From robert.vanyi at gmail.com Wed Oct 1 15:14:24 2008 From: robert.vanyi at gmail.com (Robert Vanyi) Date: Wed, 1 Oct 2008 14:14:24 +0100 Subject: Unicode filename support on Windows In-Reply-To: References: Message-ID: Hi, I was trying to use a Japanese (UTF-16) filename on an English Windows Server 2008, but I got the following error: C:\>gpg -e ???.txt gpg: can't open `???.txt': No error gpg: ???.txt: encryption failed: file open error The Japanese string in the filename contains three characters: katakana TE (U+30C6) katakana SU (U+30B9) katakana TO (U+30C8) from this page: http://ja.wikipedia.org/wiki/%E3%83%86%E3%82%B9%E3%83%88 I'm using GnuPG 1.4.7: C:\>gpg --version gpg (GnuPG) 1.4.7 Is there a newer version with support for Unicode filenames, or are there any plans to support them on Windows platforms? As far as I know, command-line parameters are converted to UTF-16 on Windows, and then, if the application does not provide a wmain function, only a main function, the parameters are converted to the local codepage. This would explain, why I have seen question marks in place of each Japanese character. Thanks, Robert From yunxin.li at gmail.com Thu Oct 2 04:50:49 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Thu, 2 Oct 2008 10:50:49 +0800 Subject: reply: how to compile libksba into windows version In-Reply-To: <878wthafev.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <48d9cf28.07506e0a.4317.7b8b@mx.google.com> <878wthafev.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <48e4370e.05886e0a.4c1d.17da@mx.google.com> Hi all Following the instruction. I have got the libksba-8.dll. But I can't find the relevant lib file. Where is it? Or how to generate it. I want use the libksba.dll in my vs2005 program. Can anyone be so nice to tell me that whether I can call the funcs in the dll from my vs2005!? Thanks Yunfeng -----????----- ???: Marcus Brinkmann [mailto:marcus.brinkmann at ruhr-uni-bochum.de] ????: ???, 24 ??, 2008 PM 8:37 ???: Yunfeng ??: Gnupg-devel at gnupg.org ??: Re: how to compile libksba into windows version At Wed, 24 Sep 2008 13:24:44 +0800, Yunfeng wrote: > I need run libksba in windows. > > I find in google but cannot find a windows version libksba. > > Anyone can teach me how to compile the libksba into windows. It's part of gpg4win, so you can use: http://gpg4win.org/build-installer.html If you follow the instructions, the libksba build will end up in src/playground/build/libksba-$LIBKSBA_VERSION-build By studying the gpg4win build system, you can also figure out how to build it without gpg4win. It's not that hard, but there are many fine details to get right. You don't need to build all of gpg4win to get libksba. By reading configure.ac, you can see that libksba needs only libgpg-error, which in turn needs libiconv and gettext. So drop these packages into packages/ (see the file packages.current for URLs to these), and run in the src/ directory: $ make stamps/stamp-final-libiconv $ make stamps/stamp-final-gettext $ make stamps/stamp-final-libgpg-error $ make stamps/stamp-final-libksba Thanks, Marcus Internal Virus Database is out of date. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.3/1565 - Release Date: 2008-7-21 18:36 From wk at gnupg.org Thu Oct 2 08:23:21 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 02 Oct 2008 08:23:21 +0200 Subject: reply: how to compile libksba into windows version In-Reply-To: <48e4370e.05886e0a.4c1d.17da@mx.google.com> (yunxin.li@gmail.com's message of "Thu, 2 Oct 2008 10:50:49 +0800") References: <48d9cf28.07506e0a.4317.7b8b@mx.google.com> <878wthafev.wl%marcus.brinkmann@ruhr-uni-bochum.de> <48e4370e.05886e0a.4c1d.17da@mx.google.com> Message-ID: <87zllnjz1i.fsf@wheatstone.g10code.de> On Thu, 2 Oct 2008 04:50, yunxin.li at gmail.com said: > Following the instruction. I have got the libksba-8.dll. > But I can't find the relevant lib file. > Where is it? Or how to generate it. If you use the Gpg4win installer to build the library, the lib file will be at: $ ls -l src/playground/install/pkgs/libksba-1.0.4/lib/ -rw-r--r-- 1 wk wk 288340 2008-09-29 20:52 libksba.a -rwxr-xr-x 1 wk wk 5517 2008-09-29 20:52 libksba.def -rwxr-xr-x 1 wk wk 94340 2008-09-29 20:52 libksba.dll.a -rwxr-xr-x 1 wk wk 1050 2008-09-29 20:52 libksba.la What you want is the libksba.dll.a file. Rename it if you don't like the suffix. > I want use the libksba.dll in my vs2005 program. Please note that libksba is licensed under the GPL version 3 or later. Thus your program needs to have compatible license terms if you intend to distribute it. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bfoster at clearwire.net Thu Oct 2 15:15:01 2008 From: bfoster at clearwire.net (Bill Foster) Date: Thu, 02 Oct 2008 09:15:01 -0400 Subject: Problem building GnuPG 2.0.9 for Windows Message-ID: <48E4C955.8080602@clearwire.net> Hello, I am trying to build GnuPG 2.0.9 for Win32 (Windows XP). I am using the Debian testing (Lenny) platform, with the MinGW cross-compiler. I've installed the required libraries in their proper order: libgpg-error-1.6 libgcrypt-1.4.3 libksba-1.0.4 w32pth-2.0.1 libassuan-1.0.5 And I've installed zlib-1.2.3, with the libz.a library file in the ~/w32root/lib directory. When trying to build GnuPG 2.0.9, I run './configure --build-w32'. Then I run 'make'. 'make' ends with these lines: Making all in g10 make[2]: Entering directory `~/gnupg-2.0.9/g10' i586-mingw32msvc-gcc -I~/w32root/include -I~/w32root/include -I~/w32root/include -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -Wno-pointer-sign -Wpointer-arith -o gpg2.exe gpg.o server.o build-packet.o compress.o free-packet.o getkey.o keydb.o keyring.o seskey.o kbnode.o mainproc.o armor.o mdfilter.o textfilter.o progress.o misc.o openfile.o keyid.o parse-packet.o cpr.o plaintext.o sig-check.o keylist.o pkglue.o pkclist.o skclist.o pubkey-enc.o passphrase.o seckey-cert.o encr-data.o cipher.o encode.o sign.o verify.o revoke.o decrypt.o keyedit.o dearmor.o import.o export.o trustdb.o tdbdump.o tdbio.o delkey.o keygen.o helptext.o keyserver.o photoid.o call-agent.o card-util.o exec.o ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a ../common/libgpgrl.a -lws2_32 -L~/w32root/lib -lgcrypt -lgpg-error -L~/w32root/lib -lassuan -lws2_32 -L~/w32root/lib -lgpg-error compress.o: In function `do_compress': ~/gnupg-2.0.9/g10/compress.c:107: undefined reference to `_deflate' compress.o: In function `do_uncompress': ~/gnupg-2.0.9/g10/compress.c:196: undefined reference to `_inflate' compress.o: In function `init_compress': ~/gnupg-2.0.9/g10/compress.c:80: undefined reference to `_deflateInit_' compress.o: In function `init_uncompress': ~/gnupg-2.0.9/g10/compress.c:146: undefined reference to `_inflateInit_' compress.o: In function `init_compress': ~/gnupg-2.0.9/g10/compress.c:80: undefined reference to `_deflateInit2_' compress.o: In function `init_uncompress': ~/gnupg-2.0.9/g10/compress.c:146: undefined reference to `_inflateInit2_' compress.o: In function `compress_filter': ~/gnupg-2.0.9/g10/compress.c:264: undefined reference to `_inflateEnd' ~/gnupg-2.0.9/g10/compress.c:273: undefined reference to `_deflateEnd' collect2: ld returned 1 exit status make[2]: *** [gpg2.exe] Error 1 I have tried to build the zlib.dll file, and then using the 'nm' command to create a zlib.def file, and then using the 'dlltool' command to "custom build" an import library (zlib.a) from the .def file. But I still get the same error messages as above when I run 'make'. I don't know what else to try. Does anyone have any advice they can offer me ? Please know it will be greatly appreciated. Thank-you, Bill Foster From f.schwind at chili-radiology.com Thu Oct 2 15:58:00 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Thu, 02 Oct 2008 15:58:00 +0200 Subject: gpgme verify Message-ID: <48E4D368.50908@chili-radiology.com> Hi. I have some trouble with gpgme on windows. Verifying signatures with: gpgme_verify_result_t result; result = gpgme_op_verify_result(ctx); I always get: result->signatures->validity = GPGME_VALIDITY_UNKNOWN though my gpg console application says that trust and validity are ultimate: pub 1024D/D4FACAEA created: 2008-08-08 expires: never usage: SC trust: ultimate validity: ultimate sub 2048g/BAA684AE created: 2008-08-08 expires: never usage: E [ultimate] (1). MailTest Two (test two) The same keyring on linux works and shows GPGME_VALIDITY_FULL. (Just wondering why it isn't GPGME_VALIDITY_ULTIMATE ?) Someone got an idea? I'm using Windows XP and openSUSE 10.3 gpg 1.4.9 and gpgme 1.1.4 Best Regards Florian From wk at gnupg.org Thu Oct 2 16:13:56 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 02 Oct 2008 16:13:56 +0200 Subject: Problem building GnuPG 2.0.9 for Windows In-Reply-To: <48E4C955.8080602@clearwire.net> (Bill Foster's message of "Thu, 02 Oct 2008 09:15:01 -0400") References: <48E4C955.8080602@clearwire.net> Message-ID: <87tzbvhyor.fsf@wheatstone.g10code.de> On Thu, 2 Oct 2008 15:15, bfoster at clearwire.net said: > -L~/w32root/lib -lgcrypt -lgpg-error -L~/w32root/lib Did you set the w32root envvar? It seems that it does not get expanded and ld can't expand the tilde hack. The code in autogen.sh is: [ -z "$w32root" ] && w32root="$HOME/w32root" echo "Using $w32root as standard install directory" >&2 Either unset w32root or use w32root="$HOME/w32root" export w32root That should help. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bfoster at clearwire.net Thu Oct 2 16:59:15 2008 From: bfoster at clearwire.net (Bill Foster) Date: Thu, 02 Oct 2008 10:59:15 -0400 Subject: Problem building GnuPG 2.0.9 for Windows In-Reply-To: <87tzbvhyor.fsf@wheatstone.g10code.de> References: <48E4C955.8080602@clearwire.net> <87tzbvhyor.fsf@wheatstone.g10code.de> Message-ID: <48E4E1C3.2000002@clearwire.net> Werner Koch wrote: > On Thu, 2 Oct 2008 15:15, bfoster at clearwire.net said: > > >> -L~/w32root/lib -lgcrypt -lgpg-error -L~/w32root/lib >> > > Did you set the w32root envvar? It seems that it does not get expanded > and ld can't expand the tilde hack. The code in autogen.sh is: > > [ -z "$w32root" ] && w32root="$HOME/w32root" > echo "Using $w32root as standard install directory" >&2 > > Either unset w32root or use > > w32root="$HOME/w32root" > export w32root > > That should help. > > > Salam-Shalom, > > Werner > > Thank-you for your response, Mr. Koch. I'm afraid I misled you into thinking that the tilde symbol was actually a part of the error message. I replaced each occurrence of '/home/bill' with '~' in my post, merely for brevity's sake. And I now regret doing so. Lesson learned (the hard way, as usual). -Bill Foster From bfoster at clearwire.net Thu Oct 2 17:57:41 2008 From: bfoster at clearwire.net (Bill Foster) Date: Thu, 02 Oct 2008 11:57:41 -0400 Subject: Problem building GnuPG 2.0.9 for Windows In-Reply-To: <87tzbvhyor.fsf@wheatstone.g10code.de> References: <48E4C955.8080602@clearwire.net> <87tzbvhyor.fsf@wheatstone.g10code.de> Message-ID: <48E4EF75.70904@clearwire.net> At http://refspecs.freestandards.org/LSB_3.2.0/LSB-Core-generic/LSB-Core-generic/libzman.html concerning deflateInit, deflateInit2, inflateInit, and inflateInit2, it states that these functions are "not in the source standard" but "only in the binary standard." And that "source applications should use the macro" for each appropriate function. The deflate and inflate functions use a z_stream structure that must be initialized by a call to deflateInit2 and inflateInit2, respectively. I'm hoping someone will know if that information has any bearing in this situation, or not. -Bill Foster From wk at gnupg.org Thu Oct 2 18:39:13 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 02 Oct 2008 18:39:13 +0200 Subject: Problem building GnuPG 2.0.9 for Windows In-Reply-To: <48E4E1C3.2000002@clearwire.net> (Bill Foster's message of "Thu, 02 Oct 2008 10:59:15 -0400") References: <48E4C955.8080602@clearwire.net> <87tzbvhyor.fsf@wheatstone.g10code.de> <48E4E1C3.2000002@clearwire.net> Message-ID: <87ljx7hrym.fsf@wheatstone.g10code.de> On Thu, 2 Oct 2008 16:59, bfoster at clearwire.net said: > I replaced each occurrence of '/home/bill' with '~' in my post, merely > for brevity's sake. And I now regret doing so. Okay. I have basically the same setup as you, though I am using Sid but I used sveeral older version as well. MY guess is that the linker finds a different version libz. To check this you should add the option -Wl,--verbose to the CFLAGS or just run the last command with that additional option. This shows how symbols are resolved. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From yunxin.li at gmail.com Fri Oct 3 05:57:12 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Fri, 3 Oct 2008 11:57:12 +0800 Subject: reply: reply: how to compile libksba into windows version In-Reply-To: <87zllnjz1i.fsf@wheatstone.g10code.de> References: <48d9cf28.07506e0a.4317.7b8b@mx.google.com> <878wthafev.wl%marcus.brinkmann@ruhr-uni-bochum.de> <48e4370e.05886e0a.4c1d.17da@mx.google.com> <87zllnjz1i.fsf@wheatstone.g10code.de> Message-ID: <48e5981f.044e6e0a.29e2.79ee@mx.google.com> Hi everyone Thanks for your helping. I have another problem. I need to call some functions like gpgsm_**. Which dll contains these functions, how to generate it. yunfeng -----????----- ???: Werner Koch [mailto:wk at gnupg.org] ????: ???, 2 ??, 2008 PM 2:23 ???: Yunfeng ??: Gnupg-devel at gnupg.org ??: Re: reply: how to compile libksba into windows version On Thu, 2 Oct 2008 04:50, yunxin.li at gmail.com said: > Following the instruction. I have got the libksba-8.dll. > But I can't find the relevant lib file. > Where is it? Or how to generate it. If you use the Gpg4win installer to build the library, the lib file will be at: $ ls -l src/playground/install/pkgs/libksba-1.0.4/lib/ -rw-r--r-- 1 wk wk 288340 2008-09-29 20:52 libksba.a -rwxr-xr-x 1 wk wk 5517 2008-09-29 20:52 libksba.def -rwxr-xr-x 1 wk wk 94340 2008-09-29 20:52 libksba.dll.a -rwxr-xr-x 1 wk wk 1050 2008-09-29 20:52 libksba.la What you want is the libksba.dll.a file. Rename it if you don't like the suffix. > I want use the libksba.dll in my vs2005 program. Please note that libksba is licensed under the GPL version 3 or later. Thus your program needs to have compatible license terms if you intend to distribute it. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. Internal Virus Database is out of date. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.3/1565 - Release Date: 2008-7-21 18:36 From bfoster at clearwire.net Fri Oct 3 07:13:25 2008 From: bfoster at clearwire.net (Bill Foster) Date: Fri, 03 Oct 2008 01:13:25 -0400 Subject: Problem building GnuPG 2.0.9 for Windows In-Reply-To: <87ljx7hrym.fsf@wheatstone.g10code.de> References: <48E4C955.8080602@clearwire.net> <87tzbvhyor.fsf@wheatstone.g10code.de> <48E4E1C3.2000002@clearwire.net> <87ljx7hrym.fsf@wheatstone.g10code.de> Message-ID: <48E5A9F5.1070003@clearwire.net> Werner Koch wrote: > On Thu, 2 Oct 2008 16:59, bfoster at clearwire.net said: > > >> I replaced each occurrence of '/home/bill' with '~' in my post, merely >> for brevity's sake. And I now regret doing so. >> > > Okay. > > I have basically the same setup as you, though I am using Sid but I used > sveeral older version as well. MY guess is that the linker finds a > different version libz. To check this you should add the option > -Wl,--verbose > to the CFLAGS or just run the last command with that additional option. > This shows how symbols are resolved. > > > Salam-Shalom, > > Werner > > I did as you suggested, by adding the two new CFLAGS options to the 'makefile', and also by executing the last command to compile straight from a console. Unfortunately, neither one showed anything new or unexpected. I've decided to try another Debian version, perhaps Etch (4.0r4a), and see if I have better luck there. Two questions. When you build the zlib library, do you use the cross-compiler, or do you use the native Linux compiler? I've tried them both, but, of course, neither one gave me a library file that GPG 2.0.9 could use. And when you build the zlib library, is the file 'libz.a' the only file that you will be using, other than the two header files, zlib.h and zconf.h? Thanks again, Mr. Koch. -Bill Foster From bfoster at clearwire.net Fri Oct 3 07:40:45 2008 From: bfoster at clearwire.net (Bill Foster) Date: Fri, 03 Oct 2008 01:40:45 -0400 Subject: gpgme verify In-Reply-To: <48E4D368.50908@chili-radiology.com> References: <48E4D368.50908@chili-radiology.com> Message-ID: <48E5B05D.40509@clearwire.net> Florian Schwind wrote: > Hi. > > I have some trouble with gpgme on windows. Verifying signatures with: > > gpgme_verify_result_t result; > result = gpgme_op_verify_result(ctx); > > I always get: > > result->signatures->validity = GPGME_VALIDITY_UNKNOWN > > though my gpg console application says that trust and validity are ultimate: > > pub 1024D/D4FACAEA created: 2008-08-08 expires: never usage: SC > trust: ultimate validity: ultimate > sub 2048g/BAA684AE created: 2008-08-08 expires: never usage: E > [ultimate] (1). MailTest Two (test two) > > The same keyring on linux works and shows GPGME_VALIDITY_FULL. (Just > wondering why it isn't GPGME_VALIDITY_ULTIMATE ?) > > Someone got an idea? > > I'm using Windows XP and openSUSE 10.3 > gpg 1.4.9 and gpgme 1.1.4 > > Best Regards > Florian > > Hello Florian, You should do the gpgme_op_verify function before the gpgme_op_verify_result function. This web page: http://pyme.sourceforge.net/doc/gpgme/Verify.html#index-gpgme_005fop_005fverify-267 is very informative. Hope that helps, -Bill Foster From yunxin.li at gmail.com Fri Oct 3 08:07:24 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Fri, 3 Oct 2008 14:07:24 +0800 Subject: multiple '.text' sections found with different attributes (E0000020) in libksba.dll.a Message-ID: <48e5b6ac.06876e0a.24da.ffffa6df@mx.google.com> Hi everyone When I add the libksba.dll.a to vs2003. It gives me these warning: libksba.lib(d000063.o) : warning LNK4078: multiple '.text' sections found with different attributes (E0000020) libksba.lib(d000063.o) : warning LNK4078: multiple '.text' sections found with different attributes (E0000020) libksba.lib(d000063.o) : warning LNK4078: multiple '.text' sections found with different attributes (E0000020) then I debug my program. It give me a exception: Access violation reading location 0xffffffff. If I remove the libksba.dll.a, my program can run correctly. Can anyone tell me how to fix the multiple sections problems? thanks Yunfeng -------------- next part -------------- An HTML attachment was scrubbed... URL: From yunxin.li at gmail.com Fri Oct 3 09:24:54 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Fri, 3 Oct 2008 15:24:54 +0800 Subject: multiple '.text' sections found with different attributes (E0000020) in libksba.dll.a Message-ID: <48e5c8d1.054c6e0a.6863.3a1e@mx.google.com> hi Sorry Forget to attach the explanation of the LNK4078 Error Message multiple 'section name' sections found with different attributes LINK found two or more sections that have the same name but different attributes. This warning can be caused by an import library or exports file that was created by a previous version of LINK or LIB. Recreate the file and relink. According to the msdn . I should relink the libksba.dll.a . how to do it under Debian. yunfeng sender: Yunfeng [mailto:Yunxin.li at Gmail.com] time: Fri, 3 October , 2008 PM 2:07 recipients: 'Gnupg-devel at gnupg.org' subject: multiple '.text' sections found with different attributes (E0000020) in libksba.dll.a Hi everyone When I add the libksba.dll.a to vs2003. It gives me these warning: libksba.lib(d000063.o) : warning LNK4078: multiple '.text' sections found with different attributes (E0000020) libksba.lib(d000063.o) : warning LNK4078: multiple '.text' sections found with different attributes (E0000020) libksba.lib(d000063.o) : warning LNK4078: multiple '.text' sections found with different attributes (E0000020) then I debug my program. It give me a exception: Access violation reading location 0xffffffff. If I remove the libksba.dll.a, my program can run correctly. Can anyone tell me how to fix the multiple sections problems? thanks Yunfeng -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Fri Oct 3 15:01:41 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 03 Oct 2008 15:01:41 +0200 Subject: Problem building GnuPG 2.0.9 for Windows In-Reply-To: <48E5A9F5.1070003@clearwire.net> (Bill Foster's message of "Fri, 03 Oct 2008 01:13:25 -0400") References: <48E4C955.8080602@clearwire.net> <87tzbvhyor.fsf@wheatstone.g10code.de> <48E4E1C3.2000002@clearwire.net> <87ljx7hrym.fsf@wheatstone.g10code.de> <48E5A9F5.1070003@clearwire.net> Message-ID: <8763o9j0i2.fsf@wheatstone.g10code.de> On Fri, 3 Oct 2008 07:13, bfoster at clearwire.net said: > Two questions. When you build the zlib library, do you use the > cross-compiler, or > do you use the native Linux compiler? I've tried them both, but, of Frankly, we do not build zlib yet but resort to a binary distribution: # Gnuwin32 packages orginally hosted at sf.net but mirrored at g10code # for easier download. server ftp://ftp.g10code.com/mirrors/gnuwin32 file zlib-1.2.3-bin.zip chk becbcaf5076e307e743b1edc6a5645849eba9ebc file zlib-1.2.3-lib.zip chk fe2ee77293da3361b1f2710d1bd62f27b2ae64b0 file zlib-1.2.3-src.zip chk 0e18fcd7f1a585f825c210a1bb2456b4aa8fcc0d [The chk lines give the SHA-1 checksums] Yes, we should actually be able to build it ourself but due to time constraints we have never looked into it. It won't be a major challenge; just a bit of Makefile trickery. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From f.schwind at chili-radiology.com Mon Oct 6 09:32:17 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Mon, 06 Oct 2008 09:32:17 +0200 Subject: gpgme verify In-Reply-To: <48E5B05D.40509@clearwire.net> References: <48E4D368.50908@chili-radiology.com> <48E5B05D.40509@clearwire.net> Message-ID: <48E9BF01.9010408@chili-radiology.com> Bill Foster wrote: > Florian Schwind wrote: >> Hi. >> >> I have some trouble with gpgme on windows. Verifying signatures with: >> >> gpgme_verify_result_t result; >> result = gpgme_op_verify_result(ctx); >> >> I always get: >> >> result->signatures->validity = GPGME_VALIDITY_UNKNOWN >> >> though my gpg console application says that trust and validity are >> ultimate: >> >> pub 1024D/D4FACAEA created: 2008-08-08 expires: never usage: SC >> trust: ultimate validity: ultimate >> sub 2048g/BAA684AE created: 2008-08-08 expires: never usage: E >> [ultimate] (1). MailTest Two (test two) >> >> The same keyring on linux works and shows GPGME_VALIDITY_FULL. (Just >> wondering why it isn't GPGME_VALIDITY_ULTIMATE ?) >> >> Someone got an idea? >> >> I'm using Windows XP and openSUSE 10.3 >> gpg 1.4.9 and gpgme 1.1.4 >> >> Best Regards >> Florian >> >> > Hello Florian, > > You should do the gpgme_op_verify function before the > gpgme_op_verify_result function. > > This web page: > http://pyme.sourceforge.net/doc/gpgme/Verify.html#index-gpgme_005fop_005fverify-267 > > is very informative. > > Hope that helps, > -Bill Foster Hello Bill, that's not helping much, because I'm naturally doing this already :-) Like I wrote above, the same code is working for me on linux, but I get the GPGME_VALIDITY_UNKNOWN on windows with literally the same keyring! (And I'm also wondering why I get the validity FULL on linux with gpgme, even when gpg says the trust and the validity are ULTIMATE?) Best Regards Florian From wk at gnupg.org Mon Oct 6 09:55:02 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 06 Oct 2008 09:55:02 +0200 Subject: gpgme verify In-Reply-To: <48E9BF01.9010408@chili-radiology.com> (Florian Schwind's message of "Mon, 06 Oct 2008 09:32:17 +0200") References: <48E4D368.50908@chili-radiology.com> <48E5B05D.40509@clearwire.net> <48E9BF01.9010408@chili-radiology.com> Message-ID: <87od1ycg4p.fsf@wheatstone.g10code.de> On Mon, 6 Oct 2008 09:32, f.schwind at chili-radiology.com said: > Like I wrote above, the same code is working for me on linux, but I get > the GPGME_VALIDITY_UNKNOWN on windows with literally the same keyring! Using the same trustdb.gpg. If not, do an --export-ownertrust on Unix and an --import-ownertrust on Windows. > (And I'm also wondering why I get the validity FULL on linux with gpgme, > even when gpg says the trust and the validity are ULTIMATE?) Ultimate is only used with certification but not for data signatures. Either you have full trust or you don't have. "Ultimate" expresses that the validity of the key derives directly from owning the secret key. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From f.schwind at chili-radiology.com Mon Oct 6 10:14:36 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Mon, 06 Oct 2008 10:14:36 +0200 Subject: gpgme verify In-Reply-To: <87od1ycg4p.fsf@wheatstone.g10code.de> References: <48E4D368.50908@chili-radiology.com> <48E5B05D.40509@clearwire.net> <48E9BF01.9010408@chili-radiology.com> <87od1ycg4p.fsf@wheatstone.g10code.de> Message-ID: <48E9C8EC.6070409@chili-radiology.com> Werner Koch wrote: > On Mon, 6 Oct 2008 09:32, f.schwind at chili-radiology.com said: > >> Like I wrote above, the same code is working for me on linux, but I get >> the GPGME_VALIDITY_UNKNOWN on windows with literally the same keyring! > > Using the same trustdb.gpg. If not, do an --export-ownertrust on Unix > and an --import-ownertrust on Windows. Yes, I'm even using the same gpg-homedir! The secret.gpg, the pubring.gpg and the trustdb.gpg are the same. (All in one directory mounted on Linux and Windows via NFS). >> (And I'm also wondering why I get the validity FULL on linux with gpgme, >> even when gpg says the trust and the validity are ULTIMATE?) > > Ultimate is only used with certification but not for data signatures. > Either you have full trust or you don't have. "Ultimate" expresses that > the validity of the key derives directly from owning the secret key. Meaning FULL is the best I get with signatures? And I shouldn't trust everything below... > Shalom-Salam, > > Werner Best Regards Florian From wk at gnupg.org Mon Oct 6 12:21:38 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 06 Oct 2008 12:21:38 +0200 Subject: gpgme verify In-Reply-To: <48E9C8EC.6070409@chili-radiology.com> (Florian Schwind's message of "Mon, 06 Oct 2008 10:14:36 +0200") References: <48E4D368.50908@chili-radiology.com> <48E5B05D.40509@clearwire.net> <48E9BF01.9010408@chili-radiology.com> <87od1ycg4p.fsf@wheatstone.g10code.de> <48E9C8EC.6070409@chili-radiology.com> Message-ID: <87abdic9cd.fsf@wheatstone.g10code.de> On Mon, 6 Oct 2008 10:14, f.schwind at chili-radiology.com said: > Yes, I'm even using the same gpg-homedir! The secret.gpg, the Same gpgme version? > Meaning FULL is the best I get with signatures? And I shouldn't trust > everything below... What could be better than full validity ;-). Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From f.schwind at chili-radiology.com Mon Oct 6 13:14:00 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Mon, 06 Oct 2008 13:14:00 +0200 Subject: gpgme verify In-Reply-To: <87abdic9cd.fsf@wheatstone.g10code.de> References: <48E4D368.50908@chili-radiology.com> <48E5B05D.40509@clearwire.net> <48E9BF01.9010408@chili-radiology.com> <87od1ycg4p.fsf@wheatstone.g10code.de> <48E9C8EC.6070409@chili-radiology.com> <87abdic9cd.fsf@wheatstone.g10code.de> Message-ID: <48E9F2F8.1040106@chili-radiology.com> Werner Koch wrote: > On Mon, 6 Oct 2008 10:14, f.schwind at chili-radiology.com said: > >> Yes, I'm even using the same gpg-homedir! The secret.gpg, the > > Same gpgme version? Yes... everything is the same. (Using MYSY on windows) - libgpg-error-1.6 - gnupg-1.4.9 - gpgme-1.1.4 and gpgme build with --enable-static because I couldn't get the dynamic linked version to run. And everything works fine, except the verification. > Salam-Shalom, > > Werner Best Regards Florian From wk at gnupg.org Mon Oct 6 14:36:04 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 06 Oct 2008 14:36:04 +0200 Subject: gpgme verify In-Reply-To: <48E9F2F8.1040106@chili-radiology.com> (Florian Schwind's message of "Mon, 06 Oct 2008 13:14:00 +0200") References: <48E4D368.50908@chili-radiology.com> <48E5B05D.40509@clearwire.net> <48E9BF01.9010408@chili-radiology.com> <87od1ycg4p.fsf@wheatstone.g10code.de> <48E9C8EC.6070409@chili-radiology.com> <87abdic9cd.fsf@wheatstone.g10code.de> <48E9F2F8.1040106@chili-radiology.com> Message-ID: <87r66tc34b.fsf@wheatstone.g10code.de> On Mon, 6 Oct 2008 13:14, f.schwind at chili-radiology.com said: > Yes... everything is the same. (Using MYSY on windows) [That is not supported. You are own your own.] The version we use under Windows is the one from Gpg4win 1.9.7, which is a snapshot of the SVN. Currently this is ftp://ftp.g10code.com/g10code/scratch/gpgme-1.1.7-svn1327.tar.bz2 sha1sum: 4a0b67c6678cfe5b1e8c0fb3cef5a14677015221. 1.1.4 is pretty old and we did quite some bug fixes for Windows in 1.1.5 and 1.1.6 - thus you should at least use 1.1.6 (released in January). > and gpgme build with --enable-static because I couldn't get the dynamic > linked version to run. I doubt that you may use that: If you are using this with a proprietary application you need to give the user the ability to link the final thing again with a modified gpgme. Not easy when statically linked. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From f.schwind at chili-radiology.com Mon Oct 6 15:29:19 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Mon, 06 Oct 2008 15:29:19 +0200 Subject: gpgme verify In-Reply-To: <87r66tc34b.fsf@wheatstone.g10code.de> References: <48E4D368.50908@chili-radiology.com> <48E5B05D.40509@clearwire.net> <48E9BF01.9010408@chili-radiology.com> <87od1ycg4p.fsf@wheatstone.g10code.de> <48E9C8EC.6070409@chili-radiology.com> <87abdic9cd.fsf@wheatstone.g10code.de> <48E9F2F8.1040106@chili-radiology.com> <87r66tc34b.fsf@wheatstone.g10code.de> Message-ID: <48EA12AF.2010707@chili-radiology.com> Werner Koch wrote: >> Yes... everything is the same. (Using MYSY on windows) > > [That is not supported. You are own your own.] OK. But I looks more like a problem with gpgme than gpg because the verification with the console client works fine. > The version we use under Windows is the one from Gpg4win 1.9.7, which is > a snapshot of the SVN. Currently this is > > ftp://ftp.g10code.com/g10code/scratch/gpgme-1.1.7-svn1327.tar.bz2 > > sha1sum: 4a0b67c6678cfe5b1e8c0fb3cef5a14677015221. 1.1.4 is pretty old > and we did quite some bug fixes for Windows in 1.1.5 and 1.1.6 - thus > you should at least use 1.1.6 (released in January). Afaik the newest version of gpg4win is 1.1.3 from http://gpg4win.org which contains gnupg 1.4.7 ... which is not what I want to use :-( So I'll try again with version gpgme-1.1.7-svn1327.tar.bz2 and get back to you. If the error persists. > I doubt that you may use that: If you are using this with a proprietary > application you need to give the user the ability to link the final > thing again with a modified gpgme. Not easy when statically linked. I'm aware of that, but I didn't manage to get the dynamic linked version to run on windows :-( > Shalom-Salam, > > Werner Best Regards Florian From buanzo at buanzo.com.ar Thu Oct 9 16:52:20 2008 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Thu, 09 Oct 2008 11:52:20 -0300 Subject: gpg agent frm within daemon Message-ID: <48EE1AA4.3090700@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi group, I'm using GPGME from within an Apache module, and I need to run some operations that require a passphrase. Of course, I'm using gpg2, and a passphrase callback seems not to be working. I mean, a pinentry child process always appears. I think the passphrase callbakc approach is BAD, and I'd like to find a better way of providing the apache module with the required passphrase, without having the webmaster typing like a monkey. Any advice? A single URL to a piece of code should suffice ;) Sincerely, - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI7hqkAlpOsGhXcE0RCvIWAJ0egejVS6tqKhFUVVBEQv34DLk9IgCfQTYx /U2/bUe4CEHY89Iq+U5Q/HI= =OD7y -----END PGP SIGNATURE----- From wk at gnupg.org Mon Oct 13 09:01:39 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 13 Oct 2008 09:01:39 +0200 Subject: gpg agent frm within daemon In-Reply-To: <48EE1AA4.3090700@buanzo.com.ar> (Arturo Busleiman's message of "Thu, 09 Oct 2008 11:52:20 -0300") References: <48EE1AA4.3090700@buanzo.com.ar> Message-ID: <87abd9f06k.fsf@wheatstone.g10code.de> On Thu, 9 Oct 2008 16:52, buanzo at buanzo.com.ar said: > Any advice? A single URL to a piece of code should suffice ;) I know that there is a webmail service at a German university (uni-paderborn.de ?) which uses GnuPG-2. The environment variable PINENTRY_USER_DATA is used to implement a loop-back pinentry: @item PINENTRY_USER_DATA This value is passed via gpg-agent to pinentry. It is useful to convey extra information to a custom pinentry Thus you would set this PINENTRY_USER_DATA to identify your connection before you create a gpgme context. If needed gpg-agent calls your custom pinentry and using the envvar it gets the required information about the connection. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From yunxin.li at gmail.com Fri Oct 17 07:47:43 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Fri, 17 Oct 2008 13:47:43 +0800 Subject: can decrypt a message only with gpgme lib?! Message-ID: <48f82703.160d6e0a.1ba5.ffffa2bf@mx.google.com> Hi group I read the gpgme.info(http://mibai.tec.u-ryukyu.ac.jp/cgi-bin/info2www?(gpgme.info)Top) But I am not clear that can I decrypt a message only use the Gpgme lib?! What the relationship between the Gpg and the gpgme ? Please forgive me for posting a so stupid problem. Thanks. yunfeng -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcus.brinkmann at ruhr-uni-bochum.de Fri Oct 17 22:03:23 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 17 Oct 2008 22:03:23 +0200 Subject: [Announce] GPGME 1.1.7 released Message-ID: <48F8EF8B.6040101@ruhr-uni-bochum.de> Hi, We are pleased to announce version 1.1.7 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file (about 1017 KB/785 KB compressed) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.gz ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.bz2 The following files are also available: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.6-1.1.7.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel at gnupg.org The sha1sum checksums for this distibution are 6c8fb447c8ade06d4d22c9bf795843fdbe604a62 gpgme-1.1.6-1.1.7.diff.gz c735bb90431667e3d020aa3adcf0efa858c992af gpgme-1.1.7.tar.bz2 dba92eeb105e4307f7d7efa7df0622df440362af gpgme-1.1.7.tar.bz2.sig 88e461a570a8a10db26b20cd858932c91134af94 gpgme-1.1.7.tar.gz b75973297a1aae12695c2bc8f86ca77c6957b4d5 gpgme-1.1.7.tar.gz.sig Noteworthy changes in version 1.1.7 (2008-10-177) ------------------------------------------------ * Using GPGME_KEYLIST_MODE_LOCAL combined with GPGME_KEYLIST_MODE_EXTERN is now supported; it uses the --locate-keys feature of gpg (>= 2.0.10). * The encoding of gpgme_data_t objects can affect the output encoding of export, sign and encrypt operations now (the same operations that are also affected by the ASCII mode switch). We believe this change in the ABI is innocent enough not to break existing applications (it only affects the S/MIME backend on certain operations). * The reference manual now includes the specification of "The GnuPG UI Server protocol". * A new function gpgme_cancel_async can be used to asynchronously cancel any pending operation at any time, from any thread. * Interface changes relative to the 1.1.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt CHANGED: Output encoding can affect result. gpgme_op_encrypt_start CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign_start CHANGED: Output encoding can affect result. gpgme_op_sign CHANGED: Output encoding can affect result. gpgme_op_sign_start CHANGED: Output encoding can affect result. gpgme_op_export CHANGED: Output encoding can affect result. gpgme_op_export_start CHANGED: Output encoding can affect result. gpgme_op_export_ext CHANGED: Output encoding can affect result. gpgme_op_export_ext_start CHANGED: Output encoding can affect result. gpgme_cancel_async NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Marcus Brinkmann mb at g10code.de -- g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459 H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608 _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From tomp at idirect.com Sun Oct 19 08:45:37 2008 From: tomp at idirect.com (Tom Pegios) Date: Sun, 19 Oct 2008 02:45:37 -0400 Subject: GPG2 svn 4853 error if HAVE_W32_SYSTEM is defined Message-ID: <48FAD791.9040401@idirect.com> GPG V2 SVN 4853 introduced a error when compiling on win32 systems ( I know it's not supported ) Making check in common PASS: t-convert.exe t-gettime.c:78: test 0 failed t-gettime.c:80: test 0 failed t-gettime.c:78: test 1 failed t-gettime.c:80: test 1 failed t-gettime.c:78: test 2 failed t-gettime.c:80: test 2 failed t-gettime.c:78: test 3 failed t-gettime.c:80: test 3 failed t-gettime.c:78: test 9 failed t-gettime.c:80: test 9 failed t-gettime.c:78: test 10 failed t-gettime.c:80: test 10 failed t-gettime.c:78: test 11 failed t-gettime.c:80: test 11 failed t-gettime.c:78: test 12 failed t-gettime.c:80: test 12 failed t-gettime.c:78: test 13 failed t-gettime.c:80: test 13 failed t-gettime.c:78: test 14 failed t-gettime.c:80: test 14 failed FAIL: t-gettime.exe PASS: t-sysutils.exe PASS: t-sexputil.exe ==================================== 1 of 4 tests failed Please report to bug-gnupg at gnupg.org By removing the following lines in common/util.h all 4 tests pass. (these lines were added in svn 4853) /* Due to a bug in mingw32's snprintf related to the 'l' modifier we better use our snprintf. */ #ifdef HAVE_W32_SYSTEM #define snprintf estream_snprintf #endif P.S. using mingw-runtime-3.15.1 with GCC 4.3.3 prerelease Regards Tom Pegios From wk at gnupg.org Sun Oct 19 11:01:57 2008 From: wk at gnupg.org (Werner Koch) Date: Sun, 19 Oct 2008 11:01:57 +0200 Subject: GPG2 svn 4853 error if HAVE_W32_SYSTEM is defined In-Reply-To: <48FAD791.9040401@idirect.com> (Tom Pegios's message of "Sun, 19 Oct 2008 02:45:37 -0400") References: <48FAD791.9040401@idirect.com> Message-ID: <878wsl9cvu.fsf@wheatstone.g10code.de> On Sun, 19 Oct 2008 08:45, tomp at idirect.com said: > Making check in common > PASS: t-convert.exe > t-gettime.c:78: test 0 failed Can you please run the test manually: cd common ./t-gettime --verbose tia, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Sun Oct 19 17:25:46 2008 From: wk at gnupg.org (Werner Koch) Date: Sun, 19 Oct 2008 17:25:46 +0200 Subject: GPG2 svn 4853 error if HAVE_W32_SYSTEM is defined In-Reply-To: <878wsl9cvu.fsf@wheatstone.g10code.de> (Werner Koch's message of "Sun, 19 Oct 2008 11:01:57 +0200") References: <48FAD791.9040401@idirect.com> <878wsl9cvu.fsf@wheatstone.g10code.de> Message-ID: <871vyca9ol.fsf@wheatstone.g10code.de> On Sun, 19 Oct 2008 11:01, wk at gnupg.org said: > On Sun, 19 Oct 2008 08:45, tomp at idirect.com said: > >> Making check in common >> PASS: t-convert.exe >> t-gettime.c:78: test 0 failed The bug is actually non Windows specific and due to a wrong return valaue of estream_snprintf. I have fixed that in r4854. Thanks, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bernhard at intevation.de Wed Oct 22 11:43:13 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 22 Oct 2008 11:43:13 +0200 Subject: can decrypt a message only with gpgme lib?! In-Reply-To: <48f82703.160d6e0a.1ba5.ffffa2bf@mx.google.com> References: <48f82703.160d6e0a.1ba5.ffffa2bf@mx.google.com> Message-ID: <200810221143.16200.bernhard@intevation.de> On Freitag, 17. Oktober 2008, Yunfeng wrote: > But I am not clear that can I decrypt a message only use the Gpgme lib?! Yes, you can decrypt a message using gpgme. Gpgme will call gpg2 or gpgsm, so you must have one of them. > What the relationship between the Gpg and the gpgme ? AFAIR, gpgme calls gpg2 and gpgsm and provides a higher level interface to their functions. The interface is more stable because it does not depend on parsing a command line output. Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From f.schwind at chili-radiology.com Wed Oct 22 12:20:45 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Wed, 22 Oct 2008 12:20:45 +0200 Subject: can decrypt a message only with gpgme lib?! In-Reply-To: <200810221143.16200.bernhard@intevation.de> References: <48f82703.160d6e0a.1ba5.ffffa2bf@mx.google.com> <200810221143.16200.bernhard@intevation.de> Message-ID: <48FEFE7D.3050601@chili-radiology.com> Bernhard Reiter wrote: > On Freitag, 17. Oktober 2008, Yunfeng wrote: >> But I am not clear that can I decrypt a message only use the Gpgme lib?! > > Yes, you can decrypt a message using gpgme. > Gpgme will call gpg2 or gpgsm, so you must have one of them. or gpg >> What the relationship between the Gpg and the gpgme ? > > AFAIR, gpgme calls gpg2 and gpgsm and provides > a higher level interface to their functions. > The interface is more stable because it does not depend > on parsing a command line output. that's true. > Bernhard Greetings Florian From f.schwind at chili-radiology.com Fri Oct 24 09:25:39 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Fri, 24 Oct 2008 09:25:39 +0200 Subject: Fwd: gpgme 1.1.7 and verify signature Message-ID: <49017873.5070508@chili-radiology.com> Hello Gnu Developers. Perhaps it was the wrong list again... so now I'm sending it also to the gnu-devel list. Thank Florian -------- Original Message -------- Subject: gpgme 1.1.7 and verify signature Date: Mon, 20 Oct 2008 09:58:47 +0200 From: Florian Schwind To: Gnupg-users at gnupg.org Hello List. I tried to uses the new gpgme-1.1.7 on linux with gpg-1.4.9 and I now get a gpgme "Bad file descriptor" error when I try to verify a normal signature with "gpgme_op_verify(ctx, sig, NULL, plain);" which worked fine with gpgme-1.1.4. Anyone else discovered this behavior or can help me? Greetings Florian From tomp at idirect.com Tue Oct 28 23:37:18 2008 From: tomp at idirect.com (Tom Pegios) Date: Tue, 28 Oct 2008 18:37:18 -0400 Subject: gpg2 svn 4862 will not execute under win32 Message-ID: <4907941E.8080807@idirect.com> I get the following error when trying to run svn 4862: pop-up window - gpg2.exe Application Error The instruction at "0x004766a0" referenced memory at "0x0000000c". The memory could not be "read" The following is the output from gpg2.exe ---------------------------------------------- C:\GNUPG>gpg --version gpg (GnuPG) 2.0.10-svn-4862. Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/test ------------------------------------------------------------ At this point the pop-up window appears. If I restore the previous version "jnlib/w32-gettext.c" gpg2.exe runs without any problems Regards Tom Pegios From wk at gnupg.org Wed Oct 29 08:52:09 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 29 Oct 2008 08:52:09 +0100 Subject: gpg2 svn 4862 will not execute under win32 In-Reply-To: <4907941E.8080807@idirect.com> (Tom Pegios's message of "Tue, 28 Oct 2008 18:37:18 -0400") References: <4907941E.8080807@idirect.com> Message-ID: <87ej1z25zq.fsf@wheatstone.g10code.de> On Tue, 28 Oct 2008 23:37, tomp at idirect.com said: > If I restore the previous version "jnlib/w32-gettext.c" gpg2.exe runs > without any problems The mo file was not found and thus no translation available. Fixed in 4863 or with this patch: --- w32-gettext.c (revision 4862) +++ w32-gettext.c (working copy) @@ -1603,7 +1603,7 @@ size_t top, bottom; if (!(domain = the_domain)) - goto not_found; + return msgid; /* Locate the MSGID and its translation. */ if (domain->hash_size > 2 && domain->hash_tab) (And I already built the gpg4win 1.9.9 yesterday evening, fortunately not yet published.) Thanks, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bernhard at intevation.de Fri Oct 31 09:50:05 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 31 Oct 2008 09:50:05 +0100 Subject: gpgsm not listing key usage caps "esc" in regular output? Message-ID: <200810310950.07721.bernhard@intevation.de> It seems that gpgsm will not add "key usage" if a key has "esc" capabilities. Is this a defect? Seems like it. See below the "Bernhard Reiter" key does not have a key usage: line. The --with-colons output shows the difference "escESC" against "esES". gpgsm (GnuPG) 2.0.9 Architecture: i386 Source: gnupg2 Version: 2.0.9-0kk2 LANG=C gpgsm --list-keys 9CF8E2A00B1EE4BF02662A693B85F74F46C65E78 --------------------------------------- ID: 0x46C65E78 S/N: 06 Issuer: /CN=ZS 8/O=Intevation GmbH/C=DE Subject: /CN=Bernhard Reiter/O=Intevation GmbH/C=DE aka: bernhard at intevation.de validity: 2008-06-19 08:43:25 through 2010-06-19 08:43:25 key type: 2048 bit RSA fingerprint: 9C:F8:E2:A0:0B:1E:E4:BF:02:66:2A:69:3B:85:F7:4F:46:C6:5E:78 --------------------------------------- crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS 8,O=Intevation GmbH,C=DE::escESC: fpr:::::::::9CF8E2A00B1EE4BF02662A693B85F74F46C65E78:::0CBB157CBE5ACD8F343DBA0AEAE22FA0BD659BB2: uid:::::::::CN=Bernhard Reiter,O=Intevation GmbH,C=DE:: uid::::::::::: LANG=C gpgsm --list-keys C988DE628AE3BDFA67F6C742432710A221B94E05 --------------------------------------- ID: 0x21B94E05 S/N: 09 Issuer: /CN=ZS 8/O=Intevation GmbH/C=DE Subject: /CN=Ludwig Reiter/O=Intevation GmbH/C=DE aka: ludwig.reiter at intevation.de validity: 2008-06-26 12:17:32 through 2010-06-26 12:17:32 key type: 2048 bit RSA key usage: digitalSignature nonRepudiation keyEncipherment fingerprint: C9:88:DE:62:8A:E3:BD:FA:67:F6:C7:42:43:27:10:A2:21:B9:4E:05 --------------------------------------- crt::2048:1:432710A221B94E05:20080626T121732:20100626T121732:09::CN=ZS 8,O=Intevation GmbH,C=DE::esES: fpr:::::::::C988DE628AE3BDFA67F6C742432710A221B94E05:::0CBB157CBE5ACD8F343DBA0AEAE22FA0BD659BB2: uid:::::::::CN=Ludwig Reiter,O=Intevation GmbH,C=DE:: uid::::::::::: -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From wk at gnupg.org Fri Oct 31 14:55:12 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 31 Oct 2008 14:55:12 +0100 Subject: gpgsm not listing key usage caps "esc" in regular output? In-Reply-To: <200810310950.07721.bernhard@intevation.de> (Bernhard Reiter's message of "Fri, 31 Oct 2008 09:50:05 +0100") References: <200810310950.07721.bernhard@intevation.de> Message-ID: <87mygkx41r.fsf@wheatstone.g10code.de> On Fri, 31 Oct 2008 09:50, bernhard at intevation.de said: > It seems that gpgsm will not add "key usage" if a key has "esc" > capabilities. Is this a defect? Seems like it. This is on purpose: err = ksba_cert_get_key_usage (cert, &use); if (gpg_err_code (err) == GPG_ERR_NO_DATA) { es_putc ('e', fp); es_putc ('s', fp); es_putc ('c', fp); es_putc ('E', fp); es_putc ('S', fp); es_putc ('C', fp); return; } The reason is that programs using the colon interface take decisions based on the key capabilities. We don't want them to know how to interpret X.509 and thus we do this for them by telling that the certifciate maybe used for all purposes. A key listing without --with-colons is intended to be human readable and thus we print what we actually have, like: > key usage: digitalSignature nonRepudiation keyEncipherment In the above case we don't print anything because there are no key usage flags at all. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bernhard at intevation.de Fri Oct 31 15:39:24 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 31 Oct 2008 15:39:24 +0100 Subject: gpgsm not listing key usage caps "esc" in regular output? In-Reply-To: <87mygkx41r.fsf@wheatstone.g10code.de> References: <200810310950.07721.bernhard@intevation.de> <87mygkx41r.fsf@wheatstone.g10code.de> Message-ID: <200810311539.27034.bernhard@intevation.de> On Freitag, 31. Oktober 2008, Werner Koch wrote: > On Fri, 31 Oct 2008 09:50, bernhard at intevation.de said: > > It seems that gpgsm will not add "key usage" if a key has "esc" > > capabilities. Is this a defect? Seems like it. > > This is on purpose: > > ? err = ksba_cert_get_key_usage (cert, &use); > ? if (gpg_err_code (err) == GPG_ERR_NO_DATA) > ? ? { > ? ? ? es_putc ('e', fp); > ? ? ? es_putc ('s', fp); > ? ? ? es_putc ('c', fp); > ? ? ? es_putc ('E', fp); > ? ? ? es_putc ('S', fp); > ? ? ? es_putc ('C', fp); > ? ? ? return; > ? ? } > > The reason is that programs using the colon interface take decisions > based on the key capabilities. ?We don't want them to know how to interpret > X.509 and thus we do this for them by telling that the certifciate maybe > used for all purposes. > > A key listing without --with-colons is intended to be human readable > > and thus we print what we actually have, like: > > ? ? key usage: digitalSignature nonRepudiation keyEncipherment > > In the above case we don't print anything because there are no key usage > flags at all. Ah, thanks for the explanation! Checking with openssl, the key for Bernhard has: X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE (no X509v3 Key Usage) where Ludwig has X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment As the "C" in the colons mean it is able to certify other keys, I take it that the listed X509v3 Basic Constraints: critical CA:FALSE is not considered by gpgsm or means something else? -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From bfoster at clearwire.net Thu Oct 2 02:21:43 2008 From: bfoster at clearwire.net (Bill Foster) Date: Thu, 02 Oct 2008 00:21:43 -0000 Subject: Problem building GnuPG 2.0.9 for Windows Message-ID: <48E40CB9.1030500@clearwire.net> Hello, I am trying to build GnuPG 2.0.9 for Win32 (Windows XP). I am using the Debian testing (Lenny) platform, with the MinGW cross-compiler. I've installed the required libraries in their proper order: libgpg-error-1.6 libgcrypt-1.4.3 libksba-1.0.4 w32pth-2.0.1 libassuan-1.0.5 And I've installed zlib-1.2.3, with the libz.a library file in the ~/w32root/lib directory. When trying to build GnuPG 2.0.9, I run './configure --build-w32'. Then I run 'make'. 'make' ends with these lines: Making all in g10 make[2]: Entering directory `~/gnupg-2.0.9/g10' i586-mingw32msvc-gcc -I~/w32root/include -I~/w32root/include -I~/w32root/include -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -Wno-pointer-sign -Wpointer-arith -o gpg2.exe gpg.o server.o build-packet.o compress.o free-packet.o getkey.o keydb.o keyring.o seskey.o kbnode.o mainproc.o armor.o mdfilter.o textfilter.o progress.o misc.o openfile.o keyid.o parse-packet.o cpr.o plaintext.o sig-check.o keylist.o pkglue.o pkclist.o skclist.o pubkey-enc.o passphrase.o seckey-cert.o encr-data.o cipher.o encode.o sign.o verify.o revoke.o decrypt.o keyedit.o dearmor.o import.o export.o trustdb.o tdbdump.o tdbio.o delkey.o keygen.o helptext.o keyserver.o photoid.o call-agent.o card-util.o exec.o ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a ../common/libgpgrl.a -lws2_32 -L~/w32root/lib -lgcrypt -lgpg-error -L~/w32root/lib -lassuan -lws2_32 -L~/w32root/lib -lgpg-error compress.o: In function `do_compress': ~/gnupg-2.0.9/g10/compress.c:107: undefined reference to `_deflate' compress.o: In function `do_uncompress': ~/gnupg-2.0.9/g10/compress.c:196: undefined reference to `_inflate' compress.o: In function `init_compress': ~/gnupg-2.0.9/g10/compress.c:80: undefined reference to `_deflateInit_' compress.o: In function `init_uncompress': ~/gnupg-2.0.9/g10/compress.c:146: undefined reference to `_inflateInit_' compress.o: In function `init_compress': ~/gnupg-2.0.9/g10/compress.c:80: undefined reference to `_deflateInit2_' compress.o: In function `init_uncompress': ~/gnupg-2.0.9/g10/compress.c:146: undefined reference to `_inflateInit2_' compress.o: In function `compress_filter': ~/gnupg-2.0.9/g10/compress.c:264: undefined reference to `_inflateEnd' ~/gnupg-2.0.9/g10/compress.c:273: undefined reference to `_deflateEnd' collect2: ld returned 1 exit status make[2]: *** [gpg2.exe] Error 1 I have tried learning how to build the zlib.dll file, and then using the 'nm' command to create a zlib.def file, and then using the 'dlltool' command to "custom build" an import library (zlib.a). But I still get the same error messages as above when I run 'make'. I've reached the end of my rope. Does anyone have any advice they can offer me ? Please know it will be greatly appreciated. Thank-you, Bill Foster From Usha.Yeruva at Avnet.com Sat Oct 25 00:21:55 2008 From: Usha.Yeruva at Avnet.com (Yeruva, Usha) Date: Fri, 24 Oct 2008 22:21:55 -0000 Subject: OpenPGP Issue Message-ID: Hi, I am trying to encrypt a file from webMethods Integration Server using OpenPGP package after all the configurations were done correctly and receiving the following exception. I was successfully able to encrypt the file using the exact same command from command line logging in as same user. gpg: out of memory while allocating 128 bytes. Do you have any idea what might be causing this error? JVM memory settings are as follows. JAVA_MIN_MEM=1536M and JAVA_MAX_MEM=2048M Java version: 1.4.2. OS: Unix Appreciate your reply. Thanks, Usha -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcus.brinkmann at rub.de Fri Oct 17 21:27:19 2008 From: marcus.brinkmann at rub.de (Marcus Brinkmann) Date: Fri, 17 Oct 2008 19:27:19 -0000 Subject: can decrypt a message only with gpgme lib?! In-Reply-To: <48f82703.160d6e0a.1ba5.ffffa2bf@mx.google.com> References: <48f82703.160d6e0a.1ba5.ffffa2bf@mx.google.com> Message-ID: <48F8E75E.4080300@rub.de> Yunfeng wrote: > I read the > gpgme.info(http://mibai.tec.u-ryukyu.ac.jp/cgi-bin/info2www?(gpgme.info)Top) > > But I am not clear that can I decrypt a message only use the Gpgme lib?! > > What the relationship between the Gpg and the gpgme ? GPGME is a wrapper library around gpg. It provides convenient access to gpg, a command line utility, from the C language. Check out the file gpgme/tests/gpg/t-decrypt.c to see an example for a decryption operation from GPGME. Thanks, Marcus From ivo.alxneit at psi.ch Wed Oct 22 14:41:34 2008 From: ivo.alxneit at psi.ch (Ivo Alxneit-Kamber) Date: Wed, 22 Oct 2008 12:41:34 -0000 Subject: how to identify a good signature by an untrusted key with gpgme 1.1.7 Message-ID: <48FF1D96.2050506@psi.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all i do not quite understand how i should interpret the result of `gpgme_op_verify_result(ctx)`. using gpg for my two files `foo` and `bar` i obtain what i expected. $ gpg --verify foo gpg: Signature made Thu 02 Oct 2008 10:32:46 AM CEST using DSA key ID 515E30C7 gpg: Good signature from "Ivo Alxneit (work) " gpg: aka "Ivo Alxneit (privat, old) " gpg: aka "Ivo Alxneit (privat) " - -> good signature from "trusted" key $ gpg --verify bar gpg: Signature made Tue 23 Sep 2008 05:05:00 PM CEST using RSA key ID 70B61F81 gpg: Good signature from "Timestamp Service " [uncertain] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4B 12 BC D5 78 85 11 06 3B 54 31 90 E0 9D F3 06 - -> good signature from "untrusted" key i then use the following code to verify the signatures using gpgme (version 1.1.7, gpg-1.4.5) gpgme_op_verify(ctx, sig, NULL, text); result = gpgme_op_verify_result(ctx); s = result->signatures; while (s) { fprintf(stdout, "\nsummary=%d\n", s->summary); fprintf(stdout, "fpr=%s\n", s->fpr); fprintf(stdout, "status=%d\n", s->status); fprintf(stdout, "timestamp=%lu\n", s->timestamp); fprintf(stdout, "wrong_key_usage=%u\n", s->wrong_key_usage); fprintf(stdout, "pka_trust=%u\n", s->pka_trust); fprintf(stdout, "chain_model=%u\n", s->chain_model); fprintf(stdout, "validity=%d\n", s->validity); fprintf(stdout, "validity_reason=%d\n", s->validity_reason); fprintf(stdout, "key=%d\n", s->pubkey_algo); fprintf(stdout, "hash=%d\n", s->hash_algo); s = s->next; } this seems to work fine but i do not understand all of the result structure. for `foo` i obtain summary=3 (GPGME_SIGSUM_VALID + GPGME_SIGSUM_GREEN) fpr=D0E3ADE78E893E9CAEC1E2F401DEC213515E30C7 status=0 timestamp=1222936366 wrong_key_usage=0 pka_trust=0 chain_model=0 validity=4 (GPGME_VALIDITY_FULL) validity_reason=0 key=17 hash=2 why not validity=5 (GPGME_VALIDITY_ULTIMTE) as my key hast validity and trust set to ultimate. $ gpg --edit-key 0x515e30c7 Secret key is available. pub 1024D/515E30C7 created: 2002-02-11 expires: never usage: SCA trust: ultimate validity: ultimate sub 2048g/0503D66E created: 2002-02-11 expires: never usage: E for `bar` i obtain summary=0 (??) fpr=4B12BCD5788511063B543190E09DF306 status=0 timestamp=1222182300 wrong_key_usage=0 pka_trust=0 chain_model=0 validity=0 (GPGME_VALIDITY_UNKNOWN) validity_reason=0 key=1 hash=1 why not summary=2 (GPGME_SIGSUM_GREEN) so how ist the correct / intended way to detect a good signature made by an untrusted key? thanks for the help please cc me, i have not subscribed to the list - -- Dr. Ivo Alxneit Laboratory for Solar Technology phone: +41 56 310 4092 Paul Scherrer Institute fax: +41 56 310 2688 CH-5232 Villigen http://solar.web.psi.ch Switzerland gnupg key: 0x515E30C7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFI/x2WAd7CE1FeMMcRAhoCAKCOom07JVFqgR3GrMcR/pBNqNcQgQCglQKl mBPJCVr/Q2kDc/KRsSkCKko= =3Fn3 -----END PGP SIGNATURE-----