From petersonmaxx at googlemail.com Sat Nov 1 11:55:04 2008 From: petersonmaxx at googlemail.com (M. Peterson) Date: Sat, 1 Nov 2008 11:55:04 +0100 Subject: GnuPG with Qt Gui for an email client Message-ID: Hello we develop an email client based on c++/ Qt gui and want to ask, if there is some Qt gui for GnuPG: Or if someone has experience in implementing the GnuPG library for an email client or with Qt gui. Thanks for some hints. Regards Max -------------- next part -------------- An HTML attachment was scrubbed... URL: From tomp at idirect.com Sun Nov 2 07:24:22 2008 From: tomp at idirect.com (Tom Pegios) Date: Sun, 02 Nov 2008 01:24:22 -0500 Subject: Pinentry svn 188 problems configure.ac and undefined macros Message-ID: <490D4796.7020606@idirect.com> Hello In trying to compile pinentry svn 188 I came across 2 problems. 1) ./autogen.sh generated the following errors: $ ./autogen.sh Running aclocal -I m4 ... configure.ac:240: warning: AC_LIB_PREPARE_PREFIX is m4_require'd but not m4_defun'd configure.ac:240: warning: AC_LIB_RPATH is m4_require'd but not m4_defun'd Running autoheader... configure.ac:240: warning: AC_LIB_PREPARE_PREFIX is m4_require'd but not m4_defun'd configure.ac:240: warning: AC_LIB_RPATH is m4_require'd but not m4_defun'd Running automake --gnu ... configure.ac:240: warning: AC_LIB_PREPARE_PREFIX is m4_require'd but not m4_defun'd configure.ac:240: warning: AC_LIB_RPATH is m4_require'd but not m4_defun'd Running autoconf... configure.ac:240: warning: AC_LIB_PREPARE_PREFIX is m4_require'd but not m4_defun'd configure.ac:240: warning: AC_LIB_RPATH is m4_require'd but not m4_defun'd configure:9098: error: possibly undefined macro: AC_LIB_PREPARE_PREFIX configure:9099: error: possibly undefined macro: AC_LIB_RPATH configure:9104: error: possibly undefined macro: AC_LIB_LINKFLAGS_BODY configure:9112: error: possibly undefined macro: AC_LIB_APPENDTOVAR By using 'lib-prefix.m4' 'lib-link.m4' and 'lib-ld.m4' from 'gpg/m4' sources and placing these files in '/pinentry/m4', autogen.sh produced no errors. 2) when running ./configure --enable-maintainer-mode I got the following error: ./configure: line 13481: syntax error near unexpected token `QT4_CORE,' ./configure: line 13481: `PKG_CHECK_MODULES(QT4_CORE, QtCore,,' I commented out lines 369 to 379 in configure.ac and run configure again with 'QT4_GUI' producing the same error so I also commented out 381 to 391 (as I don't need QT4) and then ran ./configure --enable-maintainer-mode and make generating 'pinentry-w32.exe' & 'pinentry' without errors. This was the first time I used svn sources to build pinentry the release versions didn't need ./autogen.sh and ./configure --enable-maintainer-mode so I tried to rebuild v1.74 and 1.75, using ./autogen.sh producing the same errors ( undefined macros ) just as the svn version. Could this be something I'm doing wrong?? Regards Tom Pegios From wk at gnupg.org Mon Nov 3 09:40:27 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Nov 2008 09:40:27 +0100 Subject: gpgsm not listing key usage caps "esc" in regular output? In-Reply-To: <200810311539.27034.bernhard@intevation.de> (Bernhard Reiter's message of "Fri, 31 Oct 2008 15:39:24 +0100") References: <200810310950.07721.bernhard@intevation.de> <87mygkx41r.fsf@wheatstone.g10code.de> <200810311539.27034.bernhard@intevation.de> Message-ID: <878ws1w6bo.fsf@wheatstone.g10code.de> On Fri, 31 Oct 2008 15:39, bernhard at intevation.de said: > As the "C" in the colons mean it is able to certify other keys, > I take it that the listed X509v3 Basic Constraints: critical CA:FALSE > is not considered by gpgsm or means something else? The key flags only show the properties of the key. Other constraints of the certifciate are not included. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dragonheart at gentoo.org Tue Nov 4 11:45:05 2008 From: dragonheart at gentoo.org (Daniel Black) Date: Tue, 4 Nov 2008 21:45:05 +1100 Subject: libgpg-error home page missing Message-ID: <200811042145.12304.dragonheart@gentoo.org> libgpg-error homepage returns an error (nice pun?) :-) https://bugs.gentoo.org/show_bug.cgi?id=237148 http://www.gnupg.org/related_software/libraries.en.html -> 404 http://www.gnupg.org/related_software/libgpg-error/index.en.html -- Daniel Black Gentoo Foundation -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From tomp at idirect.com Wed Nov 5 02:42:41 2008 From: tomp at idirect.com (Tom Pegios) Date: Tue, 04 Nov 2008 20:42:41 -0500 Subject: gpg2 svn 4868 undefined,reference to `read_w32_registry_string' Message-ID: <4910FA11.6030504@idirect.com> Hello during the 'make' phase of gpg2 svn 4868 the following error occurs: ../common/libcommon.a(libcommon_a-homedir.o):homedir.c:(.text+0xaa1): undefined reference to `read_w32_registry_string' Regards Tom Pegios From phil at nwl.cc Wed Nov 5 19:03:38 2008 From: phil at nwl.cc (Phil Sutter) Date: Wed, 5 Nov 2008 19:03:38 +0100 Subject: Secret Sharing (again) Message-ID: <20081105180337.GA3673@nuty> Hey, all! Long time no read, so there's news: First of all, I changed my email address. The prior will run out within the next few months as I've finished studying there. For further development of the Secret Sharing extension I set up a Git repository. The main reason why I did not use Subversion is the ability to check in code. The old approach was to have a checkout of trunk, heavily modified and the output of 'svn diff' regularly being checked in to my own Subversion repository. Not only that this was rather a risk of loosing code than a way to asure the opposite, an at least half way transparent development process is not possible on this base. When using Git this all becomes easy: I mirror current trunk into my Git repository, do my development and commit changes as small as I want. With a history of patches and commit messages, as it should be. Finally, as long as I use 'git rebase' to merge updates from SVN, the point in history where official development ends and mine starts is always clear, so creating a patch containing only my changes is piece of cake. I set up Gitweb on my server, so the repository can be accessed comfortably. This is the URL: http://nwl.cc/cgi-bin/git/gitweb.cgi?p=ssd.git;a=summary Since my last email sent here I've continued developing, basically implementing the first TODO on my list (i.e. changing the Galois Field being used). The main reason for this is the direct implication of the field size on the maximum number of shares which can be created. As I used GF(2^8), this was 255 shares at max. The used field size is now selectable when initialising the sharing of a key, the choices are either 2^8, 2^16, 2^24 or 2^32, while the last one needs quite a lot of CPU power (my X40 wasn't enough). I would really appreciate to get some feedback from you on all this. So here are some questions (of decending importance): * is there still interest in the proposed extension? * How good are the chances to eventually getting this mainstream? * Do you ACK the general concept as is? (See my earlier mails for reference, I did not change the concept at all.) * What else should I have asked here instead of this dummy question? ;) Greetings, Phil From wk at gnupg.org Wed Nov 5 20:42:42 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Nov 2008 20:42:42 +0100 Subject: Secret Sharing (again) In-Reply-To: <20081105180337.GA3673@nuty> (Phil Sutter's message of "Wed, 5 Nov 2008 19:03:38 +0100") References: <20081105180337.GA3673@nuty> Message-ID: <87prlaq7rh.fsf@wheatstone.g10code.de> On Wed, 5 Nov 2008 19:03, phil at nwl.cc said: > * How good are the chances to eventually getting this mainstream? That is mostly a matter of legal paperwork. If you are interested, drop me a note. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Wed Nov 5 20:48:16 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Nov 2008 20:48:16 +0100 Subject: gpg2 svn 4868 undefined,reference to `read_w32_registry_string' In-Reply-To: <4910FA11.6030504@idirect.com> (Tom Pegios's message of "Tue, 04 Nov 2008 20:42:41 -0500") References: <4910FA11.6030504@idirect.com> Message-ID: <87iqr2q7i7.fsf@wheatstone.g10code.de> On Wed, 5 Nov 2008 02:42, tomp at idirect.com said: > ../common/libcommon.a(libcommon_a-homedir.o):homedir.c:(.text+0xaa1): > undefined reference to `read_w32_registry_string' Sorry, I can't replicate this. Neither on W32 nor on Unix. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tomp at idirect.com Fri Nov 7 18:23:54 2008 From: tomp at idirect.com (Tom Pegios) Date: Fri, 07 Nov 2008 12:23:54 -0500 Subject: gpg2 svn 4868 undefined,reference to `read_w32_registry_string' In-Reply-To: <87iqr2q7i7.fsf@wheatstone.g10code.de> References: <4910FA11.6030504@idirect.com> <87iqr2q7i7.fsf@wheatstone.g10code.de> Message-ID: <491479AA.30908@idirect.com> Werner Koch wrote: > On Wed, 5 Nov 2008 02:42, tomp at idirect.com said: > >> ../common/libcommon.a(libcommon_a-homedir.o):homedir.c:(.text+0xaa1): >> undefined reference to `read_w32_registry_string' > > Sorry, I can't replicate this. Neither on W32 nor on Unix. > > > Salam-Shalom, > > Werner > Thanks for checking into this. I was beginning to think this was a MSYS problem but I just duplicated the same error using Cygwin (W32 build not Posix build). I'll just hack homedir.c to allow me to continue building on MSYS until I can find why this is happening to me. Regards Tom Pegios From prlewis at letterboxes.org Mon Nov 10 11:56:17 2008 From: prlewis at letterboxes.org (Peter Lewis) Date: Mon, 10 Nov 2008 10:56:17 +0000 Subject: Poldi compilation. Message-ID: Hi all, Just a quick note that I've just built poldi 0.4 for the first time and had to add: #include to the file src/util/support.c in order to get it to compile. It was complaining about a missing INT_MAX... Using gcc 4.3.2 and glibc 2.8. Thanks! Pete. From prlewis at letterboxes.org Mon Nov 10 13:43:53 2008 From: prlewis at letterboxes.org (Peter Lewis) Date: Mon, 10 Nov 2008 12:43:53 +0000 Subject: Poldi compilation. References: Message-ID: Hi again, I wrote: > Just a quick note that I've just built poldi 0.4 for the first time and it also seems that 'make install' doesn't install pam_poldi.so. I ran: ./configure --prefix=/usr --with-pam-module-directory=/lib/security make make install and it installed poldi-ctrl and the docs, but not the pam module. Any ideas? Thanks, Pete. From david at statichacks.org Mon Nov 10 19:47:45 2008 From: david at statichacks.org (David Bryson) Date: Mon, 10 Nov 2008 10:47:45 -0800 Subject: [BUG] gpg has problems decrypting HTML email Message-ID: <20081110184745.GE6171@eratosthenes.cryptobackpack.org> Hi all, I have been having problems with GPG decrypting mail from various coworkers for a while, and only recently did I manage to get some insite into it. The other systems are all using: Outlook, PGP Desktop, sending mail through Exchange. I am using mutt and gnupg. Today I received an email, attempted to decrypt and receiving the following error: gpg: invalid radix64 character 3A skipped gpg: invalid radix64 character 2E skipped gpg: invalid radix64 character 2E skipped gpg: invalid radix64 character 28 skipped gpg: invalid radix64 character 29 skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: [don't know]: invalid packet (ctb=55) gpg: no valid OpenPGP data found. I sent the other party a message saying that the encrypted email failed to decrypt. So the other party resent the message, formatted with text rather than html and I got the following output: Invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: invalid radix64 character 2D skipped gpg: encrypted with 3072-bit ELG key, ID 23272056, created 1999-10-22 gpg: no valid OpenPGP data found. gpg: [don't know]: invalid packet (ctb=37) gpg: WARNING: message was not integrity protected gpg: [don't know]: invalid packet (ctb=61) But a successful decryption and I was able to read the text. Any idea what the problem is or could be ? Dave -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mailbox at sergio.spb.ru Sat Nov 1 22:51:44 2008 From: mailbox at sergio.spb.ru (sergio) Date: Sun, 02 Nov 2008 00:51:44 +0300 Subject: [gnupg-ru] GnuPG with Qt Gui for an email client In-Reply-To: References: Message-ID: <490CCF70.10802@sergio.spb.ru> M. Peterson wrote: > Hello > we develop an email client based on c++/ Qt gui and want to ask, if > there is some Qt gui for GnuPG: > Or if someone has experience in implementing the GnuPG library for an > email client or with Qt gui. > Thanks for some hints. http://delta.affinix.com/qca/ ? psi uses this library -- sergio. From gnupg-ru at sergio.spb.ru Sat Nov 1 23:27:28 2008 From: gnupg-ru at sergio.spb.ru (sergio) Date: Sun, 02 Nov 2008 01:27:28 +0300 Subject: [gnupg-ru] GnuPG with Qt Gui for an email client In-Reply-To: References: Message-ID: <490CD7D0.4050004@sergio.spb.ru> M. Peterson wrote: > Hello > we develop an email client based on c++/ Qt gui and want to ask, if > there is some Qt gui for GnuPG: > Or if someone has experience in implementing the GnuPG library for an > email client or with Qt gui. > Thanks for some hints. http://delta.affinix.com/qca/ ? psi uses this library -- sergio. From B.Candler at pobox.com Mon Nov 10 22:22:29 2008 From: B.Candler at pobox.com (Brian Candler) Date: Mon, 10 Nov 2008 21:22:29 +0000 Subject: PGP Support/Help In-Reply-To: References: Message-ID: <20081110212229.GA21350@uk.tiscali.com> On Mon, Aug 04, 2008 at 09:53:00PM +0530, anuj sharma wrote: > I'm having a hard > time installing GPG v1.07 on Linux Rehdat ES-4. Why that particular version? It dates from April 2002. The current version is 1.4.9 and is available from http://www.gnupg.org/download/ From wk at gnupg.org Tue Nov 11 11:38:22 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 11 Nov 2008 11:38:22 +0100 Subject: how to identify a good signature by an untrusted key with gpgme 1.1.7 In-Reply-To: <48FF1D96.2050506@psi.ch> (Ivo Alxneit-Kamber's message of "Wed, 22 Oct 2008 14:33:26 +0200") References: <48FF1D96.2050506@psi.ch> Message-ID: <877i7amtsx.fsf@wheatstone.g10code.de> On Wed, 22 Oct 2008 14:33, ivo.alxneit at psi.ch said: > summary=3 (GPGME_SIGSUM_VALID + GPGME_SIGSUM_GREEN) > fpr=D0E3ADE78E893E9CAEC1E2F401DEC213515E30C7 > status=0 > timestamp=1222936366 > wrong_key_usage=0 > pka_trust=0 > chain_model=0 > validity=4 (GPGME_VALIDITY_FULL) > validity_reason=0 > key=17 > hash=2 > > why not validity=5 (GPGME_VALIDITY_ULTIMTE) as my key hast validity and > trust set to ultimate. The validity is the validity of the signature as computed by gpg. It is not the validity of the key. FULL is full validity. ULTIMATE is used as a kludge to mark one owns key. > summary=0 (??) > fpr=4B12BCD5788511063B543190E09DF306 > status=0 > timestamp=1222182300 > wrong_key_usage=0 > pka_trust=0 > chain_model=0 > validity=0 (GPGME_VALIDITY_UNKNOWN) > validity_reason=0 > key=1 > hash=1 > > why not summary=2 (GPGME_SIGSUM_GREEN) As you can see from the command line output, the key is not trusted; i.e. not certified (signed) by a trusted key. The fingerprint is shown so that you can employ other, external, ways to check whether you want to trust the key (e.g. using a list of fingerprints of trusted keys). BTW, this is an v3 key with an MD5 based fingerprint. It is easy to generate two keys with the same fingerprint; thus I would not trust this timestamping service at all. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From yunxin.li at gmail.com Tue Nov 18 07:35:35 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Tue, 18 Nov 2008 14:35:35 +0800 Subject: how to make a debug version of the gpg In-Reply-To: <877i7amtsx.fsf@wheatstone.g10code.de> References: <48FF1D96.2050506@psi.ch> <877i7amtsx.fsf@wheatstone.g10code.de> Message-ID: <4922623b.2a528c0a.7110.018c@mx.google.com> Hi everyone Stupid question. How to make a debug version of the gpg?! Any tips or urls can be referenced?! Thanks Kk11 From dshaw at jabberwocky.com Tue Nov 18 18:59:36 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 18 Nov 2008 12:59:36 -0500 Subject: how to make a debug version of the gpg In-Reply-To: <4922623b.2a528c0a.7110.018c@mx.google.com> References: <48FF1D96.2050506@psi.ch> <877i7amtsx.fsf@wheatstone.g10code.de> <4922623b.2a528c0a.7110.018c@mx.google.com> Message-ID: <20081118175936.GC1493@jabberwocky.com> On Tue, Nov 18, 2008 at 02:35:35PM +0800, Yunfeng wrote: > Hi everyone > > Stupid question. How to make a debug version of the gpg?! > Any tips or urls can be referenced?! This question cannot be answered without knowing what you are trying to do, and why. David From yunxin.li at gmail.com Wed Nov 19 05:57:07 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Wed, 19 Nov 2008 12:57:07 +0800 Subject: reply: how to make a debug version of the gpg In-Reply-To: <20081118175936.GC1493@jabberwocky.com> References: <48FF1D96.2050506@psi.ch> <877i7amtsx.fsf@wheatstone.g10code.de> <4922623b.2a528c0a.7110.018c@mx.google.com> <20081118175936.GC1493@jabberwocky.com> Message-ID: <49239ca7.1f588c0a.4777.ffff803a@mx.google.com> Hi I'm sorry. I want to learn the gpg' flow exactly. I think it's better for me if I can debug it. Kk11 ----- original----- Sender: gnupg-devel-bounces at gnupg.org [mailto:gnupg-devel-bounces at gnupg.org] David Shaw Send time: Wed, 19 Nov, 2008 AM 2:00 recipients: gnupg-devel at gnupg.org subject: Re: how to make a debug version of the gpg On Tue, Nov 18, 2008 at 02:35:35PM +0800, Yunfeng wrote: > Hi everyone > > Stupid question. How to make a debug version of the gpg?! > Any tips or urls can be referenced?! This question cannot be answered without knowing what you are trying to do, and why. David _______________________________________________ Gnupg-devel mailing list Gnupg-devel at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-devel No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.4/1795 - Release Date: 2008-11-17 17:24 From ted at 16systems.com Mon Nov 24 23:19:32 2008 From: ted at 16systems.com (Ted) Date: Mon, 24 Nov 2008 17:19:32 -0500 Subject: Differentiating GPG data from random data Message-ID: <390c6fc60811241419h2a9c214dt191c5341ab3bb12d@mail.gmail.com> Hi, Hope this is not off-topic here. I'm writing a program that searches for files that are made up of random data. GPG data (that is not ascii armored) is consistently identified by the program. That's expected as GPG data is very random. However, even though GPG data passes the random tests, I'm not interested in finding GPG encrypted files, so I thought I would write a routine to exclude these files based on the first few bytes of the file, but I'm not comfortable with doing that. It's not ideal, but seems to work OK. Basically I'm skipping random data files that have certain bytes in the beginning like so: Symmetric: Hex(8c 0d 04 03) Dec(140 13 4 3) Asymmetric: Hex(85 02 0e 03) Dec(133 2 14 3) This works well in informal testing on multiple systems running various versions of GPG, but I bet it will fail a lot in the real world after reading the RFC's. That's why I thought I might pose the question to this list. Is there a simple way to skip most GPG encrypted files without implementing 4880? It does not have to be perfect, but perhaps there is something better than what I have described above. Thanks for any suggestions, Ted From gpgme at katehok.ac93.org Tue Nov 25 03:15:31 2008 From: gpgme at katehok.ac93.org (Igor Belyi) Date: Mon, 24 Nov 2008 21:15:31 -0500 Subject: [Announce] GPGME 1.1.7 released In-Reply-To: <48F8EF8B.6040101@ruhr-uni-bochum.de> References: <48F8EF8B.6040101@ruhr-uni-bochum.de> Message-ID: <492B5FC3.2070101@katehok.ac93.org> I've replied without paying attention to where this message is sent and as a result sent it to announce list instead of the devel one. Reposting it here now. Marcus Brinkmann wrote: > We are pleased to announce version 1.1.7 of GnuPG Made Easy, I have a small comment regarding one Windows specific change between 1.1.6 and 1.1.7 which is not listed in the announcement. While investigating why new gpgme returns me "GPGME: Invalid crypto engine" error I found out that now instead of spawing gpg.exe directly it relies on gpgme-w32spawn.exe being installed with GnuPG. The latest gpg4win does not have this program and as a result, gpgme-1.1.7 can't be used with it at all. First, it would be nice to have that incompatibility documented. Second, it would be nice if gpgme falls back to spawning gpg directly in case gpgme-w32spawn.exe is not available at least for couple of next versions unless there's a very good reason for it not to. Cheers, Igor From dshaw at jabberwocky.com Tue Nov 25 05:21:36 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 24 Nov 2008 23:21:36 -0500 Subject: Differentiating GPG data from random data In-Reply-To: <390c6fc60811241419h2a9c214dt191c5341ab3bb12d@mail.gmail.com> References: <390c6fc60811241419h2a9c214dt191c5341ab3bb12d@mail.gmail.com> Message-ID: On Nov 24, 2008, at 5:19 PM, Ted wrote: > Hi, > > Hope this is not off-topic here. > > I'm writing a program that searches for files that are made up of > random data. GPG data (that is not ascii armored) is consistently > identified by the program. That's expected as GPG data is very random. > However, even though GPG data passes the random tests, I'm not > interested in finding GPG encrypted files, so I thought I would write > a routine to exclude these files based on the first few bytes of the > file, but I'm not comfortable with doing that. It's not ideal, but > seems to work OK. Basically I'm skipping random data files that have > certain bytes in the beginning like so: > > Symmetric: > Hex(8c 0d 04 03) > Dec(140 13 4 3) > > Asymmetric: > Hex(85 02 0e 03) > Dec(133 2 14 3) > > This works well in informal testing on multiple systems running > various versions of GPG, but I bet it will fail a lot in the real > world after reading the RFC's. That's why I thought I might pose the > question to this list. Is there a simple way to skip most GPG > encrypted files without implementing 4880? It does not have to be > perfect, but perhaps there is something better than what I have > described above. Those bytes will more-or-less work, but as you say won't catch everything. In OpenPGP, the first few octets cover the length and type of the packet, so those bytes hardcode a particular length, which is probably not what you want. For example, the "85 02 0e 03" from your example is an old-style encrypted session key that is 526 bytes long, which will only match a particular key size. The problem is that OpenPGP has so many different ways to encode a particular packet, that writing a rule loose enough to match them all will inevitably have a huge number of false positives. For example, hex 84, 85, 86, and C1 can all indicate an asymmetrically encrypted message. 85 is the most common (and 84 would be extremely uncommon), but they are all possible. Some OpenPGP programs start with or A8, A9, AA, or CA (though it is virtually always A8). GPG will read such a message, but doesn't generate it. For your purpose, is it better to have false positives or false negatives? That is, it is better to accidentally include some GPG files, or better to accidentally exclude some files? That would help in figuring out how many bytes you want to match on. David From ted at 16systems.com Tue Nov 25 15:09:09 2008 From: ted at 16systems.com (Ted) Date: Tue, 25 Nov 2008 09:09:09 -0500 Subject: Differentiating GPG data from random data In-Reply-To: References: <390c6fc60811241419h2a9c214dt191c5341ab3bb12d@mail.gmail.com> Message-ID: <390c6fc60811250609x70089227u560505cee2a091d3@mail.gmail.com> On Mon, Nov 24, 2008 at 11:21 PM, David Shaw wrote: > Those bytes will more-or-less work, but as you say won't catch everything. > In OpenPGP, the first few octets cover the length and type of the packet, > so those bytes hardcode a particular length, which is probably not what you > want. For example, the "85 02 0e 03" from your example is an old-style > encrypted session key that is 526 bytes long, which will only match a > particular key size. > > The problem is that OpenPGP has so many different ways to encode a > particular packet, that writing a rule loose enough to match them all will > inevitably have a huge number of false positives. For example, hex 84, 85, > 86, and C1 can all indicate an asymmetrically encrypted message. 85 is the > most common (and 84 would be extremely uncommon), but they are all possible. > Some OpenPGP programs start with or A8, A9, AA, or CA (though it is > virtually always A8). GPG will read such a message, but doesn't generate > it. > > For your purpose, is it better to have false positives or false negatives? > That is, it is better to accidentally include some GPG files, or better to > accidentally exclude some files? That would help in figuring out how many > bytes you want to match on. > > David Thank you for the information. It confirms what I thought after reading the RFCs. It would be better for me to accidentally include some GPG files rather than accidentally exclude files I'm searching for. I can manually look at the files and use GnuPG to easily tell the GPG ones from the non-GPG ones. Thanks again, Ted From petr.uzel at suse.cz Sun Nov 23 17:21:11 2008 From: petr.uzel at suse.cz (Petr Uzel) Date: Sun, 23 Nov 2008 17:21:11 +0100 Subject: select pinentry-curses/qt depending on situation Message-ID: <20081123162111.GB7861@localhost> Hey list! What is the best way (if any) to select which pinentry (-curses/-qt/-gtk) to run, depending on situation, i.e. whether X is running and whether we have tty. What I want is to run pinentry-curses if there is tty (e.g. gpg in virtual console), and 'graphical' pinentry otherwise (e.g. signing mail in kmail). Now, I have a shell script named /usr/bin/pinentry, that tries to determine which pinentry to run and then executes it. The problem is that it can only use command line options that gpg-agent passes to pinentry. This options either does or doesn't contain --display option, depending on whether X is running. The rest of options (namely --ttyname) is passed to pinentry via assuan protocol, which obviously can not be used in the process of selecting proper pinentry. Without ttyname I can't distinguish whether I have virtual terminal or not (calling tty -s in pinentry script does not work). I have two questions: 1) Is there any way how to pass ttyname (and possibly other options) to pinentry via command line arguments instead of assuan protocol? 2) More generally, is there any better way how to run various versions of pinentry depending on situation ? Thanks in advance, -- Best regards / s pozdravem Petr Uzel, Packages maintainer --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: puzel at suse.cz Lihovarsk? 1060/12 tel: +420 284 028 964 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz From lists-gnupgdev at lina.inka.de Fri Nov 28 04:42:40 2008 From: lists-gnupgdev at lina.inka.de (Bernd Eckenfels) Date: Fri, 28 Nov 2008 04:42:40 +0100 Subject: Differentiating GPG data from random data In-Reply-To: <390c6fc60811250609x70089227u560505cee2a091d3@mail.gmail.com> References: <390c6fc60811241419h2a9c214dt191c5341ab3bb12d@mail.gmail.com> <390c6fc60811250609x70089227u560505cee2a091d3@mail.gmail.com> Message-ID: <20081128034240.GB3535@lina.inka.de> On Tue, Nov 25, 2008 at 09:09:09AM -0500, Ted wrote: > Thank you for the information. It confirms what I thought after > reading the RFCs. It would be better for me to accidentally include > some GPG files rather than accidentally exclude files I'm searching > for. I can manually look at the files and use GnuPG to easily tell the > GPG ones from the non-GPG ones. you could run gpg --dry-run --list-packets --batch --home empty/ --status-fd 1 and check "NODATA" on stdout. Unfortunatelly a malformed PGP packet will have the same return code (2) than a encrypted message (at least in my 1.4.1 which i tried the NO DATA and NO_SECKEY both cause exit code 2). This will detect lots of (valid) OpenPGP files. Not sure if there are saner options to actually make gpg not do anything. Gruss Bernd -- (OO) -- Bernd_Eckenfels at M?rscher_Strasse_8.76185Karlsruhe.de -- ( .. ) ecki@{inka.de,linux.de,debian.org} http://www.eckes.org/ o--o 1024D/E383CD7E eckes at IRCNet v:+497211603874 f:+49721151516129 (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! From Aman_Sehgal at infosys.com Wed Nov 26 06:06:48 2008 From: Aman_Sehgal at infosys.com (Aman Sehgal) Date: Wed, 26 Nov 2008 10:36:48 +0530 Subject: Regarding installation of GPG Message-ID: <126E03635C3419488A97E3EE6E2C3EFC660D280AD7@CHNSHLMBX02.ad.infosys.com> Hi, I need to install GNUGP on a UNIX server with following version of OS: HP-UX sdhrs10a B.11.11 U 9000/800 686369363 unlimited-user license I have downloaded the .jar file for the GPG installable available on your site.Can u please send across the steps I need to follow to compile and install GPG. Or if there is any compiled version of the Installable available. Thanks and Regards Aman Sehgal **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS******** End of Disclaimer ********INFOSYS*** -------------- next part -------------- An HTML attachment was scrubbed... URL: