID: <9d146d660802170447o5684a9b2yf0390ae03da23cc4@mail.gmail.com> On Feb 17, 2008 11:50 AM, Maciej Piechotka wrote: > With the newest glib it is impossible to compile pinentry: > i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/gtk-2.0 > -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo > -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 > -I/usr/lib/glib-2.0/include -I/usr/include/freetype2 > -I/usr/include/libpng12 -I../secmem -I../pinentry -Wall -O2 > -march=pentium-m -mfpmath=sse -pipe -momit-leaf-frame-pointer -ggdb -w > -ftree-vectorize -ftree-loop-optimize -Wall -Wcast-align -Wshadow > -Wstrict-prototypes -c gtksecentry.c > gtksecentry.c:274: error: conflicting types for 'g_malloc' > /usr/include/glib-2.0/glib/gmem.h:47: error: previous declaration of > 'g_malloc' was here > gtksecentry.c:292: error: conflicting types for 'g_malloc0' > /usr/include/glib-2.0/glib/gmem.h:48: error: previous declaration of > 'g_malloc0' was here > gtksecentry.c:312: error: conflicting types for 'g_realloc' > /usr/include/glib-2.0/glib/gmem.h:50: error: previous declaration of > 'g_realloc' was here > > Since the gmem api was misused. It should be done by setting > GMemVTable instead of definition of g_*alloc* in file. > > Best regards > Quick'n'dirty patch - all gobjects in secure memory. -------------- next part -------------- A non-text attachment was scrubbed... Name: gmem.patch Type: application/octet-stream Size: 3872 bytes Desc: not available URL: From uzytkownik2 at gmail.com Sun Feb 17 14:14:20 2008 From: uzytkownik2 at gmail.com (Maciej Piechotka) Date: Sun, 17 Feb 2008 14:14:20 +0100 Subject: pinentry - unproper use of glib allocation In-Reply-To: <9d146d660802170447o5684a9b2yf0390ae03da23cc4@mail.gmail.com> References: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> <9d146d660802170447o5684a9b2yf0390ae03da23cc4@mail.gmail.com> Message-ID: <9d146d660802170514p75bd02a6q6782982d5620b34@mail.gmail.com> On Feb 17, 2008 1:47 PM, Maciej Piechotka wrote: > > On Feb 17, 2008 11:50 AM, Maciej Piechotka wrote: > > With the newest glib it is impossible to compile pinentry: > > i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/gtk-2.0 > > -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo > > -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 > > -I/usr/lib/glib-2.0/include -I/usr/include/freetype2 > > -I/usr/include/libpng12 -I../secmem -I../pinentry -Wall -O2 > > -march=pentium-m -mfpmath=sse -pipe -momit-leaf-frame-pointer -ggdb -w > > -ftree-vectorize -ftree-loop-optimize -Wall -Wcast-align -Wshadow > > -Wstrict-prototypes -c gtksecentry.c > > gtksecentry.c:274: error: conflicting types for 'g_malloc' > > /usr/include/glib-2.0/glib/gmem.h:47: error: previous declaration of > > 'g_malloc' was here > > gtksecentry.c:292: error: conflicting types for 'g_malloc0' > > /usr/include/glib-2.0/glib/gmem.h:48: error: previous declaration of > > 'g_malloc0' was here > > gtksecentry.c:312: error: conflicting types for 'g_realloc' > > /usr/include/glib-2.0/glib/gmem.h:50: error: previous declaration of > > 'g_realloc' was here > > > > Since the gmem api was misused. It should be done by setting > > GMemVTable instead of definition of g_*alloc* in file. > > > > Best regards > > > > Quick'n'dirty patch - all gobjects in secure memory. > I think this emulates the orginal behaviour using GMemVTable. Best regards -------------- next part -------------- A non-text attachment was scrubbed... Name: gmem.patch Type: application/octet-stream Size: 2850 bytes Desc: not available URL: From rumpole at hotmail.com Mon Feb 4 21:18:21 2008 From: rumpole at hotmail.com (Rumpole John) Date: Mon, 4 Feb 2008 20:18:21 +0000 Subject: GnuPG 1.4.8 compile error Message-ID: GnuPG 1.4.7 compiled fine on my system. But 1.4.8 is giving compile errors; any ideas as to how to get GnuPG to compile cleanly? ===== GCC version: Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-113 rpm -q automake shows: automake-1.4p5-4 ===== Compile error: gcc -DHAVE_CONFIG_H -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgkeys_finger-ksutil.o -MD -MP -MF .deps/gpgkeys_finger-ksutil.Tpo -c -o gpgkeys_finger-ksutil.o `test -f 'ksutil.c' || echo './'`ksutil.c mv -f .deps/gpgkeys_finger-ksutil.Tpo .deps/gpgkeys_finger-ksutil.Po gcc -g -O2 -Wall -o gpgkeys_finger gpgkeys_finger-gpgkeys_finger.o gpgkeys_finger-ksutil.o ../util/libutil.a gcc -DHAVE_CONFIG_H -I. -I.. -I../include -I../intl -g -O2 -Wall -MT gpgkeys_curl-gpgkeys_curl.o -MD -MP -MF .deps/gpgkeys_curl-gpgkeys_curl.Tpo -c -o gpgkeys_curl-gpgkeys_curl.o `test -f 'gpgkeys_curl.c' || echo './'`gpgkeys_curl.c gpgkeys_curl.c: In function `main': gpgkeys_curl.c:119: `curl_version_info_data' undeclared (first use in this function) gpgkeys_curl.c:119: (Each undeclared identifier is reported only once gpgkeys_curl.c:119: for each function it appears in.) gpgkeys_curl.c:119: `curldata' undeclared (first use in this function) gpgkeys_curl.c:119: warning: statement with no effect gpgkeys_curl.c:275: warning: implicit declaration of function `curl_version_info' gpgkeys_curl.c:275: `CURLVERSION_NOW' undeclared (first use in this function) make[2]: *** [gpgkeys_curl-gpgkeys_curl.o] Error 1 make[2]: Leaving directory `/mnt/hdd/LinuxSW/gnupg/gnupg-1.4.8/keyserver' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/mnt/hdd/LinuxSW/gnupg/gnupg-1.4.8' make: *** [all] Error 2 _________________________________________________________________ From rdieter at math.unl.edu Mon Feb 18 14:05:39 2008 From: rdieter at math.unl.edu (Rex Dieter) Date: Mon, 18 Feb 2008 07:05:39 -0600 Subject: gpgme: need *both* gnupg and gnupg2? Message-ID: gpgme seems to need both gnupg(1) (for OpenPGP support) and gnupg(2) (for CMS support), according to the README. Can gpg2 be used instead for gpgme's OpenPGP support (using something like ./configure --with-gpg=/usr/bin/gpg2) to reduce it's external dependencies to just gnupg2? I naively tried this, and some of the tests performed by 'make check' now fail. -- Rex From dshaw at jabberwocky.com Mon Feb 18 14:31:08 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 18 Feb 2008 08:31:08 -0500 Subject: GnuPG 1.4.8 compile error In-Reply-To: References: Message-ID: <20080218133108.GB9936@jabberwocky.com> On Mon, Feb 04, 2008 at 08:18:21PM +0000, Rumpole John wrote: > > GnuPG 1.4.7 compiled fine on my system. But 1.4.8 is giving compile errors; any ideas as to how to get GnuPG to compile cleanly? > > > > ===== > GCC version: > > Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs > gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-113 Please send me your config.log file. > rpm -q automake shows: > automake-1.4p5-4 Did you remake the configure and/or makefiles with autoconf and automake? Why didn't you just use the ones from the distribution? David From marcus.brinkmann at ruhr-uni-bochum.de Mon Feb 18 15:41:43 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Mon, 18 Feb 2008 15:41:43 +0100 Subject: gpgme: need *both* gnupg and gnupg2? In-Reply-To: References: Message-ID: <87lk5iz5qw.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Mon, 18 Feb 2008 07:05:39 -0600, Rex Dieter wrote: > Can gpg2 be used instead for gpgme's OpenPGP support (using something > like ./configure --with-gpg=/usr/bin/gpg2) to reduce it's external > dependencies to just gnupg2? Yes. Using something exactly like that ;) > I naively tried this, and some of the tests performed by 'make check' now > fail. Shouldn't happen in current SVN. But the tests are a bit brittle, because they rely on unspecified backend behaviour, and a failed test does not necessarily mean that GPGME has an error. Thanks, Marcus From wk at gnupg.org Mon Feb 18 16:40:04 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 18 Feb 2008 16:40:04 +0100 Subject: pinentry - unproper use of glib allocation In-Reply-To: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> (Maciej Piechotka's message of "Sun, 17 Feb 2008 11:50:49 +0100") References: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> Message-ID: <87d4quuvcb.fsf@wheatstone.g10code.de> On Sun, 17 Feb 2008 11:50, uzytkownik2 at gmail.com said: > Since the gmem api was misused. It should be done by setting > GMemVTable instead of definition of g_*alloc* in file. That seems to be an API break. Overiding library function, as done by pinentry, is valid C. Do you know since when is GMemVTable available? Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From uzytkownik2 at gmail.com Mon Feb 18 20:26:42 2008 From: uzytkownik2 at gmail.com (Maciej Piechotka) Date: Mon, 18 Feb 2008 20:26:42 +0100 Subject: pinentry - unproper use of glib allocation In-Reply-To: <87d4quuvcb.fsf@wheatstone.g10code.de> References: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> <87d4quuvcb.fsf@wheatstone.g10code.de> Message-ID: <9d146d660802181126h77dbbc05i3a09a4489612166f@mail.gmail.com> On Feb 18, 2008 4:40 PM, Werner Koch wrote: > On Sun, 17 Feb 2008 11:50, uzytkownik2 at gmail.com said: > > > Since the gmem api was misused. It should be done by setting > > GMemVTable instead of definition of g_*alloc* in file. > > That seems to be an API break. Overiding library function, as done by > pinentry, is valid C. Do you know since when is GMemVTable available? > > > Shalom-Salam, > > Werner > At least since GLib 2.0.0 (according to svn and documentation). Regards From wk at gnupg.org Tue Feb 19 08:16:12 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 19 Feb 2008 08:16:12 +0100 Subject: pinentry - unproper use of glib allocation In-Reply-To: <9d146d660802181126h77dbbc05i3a09a4489612166f@mail.gmail.com> (Maciej Piechotka's message of "Mon, 18 Feb 2008 20:26:42 +0100") References: <9d146d660802170250i64608d13p42725f1cb66e1c07@mail.gmail.com> <87d4quuvcb.fsf@wheatstone.g10code.de> <9d146d660802181126h77dbbc05i3a09a4489612166f@mail.gmail.com> Message-ID: <87r6f9s9fn.fsf@wheatstone.g10code.de> On Mon, 18 Feb 2008 20:26, uzytkownik2 at gmail.com said: > At least since GLib 2.0.0 (according to svn and documentation). Thanks. I'll commit your patch. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kayameti at gmail.com Tue Feb 19 22:25:41 2008 From: kayameti at gmail.com (Metin KAYA) Date: Tue, 19 Feb 2008 23:25:41 +0200 Subject: why do not "gpgme-1.1.4/tests/gpg/t-decrypt.c" and "gpgme-1.1.4/tests/gpg/t-encrypt.c" working? Message-ID: Hi all, I'm new user of gpgme. I installed gpgme-1.1.4 and studied examples of it. But when I try to run t-decrypt and t-encrypt binaries, they give this error: # ./t-encrypt t-encrypt.c:60: GPGME: End of file # ./t-decrypt t-decrypt.c:64: GPGME: Decryption failed I'm using Fedora Core 8 (2.6.23.9-85.fc8) and I want to use gpgme to encrypt/decrypt and assign plain data. Can you help me? How can I encrypt/decrypt/assign plain data via gpgme library functions? -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcus.brinkmann at ruhr-uni-bochum.de Wed Feb 20 01:17:11 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Wed, 20 Feb 2008 01:17:11 +0100 Subject: why do not "gpgme-1.1.4/tests/gpg/t-decrypt.c" and "gpgme-1.1.4/tests/gpg/t-encrypt.c" working? In-Reply-To: References: Message-ID: <87ir0kzdko.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hi, please don't cross-post. Replying to only gnupg-devel: At Tue, 19 Feb 2008 23:25:41 +0200, "Metin KAYA" wrote: > > [1 ] > [1.1 ] > Hi all, > > I'm new user of gpgme. I installed gpgme-1.1.4 and studied examples of it. > But when I try to run t-decrypt and t-encrypt binaries, they give this > error: > > # ./t-encrypt > t-encrypt.c:60: GPGME: End of file > > # ./t-decrypt > t-decrypt.c:64: GPGME: Decryption failed > > I'm using Fedora Core 8 (2.6.23.9-85.fc8) and I want to use gpgme to > encrypt/decrypt and assign plain data. Can you help me? How can I > encrypt/decrypt/assign plain data via gpgme library functions? The included test suite comes with its own environment, which is provided by environment variables. Try something like: GNUPGHOME=`pwd` srcdir=`pwd` ./t-encrypt If you do a VPATH build, you need to adjust srcdir, of course. Thanks, Marcus From kayameti at gmail.com Wed Feb 20 08:15:11 2008 From: kayameti at gmail.com (Metin KAYA) Date: Wed, 20 Feb 2008 09:15:11 +0200 Subject: why do not "gpgme-1.1.4/tests/gpg/t-decrypt.c" and "gpgme-1.1.4/tests/gpg/t-encrypt.c" working? In-Reply-To: <87ir0kzdko.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <87ir0kzdko.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: 2008/2/20, Marcus Brinkmann : > > Hi, > > please don't cross-post. Replying to only gnupg-devel: > > At Tue, 19 Feb 2008 23:25:41 +0200, > "Metin KAYA" wrote: > > > > [1 ] > > [1.1 ] > > Hi all, > > > > I'm new user of gpgme. I installed gpgme-1.1.4 and studied examples of > it. > > But when I try to run t-decrypt and t-encrypt binaries, they give this > > error: > > > > # ./t-encrypt > > t-encrypt.c:60: GPGME: End of file > > > > # ./t-decrypt > > t-decrypt.c:64: GPGME: Decryption failed > > > > I'm using Fedora Core 8 (2.6.23.9-85.fc8) and I want to use gpgme to > > encrypt/decrypt and assign plain data. Can you help me? How can I > > encrypt/decrypt/assign plain data via gpgme library functions? > > The included test suite comes with its own environment, which is > provided by environment variables. Try something like: > > GNUPGHOME=`pwd` srcdir=`pwd` ./t-encrypt it works, thanks a lot. Another question: In the file "t-encrypt-sign.c", why I could not alter the strings (A0FF4590BB6122EDEF6E3C542D727CC768697734, D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2) of these functions? Are they fixed values? If not so, how I can generate these strings? err = gpgme_get_key (ctx, "A0FF4590BB6122EDEF6E3C542D727CC768697734", &key[0], 0); err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", &key[1], 0); If you do a VPATH build, you need to adjust srcdir, of course. > > Thanks, > Marcus Cheers. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kayameti at gmail.com Wed Feb 20 09:49:40 2008 From: kayameti at gmail.com (Metin KAYA) Date: Wed, 20 Feb 2008 10:49:40 +0200 Subject: How can I run "t-encrypt-sym.c" in a directory that different from "gpgme-1.1.4/tests/gpg"? Message-ID: I have installed gpgme-1.1.5 and gpgme-devel-1.1.5 via yum on Fedora Core 8, and compiled "t-encrypt-sym.c" via this commands: # gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -I/usr/local/include -c -o t-encrypt-sym.o t-encrypt-sym.c # libtool --tag=CC --mode=link gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -lgpgme -o t-encrypt-sym t-encrypt-sym.o How can I run "t-encrypt-sym" in a directory that different from " gpgme-1.1.4/tests/gpg"? Which files have to be copied to the new directory? Otherwise, how can I generate necessary files? Please help. Thanks in advance, best regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcus.brinkmann at ruhr-uni-bochum.de Wed Feb 20 13:49:23 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Wed, 20 Feb 2008 13:49:23 +0100 Subject: why do not "gpgme-1.1.4/tests/gpg/t-decrypt.c" and "gpgme-1.1.4/tests/gpg/t-encrypt.c" working? In-Reply-To: References: <87ir0kzdko.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <87hcg3ztbf.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Wed, 20 Feb 2008 09:15:11 +0200, "Metin KAYA" wrote: > Another question: In the file "t-encrypt-sign.c", why I could not alter the > strings (A0FF4590BB6122EDEF6E3C542D727CC768697734, > D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2) of these functions? Are they > fixed values? If not so, how I can generate these strings? > > err = gpgme_get_key (ctx, "A0FF4590BB6122EDEF6E3C542D727CC768697734", > &key[0], 0); > err = gpgme_get_key (ctx, "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", > &key[1], 0); The test suite tests against the keys used in the test suite. It's a good idea to use the GPGME test programs as examples and basis for your own work. But you will also need to read the manual and have an understanding of encryption in general and GPG in particular. As you can find in the reference manual, the second argument to gpgme_get_key is the fingerprint of the key. The fingerprint is shown by gpg --with-fingerprint -kv, for example. Or you can do a key listing based on other properties, and search through the list of keys returned. Please see the reference manual. Thanks, Marcus From stvdo at gmx.net Thu Feb 21 08:45:44 2008 From: stvdo at gmx.net (stvdo at gmx.net) Date: Thu, 21 Feb 2008 08:45:44 +0100 Subject: Proposed patch for libksba: make SMIMECapabilities parameter encoding conform to RFC Message-ID: <20080221074544.62780@gmx.net> Hi, there are a lot of complaints around concerning interoperability of S/MIME encrypted Mails between Thunderbird (using its own S/MIME Library) and KMail (using gpgsm), see, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=379625 The root of the problem seems to be that gpgsm/libksba does not encode algorithm parameters in conformance to the RFC http://www.apps.ietf.org/rfc/rfc3851.html#sec-2.5.2: "[...] The registered SMIMECapabilities list specifies the parameters for OIDs that need them, most notably key lengths in the case of variable-length symmetric ciphers. In the event that there are no differentiating parameters for a particular OID, the parameters MUST be omitted, and MUST NOT be encoded as NULL." Using libksba, absent algorithm parameters always result in a TYPE_NULL identifier of length zero which is a MUST NOT according to the RFC. When exchanging signed/encrypted Mails between KMail and Thunderbird, Thunderbird reads the SMIMECapabilities section, but refuses to accept any algorithms for which the parameter encoding is not strictly conform to the RFC. Thunderbird in that case falls back to RC2/40 encryption (weak!) and in turn KMail cannot decrypt any S/MIME encrypted Mail sent by Thunderbird, because gpg does not include RC2/40 due to its weakness and patent problems. At http://www.intevation.de/roundup/aegypten/issue754 I have filed a possible patch for libksba which corrects the encoding of absent parameters in SMIMECapabilities. However, I don't know whether the bug tracker is actively monitored and by whom. So I'd like to announce the patch on this mailing list, too, and ask for a carefull review. Regards stvdo -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser -------------- next part -------------- A non-text attachment was scrubbed... Name: libksba_der-encode.diff Type: text/x-patch Size: 1123 bytes Desc: not available URL: From wk at gnupg.org Thu Feb 21 11:10:41 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 21 Feb 2008 11:10:41 +0100 Subject: Proposed patch for libksba: make SMIMECapabilities parameter encoding conform to RFC In-Reply-To: <20080221074544.62780@gmx.net> (stvdo@gmx.net's message of "Thu, 21 Feb 2008 08:45:44 +0100") References: <20080221074544.62780@gmx.net> Message-ID: <87d4qqtyam.fsf@wheatstone.g10code.de> On Thu, 21 Feb 2008 08:45, stvdo at gmx.net said: > there are a lot of complaints around concerning interoperability of S/MIME encrypted Mails between Thunderbird (using its own S/MIME Library) and KMail (using gpgsm), see, e.g. Which is mostly a problem of Mozilla not doing what everyone else does. We actually had to add the SMIME capability EA to convince an older version not use use 40 bit encryption. Now it seems again to be pitty. I still consider it very very questionable to fallback to insecure algorithms based on missing preference. No security application should ever do that!!. > When exchanging signed/encrypted Mails between KMail and Thunderbird, > Thunderbird reads the SMIMECapabilities section, but refuses to accept > any algorithms for which the parameter encoding is not strictly > conform to the RFC. Thunderbird in that case falls back to RC2/40 Thanks for tracking the problem down. > At http://www.intevation.de/roundup/aegypten/issue754 I have filed a You should use http://bugs.gnupg.org. > possible patch for libksba which corrects the encoding of absent > parameters in SMIMECapabilities. However, I don't know whether the bug > tracker is actively monitored and by whom. So I'd like to announce the > patch on this mailing list, too, and ask for a carefull review. The patch is not correct as it would remove encoding of the NULL parameter in all algorithmIdentifiers and not use with smimeCapabilities. rfc3280 does not have this requirement and the original profile gpgsm has been written for suggtest to use NULL. In fact Mozilla is the only application with such a problem and all other S/MIME applications interoperate just fine with gpgsm. Checkout the BSI website on S/MIME interoperability. Anyway, I changed that in the SVN and attach a patch which can be applied to libksba 1.0.3. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: smimecap-fix.diff URL: From rw at rlworkman.net Thu Feb 21 22:46:02 2008 From: rw at rlworkman.net (Robby Workman) Date: Thu, 21 Feb 2008 15:46:02 -0600 Subject: scim and pinentry-gtk2 Message-ID: <47BDF11A.8010500@rlworkman.net> To make a long story short, pinentry-gtk2 doesn't receive keyboard input when scim is being used. This has previously been reported to both Ubuntu and OpenSuSE, and after scim and friends were recently added to Slackware, we're seeing it there. https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/176815 https://bugzilla.novell.com/show_bug.cgi?id=330073#c5 Any idea what's at fault? -RW From wk at gnupg.org Fri Feb 22 16:52:52 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 22 Feb 2008 16:52:52 +0100 Subject: S/MIME and DSA Message-ID: <87lk5dm1ij.fsf@wheatstone.g10code.de> Hi! Those of you having access to X.509 certificates with DSA key, might want to checkout the latest GnuPG (4699) and libksba (288) from SVN. I added basic support for DSA and it works using a certificate with all parameters included. It might also work with SHA256 but I have no test certificates or messages. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From marcus.brinkmann at ruhr-uni-bochum.de Tue Feb 26 14:10:57 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue, 26 Feb 2008 14:10:57 +0100 Subject: scim and pinentry-gtk2 In-Reply-To: <47BDF11A.8010500@rlworkman.net> References: <47BDF11A.8010500@rlworkman.net> Message-ID: <87hcfvg8wu.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Thu, 21 Feb 2008 15:46:02 -0600, Robby Workman wrote: > > To make a long story short, pinentry-gtk2 doesn't receive keyboard > input when scim is being used. This has previously been reported > to both Ubuntu and OpenSuSE, and after scim and friends were recently > added to Slackware, we're seeing it there. > > https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/176815 > > https://bugzilla.novell.com/show_bug.cgi?id=330073#c5 > > Any idea what's at fault? pinentry grabs the keyboard and the screen by default (there is an option to switch it off). Maybe scim doesn't work well with that? Thanks, Marcus From kristo at no-log.org Wed Feb 27 13:21:50 2008 From: kristo at no-log.org (Kristo) Date: Wed, 27 Feb 2008 13:21:50 +0100 Subject: GnuPG with GPG-agent In-Reply-To: <47C49996.3070505@no-log.org> References: <47C49996.3070505@no-log.org> Message-ID: <47C555DE.9050806@no-log.org> Hi, I found your email addresses on a GnuPG forum. I'm using GnuPG 1.4.7 and it works fine. I would like to use gpg-agent but it seems that it is only available with GnuPG 2. But I did not find any executable to install it (except what you're talking on http://www.gossamer-threads.com/lists/gnupg/devel/35838 but I'm not sure it would work). I'm using Windows XP. So do you know where I can find it ? Or if not, find the way to compile it from the source ? But I do not want to have to install a full compilation environment if it's too many stuff. Thanks a lot, Kris From wk at gnupg.org Thu Feb 28 17:33:25 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Feb 2008 17:33:25 +0100 Subject: GnuPG with GPG-agent In-Reply-To: <47C555DE.9050806@no-log.org> (kristo@no-log.org's message of "Wed, 27 Feb 2008 13:21:50 +0100") References: <47C49996.3070505@no-log.org> <47C555DE.9050806@no-log.org> Message-ID: <87myplca7e.fsf@wheatstone.g10code.de> On Wed, 27 Feb 2008 13:21, kristo at no-log.org said: > I'm using Windows XP. You better wait until these is a complete release. For now it is a bit hard to setup and build correctly. Whatch out for the gpg4win 1.9 beta we hope to release within the next few weeks. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.