From bernhard at intevation.de Mon Sep 1 14:27:13 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 1 Sep 2008 14:27:13 +0200 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <8349801F-F870-47D1-B48A-144BDA28BBC4@jabberwocky.com> References: <48B5B452.2030200@buanzo.com.ar> <48B69993.50509@buanzo.com.ar> <8349801F-F870-47D1-B48A-144BDA28BBC4@jabberwocky.com> Message-ID: <200809011427.17269.bernhard@intevation.de> On Thursday 28 August 2008 14:59, David Shaw wrote: > On Aug 28, 2008, at 8:26 AM, Arturo 'Buanzo' Busleiman wrote: > > Werner Koch wrote: > >> What we could add far easier is an encryption flags which sets the > >> --throw-keyid option of gpg and thus all recipients would be hidden. > > > > That would work too! Jacob Appelbaum and I are working on the Web-of- > > Trust solution to the OpenPGP > > for HTTP Bootstrapping issue, and we discovered that --throw-keyids ? > > would be great as a simple > > counter-measure against traffic analysis. > > Emphasis on 'simple', though. ?Hidden keyids do work, but read > http://www.imc.org/ietf-openpgp/mail-archive/msg10923.html for one > potential gotcha and workaround. To me understanding, using a blind carbon copy on emails requires the email application to send out several versions of the email: 1) encrypted to all visible recipients n invisible recipients*) encrypted to all visible recipients and one out of n invisible. Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From bernhard at intevation.de Mon Sep 1 14:27:50 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 1 Sep 2008 14:27:50 +0200 Subject: trust field for CMS (was: empty trust field for --with-colons and CMS) In-Reply-To: <200808211620.08481.bernhard@intevation.de> References: <200808131416.20617.bernhard@intevation.de> <87hc9pgddo.fsf@wheatstone.g10code.de> <200808211620.08481.bernhard@intevation.de> Message-ID: <200809011427.51281.bernhard@intevation.de> On Thursday 21 August 2008 16:20, Bernhard Reiter wrote: > On Wednesday 13 August 2008 17:09, Werner Koch wrote: > > On Wed, 13 Aug 2008 15:55, bernhard at intevation.de said: > > > LANG=C gpgsm --with-validation --with-colons --list-keys > > > bernhard at intevation.de > > > > > > crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS > > > 8,O=Intevation GmbH,C=DE::escESC: > > > > Okay, I fixed that in svn revision 4813. > > > > ? ? ? ? ? ? For X.509 certificates an 'u' is used for a trusted root > > ? ? ? ? ? ? certificate (i.e. for the trust anchor) and an 'f' for all > > ? ? ? ? ? ? other valid certificates. > > What about using 'm' in CMS (X.509) to indicate that > --disable-crl-checks OR --disable-policy-checks is active? > > It would trigger a question with many gpgme using applications > which IMO would be correct in the situation. Ping. -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From wk at gnupg.org Mon Sep 1 16:28:49 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 01 Sep 2008 16:28:49 +0200 Subject: fixes for Msys+Mingw In-Reply-To: (carlo bramix's message of "Tue, 26 Aug 2008 18:40:27 +0200") References: Message-ID: <87iqtg2b4u.fsf@wheatstone.g10code.de> On Tue, 26 Aug 2008 18:40, carlo.bramix at libero.it said: > I tried to compile gnupg 2.0.9 under Mingw+Msys. Not a supported build platform, but let's see: > 1- /jnlib/utf8conv.c was compiled successfully, but it was not working because because "iconv.dll" was not found during runtime. > But it exists just with a different name, mine is called "libiconv-2.dll". > I believe that it's a good idea to use ICONV correctly if it's found. > Since Msys is a posix-like enviroment under Windows, AM_ICONV detects its presence at configure time and it adds "-liconv" to LDFLAGS. Well, if Msys is the build platform the it needs to support corss-compilation. You need to build gnupg the same way as on a real Posix platform, that is you should use build commands similar to what "./autogen.sh --build-w32" uses. > So, if that shared library exists, the executables are linked directly with the import library and it is absolutely not required to dynamically load it. Not a good idea. For one we want to have close control over what DLLs are used and second it should be piossible to do without inconv.dll. > 2- compilation of scd/ccid-driver.c failed because ETIMEDOUT is undefined in Windows. > However, LibUSB-Win32 do not set errno, but it encodes the error code directly into the return value of the functions. Interesting. There is a working port of libusb now? Any pointers - I am very interested. We don't support the internal CCID driver under Windows. Anyway it is a bug in that port if it does not set ERRNO properly. It is also a cross-building problem; you need to decide whether you want a POSIX version of GnuPG (like Cygwin) or a native one. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dshaw at jabberwocky.com Mon Sep 1 16:35:34 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 1 Sep 2008 10:35:34 -0400 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <200809011427.17269.bernhard@intevation.de> References: <48B5B452.2030200@buanzo.com.ar> <48B69993.50509@buanzo.com.ar> <8349801F-F870-47D1-B48A-144BDA28BBC4@jabberwocky.com> <200809011427.17269.bernhard@intevation.de> Message-ID: On Sep 1, 2008, at 8:27 AM, Bernhard Reiter wrote: > On Thursday 28 August 2008 14:59, David Shaw wrote: >> On Aug 28, 2008, at 8:26 AM, Arturo 'Buanzo' Busleiman wrote: >>> Werner Koch wrote: >>>> What we could add far easier is an encryption flags which sets the >>>> --throw-keyid option of gpg and thus all recipients would be >>>> hidden. >>> >>> That would work too! Jacob Appelbaum and I are working on the Web- >>> of- >>> Trust solution to the OpenPGP >>> for HTTP Bootstrapping issue, and we discovered that --throw-keyids >>> would be great as a simple >>> counter-measure against traffic analysis. >> >> Emphasis on 'simple', though. Hidden keyids do work, but read >> http://www.imc.org/ietf-openpgp/mail-archive/msg10923.html for one >> potential gotcha and workaround. > > To me understanding, using a blind carbon copy on emails requires > the email application to send out several versions of the email: > 1) encrypted to all visible recipients > n invisible recipients*) encrypted to all visible recipients and one > out of n > invisible. Exactly. This can be difficult for those mail programs that allow the MTA to handle all addressing, since it involves sending a message to user "b" (an encrypted + hidden user), but with "a" (an unencrypted users) in the To: list. David From bernhard at intevation.de Tue Sep 2 14:35:35 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 2 Sep 2008 14:35:35 +0200 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: References: <48B5B452.2030200@buanzo.com.ar> <200809011427.17269.bernhard@intevation.de> Message-ID: <200809021435.36418.bernhard@intevation.de> On Monday 01 September 2008 16:35, David Shaw wrote: > > To me understanding, using a blind carbon copy on emails requires > > the email application to send out several versions of the email: > > 1) encrypted to all visible recipients > > n invisible recipients*) encrypted to all visible recipients and one ? > > out of n > > invisible. > > Exactly. ?This can be difficult for those mail programs that allow the ? > MTA to handle all addressing, since it involves sending a message to ? > user "b" (an encrypted + hidden user), but with "a" (an unencrypted ? > users) in the To: list. Are there settings where this is common? Usually the MTA would act on the envelope, not the data which includes the visible "To:". Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From dshaw at jabberwocky.com Tue Sep 2 15:29:07 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 2 Sep 2008 09:29:07 -0400 Subject: No Hidden-Recipient support in GPGME? In-Reply-To: <200809021435.36418.bernhard@intevation.de> References: <48B5B452.2030200@buanzo.com.ar> <200809011427.17269.bernhard@intevation.de> <200809021435.36418.bernhard@intevation.de> Message-ID: <106F8580-126D-4351-A262-69D5D640CA76@jabberwocky.com> On Sep 2, 2008, at 8:35 AM, Bernhard Reiter wrote: > On Monday 01 September 2008 16:35, David Shaw wrote: >>> To me understanding, using a blind carbon copy on emails requires >>> the email application to send out several versions of the email: >>> 1) encrypted to all visible recipients >>> n invisible recipients*) encrypted to all visible recipients and one >>> out of n >>> invisible. >> >> Exactly. This can be difficult for those mail programs that allow >> the >> MTA to handle all addressing, since it involves sending a message to >> user "b" (an encrypted + hidden user), but with "a" (an unencrypted >> users) in the To: list. > > Are there settings where this is common? > Usually the MTA would act on the envelope, not the data which includes > the visible "To:". It's becoming less common over the years as programs have either a SMTP stub to talk to a smarthost, or at least call command line programs with some more finesse, but many programs did the equivalent of passing a whole message to "sendmail -t" and letting sendmail work out the details. That's fine in most cases, but would be a problem here. David From wk at gnupg.org Wed Sep 3 10:58:54 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 03 Sep 2008 10:58:54 +0200 Subject: missing hexstrint->plaintext conversion In-Reply-To: (Kiss Gabor's message of "Tue, 26 Aug 2008 17:48:50 +0200 (CEST)") References: Message-ID: <87skshzju9.fsf@wheatstone.g10code.de> On Tue, 26 Aug 2008 17:48, kissg at ssg.ki.iif.hu said: > This patch below fixes the problem. I fixed it using a new hex2str function. Available as svn revision 4822. Thanks, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From carlo.bramix at libero.it Wed Sep 3 13:19:01 2008 From: carlo.bramix at libero.it (carlo.bramix) Date: Wed, 3 Sep 2008 13:19:01 +0200 Subject: fixes for Msys+Mingw Message-ID: Hello! >> So, if that shared library exists, the executables are linked directly with the import library and it is absolutely not required to dynamically load it. > > Not a good idea. For one we want to have close control over what DLLs > are used and second it should be piossible to do without inconv.dll. I understand your needs. However, if I understood correctly the sources, everything is decided by the presence of HAVE_ICONV. So the code should be still work as now if you configure it in the right manner. If this macro is not declared then it will work exactly as it was previously. If some people built GnuPG with MSVC, they won't need to add HAVE_ICONV into their project properties and afterall I do not think that they did it. So you could see it as a fix only for Windows' posix enviroments, if you want. In the future we may eventually force the same behaviour even with (but not limited to) Msys by adding to configure script an option like "--disable-iconv" and call AM_ICONV only if it's enabled. I also forgot to tell you that I was not able to make it working on CYGWIN too, because that library is called cygiconv-2.dll If I can give you my opinion, the ability to work with iconv as import library *in addition* to current LoadLibrary() method is strongly recommended. >> 2- compilation of scd/ccid-driver.c failed because ETIMEDOUT is undefined in Windows. >> However, LibUSB-Win32 do not set errno, but it encodes the error code directly into the return value of the functions. > > Interesting. There is a working port of libusb now? Any pointers - I > am very interested. We don't support the internal CCID driver under > Windows. Anyway it is a bug in that port if it does not set ERRNO > properly. Yes, it exists by looong time at http://libusb-win32.sourceforge.net Last time I used it, the error value was encoded into the return value of the functions because there is no way to write _errno from old MSVCRT. I do not think that changed, however it may be possible that the handling of error codes evolved in these last years... Perhaps error codes are also reported with Win32 API like GetLastError/SetLastError, it should be read from latest sources of LibUSB-Win32. Sincerely, Carlo Bramini. From mail at markuswestphal.de Thu Sep 4 17:25:43 2008 From: mail at markuswestphal.de (Markus Westphal) Date: Thu, 4 Sep 2008 17:25:43 +0200 Subject: GPGME export secret key Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, revisiting an old topic (http://marc.info/?t=101889760900001): what about an option to export a private key in GPGME? Werner Koch and Janusz Urbanowicz rejected this request back then because the format was prone to Klima Rosa attack (http://marc.info/? l=gnupg-devel&m=101895382319899&w=2). Has this been fixed since? Would it now be possible to add support for exporting private keys? Thanks in advance and best regards, Markus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAki//fcACgkQkUmgGzu24FZLywCfUHrmu/UNOdv2mP/KM1A0PlrS r9kAn0IAiHE+b0xVRXj8pNKtpRcLKBqi =lZO7 -----END PGP SIGNATURE----- From wk at gnupg.org Fri Sep 5 09:48:42 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 05 Sep 2008 09:48:42 +0200 Subject: GPGME export secret key In-Reply-To: (Markus Westphal's message of "Thu, 4 Sep 2008 17:25:43 +0200") References: Message-ID: <87d4jjxcbp.fsf@wheatstone.g10code.de> On Thu, 4 Sep 2008 17:25, mail at markuswestphal.de said: > Has this been fixed since? Would it now be possible to add support > for exporting private keys? That was a valid reason at that time but meanwhile gpgme has evolved. Exporting secret keys is always a task which needs to be well planned and thus an API to do this is just to simple. One problem which needs to be properly addressed is to export and import secret key in a secure way. This is for example requied for a FIPS-140 certification. My current idea is to implement properkey wrapping, which means that you register a key wrapping key with gpgme/gnupg ang gnupg exports the key then encrypted for that key. This will be an additional layer on top of a passprase protected private key part. I'll talk about this at the Linux Kongress. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From marcus.brinkmann at ruhr-uni-bochum.de Fri Sep 5 12:47:14 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 05 Sep 2008 12:47:14 +0200 Subject: [Announce] GPA 0.8.0 released. Message-ID: <87tzcueuod.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hello, We are pleased to announce the release of GPA 0.8.0. GPA is a graphical frontend for the GNU Privacy Guard (GnuPG, http://www.gnupg.org). GPA can be used to encrypt, decrypt, and sign files, to verify signatures and to manage the private and public keys. This is a development release. Please be careful when using it on production keys. You can find the release here: http://wald.intevation.org/frs/download.php/491/gpa-0.8.0.tar.bz2 (571 KB) http://wald.intevation.org/frs/download.php/492/gpa-0.8.0.tar.bz2.sig There is no patch to the previous release, as this would almost be as big as the whole package. The SHA1 checksums for this release are: c519af3ccd3c7e518458e143b2001a8cc6d90467 gpa-0.8.0.tar.bz2 661e971022c12201af2b36488f36fecf6382840a gpa-0.8.0.tar.bz2.sig Noteworthy changes in version 0.8.0 (2008-09-04) ------------------------------------------------ * Add basic UI server mode and option --daemon. * GPA now supports direct crypto operations to and from the clipboard, and features a simple text edit area as well. * GPA supports manipulating the backend configuration through gpg-conf. * GPA has now basic support for X.509; use the command line switch --cms to enable this. * The default keyserver is now taken from gpg.conf and not from gpa.conf. Thanks, Marcus -- g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459 H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608 _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From bjk at luxsci.net Sat Sep 6 01:45:31 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Fri, 5 Sep 2008 19:45:31 -0400 Subject: assuan_set_io_hooks() Message-ID: <200809052352.m85Nq2kZ025618@rs49.luxsci.com> What do you think about assuan_set_io_hooks() setting the read and write hooks per CTX rather than globally? I'm having problems when set globally in a multi-threaded app after a fork(). -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From wk at gnupg.org Sat Sep 6 09:54:35 2008 From: wk at gnupg.org (Werner Koch) Date: Sat, 06 Sep 2008 09:54:35 +0200 Subject: assuan_set_io_hooks() In-Reply-To: <200809052352.m85Nq2kZ025618@rs49.luxsci.com> (Ben Kibbey's message of "Fri, 5 Sep 2008 19:45:31 -0400") References: <200809052352.m85Nq2kZ025618@rs49.luxsci.com> Message-ID: <87d4jhu2tg.fsf@wheatstone.g10code.de> On Sat, 6 Sep 2008 01:45, bjk at luxsci.net said: > What do you think about assuan_set_io_hooks() setting the read and write > hooks per CTX rather than globally? I'm having problems when set > globally in a multi-threaded app after a fork(). We plan some API cleanup anyway and thus it would be easy to extend assuan_set_io_hooks. Would you mind to explain our problem? What about calling assuan_set_io_hook (NULL) in the child right after the fork? Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bjk at luxsci.net Sat Sep 6 20:41:56 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Sat, 6 Sep 2008 14:41:56 -0400 Subject: assuan_set_io_hooks() In-Reply-To: <87d4jhu2tg.fsf@wheatstone.g10code.de> References: <200809052352.m85Nq2kZ025618@rs49.luxsci.com> <87d4jhu2tg.fsf@wheatstone.g10code.de> Message-ID: <200809061843.m86Ih2nH007051@rs49.luxsci.com> On Sat, Sep 06, 2008 at 09:54:35AM +0200, Werner Koch wrote: > On Sat, 6 Sep 2008 01:45, bjk at luxsci.net said: > > What do you think about assuan_set_io_hooks() setting the read and write > > hooks per CTX rather than globally? I'm having problems when set > > globally in a multi-threaded app after a fork(). > > We plan some API cleanup anyway and thus it would be easy to extend > assuan_set_io_hooks. Would you mind to explain our problem? What about > calling assuan_set_io_hook (NULL) in the child right after the fork? Strange things were happening from what I think was a dirty build. Anyway, if there was a way to use the default IO handlers inside the read and write hooks themselves, that might be an alternative. -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From bjk at luxsci.net Sun Sep 7 13:19:48 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Sun, 7 Sep 2008 07:19:48 -0400 Subject: assuan_tcp_connect()? Message-ID: <200809071121.m87BL145023320@rs49.luxsci.com> Any plans on including something equivalent any time soon? Or maybe something like assuan_init_socket_server_ext() only for a client that has already done the connect()? -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From wk at gnupg.org Mon Sep 8 20:02:58 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 08 Sep 2008 20:02:58 +0200 Subject: [Announce] Libgcrypt 1.4.2 released Message-ID: <873akabjn1.fsf@wheatstone.g10code.de> Hello! The GNU project is pleased to announce the availability of Libgcrypt version 1.4.2. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. Noteworthy changes in version 1.4.2: * The long missing gcry_mpi_lshift function has been added. * RSA key generation now supports a "transient-key" flag. * The keygrip computation for ECDSA has been implemented thus ECDSA is now fully supported. * A few macros have been replaced by functions for better type checking. * The thread initialization structure now carries version information. * The manual describes more clearly how to initialize Libgcrypt. * The library may now be switched into a FIPS mode. * Interface changes relative to the 1.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRYCTL_OPERATIONAL_P NEW. GCRYCTL_FIPS_MODE_P NEW. GCRYCTL_FORCE_FIPS_MODE NEW. gcry_cipher_setkey NEW: Replaces macro. gcry_cipher_setiv NEW: Replaces macro. gcry_cipher_setctr NEW: Replaces macro. gcry_mpi_lshift NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signatures is: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2.tar.bz2 (1049k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.1.tar.gz (1301k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.1.tar.gz.sig Alternativley you may upgrade version 1.4.1 using this patch file: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.1-1.4.2.diff.bz2 (171k) The SHA-1 checksums are: f4eda0d4a63905aef3bcdf24bb3dad787ef4b918 libgcrypt-1.4.2.tar.gz e9c65688e3191c4cad2910bda2f6c69fc05997a2 libgcrypt-1.4.2.tar.bz2 e0e5e4192f144ae0fc093d08aff50b725f46c0f9 libgcrypt-1.4.1-1.4.2.diff.bz2 For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], order extensions or support or more general by donating money to the Free Software movement [3]. Commercial support contracts for Libgcrypt are available [4], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. Many thanks to all who contributed to Libgcrypt development, be it bug fixes, code, documentation, testing or helping users. Happy hacking, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . [2] Note that copyright assignments to the FSF are required. [3] For example see http://donate.fsf.org . [4] See the service directory at http://www.gnupg.org/service.html . -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From razvan at anaconda.cs.pub.ro Wed Sep 10 10:26:36 2008 From: razvan at anaconda.cs.pub.ro (Razvan Deaconescu) Date: Wed, 10 Sep 2008 11:26:36 +0300 Subject: GPGME - signing binary (PDF) files Message-ID: <1221035196.4462.20.camel@valhalla.cs.pub.ro> Hi! I am sorry for posting this message both on the devel and users mailing lists but I am not sure where a question related to GPGME should be posted. I am involved in a project that (on top of other things) has to sign PDF documents. We are trying to sign PDF documents using gpg. It's very easy to do that in the command line (using --sign, --detach-sig, --verify), but we weren't able to do that with GPGME. We want to sign PDF documents from within a C program. The documentation mentions signing text files[1] but has no mention of binary data. Can a binary (PDF) file be signed using GPGME? If yes, could you point the functions that should be called to enable this? We are interested in something similar to the following command: --- gpg --output doc.sig --detach-sig doc --- Razvan [1] http://www.fifi.org/cgi-bin/info2www?(gpgme)Creating+a+Signature From wk at gnupg.org Wed Sep 10 11:34:09 2008 From: wk at gnupg.org (Werner Koch) Date: Wed, 10 Sep 2008 11:34:09 +0200 Subject: GPGME - signing binary (PDF) files In-Reply-To: <1221035196.4462.20.camel@valhalla.cs.pub.ro> (Razvan Deaconescu's message of "Wed, 10 Sep 2008 11:26:36 +0300") References: <1221035196.4462.20.camel@valhalla.cs.pub.ro> Message-ID: <874p4omjji.fsf@wheatstone.g10code.de> On Wed, 10 Sep 2008 10:26, razvan at anaconda.cs.pub.ro said: > --- > gpg --output doc.sig --detach-sig doc > --- We do this all the time with GPGME. It is the basic operation you need for PGP/MIME: -- Function: gpgme_error_t gpgme_op_sign (gpgme_ctx_t CTX, gpgme_data_t PLAIN, gpgme_data_t SIG, gpgme_sig_mode_t MODE) The function `gpgme_op_sign' creates a signature for the text in the data object PLAIN and returns it in the data object SIG. The type of the signature created is determined by the ASCII armor (or, if that is not set, by the encoding specified for SIG), the text mode attributes set for the context CTX and the requested signature mode MODE. After the operation completed successfully, the result can be retrieved with `gpgme_op_sign_result'. If an S/MIME signed message is created using the CMS crypto engine, the number of certificates to include in the message can be specified with `gpgme_set_include_certs'. *Note Included Certificates::. The function returns the error code `GPG_ERR_NO_ERROR' if the signature could be created successfully, `GPG_ERR_INV_VALUE' if CTX, PLAIN or SIG is not a valid pointer, `GPG_ERR_NO_DATA' if the signature could not be created, `GPG_ERR_BAD_PASSPHRASE' if the passphrase for the secret key could not be retrieved, `GPG_ERR_UNUSABLE_SECKEY' if there are invalid signers, and passes through any errors that are reported by the crypto engine support routines. Example on how to create PGP/MIME signed data: { GpgmeCtx ctx; GpgmeData data, sig; gpgme_new (&ctx); gpgme_set_armor (ctx, 1); gpgme_set_textmode (ctx, 1); gpgme_data_new_from_mem (&data, mime_object, mime_object_len, TRUE ); gpgme_data_new ( &sig ); gpgme_op_sign (ctx, data, sig, GPGME_SIG_MODE_DETACH ); fputs ( "Content-Type: multipart/signed;\r\n" " protocol=\"application/pgp-signature\";\r\n" " boundary=\"42=.42=.42=.42\"\r\n" "\r\n--42=.42=.42=.42\r\n", stdout ); gpgme_data_rewind (data); while ( !gpgme_data_read (data, buf, sizeof buf, &nread ) ) { fwrite (buf, nread, 1, stdout ); } fputs ( "\r\n--42=.42=.42=.42--\r\n" "Content-Type: application/pgp-signature\r\n\r\n", stdout); gpgme_data_rewind (sig); while ( !gpgme_data_read (sig, buf, sizeof buf, &nread ) ) { fwrite (buf, nread, 1, stdout ); } fputs ( "\r\n--42=.42=.42=.42--\r\n", stdout ); gpgme_release (ctx); gpgme_data_release(data); gpgme_data_release(sig); } If you want binary data, do nit call gpgme_set_armor and gpgme_set_textmode. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From marcus.brinkmann at ruhr-uni-bochum.de Fri Sep 12 21:57:04 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 12 Sep 2008 21:57:04 +0200 Subject: doc, gpgme: should'nt GPGME_DEBUG be mentioned In-Reply-To: <200808131605.37133.bernhard@intevation.de> References: <200808131605.37133.bernhard@intevation.de> Message-ID: <87d4j9i1db.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Wed, 13 Aug 2008 16:05:36 +0200, Bernhard Reiter wrote: > > [1 ] > [1.1 ] > Just checking the gpgme docs, shouldn't GPGME_DEBUG be mentioned there? > There are some traces of if in the NEWS file, but nothing in the .info. The debug output is not yet complete and consistent across the GPGME functionality. Reading it can be extremely confusing if you don't know the internals very well (and even then some guessing is involved due to the lack of completeness). Thanks, Marcus From bernhard at intevation.de Mon Sep 15 09:51:01 2008 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 15 Sep 2008 09:51:01 +0200 Subject: doc, gpgme: should'nt GPGME_DEBUG be mentioned In-Reply-To: <87d4j9i1db.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <200808131605.37133.bernhard@intevation.de> <87d4j9i1db.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <200809150951.10600.bernhard@intevation.de> Marcus, On Friday 12 September 2008 21:57, Marcus Brinkmann wrote: > At Wed, 13 Aug 2008 16:05:36 +0200, > Bernhard Reiter wrote: > > Just checking the gpgme docs, shouldn't GPGME_DEBUG be mentioned there? > > There are some traces of if in the NEWS file, but nothing in the .info. thanks for responding! > The debug output is not yet complete and consistent across the GPGME > functionality. ?Reading it can be extremely confusing if you don't > know the internals very well (and even then some guessing is involved > due to the lack of completeness). Looks like the paragraph above can go directly in as part of the documentation. :) Please, please document GPGME_DEBUG! I am searching for it too often, a little paragraph should be easy to write. Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1603 bytes Desc: not available URL: From wk at gnupg.org Thu Sep 18 17:23:58 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 18 Sep 2008 17:23:58 +0200 Subject: [Announce] Libgcrypt 1.4.3 released Message-ID: <878wtpa35d.fsf@wheatstone.g10code.de> Hello! The GNU project is pleased to announce the availability of Libgcrypt version 1.4.3. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. Noteworthy changes in version 1.4.3: * Try to auto-initialize Libgcrypt to minimize the effect of applications not doing that correctly. This is not a perfect solution but given that many applicationion would totally fail without such a hack, we try to help at least with the most common cases. Folks, please read the manual to learn how to properly initialize Libgcrypt! * Auto-initialize the secure memory to 32k instead of aborting the process. * Log fatal errors via syslog. * Changed the name and the semantics of the fips mode config file. * Add convenience macro gcry_fips_mode_active. * More self-tests. * Documentation cleanups. Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signatures is: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2 (1062k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2.sig This file is bzip2 compressed. A gzip compressed version is also available: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz (1325k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz.sig Alternativley you may upgrade version 1.4.2 using this patch file: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2-1.4.3.diff.bz2 (42k) The SHA-1 checksums are: bdc67c1fdcec464a94dca691615f2335a12db5ce libgcrypt-1.4.3.tar.bz2 3d9d583501ce951596fa7dd3667afd357ac7d056 libgcrypt-1.4.3.tar.gz e28b74c5824364e20ae7f147f1b89925f5426669 libgcrypt-1.4.2-1.4.3.diff.bz2 For help on developing with Libgcrypt you should read the included manual and optional ask on the gcrypt-devel mailing list [1]. Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], order extensions or support or more general by donating money to the Free Software movement [3]. Commercial support contracts for Libgcrypt are available [4], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. Many thanks to all who contributed to Libgcrypt development, be it bug fixes, code, documentation, testing or helping users. Happy hacking, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . [2] Note that copyright assignments to the FSF are required. [3] For example see http://donate.fsf.org . [4] See the service directory at http://www.gnupg.org/service.html . -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 205 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From bjk at luxsci.net Sat Sep 20 04:36:51 2008 From: bjk at luxsci.net (Ben Kibbey) Date: Fri, 19 Sep 2008 22:36:51 -0400 Subject: PATCH: assuan_socket_connect_fd() Message-ID: <200809200238.m8K2c2D3010592@rs49.luxsci.com> Heres a patch to create an assuan_context_t for an already connected socket FD. This implements assuan_socket_connect_fd(). The "data" parameter is like assuan_set_pointer() but gets set just before the assuan handshake. Also added is assuan_set_finish_handler() that, when set, gets called in assuan_disconnect() before the file descriptors are closed. Hopefully it doesn't break anything. Seems to work over here though. -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E -------------- next part -------------- A non-text attachment was scrubbed... Name: assuan_socket_connect_fd.diff Type: text/x-diff Size: 4762 bytes Desc: not available URL: From yunxin.li at gmail.com Sun Sep 21 10:54:34 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Sun, 21 Sep 2008 16:54:34 +0800 Subject: How to detect a GunPG file. Message-ID: <48d60bd3.054c6e0a.5462.ffff94a8@mx.google.com> Hi all I'm working on a project that need to distinguish GunPG files among a lot of files without extension name. I read the following post( http://lists.gnupg.org/pipermail/gnupg-devel/2004-October/021427.html) but I'm still confused about how to detect the GunPG file. Is there any string in the GunPG' header can tell me it is a GunPG file!? If yes, which bits?! Kk11 -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam at adammil.net Sun Sep 21 11:54:53 2008 From: adam at adammil.net (Adam Milazzo) Date: Sun, 21 Sep 2008 12:54:53 +0300 Subject: How to detect a GunPG file. In-Reply-To: <48d60bd3.054c6e0a.5462.ffff94a8@mx.google.com> References: <48d60bd3.054c6e0a.5462.ffff94a8@mx.google.com> Message-ID: <48D619ED.9010606@adammil.net> GnuPG files are simply OpenPGP files and conform to RFC-4880: http://tools.ietf.org/html/rfc4880 Yunfeng wrote: > Hi all > > > > I?m working on a project that need to distinguish GunPG files among a > lot of files without extension name. > > > > I read the following post( > > http://lists.gnupg.org/pipermail/gnupg-devel/2004-October/021427.html) > > > > but I?m still confused about how to detect the GunPG file. > > > > Is there any string in the GunPG? header can tell me it is a GunPG > file!? If yes, which bits?! > > > > > > Kk11 > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel -- Encrypt your email! Use GnuPG (http://www.gnupg.org) along with: * Enigmail (http://enigmail.mozdev.org) for Thunderbird * FireGPG (http://getfiregpg.org) for GMail, Hotmail, etc. * GPGOE (http://gpgoe.wald.intevation.org) for Outlook Express * GpgOL (http://www.g10code.com/p-gpgol.html) for Outlook My public key is available at http://www.adammil.net/files/publickey.txt From wk at gnupg.org Mon Sep 22 10:51:51 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 22 Sep 2008 10:51:51 +0200 Subject: [Announce] Libksba 1.0.4 released Message-ID: <87prmw4l7c.fsf@wheatstone.g10code.de> Hello! We are pleased to announce version 1.0.4 of Libksba. Libksba is an X.509 and CMS (PKCS#7) library. It is for example required to build the S/MIME part of GnuPG-2 (gpgsm). The only build requirement for Libksba itself is the libgpg-error package. There are no other dependencies; actual cryptographic operations need to be done by the user. Libksba is distributed under the GPLv3+. There are no user tools accompanying this software, thus it is mostly relevant to developers. This is a maintenance release. You may download the library and its OpenPGP signature from: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.4.tar.bz2 (553k) ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.4.tar.bz2.sig As an alternative you may use a patch file to upgrade the previous version of the library: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.3-1.0.4.diff.bz2 (144k) (the reason for the large patch file is due to newer version of files from the build systems) or from any mirror of that server (http://www.gnupg.org/mirrors.html). SHA-1 checksums are: 05d0b803bac34b53e07619ca52425452be535792 libksba-1.0.4.tar.bz2 51249c45ea74c61325c1f2462045ba5a4148bf38 libksba-1.0.3-1.0.4.diff.bz2 Noteworthy changes in version 1.0.4 (2008-09-22) ------------------------------------------------ * Write smimeCapabilities according to RFC3851 to help Mozilla. * Support DSA. * The visibility attribute is now used if supported by the toolchain. Commercial support contracts for Libksba are available, and they help finance continued maintenance. g10 Code, a Duesseldorf based company owned and headed by Libksba's principal author, is currently funding its development. We are always looking for interesting development projects. See also http://www.gnupg.org/service.html . Happy hacking, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From yunxin.li at gmail.com Wed Sep 24 07:24:44 2008 From: yunxin.li at gmail.com (Yunfeng) Date: Wed, 24 Sep 2008 13:24:44 +0800 Subject: how to compile libksba into windows version Message-ID: <48d9cf28.07506e0a.4317.7b8b@mx.google.com> Hi everyone I need run libksba in windows. I find in google but cannot find a windows version libksba. Anyone can teach me how to compile the libksba into windows. Thanks a lot. Kk11 -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcus.brinkmann at ruhr-uni-bochum.de Wed Sep 24 14:37:12 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Wed, 24 Sep 2008 14:37:12 +0200 Subject: how to compile libksba into windows version In-Reply-To: <48d9cf28.07506e0a.4317.7b8b@mx.google.com> References: <48d9cf28.07506e0a.4317.7b8b@mx.google.com> Message-ID: <878wthafev.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Wed, 24 Sep 2008 13:24:44 +0800, Yunfeng wrote: > I need run libksba in windows. > > I find in google but cannot find a windows version libksba. > > Anyone can teach me how to compile the libksba into windows. It's part of gpg4win, so you can use: http://gpg4win.org/build-installer.html If you follow the instructions, the libksba build will end up in src/playground/build/libksba-$LIBKSBA_VERSION-build By studying the gpg4win build system, you can also figure out how to build it without gpg4win. It's not that hard, but there are many fine details to get right. You don't need to build all of gpg4win to get libksba. By reading configure.ac, you can see that libksba needs only libgpg-error, which in turn needs libiconv and gettext. So drop these packages into packages/ (see the file packages.current for URLs to these), and run in the src/ directory: $ make stamps/stamp-final-libiconv $ make stamps/stamp-final-gettext $ make stamps/stamp-final-libgpg-error $ make stamps/stamp-final-libksba Thanks, Marcus From mnalis-ml at voyager.hr Thu Sep 25 14:05:49 2008 From: mnalis-ml at voyager.hr (Matija Nalis) Date: Thu, 25 Sep 2008 14:05:49 +0200 Subject: WARNING: signature digest conflict in message ? Message-ID: <20080925120548.GA25059@data.voyager.hr> I did most of the testing with default debian Etch gnupg 1.4.6-2, but I've also verified that problem exists is gnupg 1.4.9-3 The problem is if one uses clearsign format without "Hash:" line, and the actual hash used is *not* MD5, the "gpg --verify" fails with: gpg: WARNING: signature digest conflict in message gpg: Can't check signature: general error If one uses detached signatures, the gpg correctly guess hash used from the signature, uses that, and correctly verifies message. If one uses clearsign signature, but without "Hash:" line[1], it fails, unless the hash happens to be MD5. Failing example looks something like: -----BEGIN PGP SIGNED MESSAGE----- some cleartext some more cleartext -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBSNt3osBJstyq5PJcAQIF1AP/S0ki33NfTfLdrESJ6A0ug59c7mrSbAEO CUYO8uTYZXErp+1KSEkdlTg3SI20tiE1L4Wh7iBlt3QcOaOaxTpenGPGtD0EeDmj lRnS11TXqdZRleBj+Z9BT3zDFba+DJoVYli00LL8pjEsLqDM5HKmUEQJC3XGQOk7 3tsNAe+ur3g= =0+0L -----END PGP SIGNATURE----- Would it be possible in such a case to try to deduce the hash used from signature, before (or instead of) falling back to assuming it is MD5 ? I see no reason why it couldn't be possible. [1] Yes, I know it would work if the "Hash: SHA1" line was present after "-----BEGIN PGP SIGNED MESSAGE-----", and while I could easily fix it in my server, there are tons of other places where it probably won't be fixed (long story - the software is INN's pgpverify < 1.23) -- Opinions above are GNU-copylefted. From dshaw at jabberwocky.com Thu Sep 25 14:54:58 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 25 Sep 2008 08:54:58 -0400 Subject: WARNING: signature digest conflict in message ? In-Reply-To: <20080925120548.GA25059@data.voyager.hr> References: <20080925120548.GA25059@data.voyager.hr> Message-ID: <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> On Sep 25, 2008, at 8:05 AM, Matija Nalis wrote: > I did most of the testing with default debian Etch gnupg 1.4.6-2, > but I've also verified that problem exists is gnupg 1.4.9-3 > > The problem is if one uses clearsign format without "Hash:" line, and > the actual hash used is *not* MD5, the "gpg --verify" fails with: > > gpg: WARNING: signature digest conflict in message > gpg: Can't check signature: general error > > > If one uses detached signatures, the gpg correctly guess hash used > from the signature, uses that, and correctly verifies message. > > If one uses clearsign signature, but without "Hash:" line[1], it > fails, unless the hash happens to be MD5. This is specified in RFC-4880: If the "Hash" Armor Header is given, the specified message digest algorithm(s) are used for the signature. If there are no such headers, MD5 is used. If MD5 is the only hash used, then an implementation MAY omit this header for improved V2.x compatibility. > Would it be possible in such a case to try to deduce the hash used > from signature, before (or instead of) falling back to assuming it is > MD5 ? I see no reason why it couldn't be possible. Verifying a clear signature uses the Hash: header to set up the hash context, then the data is hashed, then the signature is read - in that order. If GPG is getting the clear signatures in a stream it would have to buffer all the data until it finds out what the hash is by reading the signature, then go back and hash the data. If the data is large, that may not be possible. > [1] Yes, I know it would work if the "Hash: SHA1" line was present > after "-----BEGIN PGP SIGNED MESSAGE-----", and while I could > easily fix it in my server, there are tons of other places where > it probably won't be fixed (long story - the software is INN's > pgpverify < 1.23) What is generating these messages in the first place? Why not fix that? I know your sample message was signed by GPG, but GPG puts the right Hash headers in. Is something stripping them out? David From mnalis-ml at voyager.hr Thu Sep 25 16:03:47 2008 From: mnalis-ml at voyager.hr (Matija Nalis) Date: Thu, 25 Sep 2008 16:03:47 +0200 Subject: WARNING: signature digest conflict in message ? In-Reply-To: <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> References: <20080925120548.GA25059@data.voyager.hr> <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> Message-ID: <20080925140347.GA21920@data.voyager.hr> On Thu, Sep 25, 2008 at 08:54:58AM -0400, David Shaw wrote: > On Sep 25, 2008, at 8:05 AM, Matija Nalis wrote: > >Would it be possible in such a case to try to deduce the hash used > >from signature, before (or instead of) falling back to assuming it is > >MD5 ? I see no reason why it couldn't be possible. > > Verifying a clear signature uses the Hash: header to set up the hash > context, then the data is hashed, then the signature is read - in that > order. If GPG is getting the clear signatures in a stream it would > have to buffer all the data until it finds out what the hash is by > reading the signature, then go back and hash the data. If the data is > large, that may not be possible. Thanks David! (for crushing my hopes before they get too developed :-) That is indeed very reasonable (I didn't think of big non-seekable stream and was hoping for 2-pass or buffer) and obviously the right way to do it, not to mention conforming to RFC. (although as alternative it might also sequentially generate all supported hashes as it goes, and then drop the unneeded ones; but this would also be an inexcusable waste of resources) > What is generating these messages in the first place? Why not fix > that? I know your sample message was signed by GPG, but GPG puts the > right Hash headers in. Is something stripping them out? Yes, I was just using gpg + editor for making reproducible test case. The broken software is above mentioned pgpverify (for example, broken version can be found at ftp://ftp.isc.org/pub/pgpcontrol/ARCHIVE/pgpverify-1.15 ) which attempted to make its own clearsign version (without "Hash" header) and then call "gpg --verify" on it - which failed unless you used MD5. Although the pgpverify was fixed years ago (by switching to use detached signatures), there are a lot of sites still using older INN installations (and there are some good reasons for people not wanting to upgrade INN once it is working) which still have broken pgpverify. So I was hoping perhaps if gnupg could be easily fixed to autodetect signature type in this case, than just gpg could get upgraded (leaving custom inn unmodified) and thus fixing situation - which would be much easier than making newsadmins all over the world upgrade their custom INN installations (and might even happen automatically over time when they upgrade their distros). Unfortunately for me, that avenue does not look reasonable anymore. I guess there is also NO way gpg (or something) could be forced to use MD5 with DSA key for signing (as "--digest-algo md5" gives me "DSA key XXXXXXXX requires a 160 bit or larger hash" error) ? So probably only reasonable (for some flexible definition of reasonable :-) thing for me is to either start a crusade to make all newsadmins upgrade their INN (or at least replace pgpverify part of it), or to start using RSA key and forcing MD5 hash on it, which I wanted to avoid if at all possible (as it requires changing usenet hierarchy key, for which is there no good key-exchange mechanism, so I also get to contact all newsadmins across the world) Thanks again, perhaps this discussion will help some new newsadmin to *NOT* use DSA key, but old 1024 bit RSA for signing Usenet control messages. (or at least if they did choose DSA, and google finds them this post with error message, to realize they're doomed quick enough :-) -- Opinions above are GNU-copylefted. From wk at gnupg.org Thu Sep 25 16:32:54 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 25 Sep 2008 16:32:54 +0200 Subject: WARNING: signature digest conflict in message ? In-Reply-To: <20080925140347.GA21920@data.voyager.hr> (Matija Nalis's message of "Thu, 25 Sep 2008 16:03:47 +0200") References: <20080925120548.GA25059@data.voyager.hr> <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> <20080925140347.GA21920@data.voyager.hr> Message-ID: <87tzc4uwh5.fsf@wheatstone.g10code.de> Hi! What about invoking gpg this way: cat foo.asc | sed '/^-----BEGIN PGP SIGNED/a Hash: MD5' | gpg --verify This will add the required MD5 line. If there is already a hash line, sed insers another HAsh line, which is okay. Enabling an extra hash does not matter. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From ovz at yahoo.com Thu Sep 25 16:50:45 2008 From: ovz at yahoo.com (Oleg V. Zhylin) Date: Thu, 25 Sep 2008 07:50:45 -0700 (PDT) Subject: Need to distinguish between g10_log_info and g10_log_error Message-ID: <379513.10002.qm@web56601.mail.re3.yahoo.com> Hi All, I'm using gpg from Powershell and it detects error condition not by return value, but by presence of data on standard error. I've checked out gnupg source code and the only difference between g10_log_info and g10_log_error is errorcount++; in g10_log_error. Thus as far as I could check there's no way to suppress just log_infos w/o suppressing log_errors too. This would be great feature to have. Moreover, a command like the following gpg -o h:\temp\outfile.txt --logger-fd 1 --yes --decrypt h:\temp\outfile.txt.gpg returns 2 even if file is decrypted successfully. Is it safe to rely that 2 means success in this case? WBR Oleg V. Zhylin ovz at yahoo.com From adam at adammil.net Thu Sep 25 19:06:03 2008 From: adam at adammil.net (Adam Milazzo) Date: Thu, 25 Sep 2008 20:06:03 +0300 Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <379513.10002.qm@web56601.mail.re3.yahoo.com> References: <379513.10002.qm@web56601.mail.re3.yahoo.com> Message-ID: <48DBC4FB.5070302@adammil.net> Oleg V. Zhylin wrote: > I'm using gpg from Powershell and it detects error condition not by return value, but by presence of data on standard error. Is that really true? I thought the $? variable is set based on return value. From JPClizbe at tx.rr.com Thu Sep 25 20:58:41 2008 From: JPClizbe at tx.rr.com (John Clizbe) Date: Thu, 25 Sep 2008 13:58:41 -0500 Subject: configure: check for sgml to texi tools fails with OpenSP Message-ID: <48DBDF61.90706@tx.rr.com> Last night I was building a svn rev of 1.4.10 on my Slackware box. Going over the output from configure, I thought it odd the the test for sgml to texi tools was failing. OpenSP 1.5.2 is installed, sgml2xml is present: bear at yogi:~/gnupg14r4834# sgml2xml -v sgml2xml:I: "OpenSP" version "1.5.2" OK, so OpenSP is wrapping things in double-quotes Here's a patch... bear at yogi:~/gnupg14r4834# diff -u acinclude.m4{~,} --- acinclude.m4~ 2008-09-25 00:52:52.000000000 -0500 +++ acinclude.m4 2008-09-25 03:27:51.000000000 -0500 @@ -99,6 +99,8 @@ if test "$ac_cv_prog_DOCBOOK_TO_TEXI" = yes; then if sgml2xml -v /dev/null 2>&1 | grep 'SP version' >/dev/null 2>&1 ; then working_sgmltotexi=yes + elif sgml2xml -v /dev/null 2>&1 | grep 'OpenSP\" version' >/dev/null 2>&1 ; then + working_sgmltotexi=yes fi fi AC_MSG_RESULT($working_sgmltotexi) Sorry about the elif line wrapping The same test fails on Cygwin, but that's an issue with their build of OpenSP. Best, John -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From B.Candler at pobox.com Thu Sep 25 21:33:43 2008 From: B.Candler at pobox.com (Brian Candler) Date: Thu, 25 Sep 2008 20:33:43 +0100 Subject: WARNING: signature digest conflict in message ? In-Reply-To: <20080925191725.GA27987@uk.tiscali.com> References: <20080925120548.GA25059@data.voyager.hr> <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> <20080925140347.GA21920@data.voyager.hr> <20080925191725.GA27987@uk.tiscali.com> Message-ID: <20080925193343.GA28632@uk.tiscali.com> On Thu, Sep 25, 2008 at 08:17:25PM +0100, Brian Candler wrote: > clearsigned message <-------> message + detached signature Actually that particular one should be pretty simple: I think a clearsigned message is just an armored detached signature stuck onto the end of the message. A simple perl or ruby script could split them, although you'll need to be careful to munge line endings properly. Also, I thought of another solution. RFC 2440 says: If more than one message digest is used in the signature, the "Hash" armor header contains a comma-delimited list of used message digests. So perhaps if you add a fake header Hash: MD5,SHA1 to those messages which don't have a "Hash:" header, then it will verify correctly. I did a quick experiment, clearsigning a message and changing Hash: SHA1 to Hash: MD5,SHA1 and the signature still verified. So you just need to check that a MD5+RSA message still verifies with this header, and you're away. HTH, Brian. From B.Candler at pobox.com Thu Sep 25 21:17:25 2008 From: B.Candler at pobox.com (Brian Candler) Date: Thu, 25 Sep 2008 20:17:25 +0100 Subject: WARNING: signature digest conflict in message ? In-Reply-To: <20080925140347.GA21920@data.voyager.hr> References: <20080925120548.GA25059@data.voyager.hr> <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> <20080925140347.GA21920@data.voyager.hr> Message-ID: <20080925191725.GA27987@uk.tiscali.com> On Thu, Sep 25, 2008 at 04:03:47PM +0200, Matija Nalis wrote: > That is indeed very reasonable (I didn't think of big non-seekable > stream and was hoping for 2-pass or buffer) and obviously the right > way to do it, not to mention conforming to RFC. > > (although as alternative it might also sequentially generate all > supported hashes as it goes, and then drop the unneeded ones; but > this would also be an inexcusable waste of resources) I wonder if in principle another option would be to take the clearsigned message, reformat it as message plus detached signature, and then process that. (This could be done in one pass, and then the actual verification would be a second pass) These might be useful transformations, but I don't know if there are existing tools to do them: signed message <------------> message + detached signature clearsigned message <-------> message + detached signature I'd be interested in knowing if they do exist. Regards, Brian. From dshaw at jabberwocky.com Thu Sep 25 22:11:00 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 25 Sep 2008 16:11:00 -0400 Subject: configure: check for sgml to texi tools fails with OpenSP In-Reply-To: <48DBDF61.90706@tx.rr.com> References: <48DBDF61.90706@tx.rr.com> Message-ID: <20080925201100.GC51515@jabberwocky.com> On Thu, Sep 25, 2008 at 01:58:41PM -0500, John Clizbe wrote: > Last night I was building a svn rev of 1.4.10 on my Slackware box. Going over > the output from configure, I thought it odd the the test for sgml to texi tools > was failing. OpenSP 1.5.2 is installed, sgml2xml is present: > > bear at yogi:~/gnupg14r4834# sgml2xml -v > sgml2xml:I: "OpenSP" version "1.5.2" Thanks. However, GPG doesn't actually use sgml2xml any longer to build the manual (it's mainly texi now). The sgml stuff is a leftover in acinclude.m4 that can be removed. David From dshaw at jabberwocky.com Thu Sep 25 22:19:00 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 25 Sep 2008 16:19:00 -0400 Subject: WARNING: signature digest conflict in message ? In-Reply-To: <20080925191725.GA27987@uk.tiscali.com> References: <20080925120548.GA25059@data.voyager.hr> <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> <20080925140347.GA21920@data.voyager.hr> <20080925191725.GA27987@uk.tiscali.com> Message-ID: <20080925201859.GD51515@jabberwocky.com> On Thu, Sep 25, 2008 at 08:17:25PM +0100, Brian Candler wrote: > On Thu, Sep 25, 2008 at 04:03:47PM +0200, Matija Nalis wrote: > > That is indeed very reasonable (I didn't think of big non-seekable > > stream and was hoping for 2-pass or buffer) and obviously the right > > way to do it, not to mention conforming to RFC. > > > > (although as alternative it might also sequentially generate all > > supported hashes as it goes, and then drop the unneeded ones; but > > this would also be an inexcusable waste of resources) > > I wonder if in principle another option would be to take the clearsigned > message, reformat it as message plus detached signature, and then process > that. (This could be done in one pass, and then the actual verification > would be a second pass) This theoretically could be done, but there are some corner cases due to end of line handling between the clearsigned format and the detached format. Basically: > clearsigned message <-------> message + detached signature This is possible. > signed message <------------> message + detached signature This is isn't always possible without the signed message having particular end of line restrictions. David From wk at gnupg.org Thu Sep 25 22:41:26 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 25 Sep 2008 22:41:26 +0200 Subject: WARNING: signature digest conflict in message ? In-Reply-To: <20080925201859.GD51515@jabberwocky.com> (David Shaw's message of "Thu, 25 Sep 2008 16:19:00 -0400") References: <20080925120548.GA25059@data.voyager.hr> <59656367-DEB4-47DA-A931-326788F168FF@jabberwocky.com> <20080925140347.GA21920@data.voyager.hr> <20080925191725.GA27987@uk.tiscali.com> <20080925201859.GD51515@jabberwocky.com> Message-ID: <87ej38ufex.fsf@wheatstone.g10code.de> On Thu, 25 Sep 2008 22:19, dshaw at jabberwocky.com said: >> clearsigned message <-------> message + detached signature > > This is possible. In fact I do exactly this in the Outlook plugin GgpOL. This makes the message handling much cleaner. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From ovz at yahoo.com Fri Sep 26 03:06:30 2008 From: ovz at yahoo.com (Oleg V. Zhylin) Date: Thu, 25 Sep 2008 18:06:30 -0700 (PDT) Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <48DBC4FB.5070302@adammil.net> Message-ID: <150312.37458.qm@web56602.mail.re3.yahoo.com> Yes, you're right. Up to recently I've used $LASTEXITCODE to check for errors. $LASTEXITCODE and $? are two quite related ones http://blogs.msdn.com/powershell/archive/2006/09/15/ErrorLevel-equivalent.aspx As far as gpg concerned looks like it doesn't affect $LASTEXITCODE at all. I suspect this is because Powershell doesn't treat it as win32 executable. But $? works just fine, thanks. BTW I had to overcome another problem before my script started functioning as it is suppsed to. The error message gpg: Can't check signature: public key not found gpg: WARNING: message was not integrity protected stably renders $?=False and I couldn't find any command-line settings to amend this. In my current situation I do have public key of the sender, it is just not at default $GNUPGHOME. But potentially one can run into situation when he doesn't have author's public key and its impossible to retrieve one. Still, decrypting a file means "success" for this person. WBR Oleg V. Zhylin ovz at yahoo.com --- On Thu, 9/25/08, Adam Milazzo wrote: > From: Adam Milazzo > Subject: Re: Need to distinguish between g10_log_info and g10_log_error > To: ovz at yahoo.com > Cc: gnupg-devel at gnupg.org > Date: Thursday, September 25, 2008, 8:06 PM > Oleg V. Zhylin wrote: > > I'm using gpg from Powershell and it detects error > condition not by return value, but by presence of data on > standard error. > Is that really true? I thought the $? variable is set based > on return value. From B.Candler at pobox.com Fri Sep 26 09:41:58 2008 From: B.Candler at pobox.com (Brian Candler) Date: Fri, 26 Sep 2008 08:41:58 +0100 Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <150312.37458.qm@web56602.mail.re3.yahoo.com> References: <48DBC4FB.5070302@adammil.net> <150312.37458.qm@web56602.mail.re3.yahoo.com> Message-ID: <20080926074158.GA7429@uk.tiscali.com> On Thu, Sep 25, 2008 at 06:06:30PM -0700, Oleg V. Zhylin wrote: > BTW I had to overcome another problem before my script started functioning as it is suppsed to. The error message > > gpg: Can't check signature: public key not found > gpg: WARNING: message was not integrity protected > > stably renders $?=False and I couldn't find any command-line settings to amend this. In my current situation I do have public key of the sender, it is just not at default $GNUPGHOME. But potentially one can run into situation when he doesn't have author's public key and its impossible to retrieve one. Still, decrypting a file means "success" for this person. Perhaps the "--skip-verify" option? From wk at gnupg.org Fri Sep 26 09:50:57 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 26 Sep 2008 09:50:57 +0200 Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <150312.37458.qm@web56602.mail.re3.yahoo.com> (Oleg V. Zhylin's message of "Thu, 25 Sep 2008 18:06:30 -0700 (PDT)") References: <150312.37458.qm@web56602.mail.re3.yahoo.com> Message-ID: <871vz7uyzi.fsf@wheatstone.g10code.de> Hi, let me remark that you should always use --status-fd N if you want to automate gpg's operation (N == 1 works if you also use the --output option). This is the only reliable way to get a positive confirmation of gpg's operations. See the file doc/DETAILS for details. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From ovz at yahoo.com Fri Sep 26 12:16:38 2008 From: ovz at yahoo.com (Oleg V. Zhylin) Date: Fri, 26 Sep 2008 03:16:38 -0700 (PDT) Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <20080926074158.GA7429@uk.tiscali.com> Message-ID: <788054.83375.qm@web56608.mail.re3.yahoo.com> Yes, --skip-verify does the job, thanks. Nevertheless I will go for best practice and use the right keyring in my script. WBR Oleg V. Zhylin ovz at yahoo.com --- On Fri, 9/26/08, Brian Candler wrote: > From: Brian Candler > Subject: Re: Need to distinguish between g10_log_info and g10_log_error > To: "Oleg V. Zhylin" > Cc: "Adam Milazzo" , gnupg-devel at gnupg.org > Date: Friday, September 26, 2008, 10:41 AM > On Thu, Sep 25, 2008 at 06:06:30PM -0700, Oleg V. Zhylin > wrote: > > BTW I had to overcome another problem before my > script started functioning as it is suppsed to. The error > message > > > > gpg: Can't check signature: public key not found > > gpg: WARNING: message was not integrity protected > > > > stably renders $?=False and I couldn't find any > command-line settings to amend this. In my current situation > I do have public key of the sender, it is just not at > default $GNUPGHOME. But potentially one can run into > situation when he doesn't have author's public key > and its impossible to retrieve one. Still, decrypting a file > means "success" for this person. > > Perhaps the "--skip-verify" option? From ovz at yahoo.com Fri Sep 26 12:20:15 2008 From: ovz at yahoo.com (Oleg V. Zhylin) Date: Fri, 26 Sep 2008 03:20:15 -0700 (PDT) Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <871vz7uyzi.fsf@wheatstone.g10code.de> Message-ID: <929228.87385.qm@web56608.mail.re3.yahoo.com> Actually, --logger-fd did the job for me. I'm ok with status messages and as I understood from the sources logger was the source of messages on stderr. Does any --status-fd output goes to stderr? WBR Oleg V. Zhylin ovz at yahoo.com --- On Fri, 9/26/08, Werner Koch wrote: > From: Werner Koch > Subject: Re: Need to distinguish between g10_log_info and g10_log_error > To: ovz at yahoo.com > Cc: "Adam Milazzo" , gnupg-devel at gnupg.org > Date: Friday, September 26, 2008, 10:50 AM > Hi, > > let me remark that you should always use > > --status-fd N > > if you want to automate gpg's operation (N == 1 works > if you also use > the --output option). This is the only reliable way to get > a positive > confirmation of gpg's operations. See the file > doc/DETAILS for details. > > > Salam-Shalom, > > Werner > > -- > Linux-Kongress 2008 + Hamburg + October 7-10 + > www.linux-kongress.org > > Die Gedanken sind frei. Auschnahme regelt ein > Bundeschgesetz. From wk at gnupg.org Fri Sep 26 12:41:53 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 26 Sep 2008 12:41:53 +0200 Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <929228.87385.qm@web56608.mail.re3.yahoo.com> (Oleg V. Zhylin's message of "Fri, 26 Sep 2008 03:20:15 -0700 (PDT)") References: <929228.87385.qm@web56608.mail.re3.yahoo.com> Message-ID: <87wsgztci6.fsf@wheatstone.g10code.de> On Fri, 26 Sep 2008 12:20, ovz at yahoo.com said: > Actually, --logger-fd did the job for me. I'm ok with status messages and as I understood from the sources logger was the source of messages on stderr. Does any --status-fd output goes to stderr? Sure, if you use --status-fd 2 it will go to stderr. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From ovz at yahoo.com Fri Sep 26 19:25:39 2008 From: ovz at yahoo.com (Oleg V. Zhylin) Date: Fri, 26 Sep 2008 10:25:39 -0700 (PDT) Subject: Need to distinguish between g10_log_info and g10_log_error In-Reply-To: <87wsgztci6.fsf@wheatstone.g10code.de> Message-ID: <724287.31874.qm@web56603.mail.re3.yahoo.com> Thanks for clearning this out. Looks like by status fd is 1 by default which is fine with me. As I've mentioned, my goal was to keep stderr strictly for error, so redirection of logger fd solved the issue. WBR Oleg V. Zhylin ovz at yahoo.com --- On Fri, 9/26/08, Werner Koch wrote: > From: Werner Koch > Subject: Re: Need to distinguish between g10_log_info and g10_log_error > To: ovz at yahoo.com > Cc: gnupg-devel at gnupg.org > Date: Friday, September 26, 2008, 1:41 PM > On Fri, 26 Sep 2008 12:20, ovz at yahoo.com said: > > > Actually, --logger-fd did the job for me. I'm ok > with status messages and as I understood from the sources > logger was the source of messages on stderr. Does any > --status-fd output goes to stderr? > > Sure, if you use > > --status-fd 2 > > it will go to stderr. > > > Shalom-Salam, > > Werner > > -- > Linux-Kongress 2008 + Hamburg + October 7-10 + > www.linux-kongress.org > > Die Gedanken sind frei. Auschnahme regelt ein > Bundeschgesetz. From tomp at idirect.com Sun Sep 28 06:56:09 2008 From: tomp at idirect.com (Tom Pegios) Date: Sun, 28 Sep 2008 00:56:09 -0400 Subject: scd/apdu.c SVN 4829 error in compiling on WIN_32 Message-ID: <48DF0E69.9020907@idirect.com> RE: SVN 4829 Compiling scd/apdu.c when HAVE_W32_SYSTEM is defined generates the following errors: apdu.c: In function 'pcsc_get_status': apdu.c:1095: error: invalid operands to binary & apdu.c:1096: error: invalid operands to binary | The lines are as follows: 1095 if ((status & 6) == 6) 1096 status |= 1; If status is replaced by *status the file compiles properly :> Tom Pegios From marcus.brinkmann at ruhr-uni-bochum.de Sun Sep 28 14:08:34 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sun, 28 Sep 2008 14:08:34 +0200 Subject: scd/apdu.c SVN 4829 error in compiling on WIN_32 In-Reply-To: <48DF0E69.9020907@idirect.com> References: <48DF0E69.9020907@idirect.com> Message-ID: <871vz48ocd.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Sun, 28 Sep 2008 00:56:09 -0400, Tom Pegios wrote: > > RE: SVN 4829 > Compiling scd/apdu.c when HAVE_W32_SYSTEM is defined generates the > following errors: > > apdu.c: In function 'pcsc_get_status': > apdu.c:1095: error: invalid operands to binary & > apdu.c:1096: error: invalid operands to binary | > > The lines are as follows: > > 1095 if ((status & 6) == 6) > 1096 status |= 1; > > > If status is replaced by *status the file compiles properly :> Heck if I know how this slipped through. Thanks for pointing it out, fixed in SVN. Marcus From lann-gnupg at hurricanelabs.com Fri Sep 5 21:17:38 2008 From: lann-gnupg at hurricanelabs.com (Lann Martin) Date: Fri, 05 Sep 2008 19:17:38 -0000 Subject: ID Substring Matching Message-ID: <48C18814.60706@hurricanelabs.com> I suggest that the current behavior for resolving recipients be changed: If I specify a recipient on the command line, say: -r friendly at example.com gpg may select as the actual recipient. Despite being documented in the manual, this feature is potentially dangerous for the inexperienced GnuPG user (me). Also, it is an uncommon enough issue that one could go a long time without running into it and realizing the correct way of specifying an exact address (). I see several ways to resolve this: 1. Don't make substring matching the default (it would still be available with the * prefix). This would be a compatibility problem, but maybe worth it. 2. Try to match recipients with a '@' in the string as an exact e-mail address first, falling back on sub-string matching. This isn't ideal, as it still could behave badly if the true recipient isn't in your keyring. 3. At least warn users when a recipient is resolved with substring matching (and the * prefix isn't used). This will give users a chance to learn the correct syntax before making a potentially costly mistake. -Lann Martin