From daniel.leidert.spam at gmx.net Wed Jun 4 19:39:37 2008 From: daniel.leidert.spam at gmx.net (Daniel Leidert) Date: Wed, 04 Jun 2008 19:39:37 +0200 Subject: Key expires at ... 1971 Message-ID: <1212601177.4269.2.camel@localhost> Hi, Is this a feature or a bug or a limitation or maybe even not gnupg related? A user observed the following: > gpg --gen-key [..] > ?Please select what kind of key you want: > (1) DSA and Elgamal (default) > (2) DSA (sign only) > (5) RSA (sign only) > Your selection? > DSA keypair will have 1024 bits. > ELG-E keys may be between 1024 and 4096 bits long. > What keysize do you want? (2048) > Requested keysize is 2048 bits > Please specify how long the key should be valid. > 0 = key does not expire > = key expires in n days > w = key expires in n weeks > m = key expires in n months > y = key expires in n years > Key is valid for? (0) 99y > Key expires at Mo 05 Apr 1971 08:39:47 CET > Is this correct? (y/N) I can reproduce it with the latest release of gnupg 1.4.9. Regards, Daniel From dshaw at jabberwocky.com Wed Jun 4 21:31:04 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 4 Jun 2008 15:31:04 -0400 Subject: Key expires at ... 1971 In-Reply-To: <1212601177.4269.2.camel@localhost> References: <1212601177.4269.2.camel@localhost> Message-ID: <20080604193103.GE5992@jabberwocky.com> On Wed, Jun 04, 2008 at 07:39:37PM +0200, Daniel Leidert wrote: > Hi, > > Is this a feature or a bug or a limitation or maybe even not gnupg > related? A user observed the following: > > > gpg --gen-key > [..] > > ???Please select what kind of key you want: > > (1) DSA and Elgamal (default) > > (2) DSA (sign only) > > (5) RSA (sign only) > > Your selection? > > DSA keypair will have 1024 bits. > > ELG-E keys may be between 1024 and 4096 bits long. > > What keysize do you want? (2048) > > Requested keysize is 2048 bits > > Please specify how long the key should be valid. > > 0 = key does not expire > > = key expires in n days > > w = key expires in n weeks > > m = key expires in n months > > y = key expires in n years > > Key is valid for? (0) 99y > > Key expires at Mo 05 Apr 1971 08:39:47 CET > > Is this correct? (y/N) > > I can reproduce it with the latest release of gnupg 1.4.9. It's a bug. OpenPGP has some date limits (there is a Y2106 issue inherent in the protocol), but it should be able to handle expiration dates up to 2242. I'll take a look at it. David From knoch at searshc.com Wed Jun 4 21:56:20 2008 From: knoch at searshc.com (Noch, Keith) Date: Wed, 4 Jun 2008 15:56:20 -0400 Subject: pinentry on aix... Message-ID: <33FEEE6E2ADCE94A81CF34CB79DB5E9AEDCB6D@USKIHSVPEXCH19.kih.kmart.com> Hello, Has any been able to get pinentry compiled on aix specifically aix 5.2? From wk at gnupg.org Wed Jun 4 23:17:12 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 04 Jun 2008 23:17:12 +0200 Subject: Key expires at ... 1971 In-Reply-To: <20080604193103.GE5992@jabberwocky.com> (David Shaw's message of "Wed, 4 Jun 2008 15:31:04 -0400") References: <1212601177.4269.2.camel@localhost> <20080604193103.GE5992@jabberwocky.com> Message-ID: <873ansuch3.fsf@wheatstone.g10code.de> On Wed, 4 Jun 2008 21:31, dshaw at jabberwocky.com said: > It's a bug. OpenPGP has some date limits (there is a Y2106 issue > inherent in the protocol), but it should be able to handle expiration > dates up to 2242. I'll take a look at it. 2242: I don't think so as we are using a 32 bit type almost everywhere in gpg. All timestamps are expressed as 32 bit values and on the majority of machines time_t is 32 bit. Thus there is a limitation and that is the reason why the computed expiration time is shown and needs to be confirmed. After evaluating a couple of other options I decided to use a string for timestamps in gpgsm. Thus gpgsm should work fine with any reasonable date for the next couple of hundred years. Changing gpg to use the same algorithm is pointless as OpenPGP uses 32 bit which ends in 2106 and due to limitations of most libcs (asctime etc) actually in 2038. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dshaw at jabberwocky.com Wed Jun 4 23:30:22 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 4 Jun 2008 17:30:22 -0400 Subject: Key expires at ... 1971 In-Reply-To: <873ansuch3.fsf@wheatstone.g10code.de> References: <1212601177.4269.2.camel@localhost> <20080604193103.GE5992@jabberwocky.com> <873ansuch3.fsf@wheatstone.g10code.de> Message-ID: <20080604213022.GF5992@jabberwocky.com> On Wed, Jun 04, 2008 at 11:17:12PM +0200, Werner Koch wrote: > On Wed, 4 Jun 2008 21:31, dshaw at jabberwocky.com said: > > > It's a bug. OpenPGP has some date limits (there is a Y2106 issue > > inherent in the protocol), but it should be able to handle expiration > > dates up to 2242. I'll take a look at it. > > 2242: I don't think so as we are using a 32 bit type almost everywhere > in gpg. Expiration dates in OpenPGP are calculated as the offset from the key creation time, not 1970. Only the key creation time is calculated from 1970. Both are 32-bit values, so the maximum expiration is 4294967295 seconds + 4294967295 seconds == 272 years. Leaving out leap years for simplicity, 1970 + 272 == 2242. GPG has the limitation of treating an expiration time as an absolute, rather than a relative offset from the key creation time, but this is not an OpenPGP issue. David From wk at gnupg.org Thu Jun 5 09:08:13 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 05 Jun 2008 09:08:13 +0200 Subject: Key expires at ... 1971 In-Reply-To: <20080604213022.GF5992@jabberwocky.com> (David Shaw's message of "Wed, 4 Jun 2008 17:30:22 -0400") References: <1212601177.4269.2.camel@localhost> <20080604193103.GE5992@jabberwocky.com> <873ansuch3.fsf@wheatstone.g10code.de> <20080604213022.GF5992@jabberwocky.com> Message-ID: <87tzg8s6jm.fsf@wheatstone.g10code.de> On Wed, 4 Jun 2008 23:30, dshaw at jabberwocky.com said: > Expiration dates in OpenPGP are calculated as the offset from the key > creation time, not 1970. Only the key creation time is calculated > from 1970. Both are 32-bit values, so the maximum expiration is > 4294967295 seconds + 4294967295 seconds == 272 years. Leaving out > leap years for simplicity, 1970 + 272 == 2242. Right. But with a 32 bit type it is hard to work with these values. In fact it is not easily possible to use a 64 bit type for computation on some machines at all. Recall the problems we had with TIGER/192. > GPG has the limitation of treating an expiration time as an absolute, > rather than a relative offset from the key creation time, but this is > not an OpenPGP issue. You suggest to replace the skalar value by a vector of creationtime, exipration? I think this is too complicated to understand and has only limited purpose. Given that in 2038 almost all applications using the Epoch scheme will suffer from major problems [1], another upgrade path should be worked on. There are suggestions for a new time API in Unix but nobody cares to implement them because the current API is for sufficient for most applications. Before I settled for a 16 byte array as the time type in gpgsm, Moritz Schulte started to implement Markus Kuhn's time API. However it turned out that it does not make sense to do this in a library without OS support - one would need to write replacements for all time functions and thus this stoff belongts into the libc. typedef char gnupg_isotime_t[16]; static inline void gnupg_copy_time (gnupg_isotime_t d, const gnupg_isotime_t s) { if (*s && (strlen (s) != 15 || s[8] != 'T')) BUG(); strcpy (d, s); } Along with a couple of other functions is the easiest way to work with dates in the not so far away future. Sure, there is still the problem converting the dates to localtime but at least comutations are right and if everything else fails one can simply print the string and get a human readable output: 20080406T065200 (which also makes debugging easier). (Yeah, I know that the strcpy could be replaced by a memcpy.) Shalom-Salam, Werner [1] Even though there are 64 bit OSes and some 32 bit OSes with a 64 bit time_t, the majority of applications use a 32 bit time_t. Think of all the small gadgets like mobile phones, music players, and whatever will be deployed over thhe next years. time_t is in most implementaions signed and thus - if it is 32 bit type - it will turn negative on 2038-01-19. Error tests for time() are often done by testing for negative numbers than by testing against (time_t)(-1). Output and input function also can't handle anyhing beyond the 2038 date. I doubt that changing the Epoch date will be a viable workaround. (I guess that after my retirement I will we called for helping out fixing those strange C applications running for decades and "suddenly" stopped working. ;-)) -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bh at intevation.de Thu Jun 5 12:15:50 2008 From: bh at intevation.de (Bernhard Herzog) Date: Thu, 05 Jun 2008 12:15:50 +0200 Subject: [svn] gpgme - r1314 - in trunk: . doc gpgme In-Reply-To: (svn author wk's message of "Wed, 04 Jun 2008 16:14:42 +0200") References: Message-ID: cvs at cvs.gnupg.org (svn author wk) writes: > --- trunk/doc/Makefile.am 2008-05-09 08:26:28 UTC (rev 1313) > +++ trunk/doc/Makefile.am 2008-06-04 14:14:38 UTC (rev 1314) > @@ -22,7 +22,7 @@ > DISTCLEANFILES = gpgme.tmp > > info_TEXINFOS = gpgme.texi > -gpgme_TEXINFOS = lesser.texi > +gpgme_TEXINFOS = uiserver.texi lesser.texi gpl.texi uiserver.texi appears to be missing in SVN. Bernhard From wk at gnupg.org Thu Jun 5 12:26:13 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 05 Jun 2008 12:26:13 +0200 Subject: [svn] gpgme - r1314 - in trunk: . doc gpgme In-Reply-To: (Bernhard Herzog's message of "Thu, 05 Jun 2008 12:15:50 +0200") References: Message-ID: <87mym0qit6.fsf@wheatstone.g10code.de> On Thu, 5 Jun 2008 12:15, bh at intevation.de said: > uiserver.texi appears to be missing in SVN. Fixed in 1315. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dshaw at jabberwocky.com Thu Jun 5 19:35:59 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 5 Jun 2008 13:35:59 -0400 Subject: Key expires at ... 1971 In-Reply-To: <87tzg8s6jm.fsf@wheatstone.g10code.de> References: <1212601177.4269.2.camel@localhost> <20080604193103.GE5992@jabberwocky.com> <873ansuch3.fsf@wheatstone.g10code.de> <20080604213022.GF5992@jabberwocky.com> <87tzg8s6jm.fsf@wheatstone.g10code.de> Message-ID: <20080605173559.GA9632@jabberwocky.com> On Thu, Jun 05, 2008 at 09:08:13AM +0200, Werner Koch wrote: > On Wed, 4 Jun 2008 23:30, dshaw at jabberwocky.com said: > > > Expiration dates in OpenPGP are calculated as the offset from the key > > creation time, not 1970. Only the key creation time is calculated > > from 1970. Both are 32-bit values, so the maximum expiration is > > 4294967295 seconds + 4294967295 seconds == 272 years. Leaving out > > leap years for simplicity, 1970 + 272 == 2242. > > Right. But with a 32 bit type it is hard to work with these values. In > fact it is not easily possible to use a 64 bit type for computation on > some machines at all. Recall the problems we had with TIGER/192. > > > GPG has the limitation of treating an expiration time as an absolute, > > rather than a relative offset from the key creation time, but this is > > not an OpenPGP issue. > > You suggest to replace the skalar value by a vector of creationtime, > exipration? I think this is too complicated to understand and has only > limited purpose. Given that in 2038 almost all applications using the > Epoch scheme will suffer from major problems [1], another upgrade path > should be worked on. No, I think the current scheme is too baked into the code to make changing it reasonable. However, we can do a lot better than translating "99y" into a key that is instantly expired. Even returning an error there would be an improvement. Amusingly enough, GPG used to handle this a bit better than it does now. A few years ago, a 99y value would at least be placed correctly in the expiration subpacket. It would fail when *using* the key, but at least the key on disk was sane. The current behavior stems from a bugfix around updating existing signatures that have expiration subpackets. David From wk at gnupg.org Fri Jun 6 10:07:12 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 06 Jun 2008 10:07:12 +0200 Subject: Key expires at ... 1971 In-Reply-To: <20080605173559.GA9632@jabberwocky.com> (David Shaw's message of "Thu, 5 Jun 2008 13:35:59 -0400") References: <1212601177.4269.2.camel@localhost> <20080604193103.GE5992@jabberwocky.com> <873ansuch3.fsf@wheatstone.g10code.de> <20080604213022.GF5992@jabberwocky.com> <87tzg8s6jm.fsf@wheatstone.g10code.de> <20080605173559.GA9632@jabberwocky.com> Message-ID: <87zlpzm1fz.fsf@wheatstone.g10code.de> On Thu, 5 Jun 2008 19:35, dshaw at jabberwocky.com said: > changing it reasonable. However, we can do a lot better than > translating "99y" into a key that is instantly expired. Even > returning an error there would be an improvement. The question is what to display then. We would need to change all output to either display the correct date or a string like "expires after 2037". That would be okay for humans but not for machine parsing. In --with-colons mode (along with theat --fixed-list-mode) we display seconds since Epoch, so that is not a problem - we need to check that we print them correctly. We could also settle for 21040501T141516 in the --with-colons output as described by DETAILS: Note that the date is usally printed in seconds since epoch, however, we are migrating to an ISO 8601 format (e.g. "19660205T091500"). This is currently only relevant for X.509, A simple way to detect the format is be scannning for the 'T'. At least gpgme handles both formats correct. > Amusingly enough, GPG used to handle this a bit better than it does > now. A few years ago, a 99y value would at least be placed correctly > in the expiration subpacket. It would fail when *using* the key, but Yet another missing regression test ;-). Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From petr.uzel at suse.cz Wed Jun 11 13:51:53 2008 From: petr.uzel at suse.cz (Petr Uzel) Date: Wed, 11 Jun 2008 13:51:53 +0200 Subject: [patch] remove unused variable Message-ID: <200806111351.54449.petr.uzel@suse.cz> Hi all, attached patch removes useless 'active_charset' variable. Although it is useless, it is 'used' at some places and hence the compiler can not warn about it. Note: in case there is better place to post patches than this list, please let me know... -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: puzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-remove_active_charset.patch Type: text/x-diff Size: 1446 bytes Desc: not available URL: From petr.uzel at suse.cz Wed Jun 11 14:00:38 2008 From: petr.uzel at suse.cz (Petr Uzel) Date: Wed, 11 Jun 2008 14:00:38 +0200 Subject: [patch] gnupg-2.0.9 uses wrong charset Message-ID: <200806111400.39746.petr.uzel@suse.cz> Hi all, I believe there is a bug in gnupg-2.0.9 that causes incorrect handling/conversions of non-latin characters on UTF terminals. PROBLEM: nl_langinfo(CODESET) at utf8conv.c:208 should return console charset (in my case UTF-8), but instead returns ANSI_X3.4-1968 (~US-ASCII). So gpg then uses incorrect character set for iconv conversions resulting in 'weird' characters in UIDs. FIX: This can be fixed by calling setlocale(LC_ALL, "") prior to nl_langinfo(). Since setlocale() is called from i18n_init() and nl_langinfo() from init_common_subsystems(), attached patch should IMHO fix the problem. -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: puzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-2.0.9-langinfo.patch Type: text/x-diff Size: 544 bytes Desc: not available URL: From wk at gnupg.org Wed Jun 11 17:59:14 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 11 Jun 2008 17:59:14 +0200 Subject: [patch] remove unused variable In-Reply-To: <200806111351.54449.petr.uzel@suse.cz> (Petr Uzel's message of "Wed, 11 Jun 2008 13:51:53 +0200") References: <200806111351.54449.petr.uzel@suse.cz> Message-ID: <87skvkotd9.fsf@wheatstone.g10code.de> On Wed, 11 Jun 2008 13:51, petr.uzel at suse.cz said: > Note: in case there is better place to post patches than this list, please let > me know... Please do not post longer patches or series of patches unless you have signed a copyright assignment with the FSF. Better describe the problem and let us change the code. I am sorry about this legal BS what we need to be strict about it. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Wed Jun 11 18:15:02 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 11 Jun 2008 18:15:02 +0200 Subject: [patch] gnupg-2.0.9 uses wrong charset In-Reply-To: <200806111400.39746.petr.uzel@suse.cz> (Petr Uzel's message of "Wed, 11 Jun 2008 14:00:38 +0200") References: <200806111400.39746.petr.uzel@suse.cz> Message-ID: <87lk1cosmx.fsf@wheatstone.g10code.de> On Wed, 11 Jun 2008 14:00, petr.uzel at suse.cz said: > FIX: > This can be fixed by calling setlocale(LC_ALL, "") prior to nl_langinfo(). > Since setlocale() is called from i18n_init() and nl_langinfo() from > init_common_subsystems(), attached patch should IMHO fix the problem. I am not sure whether this is a good solution. There must have been a reason why the initialization has been splitted up. Calling i18n_init earlier might not be a good idea. Despite the fact that it would fix a problem printing a non-translated diagnostic in case a wrong libgcrypt is used. Needs to be investigated. A not so intrusive change would be to do an extra call to setlocale earlier (best in set_native_charset()). Thanks, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From t.tovmasyan at yahoo.com Thu Jun 5 21:47:15 2008 From: t.tovmasyan at yahoo.com (Tigran Tovmasyan) Date: Thu, 5 Jun 2008 12:47:15 -0700 (PDT) Subject: Help me to export my SECRET Key !!! Message-ID: <993071.21717.qm@web45503.mail.sp1.yahoo.com> Hi there !!! On my system (Linux RH9 2.4.29) I'm using gpg (GnuPG) 1.2.1. How can I export my secret key to a file? Best Regards Tigran -------------- next part -------------- An HTML attachment was scrubbed... URL: From wang_teddy at emc.com Wed Jun 11 21:33:06 2008 From: wang_teddy at emc.com (f2racer) Date: Wed, 11 Jun 2008 12:33:06 -0700 (PDT) Subject: Using gnupgjava on Weblogic results in com.freiheit.gnupg.GnuPGException: General error Message-ID: <17785418.post@talk.nabble.com> I can create a simple Java application and call it from the command line fine, but when I try to run it from Weblogic 10 MP1, I get the following error: #### <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1213199420802> <[weblogic.servlet.internal.WebAppServletContext at 2d9c071 - appName: 'myApp', name: 'myapp', context-path: '/myapp'] Root cause of ServletException. com.freiheit.gnupg.GnuPGException: General error at com.freiheit.gnupg.GnuPGKey.gpgmeGetKey(Native Method) at com.freiheit.gnupg.GnuPGKey.(GnuPGKey.java:39) at com.freiheit.gnupg.GnuPGContext.getKeyByFingerprint(GnuPGContext.java:200) at com.mycompany.myapp.integration.GpgEncryption.encrypt(GpgEncryption.java:66) at com.mycompany.myapp.integration.IntegrationHelper.processPayload(IntegrationHelper.java:267) at com.mycompany.myapp.integration.IntegrationHelper.buildPayload(IntegrationHelper.java:117) at integration.ifi.IfiController.begin(IfiController.java:112) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) Any help would be greatly appreciated. Thanks! -- View this message in context: http://www.nabble.com/Using-gnupgjava-on-Weblogic-results-in-com.freiheit.gnupg.GnuPGException%3A-General-error-tp17785418p17785418.html Sent from the GnuPG - Dev mailing list archive at Nabble.com. From s-beyer at gmx.net Wed Jun 11 23:26:20 2008 From: s-beyer at gmx.net (Stephan Beyer) Date: Wed, 11 Jun 2008 23:26:20 +0200 Subject: Help me to export my SECRET Key !!! In-Reply-To: <993071.21717.qm@web45503.mail.sp1.yahoo.com> References: <993071.21717.qm@web45503.mail.sp1.yahoo.com> Message-ID: <20080611212620.GA7200@leksak.fem-net> Hi, > On my system (Linux RH9 2.4.29) I'm using gpg (GnuPG) 1.2.1. > How can I export my secret key to a file? Have you tried gpg --export-secret-keys 0xDEADBEEF? (0xDEADBEEF should be replaced by your key id.) This should be what you want according to the manual page of gpg (even 1.2.1). But before you export your secret key, hesitate a minute and consider if this is really what you want ;-) Regards, Stephan -- Stephan Beyer , PGP 0x6EDDD207FCC5040F From JPClizbe at tx.rr.com Wed Jun 11 23:53:26 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 11 Jun 2008 16:53:26 -0500 Subject: Help me to export my SECRET Key !!! In-Reply-To: <993071.21717.qm@web45503.mail.sp1.yahoo.com> References: <993071.21717.qm@web45503.mail.sp1.yahoo.com> Message-ID: <48504956.7070707@tx.rr.com> Tigran Tovmasyan wrote: > Hi there !!! > > On my system (Linux RH9 2.4.29) I'm using gpg (GnuPG) 1.2.1. How can I > export my secret key to a file? See the gpg man page for --export-secret-keys gpg --export-secret-keys 0xdecafbad 0xdeadbeef > seekrit-keys.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 677 bytes Desc: OpenPGP digital signature URL: From petr.uzel at suse.cz Thu Jun 12 12:23:16 2008 From: petr.uzel at suse.cz (Petr Uzel) Date: Thu, 12 Jun 2008 12:23:16 +0200 Subject: [patch] remove unused variable In-Reply-To: <87skvkotd9.fsf@wheatstone.g10code.de> References: <200806111351.54449.petr.uzel@suse.cz> <87skvkotd9.fsf@wheatstone.g10code.de> Message-ID: <200806121223.18606.petr.uzel@suse.cz> Dne Wednesday 11 of June 2008 17:59:14 Werner Koch napsal(a): > Please do not post longer patches or series of patches unless you have > signed a copyright assignment with the FSF. OK, sorry, I had no idea that this is required. I did some googling but I was not able to find clear instructions how to sign such agreement - can I ask you for more info how to do this? TIA -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: petr.uzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz From wk at gnupg.org Thu Jun 12 14:16:51 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 12 Jun 2008 14:16:51 +0200 Subject: [patch] remove unused variable In-Reply-To: <200806121223.18606.petr.uzel@suse.cz> (Petr Uzel's message of "Thu, 12 Jun 2008 12:23:16 +0200") References: <200806111351.54449.petr.uzel@suse.cz> <87skvkotd9.fsf@wheatstone.g10code.de> <200806121223.18606.petr.uzel@suse.cz> Message-ID: <874p7ylufg.fsf@wheatstone.g10code.de> On Thu, 12 Jun 2008 12:23, petr.uzel at suse.cz said: > OK, sorry, I had no idea that this is required. I did some googling but I was > not able to find clear instructions how to sign such agreement - can I ask > you for more info how to do this? In general you need to write to the FSF; as they handle this. Find attached a copy of the text we send as an explanation. Be aware that your company needs to sign a disclaimer too. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: conditions.text URL: From jmoore3rd at bellsouth.net Thu Jun 12 14:03:32 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 12 Jun 2008 08:03:32 -0400 Subject: [patch] remove unused variable In-Reply-To: <200806121223.18606.petr.uzel@suse.cz> References: <200806111351.54449.petr.uzel@suse.cz> <87skvkotd9.fsf@wheatstone.g10code.de> <200806121223.18606.petr.uzel@suse.cz> Message-ID: <48511094.20906@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Petr Uzel wrote: > Dne Wednesday 11 of June 2008 17:59:14 Werner Koch napsal(a): >> Please do not post longer patches or series of patches unless you have >> signed a copyright assignment with the FSF. > > OK, sorry, I had no idea that this is required. I did some googling but I was > not able to find clear instructions how to sign such agreement - can I ask > you for more info how to do this? Being good friends with the Legal Affairs Officer for FSFEurope I happen to have the Links You desire handy: http://www.gnu.org/prep/maintain/html_node/Copyright-Papers.html http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=tree;f=doc/Copyright;h=c4ef7f86c8f2b745669e3b36086e8d82421ec17f;hb=HEAD HTH JOHN ;) Timestamp: Thursday 12 Jun 2008, 08:02 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.5.0-svn4754: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJIURCRAAoJEBCGy9eAtCsPC6gH/27QrjbT7GoLktU9RJ3XFmwe 76UJw5MY1ISt36QwSNTf2Tar/3iswc5d/jBw02ha+kuRnabN+73B2MdBUsJpC+rw lMpiCyDbgNi3tCbtZxAcaG804OA0T5qwueggwDmza8OO4wH2ivilF3xDLEpg2lHN 2Sj0EECD00E//ND50mGqkQr40lz77Qzx0lDIglYrT6Y+yHmKPl/7/QZr/lmgtErz IFmVJd2c1jRhfO1uhCDHcj8pUYAeb5qiU5bcjzwX5Y/x3igy7yB/NYhjgRO9rZKV I7lU4hw6X7gzsTV+u092y6HZHqh9HYBsmaeq2dURtIBga8F39pO3YNW+/9JWqrk= =bQ2Z -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Thu Jun 12 14:06:33 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 12 Jun 2008 08:06:33 -0400 Subject: Signing a Copyright with FSF Message-ID: <48511149.3000304@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Petr Uzel wrote: > > Dne Wednesday 11 of June 2008 17:59:14 Werner Koch napsal(a): >> >> Please do not post longer patches or series of patches unless you have >> >> signed a copyright assignment with the FSF. > > > > OK, sorry, I had no idea that this is required. I did some googling but I was > > not able to find clear instructions how to sign such agreement - can I ask > > you for more info how to do this? Being good friends with the Legal Affairs Officer for FSFEurope I happen to have the Links You desire handy: http://www.gnu.org/prep/maintain/html_node/Copyright-Papers.html http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=tree;f=doc/Copyright;h=c4ef7f86c8f2b745669e3b36086e8d82421ec17f;hb=HEAD HTH JOHN ;) Timestamp: Thursday 12 Jun 2008, 08:02 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.5.0-svn4754: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJIURFHAAoJEBCGy9eAtCsPdEMH/jisWiFQS30d8P/n5weWy5B3 MeZ8LAW7M9S8lMMCTvsNALXWORvJyr6TCGJYbh8HrRdnmfv06PwDv4ALFKD+Xpd1 iH6eUqNoJnaxBpKkadznC4tKbkuAgMH2EMW2VLwWheGmYCa2MVrCCO4LEFygU0d/ cJQr1AyhUyZFerzM4OAcYUoLgMFw0aw57txbbaJacTeDyWR8NtkITgIrPkKyDPus E/LpKC46AtDPpb50jJ2c7+4sW2iRpsH7TqCLhMeTPIBJgf0lLD31padOb/k+4f+E ikWA/Z966KPP8eno6HLC3eDtzI3WmJaU030E4H/10mSDtXHatsBGygXYrzgU39I= =VNVJ -----END PGP SIGNATURE----- From petr.uzel at suse.cz Thu Jun 12 15:53:42 2008 From: petr.uzel at suse.cz (Petr Uzel) Date: Thu, 12 Jun 2008 15:53:42 +0200 Subject: [patch] remove unused variable In-Reply-To: <874p7ylufg.fsf@wheatstone.g10code.de> References: <200806111351.54449.petr.uzel@suse.cz> <200806121223.18606.petr.uzel@suse.cz> <874p7ylufg.fsf@wheatstone.g10code.de> Message-ID: <200806121553.43628.petr.uzel@suse.cz> > In general you need to write to the FSF; as they handle this. Find > attached a copy of the text we send as an explanation. Be aware that > your company needs to sign a disclaimer too. Thanks, John and Werner - this helped me a lot. -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: petr.uzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz From petr.uzel at suse.cz Fri Jun 13 14:26:36 2008 From: petr.uzel at suse.cz (Petr Uzel) Date: Fri, 13 Jun 2008 14:26:36 +0200 Subject: gnupg: with-colons option breaks encoding Message-ID: <4852677C.2070902@suse.cz> Hi list, I've found another problem with non-latin characters in gpg: I've created testing keypair with UID containing non-latin characters. 1) gpg --list-keys prints everything OK 2) gpg --list-keys --with-colons breaks the encoding and prints weird characters I use UTF-8 terminal and have 'display-charset utf-8' option set in gpg.conf, so it should not be affected by the bug that I've reported a few days ago. This bug affects e.g. kgpg which uses --with-colons option to get list of the keys. I suggest to fix this by using 'print_utf8_string2()' instead of simple 'print_string()' in 'list_keyblock_colon()'. (Hope this description is not considered a patch ;) ) -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: petr.uzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz From puzel at suse.cz Tue Jun 10 14:57:28 2008 From: puzel at suse.cz (Petr Uzel) Date: Tue, 10 Jun 2008 14:57:28 +0200 Subject: gnupg-2.0.9 uses wrong charset Message-ID: <200806101457.29125.puzel@suse.cz> Hi all, I believe there is a bug in gnupg-2.0.9 that causes incorrect handling/conversions of non-latin characters on UTF terminals. PROBLEM: nl_langinfo(CODESET) at utf8conv.c:208 should return console charset (in my case UTF-8), but instead returns ANSI_X3.4-1968 (~US-ASCII). So gpg then uses incorrect character set for iconv conversions resulting in 'weird' characters in UIDs. FIX: This can be fixed by calling setlocale(LC_ALL, "") prior to nl_langinfo(). Since setlocale() is called from i18n_init() and nl_langinfo() from init_common_subsystems(), attached patch should IMHO fix the problem. -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: puzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-2.0.9-langinfo.patch Type: text/x-diff Size: 544 bytes Desc: not available URL: From wk at gnupg.org Fri Jun 13 18:16:22 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 13 Jun 2008 18:16:22 +0200 Subject: gnupg: with-colons option breaks encoding In-Reply-To: <4852677C.2070902@suse.cz> (Petr Uzel's message of "Fri, 13 Jun 2008 14:26:36 +0200") References: <4852677C.2070902@suse.cz> Message-ID: <87k5gtb99l.fsf@wheatstone.g10code.de> On Fri, 13 Jun 2008 14:26, petr.uzel at suse.cz said: > I suggest to fix this by using 'print_utf8_string2()' instead of simple 'print_string()' in 'list_keyblock_colon()'. (Hope this description is not considered a patch ;) ) The options --with-colons is supposed to print utf-8 which is the native format of OpenPGP. Thus print_string is correct. print_utf8_string would convert it first to the native encoding which is wrong. What you see is C-style quoting: 10. Field: User-ID. The value is quoted like a C string to avoid control characters (the colon is quoted "\x3a"). This is not used with --fixed-list-mode in gpg. [...] Note that the last sentence is plainly wrong. I don't know why it was there. The quoting is also done for the Latin-1 high control characters (*p >= 0x7f && *p < 0xa0), thus you see only parts of an utf-8 character quoted. The dequoting has to be done anyway thus I do not care to much about this. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From ussenterprise at babylonfarms.com Sat Jun 14 16:29:41 2008 From: ussenterprise at babylonfarms.com (Troy) Date: Sat, 14 Jun 2008 09:29:41 -0500 Subject: problem with --honor-keyserver-url Message-ID: <4853D5D5.7030708@babylonfarms.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I seem to have run into a problem with --honor-keyserver-url 1st this is the pref on my key (1). Troy Weinzetl (P.S.K.) Cipher: AES256, AES192, AES, BLOWFISH, CAST5, 3DES, TWOFISH Digest: SHA256, SHA224, SHA512, SHA384, RIPEMD160, SHA1 Compression: BZIP2, ZLIB, ZIP, Uncompressed Features: MDC, Keyserver no-modify Preferred keyserver: http://www.babylonfarms.com/secure/0xF8180E9E_pub.asc and this would be my gpg.conf file settings: comment http://www.babylonfarms.com/secure/0xF8180E9E_pub.asc default-key F8180E9E default-recipient-self keyserver-options auto-key-retrieve honor-keyserver-url import-clean export-clean enable-dsa2 default-preference-list s9 s8 s7 s4 s3 s2 s10 h8 h11 h10 h9 h3 z3 z2 z1 personal-cipher-preferences s9 s8 s7 s4 s3 s2 s10 personal-digest-preferences h8 h11 h10 h9 h3 personal-compress-preferences z3 z2 z1 ask-cert-level no-greeting no-mdc-warning trust-model pgp expert verbose keyserver hkp://wwwkeys.eu.pgp.net this setup worked well under gpgshell in windows and when I switched to using Kgpg I found the honor-url didn't work there and then tried Enigmail's key management with no luck there either, however command line works and the output was/is as follows. babylon at babylon-P4:~$ gpg --refresh-key 0xF8180E9E gpg: requesting key F8180E9E from http server www.babylonfarms.com gpg: armor header: Version: GnuPG v1.4.10-svn4774-wK8cam-tlw0 (GNU/Linux) gpg: armor header: Comment: http://www.babylonfarms.com/secure/0xF8180E9E_pub.asc gpg: pub 2048R/F8180E9E 2005-09-01 Troy Weinzetl (P.S.K.) where as if i do the same for another key babylon at babylon-P4:~$ gpg --refresh-key 1086CBD780B42B0F gpg: refreshing 1 key from hkp://wwwkeys.eu.pgp.net gpg: requesting key 80B42B0F from hkp server wwwkeys.eu.pgp.net gpg: armor header: Version: GnuPG v1.4.1 (GNU/Linux) gpg: armor header: Comment: OpenPGP-Keyserver 1.0 (OPKS) gpg: pub 2048R/80B42B0F 2005-09-23 However, neither Enigmail nor Kgpg seem to use the honor-keyserver-url Kgpg-- gpg: requesting key F8180E9E from hkp server wwwkeys.eu.pgp.net gpg: armor header: Version: GnuPG v1.4.1 (GNU/Linux) gpg: armor header: Comment: OpenPGP-Keyserver 1.0 (OPKS) gpg: pub 2048R/F8180E9E Tbird-Enigmail output after updating gpg: depth: 4 valid: 5 signed: 4 trust: 0-, 0q, 0n, 3m, 2f, 0u gpg: next trustdb check due at 2008-08-25 gpg: Total number processed: 1 gpg: new signatures: 12 gpg: signatures cleaned: 12 output from console enigmail> /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 - --with-fin gerprint --fixed-list-mode --with-colons --list-keys enigmail> /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 - --with-fin gerprint --fixed-list-mode --with-colons --list-secret-keys enigmail> /usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 - --keyserve r pool.sks-keyservers.net --recv-keys 0x75AA9F9CF8180E9E - From my understanding, the example from the gpg CLI is how - --Honor-keyserver-url is supposed to work and how it worked with gpgshell. under windows. Using Thunderbird 2.0.0.6 Enigmail 0.95.0 Mepis 7.0 Kgpg 1.2.2 gpg both 1.4.6 & the most current SVN-release I also tested this under Vista and got the same result from Enigmail. GPGshell did use the honor-keyserver-url correctly Thanks in advance Troy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4774-wK8cam-tlw0 (GNU/Linux) Comment: http://www.babylonfarms.com/secure/0xF8180E9E_pub.asc iQEcBAEBCAAGBQJIU9XVAAoJEHWqn5z4GA6eHwwH/jkHW5E/239ZwQZBxzkhJjhF ETPnrbv0T2TRZRMqkMjPcHOXNuzzr0IzNtJuLh9WR1sEqT1WZVBniyUOVbgVcI5q KglxYNEVRRVVLhvf+BvEfysQcbox/aUJomggGWjUVcNZ69ZwsRU3zNODeeLw75Xd 6q1OXanMpfsat3GeYjvsGz2R34/cBojzmAVs88Rfj520gEoqlF7quiFfU4Q3fNAO hyR5RKpwPE9YQ82kHk3WVXfVf2nYj3A76/Az7VXXY+OtESh4VM/oAbVxQCbXA/Hz +Hhe4C+V8lPu9qcTWp/zbRLdRwOZ9CFXUXW1pOazjo7lFSjS984gcIYTEJrWv5k= =t76B -----END PGP SIGNATURE----- From ludwig at hammernoch.net Sun Jun 15 20:37:52 2008 From: ludwig at hammernoch.net (=?ISO-8859-15?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Sun, 15 Jun 2008 20:37:52 +0200 Subject: Gnupg (1.4.9) Errors in german translation Message-ID: <48556180.8080706@hammernoch.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I've discovered and corrected some slight errors in the german translation of gnupg 1.4.9. Patchfile is included. There were some missing "?"s in "Schl?ssel". As far as I can see, the errors still exist in the trunk. HTH Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSFVhflYnpxVXVowdAQoCfQgArbbiOhju4sbRalKgSw9CqvjIB15ZAkFl XHobklfmUkvQVu5/lV3BzBdQHl90bvW9v+/7zgJTb1GXqbtboa4U/9BpxA7oEyzC wzwsM3kskkkA5B4hJ1/64DfkjcvU5aGJ6znTUA3nAR6bUR6DVAQBbbJ7VEYW4MWH H5XGz3RyhxTjb4xWYwhrfcDKvB0Qsv079Bg1LoOelQzBfOqELTMPeSCwf60IA8Zv UnU+Jm+uCBvdqtOhXYK6Q0Pblo3gnI27X1mUibBCXF/tJTd0ZtNvpKmPt0vhWbgQ xjqvMPxv4jgWnIM5WYRXlC5dGDUN0N4h4XfmyaBTLrQex0COkFqx4g== =4iYi -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: de.po.patch URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: de.po.patch.sig Type: application/octet-stream Size: 280 bytes Desc: not available URL: From petr.uzel at suse.cz Mon Jun 16 08:21:19 2008 From: petr.uzel at suse.cz (Petr Uzel) Date: Mon, 16 Jun 2008 08:21:19 +0200 Subject: gnupg: with-colons option breaks encoding In-Reply-To: <87k5gtb99l.fsf@wheatstone.g10code.de> References: <4852677C.2070902@suse.cz> <87k5gtb99l.fsf@wheatstone.g10code.de> Message-ID: <200806160821.19889.petr.uzel@suse.cz> Hi, > The options --with-colons is supposed to print utf-8 which is the native > format of OpenPGP. Thus print_string is correct. print_utf8_string > would convert it first to the native encoding which is wrong. > > What you see is C-style quoting: > > 10. Field: User-ID. The value is quoted like a C string to avoid > control characters (the colon is quoted "\x3a"). > This is not used with --fixed-list-mode in gpg. > [...] Thanks for the explanation - now it's clear. I was previously confused by the description in gpg manpage which says nothing about the quoting (my mistake not to read doc/DETAILS carefully). Have a nice day, -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: petr.uzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz From lists at lina.inka.de Mon Jun 16 10:11:59 2008 From: lists at lina.inka.de (Bernd Eckenfels) Date: Mon, 16 Jun 2008 10:11:59 +0200 Subject: Gnupg (1.4.9) Errors in german translation In-Reply-To: <48556180.8080706@hammernoch.net> References: <48556180.8080706@hammernoch.net> Message-ID: <20080616081159.GA2356@lina.inka.de> On Sun, Jun 15, 2008 at 08:37:52PM +0200, Ludwig H?gelsch?fer wrote: > msgid "Really sign all user IDs? (y/N) " > -msgstr "Wirklich alle User-IDs beglaubigen? (j/N) " > +msgstr "Wirklich alle User-IDs beglaubigen? " Hm? Was ist die Idee dahinter? Gruss Bernd From wk at gnupg.org Mon Jun 16 11:08:53 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 16 Jun 2008 11:08:53 +0200 Subject: Gnupg (1.4.9) Errors in german translation In-Reply-To: <20080616081159.GA2356@lina.inka.de> (Bernd Eckenfels's message of "Mon, 16 Jun 2008 10:11:59 +0200") References: <48556180.8080706@hammernoch.net> <20080616081159.GA2356@lina.inka.de> Message-ID: <87k5gp926y.fsf@wheatstone.g10code.de> On Mon, 16 Jun 2008 10:11, lists at lina.inka.de said: > On Sun, Jun 15, 2008 at 08:37:52PM +0200, Ludwig H?gelsch?fer wrote: >> msgid "Really sign all user IDs? (y/N) " >> -msgstr "Wirklich alle User-IDs beglaubigen? (j/N) " >> +msgstr "Wirklich alle User-IDs beglaubigen? " > > Hm? Was ist die Idee dahinter? [what is the reason for that change] It seems to be a reverse patch. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From Daniel.Leidert.Spam at gmx.net Mon Jun 16 19:31:31 2008 From: Daniel.Leidert.Spam at gmx.net (Daniel Leidert) Date: Mon, 16 Jun 2008 19:31:31 +0200 Subject: Gnupg (1.4.9) Errors in german translation In-Reply-To: <48556180.8080706@hammernoch.net> References: <48556180.8080706@hammernoch.net> Message-ID: <20080616173131.83260@gmx.net> Ludwig H?gelsch?fer schrieb: > I've discovered and corrected some slight errors in the german > translation of gnupg 1.4.9. Patchfile is included. There were some > missing "?"s in "Schl?ssel". > > As far as I can see, the errors still exist in the trunk. Can you check against https://bugs.g10code.com/gnupg/issue916 please? Regards, Daniel -- Psssst! Schon vom neuen GMX MultiMessenger geh?rt? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger From ludwig at hammernoch.net Mon Jun 16 20:15:44 2008 From: ludwig at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Mon, 16 Jun 2008 20:15:44 +0200 Subject: Gnupg (1.4.9) Errors in german translation In-Reply-To: <20080616173131.83260@gmx.net> References: <48556180.8080706@hammernoch.net> <20080616173131.83260@gmx.net> Message-ID: <4856ADD0.3080601@hammernoch.net> Daniel Leidert wrote on 16.06.2008 19:31 Uhr: > Ludwig H?gelsch?fer schrieb: > >> I've discovered and corrected some slight errors in the german >> translation of gnupg 1.4.9. Patchfile is included. There were some >> missing "?"s in "Schl?ssel". >> >> As far as I can see, the errors still exist in the trunk. > > Can you check against https://bugs.g10code.com/gnupg/issue916 please? [X] Done. I corrected de.po. from 1.4.9 and created the patch against STABLE-BRANCH-1-4, so it was mostly the inverted patch from issue916. Now my patch contains only 3 lines, as I've diffed against revision 4785 Greetings Ludwig -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: de_1_4.po.patch URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 542 bytes Desc: OpenPGP digital signature URL: From Ludwig.Huegelschaefer at siemens.com Mon Jun 16 11:18:27 2008 From: Ludwig.Huegelschaefer at siemens.com (=?UTF-8?B?THVkd2lnIEjDvGdlbHNjaMOkZmVy?=) Date: Mon, 16 Jun 2008 11:18:27 +0200 Subject: Gnupg (1.4.9) Errors in german translation In-Reply-To: <87k5gp926y.fsf@wheatstone.g10code.de> References: <48556180.8080706@hammernoch.net> <20080616081159.GA2356@lina.inka.de> <87k5gp926y.fsf@wheatstone.g10code.de> Message-ID: <48562FE3.8060802@siemens.com> On 16.06.2008 11:08, Werner Koch wrote: > On Mon, 16 Jun 2008 10:11, lists at lina.inka.de said: >> On Sun, Jun 15, 2008 at 08:37:52PM +0200, Ludwig H?gelsch?fer wrote: >>> msgid "Really sign all user IDs? (y/N) " >>> -msgstr "Wirklich alle User-IDs beglaubigen? (j/N) " >>> +msgstr "Wirklich alle User-IDs beglaubigen? " >> Hm? Was ist die Idee dahinter? > > [what is the reason for that change] > > It seems to be a reverse patch. Sorry for the disturbance, I will go and learn how to properly svn diff. Gru? Ludwig From wk at gnupg.org Mon Jun 23 10:16:43 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 23 Jun 2008 10:16:43 +0200 Subject: Gnupg (1.4.9) Errors in german translation In-Reply-To: <4856ADD0.3080601@hammernoch.net> ("Ludwig =?utf-8?Q?H=C3=BCg?= =?utf-8?Q?elsch=C3=A4fer=22's?= message of "Mon, 16 Jun 2008 20:15:44 +0200") References: <48556180.8080706@hammernoch.net> <20080616173131.83260@gmx.net> <4856ADD0.3080601@hammernoch.net> Message-ID: <87bq1sd0r8.fsf@wheatstone.g10code.de> On Mon, 16 Jun 2008 20:15, ludwig at hammernoch.net said: > I corrected de.po. from 1.4.9 and created the patch against > STABLE-BRANCH-1-4, so it was mostly the inverted patch from issue916. Commited to 4791. Thanks, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From buanzo at buanzo.com.ar Fri Jun 20 17:11:56 2008 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Fri, 20 Jun 2008 12:11:56 -0300 Subject: [OT] mod_openpgp for Apache Message-ID: <485BC8BC.7000805@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi. Sorry to interrupt here. I need some volunteers to test the Enigform Firefox addon which, along with it's server-side counterpart mod_openpgp for Apache, provides openpgp-based session initiation and http request signing / verification. Interested parties, contact me privately or visit http://maotest.buanzo.org. This project is sponsored by OWASP.org. - -- Arturo "Buanzo" Busleiman Independent Security Consultant - SANS - OISSG Tired of SPAM? Slow Internet in your office? Ask me. http://www.buanzo.com.ar/pro/eng.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIW8i8AlpOsGhXcE0RCqmiAJ0daKf6A4T4ghqD0ywjMSlx500dtQCeMiqD 1Pn0q6Od8tqJ6MVmaCvzKsM= =0O7E -----END PGP SIGNATURE----- From ladislav.hagara at unob.cz Mon Jun 23 22:55:33 2008 From: ladislav.hagara at unob.cz (Ladislav Hagara) Date: Mon, 23 Jun 2008 22:55:33 +0200 Subject: [OT] mod_openpgp for Apache In-Reply-To: <485BC8BC.7000805@buanzo.com.ar> References: <485BC8BC.7000805@buanzo.com.ar> Message-ID: <48600DC5.9060805@unob.cz> > Hi. Sorry to interrupt here. I need some volunteers to test the > Enigform Firefox addon which, along > with it's server-side counterpart mod_openpgp for Apache, provides > openpgp-based session initiation > and http request signing / verification. Interested parties, contact > me privately or visit > http://maotest.buanzo.org. > > This project is sponsored by OWASP.org. Nice to see new version. Just tried it. How to upload my public key to your server? Smutty Enigform Demo [1] has this possibility. Has mod_auth_openpgp [2] been renamed to mod_openpgp? It is a good idea to mention a Enigform and mod_auth_openpgp forum here [3]. Is something new with gpgAuth [4] integration with mod_auth_openpgp or with Enigform integration into FireGPG [5]? [1] http://smutty.pu-gh.com/demo/enigform [2] http://freshmeat.net/projects/maopenpgp [3] http://foros.buanzo.com.ar/viewforum.php?f=35 [4] http://www.gpgauth.com/ [5] http://getfiregpg.org/ -- Ladislav Hagara From buanzo at buanzo.com.ar Tue Jun 24 05:51:56 2008 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Tue, 24 Jun 2008 00:51:56 -0300 Subject: [OT] mod_openpgp for Apache In-Reply-To: <48600DC5.9060805@unob.cz> References: <485BC8BC.7000805@buanzo.com.ar> <48600DC5.9060805@unob.cz> Message-ID: <48606F5C.8060205@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ladislav Hagara wrote: | Nice to see new version. Just tried it. How to upload my public key to | your server? That can be triggered client-side (if allowed), or server-side (by using php code), as in http://maotest.buanzo.org/login.php | Has mod_auth_openpgp [2] been renamed to mod_openpgp? Yes. | It is a good idea to mention a Enigform and mod_auth_openpgp forum here | [3]. It's mine, yes. Not very active, but I'm always there. | Is something new with gpgAuth [4] integration with mod_auth_openpgp or | with Enigform integration into FireGPG [5]? gpgAuth author, Kyle Huff, discussed his ideas with me, and we both agreed my secure sessions method might be slightly simpler, so we'r efocusing on that. Regarding a potential integration with FireGPG, I might take some of their execution methods, that do also avoid the usage of a binary IPC component. - -- Arturo "Buanzo" Busleiman Independent Security Consultant - SANS - OISSG Tired of SPAM? Slow Internet in your office? Ask me. http://www.buanzo.com.ar/pro/eng.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIYG9cAlpOsGhXcE0RCrOvAJ0aMCrfRzx5Y7pprtUQPvhkRETZXwCfTAm3 NE8vrQSCtBSQe9r0CvguazY= =SV69 -----END PGP SIGNATURE----- From nico-gnupg-dev-0 at schottelius.org Wed Jun 25 01:35:18 2008 From: nico-gnupg-dev-0 at schottelius.org (Nico Schottelius) Date: Wed, 25 Jun 2008 01:35:18 +0200 Subject: Invalid return from gpgme_op_keylist_next() + more Message-ID: <20080624233518.GA24344@denkbrett.schottelius.org> Hello! I am trying to create an application that uses libgpgme and I am currently playing around with it. Perhaps I am missing something, but this seems strange to me: -------------------------------------------------------------------------------- [1:16] denkbrett:ceofhack% ./ceof_server Version: OpenPGP gpgme_set_engine_info: ok file=/usr/bin/gpg, home=/home/user/nico/.ceof/gnupg err=0 C8697FED921C4699: nico schottelius (0) err=117456895 zsh: segmentation fault ./ceof_server [1:16] denkbrett:ceofhack% -------------------------------------------------------------------------------- The relevant source code can be found it ceof_server.c [0], but is copied below: -------------------------------------------------------------------------------- gerr = gpgme_op_keylist_start(g_context, "nico schottelius", 0); if(gerr != GPG_ERR_NO_ERROR) return 11; i=0; while((gerr = gpgme_op_keylist_next(g_context, &g_recipient[0])) != GPG_ERR_EOF) { printf("err=%d\n", gerr); if(gerr == GPG_ERR_INV_VALUE) { printf("invalid pointer\n"); return 15; } else if(gerr == GPG_ERR_ENOMEM) { printf("no mem\n"); return 16; } printf ("%s: %s <%s> (%d)\n", g_recipient[0]->subkeys->keyid, g_recipient[0]->uids->name, g_recipient[0]->uids->email, i); i++; } g_recipient[1] = NULL; -------------------------------------------------------------------------------- Why does gpgme_op_keylist_next return 117456895? Looks like something is overwritten. There is only one subkey in that key. I guess the segfault results from wrong data in g_recipient, that is used below: -------------------------------------------------------------------------------- gerr = gpgme_op_encrypt(g_context, g_recipient, 0, g_plain, g_encrypt); if(gerr != GPG_ERR_NO_ERROR) return 18; gerr = gpgme_op_decrypt(g_context, g_encrypt, g_plain); if(gerr != GPG_ERR_NO_ERROR) return 17; -------------------------------------------------------------------------------- But that's not the real problem, I am curios why I get that strange gerr value. Btw, in the infopage on my Debian lenny system of gpgme is no success return code for gpgme_op_keylist_start() documentated. Additionally, there is a broken example in the infopage: -------------------------------------------------------------------------------- Wrong example in the infopage: gpgme_ctx_t ctx; gpgme_error_t err = gpgme_new (&ctx); if (!err) { err = gpgme_op_keylist_start (ctx, "g10code", 0); while (!err) { err = gpgme_op_keylist_next (ctx, &key); if (err) break; printf ("%s: %s <%s>\n", key->keyid, key->name, key->email); gpgme_key_release (key); } gpgme_release (ctx); } if (gpg_err_code (err) != GPG_ERR_EOF) -------------------------------------------------------------------------------- If I c&p it, it results in: -------------------------------------------------------------------------------- [0:31] denkbrett:ceofhack% make gcc -D_FILE_OFFSET_BITS=64 -lgpgme -Wall -o ceof_server ceof_server.c ceof_server.c: In function ?main?: ceof_server.c:102: error: ?struct _gpgme_key? has no member named ?keyid? ceof_server.c:102: error: ?struct _gpgme_key? has no member named ?name? ceof_server.c:102: error: ?struct _gpgme_key? has no member named ?email? make: *** [ceof_server] Fehler 1 -------------------------------------------------------------------------------- The debian packages: -------------------------------------------------------------------------------- ii libgpg-error-dev 1.4-2 library for common error values and messages in GnuPG compon ii libgpg-error0 1.4-2 library for common error values and messages in GnuPG compon un libgpgme-dev (keine Beschreibung vorhanden) un libgpgme10-dev (keine Beschreibung vorhanden) ii libgpgme11 1.1.6-2 GPGME - GnuPG Made Easy ii libgpgme11-dev 1.1.6-2 GPGME - GnuPG Made Easy -------------------------------------------------------------------------------- In general it seems that the idea, to make gnupg easy is not quite well solved yet: - why are there contextless and contextdependent functions? it would make life easier to have only contextdependent functions -> less confusing - I am missing really simple functions. Imho encrypting a text for a person should be possible in two lines of code: gpgme_init(&context); gpgme_encrypt(context, char *fingerprint, void *datain, gpgme_data_t *dataencrypted) - The documentation is missing a 5 minutes tutorial, that explains how to sign, encrypt, both, check sig, decrypt, both - How to build gpgme from svn? I just git-svn cloned it, and ran automake: [1:32] denkbrett:gpgme% automake automake: `configure.ac' or `configure.in' is required Just some impressions so far, perhaps I am missing some parts. But I look forward to use gpgme. Sincerly, Nico PS: What's the reason that http://lists.gnupg.org/pipermail/ gives a 403? (which is referred to by http://lists.gnupg.org/mailman/listinfo/gnupg-commits for instance) [0]: http://unix.schottelius.org/cgi-bin/gitweb.cgi?p=EOF/ceofhack;a=summary -- Think about Free and Open Source Software (FOSS). http://nico.schottelius.org/documentations/foss/the-term-foss/ PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From wk at gnupg.org Wed Jun 25 03:20:50 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 25 Jun 2008 03:20:50 +0200 Subject: Invalid return from gpgme_op_keylist_next() + more In-Reply-To: <20080624233518.GA24344@denkbrett.schottelius.org> (Nico Schottelius's message of "Wed, 25 Jun 2008 01:35:18 +0200") References: <20080624233518.GA24344@denkbrett.schottelius.org> Message-ID: <877icefgy5.fsf@wheatstone.g10code.de> On Wed, 25 Jun 2008 01:35, nico-gnupg-dev-0 at schottelius.org said: > C8697FED921C4699: nico schottelius (0) > err=117456895 $ gpg-error 117456895 117456895 = (7, 16383) = (GPG_ERR_SOURCE_GPGME, GPG_ERR_EOF) = (GPGME, End of file) > gerr = gpgme_op_keylist_start(g_context, "nico schottelius", 0); > if(gerr != GPG_ERR_NO_ERROR) return 11; It is better to write if (!gerr) return MAGIC_NUMBER; But well it is a bit of personal taste. > i=0; > while((gerr = gpgme_op_keylist_next(g_context, &g_recipient[0])) != > GPG_ERR_EOF) { Replace this by: while ( (gerr = gpgme_op_keylist_next(g_context, &g_recipient[0])), gpg_err_code (gerr) != GPG_ERR_EOF ) { > printf("err=%d\n", gerr); > if(gerr == GPG_ERR_INV_VALUE) { > printf("invalid pointer\n"); > return 15; > } else if(gerr == GPG_ERR_ENOMEM) { > printf("no mem\n"); > return 16; > } > > printf ("%s: %s <%s> (%d)\n", g_recipient[0]->subkeys->keyid, g_recipient[0]->uids->name, g_recipient[0]->uids->email, i); You missed to check all return cods, thus the dereference segfaults. > Why does gpgme_op_keylist_next return 117456895? Looks like something is overwritten. A gpg-error code is made up of an error location and the error number, thus you need to use gpg_err_code() to extract the error code. > Btw, in the infopage on my Debian lenny system of gpgme is no success return > code for gpgme_op_keylist_start() documentated. Success is always 0. > Additionally, there is a broken example in the infopage: Thanks for noting. I have fixed the example. It still used the old API. > - why are there contextless and contextdependent functions? it would make life easier > to have only contextdependent functions -> less confusing I do not understand what you mean. If we need a context we use a context, if there is no need for a context we don't require a dummy context. > - I am missing really simple functions. Imho encrypting a text for a person > should be possible in two lines of code: > > gpgme_init(&context); > gpgme_encrypt(context, char *fingerprint, void *datain, gpgme_data_t *dataencrypted) Crypto is not that easy and hackers like to come up with there own code; we don't want to bore them :-). > - The documentation is missing a 5 minutes tutorial, that explains how to > sign, encrypt, both, > check sig, decrypt, both You can't do that in 5 minutes. If you can, please write one. > - How to build gpgme from svn? I just git-svn cloned it, and ran automake: What about reading README.SVN ? > PS: What's the reason that http://lists.gnupg.org/pipermail/ gives a 403? > (which is referred to by http://lists.gnupg.org/mailman/listinfo/gnupg-commits Missing alias in boa.conf. We are looking for a sysadmin... Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From nico-gnupg-dev-0 at schottelius.org Wed Jun 25 08:17:29 2008 From: nico-gnupg-dev-0 at schottelius.org (Nico Schottelius) Date: Wed, 25 Jun 2008 08:17:29 +0200 Subject: Invalid return from gpgme_op_keylist_next() + more In-Reply-To: <877icefgy5.fsf@wheatstone.g10code.de> References: <20080624233518.GA24344@denkbrett.schottelius.org> <877icefgy5.fsf@wheatstone.g10code.de> Message-ID: <20080625061729.GB24344@denkbrett.schottelius.org> Good morning! Thanks for the fast and helpful answer! As soon as my eyes are wide enought to read my own code i'll apply the corrections you directed me to and rereport. Werner Koch [Wed, Jun 25, 2008 at 03:20:50AM +0200]: > On Wed, 25 Jun 2008 01:35, nico-gnupg-dev-0 at schottelius.org said: > [...] > > - why are there contextless and contextdependent functions? it would make life easier > > to have only contextdependent functions -> less confusing > > I do not understand what you mean. If we need a context we use a > context, if there is no need for a context we don't require a dummy > context. Imho having a context all the time would make learning gpgme easier. But maybe a personal taste, too. > > - I am missing really simple functions. Imho encrypting a text for a person > > should be possible in two lines of code: > > > > gpgme_init(&context); > > gpgme_encrypt(context, char *fingerprint, void *datain, gpgme_data_t *dataencrypted) > > Crypto is not that easy and hackers like to come up with there own code; > we don't want to bore them :-). I should have guessed that answer ;-) > > - The documentation is missing a 5 minutes tutorial, that explains how to > > sign, encrypt, both, > > check sig, decrypt, both > > You can't do that in 5 minutes. If you can, please write one. Aye, will do. Expect it before the end of 2008. > > - How to build gpgme from svn? I just git-svn cloned it, and ran automake: > > What about reading README.SVN ? Strange, there must have been something wrong with the import from svn into git: [0:57] denkbrett:gpgme% git-branch -a * master git-svn [8:06] denkbrett:gpgme% ls README* zsh: no matches found: README* [8:06] denkbrett:gpgme% grep svn:// .git/config url = svn://cvs.gnupg.org/gpgme/trunk/gpgme [8:11] denkbrett:gpgme% git-log | grep git-svn-id | head -n1 git-svn-id: svn://cvs.gnupg.org/gpgme/trunk/gpgme at 1318 aac49db4-c9ff-0310-8ba0-e8b1974e1722 Argh, while writing this mail I see it: I cloned from the wrong location! svn://cvs.gnupg.org/gpgme/trunk/gpgme is totally wrong, should have been svn://cvs.gnupg.org/gpgme! > > PS: What's the reason that http://lists.gnupg.org/pipermail/ gives a 403? > > (which is referred to by http://lists.gnupg.org/mailman/listinfo/gnupg-commits > > Missing alias in boa.conf. We are looking for a sysadmin... Well known FOSS problem. Would like to help you, but there are too much things ongoing in my life already. Sincerly, a totally tired, Nico -- Think about Free and Open Source Software (FOSS). http://nico.schottelius.org/documentations/foss/the-term-foss/ PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From nico-gnupg-dev-0 at schottelius.org Thu Jun 26 23:00:27 2008 From: nico-gnupg-dev-0 at schottelius.org (Nico Schottelius) Date: Thu, 26 Jun 2008 23:00:27 +0200 Subject: The nightly gpgme newbie question: en- and decrypt problems Message-ID: <20080626210027.GA10453@denkbrett.schottelius.org> Hello! I just continued the work on the example referenced yesterday and tried to decrypt a cipher that I just encrypted: -------------------------------------------------------------------------------- gerr = gpgme_op_encrypt(g_context, g_recipient, 0, g_plain, g_encrypt); if(gerr != GPG_ERR_NO_ERROR) { printf("gerr=%d\n",gerr); return 18; } gerr = gpgme_op_decrypt(g_context, g_encrypt, g_plain_recv); if(gerr != GPG_ERR_NO_ERROR) { printf("gerr=%d\n",gerr); return 19; } -------------------------------------------------------------------------------- Now my program returns 19, which makes we wonder, because the encrypt did not return an error: -------------------------------------------------------------------------------- [23:55] denkbrett:ceofhack% make ./ceof_server Version: OpenPGP gpgme_set_engine_info: ok file=/usr/bin/gpg, home=/home/user/nico/.ceof/gnupg gerr=117440570 make: *** [all] Fehler 19 [23:55] denkbrett:ceofhack% gpg-error 117440570 117440570 = (7, 58) = (GPG_ERR_SOURCE_GPGME, GPG_ERR_NO_DATA) = (GPGME, Keine Daten) -------------------------------------------------------------------------------- Regarding the info page, this means: `GPG_ERR_NO_DATA' if CIPHER does not contain any data to decrypt, But shouldn't it contain data, if gpgme_op_encrypt() before was successful? Sincerly Nico -- Think about Free and Open Source Software (FOSS). http://nico.schottelius.org/documentations/foss/the-term-foss/ PGP: BFE4 C736 ABE5 406F 8F42 F7CF B8BE F92A 9885 188C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From wk at gnupg.org Thu Jun 26 23:42:06 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 26 Jun 2008 23:42:06 +0200 Subject: The nightly gpgme newbie question: en- and decrypt problems In-Reply-To: <20080626210027.GA10453@denkbrett.schottelius.org> (Nico Schottelius's message of "Thu, 26 Jun 2008 23:00:27 +0200") References: <20080626210027.GA10453@denkbrett.schottelius.org> Message-ID: <87ej6jx49d.fsf@wheatstone.g10code.de> On Thu, 26 Jun 2008 23:00, nico-gnupg-dev-0 at schottelius.org said: > But shouldn't it contain data, if gpgme_op_encrypt() before was successful? Run your test program like GPGME_DEBUG=9:/tmp/foo.log ./test and check the pretty verbose log to see the data excahnged between gpgme and gpg. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From j.scott.edwards.nwos at gmail.com Fri Jun 27 16:12:16 2008 From: j.scott.edwards.nwos at gmail.com (J. Scott Edwards) Date: Fri, 27 Jun 2008 08:12:16 -0600 Subject: Where could I ask a general question about encryption not specific to gpg? Message-ID: <4095da870806270712x130893c1m2a7f591d3f1ca6de@mail.gmail.com> Hello, I was wondering if there was someplace I could ask a question about encryption not specific to gpg? I have a project I have been working on for several years (it is nowhere near complete). A few days ago I accidentally ran across this page on SourceForge: http://alexandria.wiki.sourceforge.net/Notes+on+the+Hosting+of+Cryptographic+Software+at+SourceForge.net and I was not even sure if my project fell into that category. (I was not developing the project specifically to encrypt data, it was just that I wanted the data it was storing to be encrypted.) So I contacted the Software Freedom Law Center http://www.softwarefreedom.org/ to see if they could advise me. I talked to them and they said the government would not be concerned with my project at this time because it just uses "weak encryption" on top of "strong encryption" and the strong encryption comes from a library and is not part of my project. That is cool, I was quite relieved. But then I started wondering about the "weak encryption" part. What I do is after it gets encrypted with the normal library encryption, I reorder the bytes. (The attorney said this was the "weak encryption".) So I started wondering if it is worth doing this at all (it was fairly easy to do)? My theory was that since there are 248 bytes that the possibilities would be 248! which I spent a little time trying to calculate but all of the things I tried overflowed eventually and I didn't want to take the time to write a program to calculate the whole number. Since the numbers I got were pretty big and I was a long way from 248, I assumed that it was pretty large. Anyway, I'm sorry, I didn't want to this to get this long. I was just wondering if anyone could point me to somewhere or someone that could explain why reordering would be weak and if it is worth doing at all. Thanks -Scott From j.scott.edwards.nwos at gmail.com Sun Jun 29 14:07:11 2008 From: j.scott.edwards.nwos at gmail.com (J. Scott Edwards) Date: Sun, 29 Jun 2008 06:07:11 -0600 Subject: Where could I ask a general question about encryption not specific to gpg? In-Reply-To: <4095da870806270712x130893c1m2a7f591d3f1ca6de@mail.gmail.com> References: <4095da870806270712x130893c1m2a7f591d3f1ca6de@mail.gmail.com> Message-ID: <4095da870806290507pa1a81bew4e1aafe8b3a3d21c@mail.gmail.com> Doh! It occurred to me this morning that it is weak because it is generated from a 64 bit key. So anyone with a petaflop machine http://news.zdnet.co.uk/hardware/0,1000000091,39431427,00.htm would be able to crack it in short order. Sorry for missing the obvious and the off topic post. On Fri, Jun 27, 2008 at 8:12 AM, I wrote: > Hello, > > I was wondering if there was someplace I could ask a question about > encryption not specific to gpg? > > I have a project I have been working on for several years (it is > nowhere near complete). A few days ago I accidentally ran across this > page on SourceForge: > http://alexandria.wiki.sourceforge.net/Notes+on+the+Hosting+of+Cryptographic+Software+at+SourceForge.net > and I was not even sure if my project fell into that category. (I was > not developing the project specifically to encrypt data, it was just > that I wanted the data it was storing to be encrypted.) > > So I contacted the Software Freedom Law Center > http://www.softwarefreedom.org/ to see if they could advise me. I > talked to them and they said the government would not be concerned > with my project at this time because it just uses "weak encryption" on > top of "strong encryption" and the strong encryption comes from a > library and is not part of my project. That is cool, I was quite > relieved. > > But then I started wondering about the "weak encryption" part. What I > do is after it gets encrypted with the normal library encryption, I > reorder the bytes. (The attorney said this was the "weak > encryption".) So I started wondering if it is worth doing this at all > (it was fairly easy to do)? My theory was that since there are 248 > bytes that the possibilities would be 248! which I spent a little time > trying to calculate but all of the things I tried overflowed > eventually and I didn't want to take the time to write a program to > calculate the whole number. Since the numbers I got were pretty big > and I was a long way from 248, I assumed that it was pretty large. > > Anyway, I'm sorry, I didn't want to this to get this long. I was just > wondering if anyone could point me to somewhere or someone that could > explain why reordering would be weak and if it is worth doing at all. > > Thanks > -Scott > From adamm at san.rr.com Sun Jun 29 21:16:00 2008 From: adamm at san.rr.com (Adam M.) Date: Sun, 29 Jun 2008 12:16:00 -0700 Subject: sending multiple passwords Message-ID: <4867DF70.9060607@san.rr.com> It seems to me that it is impossible to send multiple passwords to GPG without direct user interaction on a TTY. I've been trying to write a GPGME-like library for .NET, but am running up against what seem to be hard limitations in this area. The documentation says that --passphrase-fd, --passphrase, etc accept only a single password. I tried parsing the --status-fd stream and writing the passwords to STDIN, but that didn't work because GPG reads directly from the TTY, which seemingly can't be redirected. This prevents signing symmetrically-encrypted data (since both the signing and the encryption prompt for a password), as well as signing data with multiple signatures. It would be very nice if GPG supported a simple method of sending multiple passwords, for instance reading the passwords from STDIN after sending the NEED_PASSPHRASE message, if --no-tty and --batch and --status-fd are specified and --passphrase-fd and --passphrase are not specified, or something like that. Is there any hope of having this implemented? (I might even volunteer to write the code if nobody else will, assuming that the patch would be accepted.) Thanks, -- Adam -- Encrypt your email! Use GnuPG (http://www.gnupg.org) along with: * Enigmail (http://enigmail.mozdev.org) for Thunderbird * FireGPG (http://getfiregpg.org) for GMail, Hotmail, etc. * GPGOE (http://gpgoe.wald.intevation.org) for Outlook Express * GData (http://www3.gdata.de/gpg/download.html) for Outlook My public key is available at http://www.adammil.net/files/publickey.txt From adamm at san.rr.com Mon Jun 30 01:45:50 2008 From: adamm at san.rr.com (Adam M.) Date: Sun, 29 Jun 2008 16:45:50 -0700 Subject: sending interactive passwords In-Reply-To: <4867DF70.9060607@san.rr.com> References: <4867DF70.9060607@san.rr.com> Message-ID: <48681EAE.5030208@san.rr.com> Adam M. wrote: > It seems to me that it is impossible to send multiple passwords to GPG > without direct user interaction on a TTY... It's even worse with decryption, because I don't know beforehand which key's password to ask for, or whether a key will be used at all (the data might have been symmetrically encrypted). I suppose the thing to do is run GPG first, let it fail, try to figure out which password to ask for, and then run it again. But then I can't support arbitrary data streams (for instance network streams) because they can't necessarily be read, rewound, and read again. I could write them to a temp file on disk, but I prefer not to leave bits on the hard drive unnecessarily. I think it would really complete the GPG interface to have interactive password querying. It already issues NEED_PASSPHRASE* messages on the status-fd stream, so we just need a way to answer those prompts... Am I missing some obvious downside? Should I code this and send a patch? Is this something that the developers don't want in GPG? Thanks, -- Adam From adamm at san.rr.com Mon Jun 30 03:56:48 2008 From: adamm at san.rr.com (Adam M.) Date: Sun, 29 Jun 2008 18:56:48 -0700 Subject: sending interactive passwords In-Reply-To: <48681EAE.5030208@san.rr.com> References: <4867DF70.9060607@san.rr.com> <48681EAE.5030208@san.rr.com> Message-ID: <48683D60.4010604@san.rr.com> I just discovered --command-fd. It's pretty poorly documented, but it seems to do the trick. Excellent! Sorry for the "unnecessary" posts, but I searched the archives and didn't find a solution. Hopefully this will help the next person. Adam M. wrote: > Adam M. wrote: >> It seems to me that it is impossible to send multiple passwords to GPG >> without direct user interaction on a TTY... > > It's even worse with decryption, because I don't know beforehand which > key's password to ask for, or whether a key will be used at all (the > data might have been symmetrically encrypted). > > I suppose the thing to do is run GPG first, let it fail, try to figure > out which password to ask for, and then run it again. But then I can't > support arbitrary data streams (for instance network streams) because > they can't necessarily be read, rewound, and read again. I could write > them to a temp file on disk, but I prefer not to leave bits on the hard > drive unnecessarily. > > I think it would really complete the GPG interface to have interactive > password querying. It already issues NEED_PASSPHRASE* messages on the > status-fd stream, so we just need a way to answer those prompts... > > Am I missing some obvious downside? Should I code this and send a patch? > Is this something that the developers don't want in GPG? > > Thanks, > -- Adam From wk at gnupg.org Mon Jun 30 09:10:15 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 30 Jun 2008 09:10:15 +0200 Subject: sending interactive passwords In-Reply-To: <48683D60.4010604@san.rr.com> (Adam M.'s message of "Sun, 29 Jun 2008 18:56:48 -0700") References: <4867DF70.9060607@san.rr.com> <48681EAE.5030208@san.rr.com> <48683D60.4010604@san.rr.com> Message-ID: <87prpzbdpk.fsf@wheatstone.g10code.de> On Mon, 30 Jun 2008 03:56, adamm at san.rr.com said: > I just discovered --command-fd. It's pretty poorly documented, but it > seems to do the trick. Excellent! Sorry for the "unnecessary" posts, > but I searched the archives and didn't find a solution. Or use gpg-agent - it does that all automagically for you. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.