From mcoca@gnu.org Thu Jan 2 12:53:02 2003 From: mcoca@gnu.org (Miguel Coca) Date: Thu Jan 2 12:53:02 2003 Subject: gpa 0.6.0 does not compile In-Reply-To: <1041257439.26812.2.camel@sdf-1.flyingpig.net> References: <20021228194435.GA1320@erde.schueszler.subdomain.de> <20021228232409.GA2316@mycroft> <1041257439.26812.2.camel@sdf-1.flyingpig.net> Message-ID: <20030102115425.GA734@mycroft> --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 30, 2002 at 08:10:38 -0600, Guy Story wrote: > I made the change to the server_access.c file and now when I do the > ./configure I get the following message: >=20 > configure: error: Cannot find an up to date GPGME >=20 > This is a RH8.0 system, hopefully this clue helps. GPA 0.6.0 depends on the GPGME library, version 0.4.0, available at: ftp://ftp.gnupg.org/GnuPG/alpha/gpgme/gpgme-0.4.0.tar.gz You need to install that first. Hope this helps, --=20 Miguel Coca (mcoca@gnu.org) http://zipi.fi.upm.es/~e970095/ OpenPGP: E60A CBF4 5C6F 914E B6C1 C402 8C4D C7B6 27FC 3CA8 --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD4DBQE+FChxjE3Htif8PKgRAhm/AJ47NUY27Nc/tLeq5MuFKQ86kX76VQCWNSoj fKKQ7Oyc4JAsEEcBPl0MQA== =+tFi -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU-- From wk@gnupg.org Thu Jan 2 13:04:01 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Jan 2 13:04:01 2003 Subject: Can't create revocation certicate In-Reply-To: (Pedro =?iso-8859-1?q?Jos=E9's?= message of "Mon, 30 Dec 2002 20:49:01 +0100") References: Message-ID: <87n0mjhi9h.fsf@alberti.g10code.de> On Mon, 30 Dec 2002 20:49:01 +0100, Pedro José said: > I can create the revocation certificate if the password doesn't > contain this chars. Are you able to change the passwd using gpg --edit-key and the "passwd"? Are you using a frontend? Are you bale to sign documents? From volker.augustin@perfektionismus.de Thu Jan 2 13:29:01 2003 From: volker.augustin@perfektionismus.de (Volker Augustin) Date: Thu Jan 2 13:29:01 2003 Subject: How to verify a PGP8 signature with GPG? Message-ID: <200212300242.45973.volker.augustin@perfektionismus.de> Hello, I am GPG 1.0.7 currently. Should this version be able to verify PGP8=20 signatures? Got an e-mail signed with PGP8 today and I cannot verify it. Cheers, Volker --=20 Who is General Failure, and why is he reading my disk? From stabone@kw.igs.net Thu Jan 2 13:29:02 2003 From: stabone@kw.igs.net (Jeremy Trafford) Date: Thu Jan 2 13:29:02 2003 Subject: binary RPM integrity Message-ID: <3E0FB517.2050603@kw.igs.net> kept looking at the release notes but couldn't find the right checksum for my RPM version which I downloaded from a mirror site. If someone could tell me where I can find the output for the following RPM, that would be splended. Thanks. the rpm is: gnupg-1.2.0-2rh72.i386.rpm Please email me if you have the answer. Thanks stabone@kw.igs.net From private@asgard.cert.dfn.de Thu Jan 2 13:29:04 2003 From: private@asgard.cert.dfn.de (Olaf Gellert) Date: Thu Jan 2 13:29:04 2003 Subject: Listing the signatures of a certain UserID Message-ID: <20021231010722.GA2307@asgard.cert.dfn.de> Hi, I am using GPG as basis for a certification script. The signing I actually do with gpg --yes --edit keyID number_of_uid sign save What I would like to do is to list all the signatures for a certain userid (before signing it). I can use gpg --edit keyID number_of_uid check but this lists just the signatures, for which keys are present in the keyring (the keyring on the certification host will usually not contain more than the key to be signed and the key of the certification authority). Or I can do gpg --list-sigs keyID and then use a quite complex matching algorithm like this: - read until a line starting with "uid" or "pub" occurs - get all the following lines beginning with sig, stop on the first thing other than sig (is this correct? or do I have to stop at the first occurence of another "uid" entry?) This way I would have to remeber which signatures were following which UID (and I would run into troubles if some key had two or more uids with the same text (but with different signatures). Yes, I know, this is a little bit theoretic, but anyways, I would like to get a listing of all signature belonging to one uid (using the number that is displayed by --edit-key as a reference). Any ideas or solutions? Thanx a lot... Olaf -- Olaf Gellert _ - __o gellert@arasca.de _- _`\<,_ http://www.arasca.de/olaf/ - (_)/ (_) ---------------------------------------------------------------------- Most people would sooner die than think; in fact, they do so. -- Bertrand Russell ---------------------------------------------------------------------- From ashwinp@aftek.com Thu Jan 2 13:29:06 2003 From: ashwinp@aftek.com (Ashwin Patwekar) Date: Thu Jan 2 13:29:06 2003 Subject: GnuPG footprint questions Message-ID: <002301c2b199$353825e0$d300000a@ashwin> Hi , What would be the minumum foot print of gnupg ? I plan to use it on embedded gnu linux (arm) with only the decrypt functionality how small can it get? Is there a slim solution of gnupg available ? Thanks, Ashwin From thijmen@xs4all.nl Thu Jan 2 14:17:03 2003 From: thijmen@xs4all.nl (5468696A6D656E) Date: Thu Jan 2 14:17:03 2003 Subject: Receiving a key on standard output Message-ID: <20030102131825.GK22010@xs4all.nl> when i do a: gpg --keyserver wwwkeys.nl.pgp.net --recv-key 84321DED it will wirte it directly to my public keyring How can i make it so it writes the asci armoured key to standard out, so i will be able to check it before i --import it to my public keyring? Any help would be appriciated. Th. -- __Thijmen Klok________ From thijmen@xs4all.nl Thu Jan 2 14:55:01 2003 From: thijmen@xs4all.nl (5468696A6D656E) Date: Thu Jan 2 14:55:01 2003 Subject: Receiving a key on standard output In-Reply-To: <20030102131825.GK22010@xs4all.nl> References: <20030102131825.GK22010@xs4all.nl> Message-ID: <20030102135620.GA73974@xs4all.nl> On Thu, Jan 02, 2003 at 02:18:26PM +0100, 5468696A6D656E wrote: > when i do a: > gpg --keyserver wwwkeys.nl.pgp.net --recv-key 84321DED > it will wirte it directly to my public keyring > > How can i make it so it writes the asci armoured key to standard > out, so i will be able to check it before i --import it to > my public keyring? Any help would be appriciated. I felt i had to clarify this a bit. I am not looking for the option --search-key because that requires interaction. Here is what i do now, and i hope some of you could help me to make less steps to reach the same goal: 1) touch /tmp/tmpfile.gpg 2) gpg --keyserver wwwkeys.nl.pgp.net --homedir /tmp --keyring /tmp/tmpfile.gpg --batch --recv-key 84321DED gpg: /tmp/secring.gpg: keyring created gpg: /tmp/pubring.gpg: keyring created gpg: requesting key 84321DED from wwwkeys.nl.pgp.net ... gpg: key 84321DED: invalid subkey binding gpg: key 84321DED: public key imported gpg: /tmp/trustdb.gpg: trustdb created gpg: Total number processed: 1 gpg: imported: 1 3) rm -rf /tmp/secring.gpg /tmp/pubring.gpg /tmp/trustdb.gpg 4) gpg --homedir /tmp --keyring /tmp/bladir --list-sigs 84321DED > /tmp/84321DED 5) rm -rf /tmp/tmpfile.gpg if i dont do step 1, it will put the file in /tmp/pubring.gpg, gpg doesn't create the file by itself At 2) it creates the files secring.gpg. pubring.gpg and trustdb.gpg, even when specifying different files with --keyring and --secret-keyring. Shouldn't it default to NOT create those files when you specify files with different names? Basically, what i will do after this is a gpg --with-colons --batch /tmp/84321DED and ask the user after this output whether he/she wants to import it. -- __Thijmen Klok________ From tuyen.dinh@risc.fr Thu Jan 2 15:17:01 2003 From: tuyen.dinh@risc.fr (Tuyen DINH) Date: Thu Jan 2 15:17:01 2003 Subject: key signing Message-ID: <15892.18980.862752.50346@triton.risc.fr> Hello, When you want to sign a key you have just imported, in which cases will you choose one the following choices : (0) I will not answer. (default) ? (1) I have not checked at all. ? -- Tuyen From dshaw@jabberwocky.com Thu Jan 2 15:25:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 2 15:25:02 2003 Subject: key signing In-Reply-To: <15892.18980.862752.50346@triton.risc.fr> References: <15892.18980.862752.50346@triton.risc.fr> Message-ID: <20030102142557.GD21159@jabberwocky.com> On Thu, Jan 02, 2003 at 03:18:12PM +0100, Tuyen DINH wrote: > > Hello, > > When you want to sign a key you have just imported, in which cases will > you choose one the following choices : > > (0) I will not answer. (default) ? > (1) I have not checked at all. ? If you type a question mark (?) when GnuPG asks this question, you will get a long explanation. That text is: -------------------------- When you sign a user ID on a key, you should first verify that the key belongs to the person named in the user ID. It is useful for others to know how carefully you verified this. "0" means you make no particular claim as to how carefully you verified the key. "1" means you believe the key is owned by the person who claims to own it but you could not, or did not verify the key at all. This is useful for a "persona" verification, where you sign the key of a pseudonymous user. "2" means you did casual verification of the key. For example, this could mean that you verified the key fingerprint and checked the user ID on the key against a photo ID. "3" means you did extensive verification of the key. For example, this could mean that you verified the key fingerprint with the owner of the key in person, and that you checked, by means of a hard to forge document with a photo ID (such as a passport) that the name of the key owner matches the name in the user ID on the key, and finally that you verified (by exchange of email) that the email address on the key belongs to the key owner. Note that the examples given above for levels 2 and 3 are *only* examples. In the end, it is up to you to decide just what "casual" and "extensive" mean to you when you sign other keys. If you don't know what the right answer is, answer "0". ------------------------------------- David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From greg@turnstep.com Thu Jan 2 15:30:01 2003 From: greg@turnstep.com (greg@turnstep.com) Date: Thu Jan 2 15:30:01 2003 Subject: Receiving a key on standard output In-Reply-To: <20030102135620.GA73974@xs4all.nl> Message-ID: <240e081173c10464ca73d32bdc2b719d@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > At 2) it creates the files secring.gpg. pubring.gpg and > trustdb.gpg, even when specifying different files .. What is wrong with this approach? Seems to me that this should work fine: 1) gpg --homedir /tmp --keyserver pgp.mit.edu --recv-key 84321DED 2) gpg --homedir /tmp --with-colons --list-keys 84321DED 3) Present the output to the user. If acceptable, import to the "real" directory: 4) gpg --keyserver pgp.mit.edu --recv-key 84321DED The file in /tmp will end up having multiple keys, but this should not be a problem. If it is, use the --delete-key command after doing the above. Also check out the --dry-run option, which generates all the normal output, but makes no physical changes. You cannot get the ascii armored key, but you can check the output for the key ID, name, email, and comment like this: gpg -v --keyserver pgp.mit.edu --dry-run --recv-key 84321DED This avoids worrying about which files to use. Just read the output and present it to the user. Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 20021007 EICS: -D 9079f3957ed45bae12d990be5f4edf17 -----BEGIN PGP SIGNATURE----- Comment: http://www.turnstep.com/pgp.html iD8DBQE+FEzlvJuQZxSWSsgRAu9yAKDBxBUxUqVIGeTTNOzeQ4YKK0AC1gCfdpun lGs8J6kxb7iEIy3whymaGGo= =KhDI -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Thu Jan 2 15:42:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 2 15:42:02 2003 Subject: GnuPG footprint questions In-Reply-To: <002301c2b199$353825e0$d300000a@ashwin> References: <002301c2b199$353825e0$d300000a@ashwin> Message-ID: <20030102144315.GE21159@jabberwocky.com> On Wed, Jan 01, 2003 at 06:55:07PM +0530, Ashwin Patwekar wrote: > Hi , > > What would be the minumum foot print of gnupg ? > I plan to use it on embedded gnu linux (arm) with only the decrypt > functionality how small can it get? > Is there a slim solution of gnupg available ? The easiest thing to do is to build it with: ./configure --disable-exec --disable-nls --disable-dynload It's not difficult to go even smaller by stripping out various ciphers or the help text strings, but there is currently no way to do that with a simple ./configure option. You'd have to edit the source. As for removing the encrypt functionality, that's an edit-the-source as well. I wonder how much space you'd save doing that, since the encrypt and decrypt functions share a lot of the same underlying code. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From CaedeonHeron@netscape.net Thu Jan 2 16:42:01 2003 From: CaedeonHeron@netscape.net (CaedeonHeron@netscape.net) Date: Thu Jan 2 16:42:01 2003 Subject: Does GEAM still lives? Message-ID: <4BBA1ABA.4F7FE71C.0A24242F@netscape.net> Hello, is GEAM still developed? Which is the current version and where can I get these. Is there an extra mailing list to GEAM? Greeting Caedeon __________________________________________________________________ Nur bei Netscape: Ihr KOSTENLOSER Netscape WebMail-Account und der Instant Messenger unter http://www.netscape.de From jharris@widomaker.com Thu Jan 2 19:30:01 2003 From: jharris@widomaker.com (Jason Harris) Date: Thu Jan 2 19:30:01 2003 Subject: Receiving a key on standard output In-Reply-To: <240e081173c10464ca73d32bdc2b719d@biglumber.com> References: <20030102135620.GA73974@xs4all.nl> <240e081173c10464ca73d32bdc2b719d@biglumber.com> Message-ID: <20030102183044.GB750@pm1.ric-08.lft.widomaker.com> --TRYliJ5NKNqkz5bu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 02, 2003 at 02:19:57PM -0000, greg@turnstep.com wrote: NB: The PGP signature on your message is bad. [fetching a key to a file] Run gpgkeys_* directly (it has been covered on one of these lists before). See ./code/lget[.asc] on my website for an example. > What is wrong with this approach? Seems to me that this=20 > should work fine: >=20 > 1) gpg --homedir /tmp --keyserver pgp.mit.edu --recv-key 84321DED > 4) gpg --keyserver pgp.mit.edu --recv-key 84321DED It abuses the keyservers with 2x the traffic. :( > PGP Key: 0x14964AC8 20021007 (I thought ^^^^^^^^ was supposed to be a timestamp, ala 200212162130.) > EICS: -D 9079f3957ed45bae12d990be5f4edf17 (What's this new (MD5?) tag?) --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --TRYliJ5NKNqkz5bu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+FIVRSypIl9OdoOMRAtPLAJ9fx8WpXK7VGDOkOs/K2leOrswz1ACgnIFT CEQG+I4t3RUzoFJV0I/LdDg= =Qp/m -----END PGP SIGNATURE----- --TRYliJ5NKNqkz5bu-- From pedrojgm@hotmail.com Thu Jan 2 20:16:02 2003 From: pedrojgm@hotmail.com (=?iso-8859-1?B?UGVkcm8gSm9z6Q==?=) Date: Thu Jan 2 20:16:02 2003 Subject: Can't create revocation certicate Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, >From: Werner Koch > >On Mon, 30 Dec 2002 20:49:01 +0100, Pedro José said: > > > I can create the revocation certificate if the password doesn't > > contain this chars. > >Are you able to change the passwd using > > gpg --edit-key > >and the "passwd"? Are you using a frontend? Are you bale to sign >documents? I can encrypt, decrypt, sign, change the password... the only thing i can't do is create a revocation certificate. Using command line of gpg 1.2.1 (without frontend) it work's fine, except to create the revocation certificate. If the password contains chars like "áéíóú" gpg says "invalid password" when creating then revoc. cert. Using gpg 1.2.1 from command line i can change the password to one without that special chars and then create the revoc. cert. I'm using the windows version of gpg. Pedro. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.93 iD8DBQE+FI8f7QaeX7bV40oRAk3KAJ0cXT5czSBTdqjuhTVxb0P/ICL1JQCgzF8o OwJLZrdWiU/eKIDQU3f7CEM= =abed -----END PGP SIGNATURE----- _________________________________________________________________ MSN Fotos: la forma más fácil de compartir e imprimir fotos. http://photos.msn.es/support/worldwide.aspx From pt@radvis.nu Thu Jan 2 20:41:02 2003 From: pt@radvis.nu (Per Tunedal) Date: Thu Jan 2 20:41:02 2003 Subject: GnuPG footprint questions Fwd: [WINPT USERS] Announcement: WinPT 2Go Message-ID: <5.1.0.14.2.20030101063903.00c04b70@localhost> Hi, Ashwin Patwekar asked about a small GPG the question seems related to a discussion in the WinPT users mailinglist. Please read this forwarded message. Per Tunedal > > >Hello, All. > >in order to make easier for users to carry a portable cryptosystem I >decided to build a package named WinPT 2Go. > >WinPT 2Go is a small set of files with basic features. It includes WinPT >and GPG. The GPG version is a Nullify one, but compiled with no >optimizations and thus, smaller. For more information please refer to >Keith's message to PGP-Basics mailing list. > >All files were compressed with UPX (ultimate Packager for eXecutable), >including PDT.dll (--force). > >This package is in alpha stage, and may not work the way you think. This >pre-release is mostly to collect information from the brave testers for >major tweaks and settings. > >If you dare, download it, install to a floppy, camera, usb device or >even to a hard disk. Then use it and say what you think. The final >product will be result of all comments I receive. if it interests you, >have a look. > >Download from >http://areaii.ufpe.br/~tango/files/winpt-0.7.93-2go-alpha.exe (+.sig) or >http://www.nasheer.hpg.ig.com.br/winpt/files/winpt-0.7.93-2go-alpha.exe >(+.sig) > >Other relevant URL's: >http://www.winpt.org - Windown Privacy Tray >http://www.gnupg.org - GNU Privacy Guard >http://www.nullify.org/ - Nullify GnuPG >http://upx.sourceforge.net/ - Ultimate Packager for eXecutables >http://www.jrsoftware.org/isinfo.php - Inno Setup > >Thank you gentlemen. >Do not run while holding sharp objects. >(Members of WinPT-Users are used to these messages) > >[]'s >Gustavo > > >- -- >Gustavo Vasconcelos >OpenPGP Key ID: 0xFF006747 > From pedrojgm@hotmail.com Thu Jan 2 21:23:01 2003 From: pedrojgm@hotmail.com (=?iso-8859-1?B?UGVkcm8gSm9z6Q==?=) Date: Thu Jan 2 21:23:01 2003 Subject: Recieving email when sending to the list Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've sended an email to the list and the email have been recieved, but then i recieve an email with the text i sended and a warning considering me a spammer. Anybody knows something?. Here is the email: - From : "Andreas Løwe" For : pedrojgm@hotmail.com Subject: Please stop sending me emails Date : 2 Jan 2003 19:39:03 -0000 Received: from nerull.no-ip.com ([217.13.23.194]) by mc4-f33.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 2 Jan 2003 11:38:15 -0800 Received: (qmail 31270 invoked by uid 1003); 2 Jan 2003 19:39:03 -0000 Message-ID: <20030102193903.31269.qmail@nerull.no-ip.com> X-AskVersion: 2.2 (http://www.paganini.net/ask) X-ASK-Auth: 1041536343-89c69bc19c0eeac81ce61abdd61fa141 Precedence: bulk Return-Path: lweand@nerull.no-ip.com X-OriginalArrivalTime: 02 Jan 2003 19:38:16.0776 (UTC) FILETIME=[7F24EC80:01C2B296] **** THIS IS AN AUTOMATIC REPLY **** Your e-mail message to me (see below) was not delivered. I am no longer accepting mail from your address. This extreme measure was most likely taken in response to unsolicited or unwanted e-mail from you. If you were attempting to market a commercial product or service to me, then please note that I am absolutely not interested in it. I take a dim view of any form of UCE, and on principle refuse to patronize any business that resorts to this tactic. The following domains are blacklisted: 1. Hotmail 2. Yahoo The following firms/persons are blacklisted due to either SPAMMING, ABUSE of NITH's mailing lists or for having put every student at NITH Oslo in the "to" field of their email (a technique better known as SPAMMING). 1. ORACLE 2. Fredrik Hjermstad (SPAMMER) 3. lunkje@nith.no 4. Kristoffer Engh 5. Jostein Vågen 6. Jørn Maudal 7. Andreas Sunde 8. Per-Christian Aubert 9. Espen Haviken 10. Shahzeb Raza Choudhary 11. Morten Andersen-Gott 12. Mailen Tollånes 13. Fredrik Hjermstad 14. Hanne Jømne 15. ronny@robekk.no 16. Iram Riaz 17. Nils Christian Wasmuth 18. Bjørn Larsen 19. Dag Robøle 20. Einar Karlsen (SPAMMER) **** DETTE ER ET AUTOMATISK SVAR **** Din epost til meg (vedlagt under) var ikke levert. Jeg godtar ikke lenger epost fra din adresse. Dette ekstreme tiltaket var mest trolig tatt som respons til spam eller uønsket epost fra deg eller din adresse. Viss du prøvde å selge meg et produkt eller tjeneste så legg da merke til at jeg er absolutt ikke interessert. Jeg tar prinsippiel avstand i fra alle bedrifter og personer som bruker UCE/SPAM (Unsolicited Commercial Email). Følgende domener er svartelistet: 1. Hotmail 2. Yahoo Følgende personer/bedrifter er svartelistet pga missbruk av mailing lista til NITH OSLO. Eller for å ha satt samtlige studenter ved NITH Oslo i "to"/"til" feltet (en teknikk bedre kjent som SPAMMING). 1. ORACLE 2. Fredrik Hjermstad (SPAMMER) 3. lunkje@nith.no 4. Kristoffer Engh 5. Jostein Vågen 6. Jørn Maudal 7. Andreas Sunde 8. Per-Christian Aubert 9. Espen Haviken 10. Shahzeb Raza Choudhary 11. Morten Andersen-Gott 12. Mailen Tollånes 13. Fredrik Hjermstad 14. Hanne Jømne 15. ronny@robekk.no 16. Iram Riaz 17. Nils Christian Wasmuth 18. Bjørn Larsen 19. Dag Robøle 20. Einar Karlsen (SPAMMER) This email account is protected by: Active Spam Killer (ASK) V2.2 - (C) 2001-2002 by Marco Paganini For more information visit http://www.paganini.net/ask - --- Original Message Follows --- From: =?iso-8859-1?B?UGVkcm8gSm9z6Q==?= To: gnupg-users@gnupg.org Subject: Re: Can't create revocation certicate Date: Thu, 02 Jan 2003 20:16:55 +0100 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, >From: Werner Koch > >On Mon, 30 Dec 2002 20:49:01 +0100, Pedro Jos=E9 said: > > > I can create the revocation certificate if the password doesn't > > contain this chars. > >Are you able to change the passwd using > > gpg --edit-key > >and the "passwd"? Are you using a frontend? Are you bale to sign >documents? I can encrypt, decrypt, sign, change the password... the only thing i can't do is create a revocation certificate. Using command line of gpg 1.2.1 (without frontend) it work's fine, except to create the revocation certificate. If the password contains chars like "=E1=E9=ED=F3=FA" gpg says "invalid password" when creating then revoc. cert. Using gpg 1.2.1 from command line i can change the password to one without that special chars and then create the revoc. cert. I'm using the windows version of gpg. Pedro. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.93 iD8DBQE+FI8f7QaeX7bV40oRAk3KAJ0cXT5czSBTdqjuhTVxb0P/ICL1JQCgzF8o OwJLZrdWiU/eKIDQU3f7CEM=3D =3Dabed - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.93 iD8DBQE+FJ6A7QaeX7bV40oRAuXEAKDjTRpxZrCRyyAsbSEh6eMtPTiSUACaAytK kktIu1ErWtgAcV3smBDqBW0= =gRTr -----END PGP SIGNATURE----- _________________________________________________________________ MSN. Más Útil Cada Día http://www.msn.es/intmap/ From dlc@users.sourceforge.net Thu Jan 2 22:00:02 2003 From: dlc@users.sourceforge.net (darren chamberlain) Date: Thu Jan 2 22:00:02 2003 Subject: Recieving email when sending to the list In-Reply-To: References: Message-ID: <20030102-117b4e61de25bf143959336378af3cd5@mail.boston.com> * Pedro Jos [2003-01-02 15:24]: > I've sended an email to the list and the email have > been recieved, but then i recieve an email with the text > i sended and a warning considering me a spammer. Anybody > knows something?. The answer is right in the reply message: > The following domains are blacklisted: > 1. Hotmail Your return address is @hotmail.com. This fellow is being a little overly aggressive on his blacklisting, I think. (darren) -- When correctly viewed, everything is lewd. -- Tom Lehrer From dshaw@jabberwocky.com Fri Jan 3 01:54:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 3 01:54:02 2003 Subject: Receiving a key on standard output In-Reply-To: <20030102183044.GB750@pm1.ric-08.lft.widomaker.com> References: <20030102135620.GA73974@xs4all.nl> <240e081173c10464ca73d32bdc2b719d@biglumber.com> <20030102183044.GB750@pm1.ric-08.lft.widomaker.com> Message-ID: <20030103005458.GE3303@jabberwocky.com> On Thu, Jan 02, 2003 at 01:30:44PM -0500, Jason Harris wrote: > On Thu, Jan 02, 2003 at 02:19:57PM -0000, greg@turnstep.com wrote: > > NB: The PGP signature on your message is bad. > > [fetching a key to a file] > Run gpgkeys_* directly (it has been covered on one of these lists > before). See ./code/lget[.asc] on my website for an example. The only difficulty with this is that versions of GnuPG less than 1.3 don't have a gpgkeys_hkp - only gpgkeys_ldap and gpgkeys_mailto. Without gpgkeys_hkp, I think the easiest way to fetch a key from a keyserver into a file is with wget or similar programs: wget -O thefile.asc 'http://keyserver.kjsl.com:11371/pks/lookup?op=get&search=0x99242560' 'thefile.asc' now has the key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Fri Jan 3 08:25:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 3 08:25:02 2003 Subject: Listing the signatures of a certain UserID In-Reply-To: <20021231010722.GA2307@asgard.cert.dfn.de> References: <20021231010722.GA2307@asgard.cert.dfn.de> Message-ID: <20030103072605.GA8582@jabberwocky.com> On Mon, Dec 30, 2002 at 05:07:22PM -0800, Olaf Gellert wrote: > I am using GPG as basis for a certification script. The > signing I actually do with > > gpg --yes --edit keyID number_of_uid sign save > > What I would like to do is to list all the signatures for > a certain userid (before signing it). I can use > > gpg --edit keyID number_of_uid check > > but this lists just the signatures, for which keys are > present in the keyring (the keyring on the certification > host will usually not contain more than the key to be > signed and the key of the certification authority). I guess I'm not exactly sure what you need this information for - if the keys that are needed to check those signatures are not present, then the signatures are potentially (very) misleading - i.e. they can be forged, invalid, etc, and you'd never know. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From tuyen.dinh@risc.fr Fri Jan 3 08:48:02 2003 From: tuyen.dinh@risc.fr (Tuyen DINH) Date: Fri Jan 3 08:48:02 2003 Subject: key signing In-Reply-To: dshaw@jabberwocky.com (David Shaw) References: <15892.18980.862752.50346@triton.risc.fr> <20030102142557.GD21159@jabberwocky.com> Message-ID: <15893.16532.984381.191248@triton.risc.fr> dshaw@jabberwocky.com (David Shaw) wrote: > On Thu, Jan 02, 2003 at 03:18:12PM +0100, Tuyen DINH wrote: > > > > Hello, > > > > When you want to sign a key you have just imported, in which cases will > > you choose one the following choices : > > > > (0) I will not answer. (default) ? > > (1) I have not checked at all. ? > > If you type a question mark (?) when GnuPG asks this question, you > will get a long explanation. That text is: > > -------------------------- > > When you sign a user ID on a key, you should first verify that the key > belongs to the person named in the user ID. It is useful for others > to know how carefully you verified this. I wondered : if I have no idea about the key's authenticity, is it worth it to sign it ? (except sign it locally) > "0" means you make no particular claim as to how carefully you > verified the key. > > "1" means you believe the key is owned by the person who claims to own > it but you could not, or did not verify the key at all. This is > useful for a "persona" verification, where you sign the key of a > pseudonymous user. What is the interest for others to know that I couldn't check its authenticity ? Or maybe this is just an information for myself ? -- Tuyen From avbidder@fortytwo.ch Fri Jan 3 12:48:01 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Fri Jan 3 12:48:01 2003 Subject: key signing In-Reply-To: <15892.18980.862752.50346@triton.risc.fr> References: <15892.18980.862752.50346@triton.risc.fr> Message-ID: <1041594551.1592.23.camel@altfrangg.fortytwo.ch> --=-PsS4xtwhivnVkSb8Pejg Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2003-01-02 at 15:18, Tuyen DINH wrote: > Hello, >=20 > When you want to sign a key you have just imported, in which cases will > you choose one the following choices : > =20 > (0) I will not answer. (default) ? My personal feeling is that this is mostly obsolete - all signatures *should* fit into the 1-3 schema. But then, there may be special applications where these do not fit and perhaps a 0 with a policy URL (or notation) explaining the special circumstances makes more sense > (1) I have not checked at all. ? - as David said: when you don't care who is behind this key, but you want to make a statement about 'the person behind that key (whoever this is)' - (can be seen as application of the above): recently, a robotCA was created: it signs keys and verifies email addresses only (of course, being fully automatic, it can't do more). cheers -- vbi --=20 get my gpg key here: http://fortytwo.ch/gpg/92082481 --=-PsS4xtwhivnVkSb8Pejg Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4VeLcsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99b5/ACg7/yrfo0kJ+vKTV4S4owVS3RiiDoA nAnA40zFElYkBfqT3/VVII6tgPdO =WWAI -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-PsS4xtwhivnVkSb8Pejg-- From linux@thorstenhau.de Fri Jan 3 13:27:02 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Fri Jan 3 13:27:02 2003 Subject: Cannot connect to Keyservers Message-ID: <20030103123058.GA2735@eumel.yoo.local> --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I have trouble connecting to several keyservers with GnuPG 1.0.5: - - - Schnipp - - - yooden@eumel> gpg --send-key 4065A1DA gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=3D400) - - - Schnapp - - - I get this error (or an occasional timeout) on all servers I tried, except for keyring.debian.org, where I get status 406. (Which may be caused by the fact that I have no @debian.org address.) I was able to automatically download keys even after this error showed the first time. I searched Google and GnuPG's FAQ, but didn't find a solution, in fact not even a description of the error status values. I assume these are HTTP status values, which would make this a Bad Request. I sure didn't malform the syntax, so what's happening here? I don't use proxies and have no trouble with other protocols, not even pinging the keyservers. Where should I look to find the cause of this error? What options can be important? tia, Thorsten --=20 Guns don't protect freedom, people protect freedom. --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+FYKBW/x2JEBlodoRAn+8AJ9CprtQsusB7n7nvbBDrS641RQIIgCcCC80 iKC5D+B7WcI7vJRtaBiheeE= =+hoa -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- From avbidder@fortytwo.ch Fri Jan 3 13:59:01 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Fri Jan 3 13:59:01 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103123058.GA2735@eumel.yoo.local> References: <20030103123058.GA2735@eumel.yoo.local> Message-ID: <1041598803.1555.48.camel@altfrangg.fortytwo.ch> --=-8znrOImwby95FV07T/21 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2003-01-03 at 13:30, Thorsten Haude wrote: > Hi, >=20 > I have trouble connecting to several keyservers with GnuPG 1.0.5: I would strongly advice to upgrade, at least to 1.0.7, better to 1.2.1 (avoid 1.2.0 - there were bugs related to revocation signatures). Can't help with your problem, though, sorry. Does 1.0.5 include ldap support? You could try the LDAP keyserver (search the web, sorry, dunno the URL). Doesn't solve your problem, though, since the LDAP keyserver doesn't synchronize with anything. cheers -- vbi --=20 get my gpg key here: http://fortytwo.ch/gpg/92082481 --=-8znrOImwby95FV07T/21 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4ViVMsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99bS6gCfVHBwfToZb46+lnUyxZ59eZTH1cQA nR+HvpGc+8zfQ6eZgKDhDeH2zfGQ =TPCW -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-8znrOImwby95FV07T/21-- From wk@gnupg.org Fri Jan 3 14:20:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Jan 3 14:20:02 2003 Subject: Does GEAM still lives? In-Reply-To: <4BBA1ABA.4F7FE71C.0A24242F@netscape.net> (CaedeonHeron@netscape.net's message of "Thu, 02 Jan 2003 10:42:48 -0500") References: <4BBA1ABA.4F7FE71C.0A24242F@netscape.net> Message-ID: <87y962e5fu.fsf@alberti.g10code.de> On Thu, 02 Jan 2003 10:42:48 -0500, CaedeonHeron said: > is GEAM still developed? Which is the current version and where can I get these. Is there an extra mailing list to GEAM? If there is a severe problem with GEAM, I will of course fix this. There is no other development I know of unless someone wants a new feature and asks my company for this. No there is no specific mailing list. Feel free to use this one. Shalom-Salam, Werner -- Werner Koch g10 Code GmbH http://www.g10code.com Geschäftsführer -=- Your Privacy Solution Provider -=- From gnupg-users@gnupg.org Fri Jan 3 14:24:02 2003 From: gnupg-users@gnupg.org (Zomer Pi (ZPP)) Date: Fri Jan 3 14:24:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103123058.GA2735@eumel.yoo.local> References: <20030103123058.GA2735@eumel.yoo.local> Message-ID: <49691045843.20030103132459@myrealbox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Thorsten, Friday, January 3, 2003, at 12:30:58, you wrote: > Hi, > I have trouble connecting to several keyservers with GnuPG 1.0.5: > - - - Schnipp - - - yooden@eumel>> gpg --send-key 4065A1DA > gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=400) > - - - Schnapp - - - I thing you need to use gpg --send-key 0x4065A1DA > I get this error (or an occasional timeout) on all servers I tried, > except for keyring.debian.org, where I get status 406. (Which may be > caused by the fact that I have no @debian.org address.) > I was able to automatically download keys even after this error showed > the first time. > I searched Google and GnuPG's FAQ, but didn't find a solution, in fact > not even a description of the error status values. I assume these are > HTTP status values, which would make this a Bad Request. I sure didn't > malform the syntax, so what's happening here? > I don't use proxies and have no trouble with other protocols, not even > pinging the keyservers. > Where should I look to find the cause of this error? What options can > be important? > tia, > Thorsten - -- Best regards, Zomer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE+FY8wdFf9GasbAsgRAn8/AJ94zFK8pWcYWBRVFm+LQysq7VSe8ACeO1Kp df68vxaB29nS/f/P+qE/okw= =zBKZ -----END PGP SIGNATURE----- From wk@gnupg.org Fri Jan 3 14:30:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Jan 3 14:30:02 2003 Subject: Can't create revocation certicate In-Reply-To: (Pedro =?iso-8859-1?q?Jos=E9's?= message of "Thu, 02 Jan 2003 20:16:55 +0100") References: Message-ID: <87vg16e502.fsf@alberti.g10code.de> On Thu, 02 Jan 2003 20:16:55 +0100, Pedro José said: > I can encrypt, decrypt, sign, change the password... > the only thing i can't do is create a revocation Weird. There must be some bad interaction with some printed strings. Unfortunately, there is no debugging option which caqn help us here. The only thing to do is to fire up a debugger or insert debugging code. What Windows version are you running? I can only test on ME. From Gyre Fri Jan 3 15:06:02 2003 From: Gyre (Gyre) Date: Fri Jan 3 15:06:02 2003 Subject: lc2 Message-ID: <13014561237.20030103160329@bigline.kharkov.ua> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello, Has anyone used the new gnupg-1.2.1-lc2 yet? ftp://ftp.altlinux.ru/pub/partners/LANCrypto I'm wondering if anyone noticed this version from ALT Team and what do you think about it? The LANS key generated in that GPG version actually fails to be imported in any other known version of GPG or PGP, making this pitiful incompatibility rather inconvenient for users. So, I'm interested in getting some opinions about this version. - -- My best, Gyre KeyID: 0x241A44DE -----BEGIN PGP SIGNATURE----- Version: GPG/PGP-compatible application iQA/AwUBPhV8Ej5gSVIkGkTeEQPsFwCg1QqNB7AXsFLYcu/gQC40APW+rF8AoJ5q qkV86POoIhM5N8ZVHscH4Lsg =JVho -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Fri Jan 3 15:27:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 3 15:27:02 2003 Subject: lc2 In-Reply-To: <13014561237.20030103160329@bigline.kharkov.ua> References: <13014561237.20030103160329@bigline.kharkov.ua> Message-ID: <20030103142821.GC8582@jabberwocky.com> On Fri, Jan 03, 2003 at 04:03:29PM +0200, Gyre wrote: > Has anyone used the new gnupg-1.2.1-lc2 yet? > ftp://ftp.altlinux.ru/pub/partners/LANCrypto > I'm wondering if anyone noticed this version > from ALT Team and what do you think about it? > The LANS key generated in that GPG version > actually fails to be imported in any other > known version of GPG or PGP, making this > pitiful incompatibility rather inconvenient > for users. So, I'm interested in getting some > opinions about this version. The LANCrypto version is a patch that adds a few algorithms - a public key signing algorithm (LANS), a hash (GAS48), and ciphers WICKER, NUSH128, NUSH192, and NUSH256. OpenPGP in general supports this sort of thing by defining a range of algorithm numbers that are reserved for experimental use like this, and LANCrypto quite properly put their new algorithms in the experimental range. However, the bottom line is that are LANCrypto algorithms, and are not part of the OpenPGP standard so they will not be usable in PGP or (regular) GnuPG. PGP and GnuPG are doing the correct thing by refusing to import LANS keys. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From linux@thorstenhau.de Fri Jan 3 16:10:01 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Fri Jan 3 16:10:01 2003 Subject: Cannot connect to Keyservers In-Reply-To: <1041598803.1555.48.camel@altfrangg.fortytwo.ch> References: <20030103123058.GA2735@eumel.yoo.local> <1041598803.1555.48.camel@altfrangg.fortytwo.ch> Message-ID: <20030103151424.GB2705@eumel.yoo.local> --qlTNgmc+xy1dBmNv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, * Adrian 'Dagurashibanipal' von Bidder [2003-01-03 1= 4:00]: >On Fri, 2003-01-03 at 13:30, Thorsten Haude wrote: >> I have trouble connecting to several keyservers with GnuPG 1.0.5: > >I would strongly advice to upgrade, at least to 1.0.7, better to 1.2.1 >(avoid 1.2.0 - there were bugs related to revocation signatures). I will soon, thanks for the advice. Thorsten --=20 You're not supposed to be so blind with patriotism that you can't face reality. Wrong is wrong, no matter who does it or who says it. - Malcolm X --qlTNgmc+xy1dBmNv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+FajPW/x2JEBlodoRAjsnAJsHs2djuzKGzTO8dHPvE6tEVne0HACgov6q zVstB7UV9DaLCfclXDJQQQs= =dlT/ -----END PGP SIGNATURE----- --qlTNgmc+xy1dBmNv-- From linux@thorstenhau.de Fri Jan 3 16:16:02 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Fri Jan 3 16:16:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: <49691045843.20030103132459@myrealbox.com> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> Message-ID: <20030103151523.GC2705@eumel.yoo.local> --Clx92ZfkiYIKRjnr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, * Zomer Pi (ZPP) [2003-01-03 14:24]: >> I have trouble connecting to several keyservers with GnuPG 1.0.5: >> - - - Schnipp - - - >yooden@eumel>> gpg --send-key 4065A1DA >> gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=3D400) >> - - - Schnapp - - - > >I thing you need to use >gpg --send-key 0x4065A1DA I get the same error message. Thorsten --=20 Omnis enim res, quae quando non deficit, dum habetur et non datur, nondum habetur, quomodo habenda est. - Aurelius Augustinus --Clx92ZfkiYIKRjnr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+FakKW/x2JEBlodoRAoOzAKChC9nkF8xM59piblqDmR2xjtpfygCfTwqM Y8B392q/MN3GD8HmYeWtmCU= =1ls+ -----END PGP SIGNATURE----- --Clx92ZfkiYIKRjnr-- From dshaw@jabberwocky.com Fri Jan 3 16:23:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 3 16:23:02 2003 Subject: key signing In-Reply-To: <15893.16532.984381.191248@triton.risc.fr> References: <15892.18980.862752.50346@triton.risc.fr> <20030102142557.GD21159@jabberwocky.com> <15893.16532.984381.191248@triton.risc.fr> Message-ID: <20030103152354.GE8582@jabberwocky.com> On Fri, Jan 03, 2003 at 08:49:40AM +0100, Tuyen DINH wrote: > dshaw@jabberwocky.com (David Shaw) wrote: > > On Thu, Jan 02, 2003 at 03:18:12PM +0100, Tuyen DINH wrote: > > > > > > Hello, > > > > > > When you want to sign a key you have just imported, in which cases will > > > you choose one the following choices : > > > > > > (0) I will not answer. (default) ? > > > (1) I have not checked at all. ? > > > > If you type a question mark (?) when GnuPG asks this question, you > > will get a long explanation. That text is: > > > > -------------------------- > > > > When you sign a user ID on a key, you should first verify that the key > > belongs to the person named in the user ID. It is useful for others > > to know how carefully you verified this. > > I wondered : if I have no idea about the key's authenticity, is it worth > it to sign it ? (except sign it locally) In general, you should never (publically) sign keys you have no idea about. This is what local signatures are for. > > "0" means you make no particular claim as to how carefully you > > verified the key. > > > > "1" means you believe the key is owned by the person who claims to own > > it but you could not, or did not verify the key at all. This is > > useful for a "persona" verification, where you sign the key of a > > pseudonymous user. > > What is the interest for others to know that I couldn't check its > authenticity ? The theory is that they can then not trust that signature if they don't approve of this type of signature. However, both GnuPG and PGP treat all signatures (including these persona signatures) alike, so persona signatures are not that useful right now except in special circumstances. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From CaedeonHeron@netscape.net Fri Jan 3 16:57:02 2003 From: CaedeonHeron@netscape.net (Caedon Heron) Date: Fri Jan 3 16:57:02 2003 Subject: GEAM doese not decrypt Mails Message-ID: <3C358CFE.5ADF1947.0A24242F@netscape.net> hi, does somebody have a good knowledge of GEAM? I installed GEAM and the encryption works so far. Unfortunately I did not manage GEAM to decrypt mails. In the logs I see in addition no entry. It looks in such a way, as if GEAM does not examine at all whether a Mail must be decrypted. In my installation GEAM accepts the mails on port 25 and passes it on at sendmail on port 8025 (inside and outside). Can someone send me an example configuration? The examples which comes with GEAM do not further help me - sorry Werner! How can a suitable test scenario look? At present a user bob@my.net sends an unencrypted Mail to alice@my.net, which is encrypted through GEAM/GPG. If Bob sends however a encrypted Mail, this is not decrypted - what I would actually expect. GEAM does not seems to examine whether a Mail is encrypted. Can it be, that GEAM examines only a Mail witch comes from the outside (thus not of my.net) and only if this is the case GEAM examines whether the Mail must be decrypted? Greeting Caedeon Btw: Yes, I read the instruction of Werner. However, perhaps I did not understand it correctly but I believe many ones have this problem. __________________________________________________________________ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ From gnupg-users@gnupg.org Fri Jan 3 18:57:01 2003 From: gnupg-users@gnupg.org (Zomer Pi (ZPP)) Date: Fri Jan 3 18:57:01 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103151523.GC2705@eumel.yoo.local> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> <20030103151523.GC2705@eumel.yoo.local> Message-ID: <173707406484.20030103175739@myrealbox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Thorsten, Friday, January 3, 2003, at 15:15:23, you wrote: > Hi, > * Zomer Pi (ZPP) [2003-01-03 14:24]: >>> I have trouble connecting to several keyservers with GnuPG 1.0.5: >>> - - - Schnipp - - - >>yooden@eumel>> gpg --send-key 4065A1DA >>> gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=400) >>> - - - Schnapp - - - >> >>I thing you need to use >>gpg --send-key 0x4065A1DA > I get the same error message. > Thorsten works for me C:\GnuPG>gpg --verbose --send-keys AB1B02C8 Public Key Server -- Add

??

Public Key Server -- Add

??

??K
ey block in add request contained no new?keys, userid's, or signatures.?
??gpg: succe ss sending to `wwwkeys.eu.pgp.net' (status=200) C:\GnuPG>gpg --verbose --send-keys 0xAB1B02C8 Public Key Server -- Add

??

Public Key Server -- Add

??

??K
ey block in add request contained no new?keys, userid's, or signatures.?
??gpg: succe ss sending to `wwwkeys.eu.pgp.net' (status=200) with these options in gpg.conf keyserver x-hkp://wwwkeys.eu.pgp.net keyserver-options auto-key-retrieve honor-http-proxy include-subkeys verbose - -- Best regards, Zomer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE+Fc8jdFf9GasbAsgRArMNAKDElzjgVTZbcgeWMfC4Bb+Rq8SgBACgmlEh hvmuqvfDT+7D13EQU3iUjPg= =6iPu -----END PGP SIGNATURE----- From jharris@widomaker.com Fri Jan 3 19:25:02 2003 From: jharris@widomaker.com (Jason Harris) Date: Fri Jan 3 19:25:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: <173707406484.20030103175739@myrealbox.com> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> <20030103151523.GC2705@eumel.yoo.local> <173707406484.20030103175739@myrealbox.com> Message-ID: <20030103182636.GA1108@pm1.ric-13.lft.widomaker.com> --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 03, 2003 at 05:57:39PM +0000, Zomer Pi (ZPP) wrote: [wwwkeys.eu.pgp.net fails] > >>yooden@eumel>> gpg --send-key 4065A1DA > >>> gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=3D400) [wwwkeys.eu.pgp.net works] > C:\GnuPG>gpg --verbose --send-keys AB1B02C8 [snip] > with these options in gpg.conf >=20 > keyserver x-hkp://wwwkeys.eu.pgp.net > keyserver-options auto-key-retrieve honor-http-proxy include-subkeys verb= ose wwwkeys.eu.pgp.net is a DNS RR. See ./keyserver.html on my website for more information. [Adrian's comment about a public LDAP keyserver being unsynchronized] One is, one isn't. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+FdXbSypIl9OdoOMRAgl+AKC0dIqEy5qFxHysChg+4j4aFT+9/gCePnYK Ljv252fSiYrA+Slo90g2mJg= =CNNE -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4-- From linux@thorstenhau.de Fri Jan 3 19:49:02 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Fri Jan 3 19:49:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103182636.GA1108@pm1.ric-13.lft.widomaker.com> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> <20030103151523.GC2705@eumel.yoo.local> <173707406484.20030103175739@myrealbox.com> <20030103182636.GA1108@pm1.ric-13.lft.widomaker.com> Message-ID: <20030103185353.GG2705@eumel.yoo.local> --0rSojgWGcpz+ezC3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, * Jason Harris [2003-01-03 19:26]: >wwwkeys.eu.pgp.net is a DNS RR. See ./keyserver.html on my website for >more information. Yes, but is there a way to profit from that fact? Thorsten --=20 Getting a thrill out of some stupid quote is a sign of idiocy. - turmeric --0rSojgWGcpz+ezC3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+FdxAW/x2JEBlodoRAiafAJ9ZxOkVmRiUgnPjWjMIW6cEkcvECwCghNKV xo/8h1YxVNmxYDTMW17S5Jc= =KRg7 -----END PGP SIGNATURE----- --0rSojgWGcpz+ezC3-- From jharris@widomaker.com Fri Jan 3 19:56:01 2003 From: jharris@widomaker.com (Jason Harris) Date: Fri Jan 3 19:56:01 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103185353.GG2705@eumel.yoo.local> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> <20030103151523.GC2705@eumel.yoo.local> <173707406484.20030103175739@myrealbox.com> <20030103182636.GA1108@pm1.ric-13.lft.widomaker.com> <20030103185353.GG2705@eumel.yoo.local> Message-ID: <20030103185744.GB1108@pm1.ric-13.lft.widomaker.com> --tjCHc7DPkfUGtrlw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 03, 2003 at 07:53:53PM +0100, Thorsten Haude wrote: > * Jason Harris [2003-01-03 19:26]: > >wwwkeys.eu.pgp.net is a DNS RR. See ./keyserver.html on my website for > >more information. >=20 > Yes, but is there a way to profit from that fact? Sure, pick an alternate (non-RR) server or retry the RR name until you get a working server. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --tjCHc7DPkfUGtrlw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Fd0oSypIl9OdoOMRAq1HAJ9M039dFphuek5SwR+63ZTxd3/NSACeNQ+2 JVOxhDJS1unXetujw36eWr0= =UtCY -----END PGP SIGNATURE----- --tjCHc7DPkfUGtrlw-- From Thomas.Arend@t-online.de Fri Jan 3 20:40:02 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Fri Jan 3 20:40:02 2003 Subject: Receiving a key on standard output In-Reply-To: <20030103005458.GE3303@jabberwocky.com> References: <20030102135620.GA73974@xs4all.nl> <20030102183044.GB750@pm1.ric-08.lft.widomaker.com> <20030103005458.GE3303@jabberwocky.com> Message-ID: <200301032041.48952.thomas@t-arend.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Freitag, 3. Januar 2003 01:54 schrieb David Shaw: > On Thu, Jan 02, 2003 at 01:30:44PM -0500, Jason Harris wrote: > > On Thu, Jan 02, 2003 at 02:19:57PM -0000, greg@turnstep.com wrote: > > > > NB: The PGP signature on your message is bad. > > > > [fetching a key to a file] > > Run gpgkeys_* directly (it has been covered on one of these lists > > before). See ./code/lget[.asc] on my website for an example. > > The only difficulty with this is that versions of GnuPG less than 1.3 > don't have a gpgkeys_hkp - only gpgkeys_ldap and gpgkeys_mailto. > Without gpgkeys_hkp, I think the easiest way to fetch a key from a > keyserver into a file is with wget or similar programs: > > wget -O thefile.asc > 'http://keyserver.kjsl.com:11371/pks/lookup?op=3Dget&search=3D0x9924256= 0' > > 'thefile.asc' now has the key. > > David The following command will receive and import the key wget -O - \ 'http://keyserver.kjsl.com:11371/pks/lookup?op=3Dget&search=3D0x99242560'= | gpg \ - --import Best regards Thomas Arend Schilfgraben 29 26389 Wilhelmshaven Telefon: 04421-83062 Jetzt auch GnuPG / PGP verschl=FCsselt erreichbar. Schhl=FCssel=20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Fed72TqsmTFMxwkRAg89AKCUeY08GV0hGBgcH2FXrsWIzwN1YgCguRqh 1ZSm8N6ih2EwEV5r6tbHH+8=3D =3DdouY -----END PGP SIGNATURE----- From linux@thorstenhau.de Fri Jan 3 20:43:02 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Fri Jan 3 20:43:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103185744.GB1108@pm1.ric-13.lft.widomaker.com> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> <20030103151523.GC2705@eumel.yoo.local> <173707406484.20030103175739@myrealbox.com> <20030103182636.GA1108@pm1.ric-13.lft.widomaker.com> <20030103185353.GG2705@eumel.yoo.local> <20030103185744.GB1108@pm1.ric-13.lft.widomaker.com> Message-ID: <20030103194209.GH2705@eumel.yoo.local> --UTZ8bGhNySVQ9LYl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, * Jason Harris [2003-01-03 19:57]: >On Fri, Jan 03, 2003 at 07:53:53PM +0100, Thorsten Haude wrote: >> * Jason Harris [2003-01-03 19:26]: >> >wwwkeys.eu.pgp.net is a DNS RR. See ./keyserver.html on my website for >> >more information. >>=20 >> Yes, but is there a way to profit from that fact? > >Sure, pick an alternate (non-RR) server or retry the RR name until >you get a working server. Oh, I retried already, believe me. Either all servers are broken or my setup is. Do you know where I can get a list of non-RR servers? Thorsten --=20 All generalizations are false. --UTZ8bGhNySVQ9LYl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+FeeQW/x2JEBlodoRAn1PAJ9V42WH1C2VbYR4XphLbqVA6S1VBwCcCl+R Gjp5YwI2A4NFTa+s4pEbU5I= =syTT -----END PGP SIGNATURE----- --UTZ8bGhNySVQ9LYl-- From jan.tim.schueszler@gmx.de Fri Jan 3 20:44:02 2003 From: jan.tim.schueszler@gmx.de (Jan Tim Schueszler) Date: Fri Jan 3 20:44:02 2003 Subject: Can't create revocation certicate In-Reply-To: <87vg16e502.fsf@alberti.g10code.de> References: <87vg16e502.fsf@alberti.g10code.de> Message-ID: <20030103194106.GA609@erde.schueszler.subdomain.de> --/04w6evG8XlLl3ft Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Am 03.01.2003 um 14.01 schrieb Werner Koch: > On Thu, 02 Jan 2003 20:16:55 +0100, Pedro Jos=E9 said: >=20 > > I can encrypt, decrypt, sign, change the password... > > the only thing i can't do is create a revocation I've got the same problem here. But there's one little difference: on my pc (Win98SE with GnuPG 1.2.1), I can create the revocation certificate, it is printed to command-line, but it is not stored on disk. Other users have experienced the same, see thread on WinPT-Mailinglist. > What Windows version are you running? I can only test on ME. Windows 98SE (plain, without any other applications except for the necessary drivers) Bye JT --=20 Jan Tim Sch=FCszler, Hamburg ICQ 31996332 Fingerprint: 52D5 8FE5 8097 96B8 7D5B 4170 9838 D64E 873D 5FF2 --/04w6evG8XlLl3ft Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+FedRmDjWToc9X/IRAhahAJ9i9lTjCbEWNCrbpQly0eJofU3C7QCgij2y rd1WS0tT/CD/sdxSNY/Bq7c= =0RLv -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft-- From dshaw@jabberwocky.com Fri Jan 3 20:46:04 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 3 20:46:04 2003 Subject: Receiving a key on standard output In-Reply-To: <200301032041.48952.thomas@t-arend.de> References: <20030102135620.GA73974@xs4all.nl> <20030102183044.GB750@pm1.ric-08.lft.widomaker.com> <20030103005458.GE3303@jabberwocky.com> <200301032041.48952.thomas@t-arend.de> Message-ID: <20030103194719.GL8582@jabberwocky.com> On Fri, Jan 03, 2003 at 08:41:47PM +0100, Thomas Arend wrote: > Am Freitag, 3. Januar 2003 01:54 schrieb David Shaw: > > On Thu, Jan 02, 2003 at 01:30:44PM -0500, Jason Harris wrote: > > > On Thu, Jan 02, 2003 at 02:19:57PM -0000, greg@turnstep.com wrote: > > > > > > NB: The PGP signature on your message is bad. > > > > > > [fetching a key to a file] > > > Run gpgkeys_* directly (it has been covered on one of these lists > > > before). See ./code/lget[.asc] on my website for an example. > > > > The only difficulty with this is that versions of GnuPG less than 1.3 > > don't have a gpgkeys_hkp - only gpgkeys_ldap and gpgkeys_mailto. > > Without gpgkeys_hkp, I think the easiest way to fetch a key from a > > keyserver into a file is with wget or similar programs: > > > > wget -O thefile.asc > > 'http://keyserver.kjsl.com:11371/pks/lookup?op=get&search=0x99242560' > > > > 'thefile.asc' now has the key. > > > > David > > The following command will receive and import the key > > wget -O - \ > 'http://keyserver.kjsl.com:11371/pks/lookup?op=get&search=0x99242560' | gpg \ > - --import Why bother with that? Just do 'gpg --recv-keys 99242560' The reason to retrieve it to a file first was so that the original poster could then examime the file before importing the key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Thomas.Arend@t-online.de Fri Jan 3 21:10:01 2003 From: Thomas.Arend@t-online.de (by way of Thomas Arend thomas@t-arend.de) Date: Fri Jan 3 21:10:01 2003 Subject: Receiving a key on standard output Message-ID: <200301032112.21240.thomas@t-arend.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Freitag, 3. Januar 2003 01:54 schrieb David Shaw: > On Thu, Jan 02, 2003 at 01:30:44PM -0500, Jason Harris wrote: > > On Thu, Jan 02, 2003 at 02:19:57PM -0000, greg@turnstep.com wrote: > > > > NB: The PGP signature on your message is bad. > > > > [fetching a key to a file] > > Run gpgkeys_* directly (it has been covered on one of these lists > > before). See ./code/lget[.asc] on my website for an example. > > The only difficulty with this is that versions of GnuPG less than 1.3 > don't have a gpgkeys_hkp - only gpgkeys_ldap and gpgkeys_mailto. > Without gpgkeys_hkp, I think the easiest way to fetch a key from a > keyserver into a file is with wget or similar programs: > > wget -O thefile.asc > 'http://keyserver.kjsl.com:11371/pks/lookup?op=3Dget&search=3D0x9924256= 0' > > 'thefile.asc' now has the key. > > David The following command will receive and import the key wget -O - \ 'http://keyserver.kjsl.com:11371/pks/lookup?op=3Dget&search=3D0x99242560'= | gpg \ - - --import Best regards Thomas Arend Schilfgraben 29 26389 Wilhelmshaven Telefon: 04421-83062 Jetzt auch GnuPG / PGP verschl=FCsselt erreichbar. Schhl=FCssel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Fe6i2TqsmTFMxwkRApjuAKChEmaQuviYWtXIBwBT7Q439nsPIwCeKdy8 GdB8Q6z4j5LbBUdWwEFADPU=3D =3DKi+W -----END PGP SIGNATURE----- From s_p_p30@yahoo.com Fri Jan 3 23:25:02 2003 From: s_p_p30@yahoo.com (S PP) Date: Fri Jan 3 23:25:02 2003 Subject: GPG on NT 4.0? Message-ID: <20030103222602.45042.qmail@web14809.mail.yahoo.com> --0-2090877790-1041632762=:44906 Content-Type: text/plain; charset=us-ascii Hello, I want to install GPG on an NT 4.0 system, but how do I check the integrity of the .exe file? I have gone through a number of sites to find the answer, but I only came across integrity checks for UNIX systems. Any assistance would be greatly appreciated. Thanks, RR --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now --0-2090877790-1041632762=:44906 Content-Type: text/html; charset=us-ascii

Hello,

I want to install GPG on an NT 4.0 system, but how do I check the integrity of the .exe file? I have gone through a number of sites to find the answer, but I only came across integrity checks for UNIX systems.

Any assistance would be greatly appreciated.

Thanks,

RR


Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now --0-2090877790-1041632762=:44906-- From pedrojgm@hotmail.com Fri Jan 3 23:48:02 2003 From: pedrojgm@hotmail.com (=?iso-8859-1?B?UGVkcm8gSm9z6Q==?=) Date: Fri Jan 3 23:48:02 2003 Subject: Can't create revocation certicate Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, On Fri, 3 Jan 2003 20:41:06 Jan Tim Schueszler said: >I've got the same problem here. But there's one little difference: >on my pc (Win98SE with GnuPG 1.2.1), I can create the revocation >certificate, it is printed to command-line, but it is not stored on >disk. >Other users have experienced the same, see thread on WinPT-Mailinglist. I'm using WinXP Pro SP1 and after the tests i've done i think the problem is not for gpg: if i create a key pair using gpg with password "á" there is not any problem, i can decrypt and generate a revocation certificate to disk (--output file --gen-revoke key). The problem i have occurs when that key pair has been generated using frontend WinPT. I would say that gpg it's working fine but maybe WinPT it's using different charset or other cause. Pedro. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.93 iD8DBQE+FhHa7QaeX7bV40oRAvT6AKCUWO0iIHKTSTXA9hVlbn/hLlvUSQCeLKgx ucR5uLe9RwLdEpN0EmRiyV4= =QPHO -----END PGP SIGNATURE----- _________________________________________________________________ MSN. Más Útil Cada Día http://www.msn.es/intmap/ From malte_gell@t-online.de Sat Jan 4 03:55:02 2003 From: malte_gell@t-online.de (Malte Gell) Date: Sat Jan 4 03:55:02 2003 Subject: GPG on NT 4.0? In-Reply-To: <20030103222602.45042.qmail@web14809.mail.yahoo.com> References: <20030103222602.45042.qmail@web14809.mail.yahoo.com> Message-ID: <200301040356.23617.malte_gell@t-online.de> > I want to install GPG on an NT 4.0 system, but how do I check the > integrity of the .exe file? I have gone through a number of sites to > find the answer, but I only came across integrity checks for UNIX > systems. You could download GnuPG for Win32 on a machine that already has GnuPG=20 installed and check integrity there. If this is not an option, you=20 might download GnuPG and verify the MD5 sum. If you don't have a win program for getting the md5 sum of a file you=20 can get one there: http://www.openoffice.org/dev_docs/using_md5sums.html Now you're able to check GnuPG's integrity on either way. From graham.todd@ntlworld.com Sat Jan 4 05:37:02 2003 From: graham.todd@ntlworld.com (Graham) Date: Sat Jan 4 05:37:02 2003 Subject: GPG on NT 4.0? In-Reply-To: <200301040356.23617.malte_gell@t-online.de> References: <20030103222602.45042.qmail@web14809.mail.yahoo.com> <200301040356.23617.malte_gell@t-online.de> Message-ID: <200301040448.09558.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 04 Jan 2003 2:56 am, Malte Gell wrote: > > I want to install GPG on an NT 4.0 system, but how do I check the > > integrity of the .exe file? I have gone through a number of sites > > to find the answer, but I only came across integrity checks for > > UNIX systems. > > You could download GnuPG for Win32 on a machine that already has > GnuPG installed and check integrity there. If this is not an option, > you might download GnuPG and verify the MD5 sum. > > If you don't have a win program for getting the md5 sum of a file you > can get one there: > > http://www.openoffice.org/dev_docs/using_md5sums.html > > Now you're able to check GnuPG's integrity on either way. Adding to the above, if you get your version of GnuPG from=20 http://www.nullify.org, you will find it optimised for Windows AND MD5=20 integrity figures are on the website. The nullify.org build (I believe) takes the original source, patches it,=20 and compiles it using a compiler more optimized for Windows. MD5=20 checks are available for th source, patches, and finally optimised=20 code. - --=20 Graham GPG Keys at encryption.keys@ntlworld.com =20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE+FmeFpkP+05aKiWcRAk3pAKDCZ8MksFuRPc9ilNgQfAWYjCQYFwCeIf4j VoPXeGL14er0F8qzXNtGqEE=3D =3Drb5B -----END PGP SIGNATURE----- From wk@gnupg.org Sat Jan 4 11:02:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Jan 4 11:02:02 2003 Subject: GPG on NT 4.0? In-Reply-To: <200301040356.23617.malte_gell@t-online.de> (malte_gell@t-online.de's message of "Sat, 4 Jan 2003 03:56:23 +0100") References: <20030103222602.45042.qmail@web14809.mail.yahoo.com> <200301040356.23617.malte_gell@t-online.de> Message-ID: <87y961cjzj.fsf@alberti.g10code.de> On Sat, 4 Jan 2003 03:56:23 +0100, Malte Gell said: > If you don't have a win program for getting the md5 sum of a file you > can get one there: > http://www.openoffice.org/dev_docs/using_md5sums.html Or at: ftp://ftp.gnupg.org/gcrypt/binary/md5sum-w32.zip ftp://ftp.gnupg.org/gcrypt/binary/md5sum-w32.zip.sig There is a binary included and you should be able to compile it with any Standard-C compiler. From david@rebirthing.co.nz Sat Jan 4 13:34:02 2003 From: david@rebirthing.co.nz (David McNab) Date: Sat Jan 4 13:34:02 2003 Subject: importing mac pubkey into gpg??? Message-ID: <1041683647.4385.6.camel@rebirth> Hi, I've received a PGP 2.x key that was generated on a macintosh, which I'm trying to import to GPG 1.2.1-2 on debian (x86). I don't know anything about mac file formats, but what I do see is that the file isn't ascii-armoured. Can someone please tell me - what steps do i need to take to import this key? What macintosh file conversion commands and arguments do i need to run first? Thanks for your help Cheers David From Cameron Hooper Sun Jan 5 06:03:02 2003 From: Cameron Hooper (Cameron Hooper) Date: Sun Jan 5 06:03:02 2003 Subject: Must I Retrieve? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use GnuPG in pine via pinegpg. So far everything works well, but I have one question. When reading a "signed" message I have to set the option 'keyserver-options auto-key-retrieve' in the options file. This retrieves the correspondent's public key and imports it into my keyring. My question is: Can I check a signature without importing the public key? Sorry if this has been asked many times before. Cameron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+F7zNZWcDs/zPjJERAlP0AKCSBKnAF6/7h85ZM0tH7EgGcWztMACgjxOh IHFOuf93AYL6wioGxGqKouw= =j40z -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sun Jan 5 06:58:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Jan 5 06:58:01 2003 Subject: Must I Retrieve? In-Reply-To: References: Message-ID: <20030105055907.GA22481@jabberwocky.com> On Sun, Jan 05, 2003 at 12:03:56AM -0500, Cameron Hooper wrote: > I use GnuPG in pine via pinegpg. So far everything works well, but I have > one question. When reading a "signed" message I have to set the option > 'keyserver-options auto-key-retrieve' in the options file. This retrieves > the correspondent's public key and imports it into my keyring. > > My question is: Can I check a signature without importing the public > key? No. You can delete the key when you are done, but you must have the key to verify a signature. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From douglas@webpro500.com Sun Jan 5 23:28:02 2003 From: douglas@webpro500.com (douglas@webpro500.com) Date: Sun Jan 5 23:28:02 2003 Subject: GPG for Dummies? Message-ID: <003101c2b50b$5ef3d120$0300a8c0@douglasm> This is a multi-part message in MIME format. ------=_NextPart_000_002E_01C2B4D9.12943180 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I have PGP Freeware on my pc. Is there anything like this for GPG? I'd = like to use something like FormMail to get encryted orders and decrypt = them in Outlook Express. I haven't a clue how to get this done. Sould = someone please step me through this? Thanks a heap! Douglas ------=_NextPart_000_002E_01C2B4D9.12943180 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
 
I have PGP Freeware on my pc. Is there = anything=20 like this for GPG? I'd like to use something like FormMail to get = encryted=20 orders and decrypt them in Outlook Express. I haven't a clue how to get = this=20 done. Sould someone please step me through this?
 
Thanks a heap!
Douglas
------=_NextPart_000_002E_01C2B4D9.12943180-- From cwsiv_home1@juno.com Mon Jan 6 03:09:01 2003 From: cwsiv_home1@juno.com (carl w spitzer) Date: Mon Jan 6 03:09:01 2003 Subject: FYI>>Ad-aware (freeware) Message-ID: <20030105.180942.11631.3.cwsiv_home1@juno.com> It's Thursday. These days you just can't be sure who or what may be watching and tracking where you go on the Internet. Rogue applications known as "spyware" are being developed and distributed by unscrupulous entities to gather informa- tion from your PC without your knowledge or approval. Your surfing habits, such as the web sites you visit and even personal information can all be gathered by spyware and sent back to an undisclosed location and you won't even know it's happening. These programs are not detectable by anti-virus software and won't even show up in Windows Task Manager. With numerous varieties of spyware currently out there, there's a real possibility that your PC has already been targeted. They can attach themselves to your PC in a many ways, but the most common is through the ordinary process of software installation. Some of the worst offenders are shareware programs downloaded from the Internet. What can you do? LavaSoft Ad-aware Ad-aware is a free multi spyware removal utility that is capable of scanning your memory, registry, and hard drives for known spyware components and lets you remove them safe- ly. You can download a copy from their web site by following the link below. http://www.lsfileserv.com/ mirror one below http://www.majorgeek.com/index2.html ________________________________________________________________ Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com From cwsiv_home1@juno.com Mon Jan 6 03:09:10 2003 From: cwsiv_home1@juno.com (carl w spitzer) Date: Mon Jan 6 03:09:10 2003 Subject: should I downgrade Message-ID: <20030105.180942.11631.20.cwsiv_home1@juno.com> Saddly Imads page is problematic for older versions and ina dn out of reliability when I tested it. See those below for other sources. >From: Nick Andriash >http://freepages.computers.rootsweb.com/~irfaiad/ > >________________________________________________________________ alternate ftp://ftp.ch.pgpi.com/pub/ ftp://ftp.ch.pgpi.com/pub/pgp/ ftp://ftp.ch.pgpi.com/pub/pgp/gnupg/ has gnupg 1.2 for win32 and linux ftp://ftp.ch.pgpi.com/pub/pgp/2.x/pc/windows/ has pgp263 for win32 ftp://ftp.ch.pgpi.com/pub/pgp/2.x/pc/msdos/ has pgp263 for msdos ftp://ftp.ch.pgpi.com/pub/pgp/2.x/src/ has source not specific which distro o _______________________________ o _____ | CWSIV_HOME1@JUNO.COM | .][__n_n_|DD[ ====_____ | M A R K L I N T R A I N S | > (________|__|_[_________]_|___________________________| _/oo OOOOO oo` ooo ooo 'o!o!o o!o!o` ________________________________________________________________ Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com From hdbtroll@moment.net Mon Jan 6 05:54:02 2003 From: hdbtroll@moment.net (DB Troll) Date: Mon Jan 6 05:54:02 2003 Subject: Error -signature verification failed Message-ID: <3E190D27.40202@moment.net> Lately when I send a msg to a mail list and then receive the msg back I get the above with the following: gpg command line and output /usr/local/bin/gpg --batch --no-tty --status-fd 2 -d gpg: Signature made Sat 04 Jan 2003 10.50.53 AM CST using DSA key ID A323399B gpg: BAD signature from "David Barrow (Het Troll) Mon Jan 6 10:28:02 2003 From: Constantin Dumitrescu (Constantin Dumitrescu) Date: Mon Jan 6 10:28:02 2003 Subject: Problems with emacs + crypt++ + gpg + iso-8859-2; newbie. Message-ID: <15897.19565.400899.73236@sesame.homeip.net> Hi, and a Happy New Year! Does anyone have experience with the setup from the subject line? I'm having all sort of problems with that combination; for example, I have a file msg.txt in clear text that uses the iso-8859-2 coding system; I visit this file, do M-x crypt-encrypted-mode, and finaly C-x C-w, to save it under the name msg.gpg, but the msg.gpg file is empty. Other time, (can't recall exactly how I had set up crypt++), it worked, the msg.pgp file was encrypted, but when I visited it some later time, all my romanian characters were looking wrong, like escape sequences. I wish to be able to encrypt a file that uses iso-8859-2 coding system and later read it without having the romanian characters wrong. Currently I'm only able to do that if I save it in clear text, encrypt it from the shell; later decrypt it from the shell, and visit it. That means I don't use crypt++ at all. I'm doing something wrong in my crypt++ setup probably, but don't know what. Or maybe I need some special setup? Can someone help me? Thanks. Constantin. From xavier.nodet@free.fr Mon Jan 6 11:35:02 2003 From: xavier.nodet@free.fr (Xavier Nodet) Date: Mon Jan 6 11:35:02 2003 Subject: No [GNUPG:] tag when 'not a detached signature' error Message-ID: Hi, I noticed, using GnuPG 1.2.1, that when there is an error because a signature should have been detached, there is never a corresponding message beginning with "[GNUPG:] ", although I use --status-fd. I got this problem when trying to verify the signature of an ill-formed PGP-MIME message, and parsing only the "[GNUPG:] " lines. Here are steps to reproduce this problem. C:\tmp>echo clear-text > message.txt C:\tmp>gpg -a --sign message.txt You need a passphrase to unlock the secret key ... C:\tmp>gpg --status-fd=2 --command-fd 0 --verify message.asc message.txt gpg: not a detached signature C:\tmp> I feel there should also be an output line like: [GNUPG:] ERRSIG ... Did I miss something? -- Xavier Nodet "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 From c0g@wp.pl Mon Jan 6 13:21:02 2003 From: c0g@wp.pl (c0g) Date: Mon Jan 6 13:21:02 2003 Subject: exporting secret key Message-ID: <3E14C621.5060608@wp.pl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Sorry for that silly question: I can't export my private key to ASCII. How to do it? I couldn't find command line option for this in gpg. Please reply to my private address, because i'm not subscibed to this list. Thanks in advance! - -- c0g@wp.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+FMYhPqmVt5WhbA8RAhneAJsERhugOZmKl+4QcEpD1XaS1+hZWQCgkKv6 x1dBTwvNSXerZk6FyAEqZFM= =lb9E -----END PGP SIGNATURE----- From private@asgard.cert.dfn.de Mon Jan 6 13:21:09 2003 From: private@asgard.cert.dfn.de (Olaf Gellert) Date: Mon Jan 6 13:21:09 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103151523.GC2705@eumel.yoo.local> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> <20030103151523.GC2705@eumel.yoo.local> Message-ID: <20030104035646.GA3961@asgard.cert.dfn.de> Hi, > >yooden@eumel>> gpg --send-key 4065A1DA > >> gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=400) > >> - - - Schnapp - - - maybe your requests are filtered by a firewall? Usually you need to enable access to port 11371 on the keyserver... Maybe this helps? Cheers, Olaf -- Olaf Gellert _ - __o gellert@arasca.de _- _`\<,_ http://www.arasca.de/olaf/ - (_)/ (_) ---------------------------------------------------------------------- Most people would sooner die than think; in fact, they do so. -- Bertrand Russell ---------------------------------------------------------------------- From alex@syjon.fantastyka.net Mon Jan 6 13:21:15 2003 From: alex@syjon.fantastyka.net (Janusz A. Urbanowicz) Date: Mon Jan 6 13:21:15 2003 Subject: lc2 In-Reply-To: <20030103142821.GC8582@jabberwocky.com> References: <13014561237.20030103160329@bigline.kharkov.ua> <20030103142821.GC8582@jabberwocky.com> Message-ID: <20030103180645.GA10410@syjon.fantastyka.net> On Fri, Jan 03, 2003 at 09:28:22AM -0500, David Shaw wrote: > However, the bottom line is that are LANCrypto algorithms, and are not > part of the OpenPGP standard so they will not be usable in PGP or > (regular) GnuPG. PGP and GnuPG are doing the correct thing by > refusing to import LANS keys. isnt the preferences system designed to address the situation? (I assume that LANC GPG supports the obligatory 3DES/SHA1 suite). Alex From thomas@t-arend.de Mon Jan 6 13:21:22 2003 From: thomas@t-arend.de (Thomas Arend) Date: Mon Jan 6 13:21:22 2003 Subject: Receiving a key on standard output In-Reply-To: <20030103194719.GL8582@jabberwocky.com> References: <20030102135620.GA73974@xs4all.nl> <200301032041.48952.thomas@t-arend.de> <20030103194719.GL8582@jabberwocky.com> Message-ID: <200301032100.48019.thomas@t-arend.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Freitag, 3. Januar 2003 20:47 schrieb David Shaw: > On Fri, Jan 03, 2003 at 08:41:47PM +0100, Thomas Arend wrote: > > Am Freitag, 3. Januar 2003 01:54 schrieb David Shaw: > > > On Thu, Jan 02, 2003 at 01:30:44PM -0500, Jason Harris wrote: > > > > On Thu, Jan 02, 2003 at 02:19:57PM -0000, greg@turnstep.com wrote= : > > > > > > > > NB: The PGP signature on your message is bad. > > > > > > > > [fetching a key to a file] > > > > Run gpgkeys_* directly (it has been covered on one of these lists > > > > before). See ./code/lget[.asc] on my website for an example. > > > > > > The only difficulty with this is that versions of GnuPG less than 1= =2E3 > > > don't have a gpgkeys_hkp - only gpgkeys_ldap and gpgkeys_mailto. > > > Without gpgkeys_hkp, I think the easiest way to fetch a key from a > > > keyserver into a file is with wget or similar programs: > > > > > > wget -O thefile.asc > > > 'http://keyserver.kjsl.com:11371/pks/lookup?op=3Dget&search=3D0x992= 42560' > > > > > > 'thefile.asc' now has the key. > > > > > > David > > > > The following command will receive and import the key > > > > wget -O - \ > > 'http://keyserver.kjsl.com:11371/pks/lookup?op=3Dget&search=3D0x99242= 560' | > > gpg \ - --import > > Why bother with that? Just do 'gpg --recv-keys 99242560' > > The reason to retrieve it to a file first was so that the original > poster could then examime the file before importing the key. > > David You arre right. I thougt of this myself. But you were faster.=20 (BTW I learned the -O - option of wget) But I think it's better to view the keys with gpg --edit-keys than to vie= w it=20 in a file. The file is a little bit cryptic. Mit freundlichen Gr=FC=DFen Thomas Arend -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Fevu2TqsmTFMxwkRAvF7AKCgVE09hjZGkkTKJnWiJA2EDIjexwCgnwrx cP58T+jKw9ZqMMxUrR1Bxxc=3D =3DjIyE -----END PGP SIGNATURE----- From design@panchroma.com Mon Jan 6 13:21:29 2003 From: design@panchroma.com (PANCHROMA.COM) Date: Mon Jan 6 13:21:29 2003 Subject: importing mac pubkey into gpg??? In-Reply-To: <1041683647.4385.6.camel@rebirth> Message-ID: Hi David, I regularly swap keys between our local Mac ( PGP 6.5.2) and Unix server (GPG 1.2.0) without trouble. If your contact wants to generate an ascii-armoured key on the Mac ( as opposed to the binary which you may have), the steps are something like: - open the PGPkeys application - select the icon of the key you want to export - from the top menuu choose KEYS/EXPORT This will produce a plain text file, which can be safely emailed. Another posibility is that they can export their keys to a key server, and you could then import them from there. Good luck - David Taiaroa >Hi, > >I've received a PGP 2.x key that was generated on a macintosh, which I'm >trying to import to GPG 1.2.1-2 on debian (x86). > >I don't know anything about mac file formats, but what I do see is that >the file isn't ascii-armoured. > >Can someone please tell me - what steps do i need to take to import this >key? What macintosh file conversion commands and arguments do i need to >run first? > >Thanks for your help > >Cheers >David > > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users ------------------------------------------------------ PANCHROMA.COM - website design, development and hosting http://www.panchroma.com ------------------------------------------------------ From remailer@aarg.net Mon Jan 6 13:21:36 2003 From: remailer@aarg.net (AARG! Anonymous) Date: Mon Jan 6 13:21:36 2003 Subject: Must I Retrieve? Message-ID: <8ab09b2de7eae5e2a97cf97de2403da7@aarg.net> Cameron Hooper [05/01/2003]: > I use GnuPG in pine via pinegpg. So far everything works well, but I have > one question. When reading a "signed" message I have to set the option > 'keyserver-options auto-key-retrieve' in the options file. This retrieves > the correspondent's public key and imports it into my keyring. > > My question is: Can I check a signature without importing the public > key? Tell GnuPG to use a different (secondary) keyring, which you might want to clean up from time to time... From dshaw@jabberwocky.com Mon Jan 6 14:49:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Jan 6 14:49:01 2003 Subject: lc2 In-Reply-To: <20030103180645.GA10410@syjon.fantastyka.net> References: <13014561237.20030103160329@bigline.kharkov.ua> <20030103142821.GC8582@jabberwocky.com> <20030103180645.GA10410@syjon.fantastyka.net> Message-ID: <20030106134936.GA17119@jabberwocky.com> On Fri, Jan 03, 2003 at 07:06:45PM +0100, Janusz A. Urbanowicz wrote: > On Fri, Jan 03, 2003 at 09:28:22AM -0500, David Shaw wrote: > > However, the bottom line is that are LANCrypto algorithms, and are not > > part of the OpenPGP standard so they will not be usable in PGP or > > (regular) GnuPG. PGP and GnuPG are doing the correct thing by > > refusing to import LANS keys. > > isnt the preferences system designed to address the situation? (I assume > that LANC GPG supports the obligatory 3DES/SHA1 suite). Well, yes and no. The LanCrypto ciphers and hashes, yes. The LanCrypto public key algorithm, no. Preferences do not cover pk algorithms. In any event, the LanCrypto algorithms have experimental algorithm numbers. It's not exactly clear what the right thing to do in preferences for experimental algorithms since it's easy to have two completely different "algorithm 100"s. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From thopper@ovonic.com Mon Jan 6 15:24:01 2003 From: thopper@ovonic.com (Thomas Hopper) Date: Mon Jan 6 15:24:01 2003 Subject: importing mac pubkey into gpg??? In-Reply-To: Message-ID: If the key that you're trying to import is in ASCII format, you might need to change the line endings from Mac to Unix. >> I've received a PGP 2.x key that was generated on a macintosh, which I'm >> trying to import to GPG 1.2.1-2 on debian (x86). >> >> I don't know anything about mac file formats, but what I do see is that >> the file isn't ascii-armoured. >> >> Can someone please tell me - what steps do i need to take to import this >> key? What macintosh file conversion commands and arguments do i need to >> run first? From mwood@IUPUI.Edu Mon Jan 6 17:16:01 2003 From: mwood@IUPUI.Edu (Mark H. Wood) Date: Mon Jan 6 17:16:01 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103194209.GH2705@eumel.yoo.local> Message-ID: On Fri, 3 Jan 2003, Thorsten Haude wrote: > Do you know where I can get a list of non-RR servers? Um, RR stands for "Resource Record". The DNS database is composed of 100% RRs; there is no other kind of information in it. The person who brought that notation into the thread didn't say what *kind* of RR it is. He probably meant that it's a CNAME RR, which points to some other name, but perhaps he will clarify his remarks. (Sorry, I deleted the earlier message so I don't have the domain name in question or the poster's name.) -- Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu MS Windows *is* user-friendly, but only for certain values of "user". From avbidder@fortytwo.ch Mon Jan 6 18:30:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Mon Jan 6 18:30:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: References: Message-ID: <1041874259.1390.8.camel@altfrangg.fortytwo.ch> --=-YmB94OFVkgEIulGFGN3S Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2003-01-06 at 17:16, Mark H. Wood wrote: > On Fri, 3 Jan 2003, Thorsten Haude wrote: > > Do you know where I can get a list of non-RR servers? >=20 > Um, RR stands for "Resource Record". The DNS database is composed of 100= % > RRs; there is no other kind of information in it. The person who brough= t > that notation into the thread didn't say what *kind* of RR it is. He > probably meant that it's a CNAME RR, which points to some other name, but > perhaps he will clarify his remarks. (Sorry, I deleted the earlier > message so I don't have the domain name in question or the poster's name.= ) I think the discussion was about round robin A records. host -l pgp.net | grep wwwkeys should output a list of keyservers. You'll have to specify a nameserver explicitely to host, too. cheers -- vbi --=20 featured link: http://fortytwo.ch/smtp --=-YmB94OFVkgEIulGFGN3S Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4ZvVMsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99YJvACg71EnhG2kVzfHe0dvdtBu0Dj49nEA nRLF0wbyiLixne+rYA/Bm4uF9fiU =rxnS -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-YmB94OFVkgEIulGFGN3S-- From Thomas.Arend@t-online.de Mon Jan 6 19:46:02 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Mon Jan 6 19:46:02 2003 Subject: No [GNUPG:] tag when 'not a detached signature' error In-Reply-To: References: Message-ID: <200301061948.47486.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Montag, 6. Januar 2003 11:32 schrieb Xavier Nodet: > Hi, > > I noticed, using GnuPG 1.2.1, that when there is an error because > a signature should have been detached, there is never a corresponding > message beginning with "[GNUPG:] ", although I use --status-fd. > > I got this problem when trying to verify the signature of an ill-formed > PGP-MIME message, and parsing only the "[GNUPG:] " lines. > > Here are steps to reproduce this problem. > > C:\tmp>echo clear-text > message.txt > C:\tmp>gpg -a --sign message.txt > You need a passphrase to unlock the secret key > ... > C:\tmp>gpg --status-fd=3D2 --command-fd 0 --verify message.asc message.= txt > gpg: not a detached signature > C:\tmp> > > I feel there should also be an output line like: > > [GNUPG:] ERRSIG ... > > Did I miss something? Hi, there is a difference between "--sign" and "--detach-sign". gpg assumes a= =20 detach-sign when it gets more then one file as an argument where the firs= t=20 file is the signature.=20 You have built an normal sign. There are two way to circumvent this probl= em. A. Create an detach-sign with gpg --detach-sign message.txt=20 or=20 B. gpg --verify --verify message.asc (David Shaw's message of "Mon, 6 Jan 2003 08:49:36 -0500") References: <13014561237.20030103160329@bigline.kharkov.ua> <20030103142821.GC8582@jabberwocky.com> <20030103180645.GA10410@syjon.fantastyka.net> <20030106134936.GA17119@jabberwocky.com> Message-ID: <877kdi9hg8.fsf@alberti.g10code.de> On Mon, 6 Jan 2003 08:49:36 -0500, David Shaw said: > In any event, the LanCrypto algorithms have experimental algorithm > numbers. It's not exactly clear what the right thing to do in > preferences for experimental algorithms since it's easy to have two > completely different "algorithm 100"s. Its experimental and as such the users should know how to handle it. Implementing experimental algorithms in other applications would render them de-facto standard and not anymore experimental. Shalom-Salam, Werner From dshaw@jabberwocky.com Mon Jan 6 21:30:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Jan 6 21:30:03 2003 Subject: lc2 In-Reply-To: <877kdi9hg8.fsf@alberti.g10code.de> References: <13014561237.20030103160329@bigline.kharkov.ua> <20030103142821.GC8582@jabberwocky.com> <20030103180645.GA10410@syjon.fantastyka.net> <20030106134936.GA17119@jabberwocky.com> <877kdi9hg8.fsf@alberti.g10code.de> Message-ID: <20030106203037.GD24236@jabberwocky.com> On Mon, Jan 06, 2003 at 09:00:39PM +0100, Werner Koch wrote: > On Mon, 6 Jan 2003 08:49:36 -0500, David Shaw said: > > > In any event, the LanCrypto algorithms have experimental algorithm > > numbers. It's not exactly clear what the right thing to do in > > preferences for experimental algorithms since it's easy to have two > > completely different "algorithm 100"s. > > Its experimental and as such the users should know how to handle it. > Implementing experimental algorithms in other applications would > render them de-facto standard and not anymore experimental. Exactly. If an implementation gets a "cipher 100" preference, it has no way to know what the cipher really is. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From xavier.nodet@free.fr Mon Jan 6 22:19:02 2003 From: xavier.nodet@free.fr (Xavier Nodet) Date: Mon Jan 6 22:19:02 2003 Subject: No [GNUPG:] tag when 'not a detached signature' error In-Reply-To: <200301061948.47486.thomas.arend@t-online.de> References: <200301061948.47486.thomas.arend@t-online.de> Message-ID: On Mon, 6 Jan 2003 19:48:45 +0100 Thomas Arend wrote: >> I noticed, using GnuPG 1.2.1, that when there is an error because >> a signature should have been detached, there is never a corresponding >> message beginning with "[GNUPG:] ", although I use --status-fd. >> >> I got this problem when trying to verify the signature of an ill-formed >> PGP-MIME message, and parsing only the "[GNUPG:] " lines. > there is a difference between "--sign" and "--detach-sign". > ... > You have built an normal sign. I know that, thanks. The problem is that this is a message that I received (not me, actually, but this does not matter), not one that I sent. I would like that Mahogany, the mailer I use, can correctly report that the message is not well-formed. Until now, we only had to check "[GNUPG:] " lines. I would prefer to continue this way. Thanks for your help. -- Xavier Nodet "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759. From madrook@cox.net Tue Jan 7 01:26:02 2003 From: madrook@cox.net (madrook@cox.net) Date: Tue Jan 7 01:26:02 2003 Subject: newbie question Message-ID: <002e01c2b5e3$726c2990$6f00a8c0@craftsmandigital.com> Hi Everyone, I'm new to GnuPG (and PGP). I've been through the key generation, import, export, encrypt, decrypt, sign steps, but I have one question: I primarily plan to use GnuPG to decrypt files sent to me, encrypted with my public key. Everytime I decrypt I get prompted for my passphrase to use my secret key. Is there a way to enter than on the command-line? I'm using Microsoft Win32 binaries. Thanks, ____ ____ __ ____ ( _ \ ( _ \ /__\ ( _ \ ) _ < ) / /(__)\ )(_) ) (____/ (_)\_) (__)(__) (____/ From thomas@t-arend.de Tue Jan 7 01:35:02 2003 From: thomas@t-arend.de (Thomas Arend) Date: Tue Jan 7 01:35:02 2003 Subject: exporting secret key In-Reply-To: <3E14C621.5060608@wp.pl> References: <3E14C621.5060608@wp.pl> Message-ID: <200301061706.26553.thomas@t-arend.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Freitag, 3. Januar 2003 00:07 schrieb c0g: > Hi, > Sorry for that silly question: I can't export my private key to ASCII. > How to do it? I couldn't find command line option for this in gpg. > Please reply to my private address, because i'm not subscibed to this l= ist. > Thanks in advance! Try gpg --armor --export-secret-keys Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+GamA2TqsmTFMxwkRAoZCAJ4wyPgE6cVImdFBV9CQzDd0nK+6iwCgjvR1 9JdgMEHjhuVciqkhNCnZ9EM=3D =3D/K44 -----END PGP SIGNATURE----- From linux@thorstenhau.de Tue Jan 7 01:43:02 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Tue Jan 7 01:43:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: References: <20030103194209.GH2705@eumel.yoo.local> Message-ID: <20030107004426.GH1513@eumel.yoo.local> --Cgrdyab2wu3Akvjd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, * Mark H. Wood [2003-01-06 17:16]: >On Fri, 3 Jan 2003, Thorsten Haude wrote: >> Do you know where I can get a list of non-RR servers? > >Um, RR stands for "Resource Record". Uh. I thought it would be 'Round Robin'. Thorsten --=20 There is no drug known to man which becomes safer when its production and distribution are handed over to criminals. --Cgrdyab2wu3Akvjd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+GiLpW/x2JEBlodoRAkoaAJ4hHUhoLaD1u81HXaas86HpOojbWwCg64zq R0fvUFs/+UyrwyAnq1Qwz0k= =7fJm -----END PGP SIGNATURE----- --Cgrdyab2wu3Akvjd-- From linux@thorstenhau.de Tue Jan 7 01:54:01 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Tue Jan 7 01:54:01 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030104035646.GA3961@asgard.cert.dfn.de> References: <20030103123058.GA2735@eumel.yoo.local> <49691045843.20030103132459@myrealbox.com> <20030103151523.GC2705@eumel.yoo.local> <20030104035646.GA3961@asgard.cert.dfn.de> Message-ID: <20030107005559.GI1513@eumel.yoo.local> --EemXnrF2ob+xzFeB Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, * Olaf Gellert [2003-01-04 04:56]: >> >yooden@eumel>> gpg --send-key 4065A1DA >> >> gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=3D400) >> >> - - - Schnapp - - - > >maybe your requests are filtered by a firewall? Not unless I'm also rooted and the guy decided to install one. Thorsten --=20 In dem Augenblick, wo wir anfangen unsere Freiheitsrechte einzuschr=E4nken, besorgen wir das Gesch=E4ft der Terroristen. - G=FCnter Grass --EemXnrF2ob+xzFeB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+GiWfW/x2JEBlodoRAs99AJ9A6JMYbC6o9DGtJrFCCI9BDu+sawCgxlXl /j81H8Tj6KYykR0IBvGZn6Q= =zG31 -----END PGP SIGNATURE----- --EemXnrF2ob+xzFeB-- From jon@02feb02.com Tue Jan 7 02:01:01 2003 From: jon@02feb02.com (Jon Roberts) Date: Tue Jan 7 02:01:01 2003 Subject: gnuPG and Php Message-ID: <003c01c2b67f$3bb49f30$0a00a8c0@ORAC> I got my GnuPg working fine with help from this group (thanks), and have another problem! Could some one give me some help on how to encrypt some user entered data online. I can use it from command line, but would like either a cgi or php way to use gnuPG from a webpage. It is a hosted environment, but I do have ssh access to the server. I am not too familiar with cgi, so would prefer php if this is possible. (i.e. cgi would have to be a tutorial ;P ) A web reference etc would be helpful. Thank you in advance. Cheers Jon Roberts From wk@gnupg.org Tue Jan 7 10:44:01 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Jan 7 10:44:01 2003 Subject: No [GNUPG:] tag when 'not a detached signature' error In-Reply-To: (Xavier Nodet's message of "Mon, 6 Jan 2003 11:32:09 +0100") References: Message-ID: <87n0md70ub.fsf@alberti.g10code.de> On Mon, 6 Jan 2003 11:32:09 +0100, Xavier Nodet said: > gpg: not a detached signature > C:\tmp> > I feel there should also be an output line like: > [GNUPG:] ERRSIG ... You better print an error message "no signature found" if you do a verify and don't get a bad, good or error signature status back. There are dozens of other reasons why the signature check might file we can't provide such detailed information. A solution would be a log window which receives all gpg output and you can refer the user to this log window in case of such an error. Salam-Shalom, Werner From vinamraa@infosys.com Tue Jan 7 11:56:02 2003 From: vinamraa@infosys.com (Vin) Date: Tue Jan 7 11:56:02 2003 Subject: How to import an existing key in GPG Message-ID: Hi, I imported an existing GPG key to another GPG environment but I am not able to use it for the decryption, it gives an error that the "secret key is not available". Do I need to export the existing key in some special way and import it with any different command so that the secret key is also imported in the new GPG and I am able to use the old key. Please help. Thanks Vin From xavier.nodet@free.fr Tue Jan 7 12:33:02 2003 From: xavier.nodet@free.fr (Xavier Nodet) Date: Tue Jan 7 12:33:02 2003 Subject: No [GNUPG:] tag when 'not a detached signature' error In-Reply-To: <87n0md70ub.fsf@alberti.g10code.de> References: <87n0md70ub.fsf@alberti.g10code.de> Message-ID: On Tue, 07 Jan 2003 10:42:20 +0100 Werner Koch wrote: > You better print an error message "no signature found" if you do a > verify and don't get a bad, good or error signature status back. Ok. > There are dozens of other reasons why the signature check might file > we can't provide such detailed information. Of course! I was not asking for the detailed reason why the check failed, but only to positively know that it failed: something like '[GNUPG:] UNKNOWNERR'... > A solution would be a log window which receives all gpg output and you > can refer the user to this log window in case of such an error. Yes, that's what we already do. Thanks for your help. -- Xavier Nodet "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759. From graham.todd@ntlworld.com Tue Jan 7 13:55:02 2003 From: graham.todd@ntlworld.com (Graham) Date: Tue Jan 7 13:55:02 2003 Subject: newbie question In-Reply-To: <002e01c2b5e3$726c2990$6f00a8c0@craftsmandigital.com> References: <002e01c2b5e3$726c2990$6f00a8c0@craftsmandigital.com> Message-ID: <200301071305.47553.graham.todd@ntlworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 07 Jan 2003 12:26 am, madrook@cox.net wrote: > Hi Everyone, > > I'm new to GnuPG (and PGP). > > I've been through the key generation, import, export, encrypt, > decrypt, sign steps, but I have one question: > > I primarily plan to use GnuPG to decrypt files sent to me, encrypted > with my public key. Everytime I decrypt I get prompted for my > passphrase to use my secret key. Is there a way to enter than on the > command-line? > > I'm using Microsoft Win32 binaries. > > Thanks, Get WinPT or GPGShell, which are GUIs to GPG in Windows. You don't say=20 what MUA (email program) you are using, but most should do this for=20 you. If you have a problem, download Beonex Communicator and Enigmail=20 and it will do it all for you; you can even cache your passphrase for a=20 given period of time. Beonex: http://www.beonex.com/communicator/ Enigmail: http://enigmail.mozdev.org WinPT: http://www.winpt.org/ GPGShell: http://www.jumaros.de/rsoft/gpgshell.html - --=20 Graham GPG Keys at encryption.keys@ntlworld.com =20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQE+GtCppkP+05aKiWcRAl4ZAJ9hTn77C15K89RqOjlFq2w4LgtWjQCfaSPo l+EIcBp+aObYdQGJk16K5yQ=3D =3DZM20 -----END PGP SIGNATURE----- From Todd Tue Jan 7 14:27:03 2003 From: Todd (Todd) Date: Tue Jan 7 14:27:03 2003 Subject: gnuPG and Php In-Reply-To: <003c01c2b67f$3bb49f30$0a00a8c0@ORAC> References: <003c01c2b67f$3bb49f30$0a00a8c0@ORAC> Message-ID: <20030107021253.GB9502@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jon Roberts wrote: > Could some one give me some help on how to encrypt some user entered data > online. [...] > A web reference etc would be helpful. Here's an old tutorial that covers the basics: http://hotwired.lycos.com/webmonkey/00/20/index3a_page5.html I think the important thing to keep in mind is that the web server normally runs as a different user (and has different privileges) than you do when logged in via ssh. There are various ways to deal with this. Some web hosts set things up so that your scripts run under your userid. For those that don't do this, the --homedir option is one to look at. You can see what user the server is running as in the phpinfo() output. If your web server is running as a user other than your ssh login, then you need to make sure that this user can access the keyrings where you imported your keys. Not doing this is what burns most people trying to setup a gpg encrypted web form. The result is that it "works fine from the command line but fails when run from the web page." You might also want to search the archives for this list. The question comes up fairly often. There's no search feature integrated with the list archives directly, but there is a searchable archive at: http://marc.theaimsgroup.com/?l=gnupg-users [To the list mods: perhaps a link could be added to the listinfo page to these searchable archives? It would hopefully make it a little more likely that new users would try searching for answers before posting.] HTH, - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz ============================================================================ The evils of tyranny are rarely seen but by him who resists it. -- John Hay, 1872 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE+Gjeluv+09NZUB1oRAnpDAKD3+UjITv4hD2y209P3g3ij8PajmQCgve3G 6KPpJy65Gne3O36T1s4zKb0= =8tE2 -----END PGP SIGNATURE----- From odisio@icp.inpg.fr Tue Jan 7 14:27:08 2003 From: odisio@icp.inpg.fr (Matthias Odisio) Date: Tue Jan 7 14:27:08 2003 Subject: changing pref (newbie) Message-ID: Hi, I've created a pair of keys with an older version of gnupg (1.0.6). Before starting using actually the system, I've upgraded to version 1.2.1. Is it possible to change the preferences of my public key (--edit-key, showpref) so as they are in accordance with the new algorithms, the new features, etc. ? By the way, how to change from options to gpg.conf ? Is there a conversion tool or a simple "mv" could do the trick ? Please cc me answer since I've not suscribed this mailing-list. Thanks, Matthias From wk@gnupg.org Tue Jan 7 14:36:05 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Jan 7 14:36:05 2003 Subject: [Announce] GnuPG release candidate for 1.2.2 Message-ID: <8765t16q23.fsf@alberti.g10code.de> Hello! We are pleased to announce the availability of a release candidate for GnuPG 1.2.2: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.2rc1.tar.gz (2759k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.2rc1.tar.gz.sig or as a patch (quite large due to the translations) against the latest stable release: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.1-1.2.2rc1.diff.gz (638k) If you had problems in the past or suggested a new feature, we would appreciate if you can check out this release. In addition to some bug fixes the following stuff is new: * A "convert-from-106" script has been added. This is a simple script that automates the conversion from a 1.0.6 or earlier version of GnuPG to a 1.0.7 or later version. * Notation names that do not contain a '@' are no longer allowed unless --expert is set. This is to help prevent pollution of the (as yet unused) IETF notation namespace. * A "--trust-model always" option has been added to smooth the transition to a future GnuPG that has multiple trust models. This is identical to the current "--always-trust" option. * Care is taken to prevent compiler optimization from removing memory wiping code. * New option --no-mangle-dos-filenames so that filenames are not truncated in the W32 version. * Disabled keys are now skipped when selecting keys for encryption. * Minor trustdb changes to make the trust calculations match common usage. * New translations: Finnish and Traditional Chinese. If you want to report bugs, please use the new bug tracker at http://bugs.gnupg.org and select the category "gnupg". A Happy New Year, The GnuPG Team (David, Stefan, Timo, Werner) From madrook@cox.net Tue Jan 7 16:00:02 2003 From: madrook@cox.net (madrook@cox.net) Date: Tue Jan 7 16:00:02 2003 Subject: newbie question References: <002e01c2b5e3$726c2990$6f00a8c0@craftsmandigital.com> <200301071305.47553.graham.todd@ntlworld.com> Message-ID: <006c01c2b65d$a0464a10$6403a8c0@office> Hi Graham, oops. I should probably add this important factoid. Sorry for not saying it earlier: I'm trying to setup a batch system - so a GUI shell doesn't work unless it can be controlled via some sort of automation process. I read the FAQ that recommended dispensing with passphrases altogether, but I'm not sure I understand the full implications of that. It seems better to have the management program send the password on the command line that to have no password at all. I'm guessing that stealing the keyring file is all someone would need if there were no passphrases. I'd rather make them have to steal the keyring AND find AND steal the passphrase before they could use the keys. I've used the --password-fd 0 option to send the pwd on STDIN, but in Windows that means using an input pipe from a file written to disk. Is there another way? I just realized something though -- these other shells must have a mechanism for getting the passphrase from themselves to GPG -- does anyone know how they do it? Thanks, Brad From dshaw@jabberwocky.com Tue Jan 7 16:15:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Jan 7 16:15:02 2003 Subject: changing pref (newbie) In-Reply-To: References: Message-ID: <20030107151607.GA23898@jabberwocky.com> On Tue, Jan 07, 2003 at 12:03:33PM +0100, Matthias Odisio wrote: > Hi, > > I've created a pair of keys with an older version of gnupg (1.0.6). > Before starting using actually the system, I've upgraded to version 1.2.1. > Is it possible to change the preferences of my public key (--edit-key, > showpref) so as they are in accordance with the new algorithms, the new > features, etc. ? gpg --edit-key updpref > By the way, how to change from options to gpg.conf ? Is there a conversion > tool or a simple "mv" could do the trick ? mv will do it. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From mitabrev@mochamail.com Tue Jan 7 16:43:02 2003 From: mitabrev@mochamail.com (Erik) Date: Tue Jan 7 16:43:02 2003 Subject: How to import an existing key in GPG In-Reply-To: References: Message-ID: <200301071043.11109@hello.morning> On Tuesday 07 January 2003 05:58, Vin wrote: > I imported an existing GPG key to another GPG environment but I am > not able to use it for the decryption, it gives an error that the > "secret key is not available". > > Do I need to export the existing key in some special way and import > it with any different command so that the secret key is also > imported in the new GPG and I am able to use the old key. Did you export your secret key? gpg --export-secret-key uid > filename --=20 Erik 0xD0586A6F From johanw@vulcan.xs4all.nl Tue Jan 7 16:51:02 2003 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Tue Jan 7 16:51:02 2003 Subject: newbie question In-Reply-To: <002e01c2b5e3$726c2990$6f00a8c0@craftsmandigital.com> from "madrook@cox.net" at "Jan 6, 2003 04:26:40 pm" Message-ID: <200301071140.MAA04181@vulcan.xs4all.nl> You, madrook@cox.net, wrote: > Everytime I decrypt I get prompted for my passphrase to use my secret key. > Is there a way to enter than on the command-line? No, due to security arguments the passphrase can only be entered on a file descriptor. If you use NT 4 or win2000, who have a usefull piping mechanism, you could try something like echo passphrase | gpg.exe --passphrase-fd 0 file.gpg -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From gareth.woodhouse@pinnacle.co.uk Tue Jan 7 17:36:01 2003 From: gareth.woodhouse@pinnacle.co.uk (Gareth Woodhouse) Date: Tue Jan 7 17:36:01 2003 Subject: newbie question Message-ID: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C2B66B.0B4D0CB0 Content-Type: text/plain; charset="iso-8859-1" I am also looking for a similar solution to a similar problem. I have a gpg call in a transaction loop but my users want the password to appear only the once and not for every record that requires decrypting. Therefore my thinking was I could have 2 blocks of code within my loop 1 for the first record found when the password would be entered and the second block which would be run only if a flag raised from the first block, the second block would contain the same gpg --decrypt type command but with a password suppression option.... Please tell me such a option exists....... Thanks. Gareth. -----Original Message----- From: madrook@cox.net [mailto:madrook@cox.net] Sent: 07 January 2003 15:01 To: Graham; GnuPG-Users Subject: Re: newbie question Hi Graham, oops. I should probably add this important factoid. Sorry for not saying it earlier: I'm trying to setup a batch system - so a GUI shell doesn't work unless it can be controlled via some sort of automation process. I read the FAQ that recommended dispensing with passphrases altogether, but I'm not sure I understand the full implications of that. It seems better to have the management program send the password on the command line that to have no password at all. I'm guessing that stealing the keyring file is all someone would need if there were no passphrases. I'd rather make them have to steal the keyring AND find AND steal the passphrase before they could use the keys. I've used the --password-fd 0 option to send the pwd on STDIN, but in Windows that means using an input pipe from a file written to disk. Is there another way? I just realized something though -- these other shells must have a mechanism for getting the passphrase from themselves to GPG -- does anyone know how they do it? Thanks, Brad _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ********************************************************************** CONFIDENTIALITY.This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Pinnacle Insurance plc. If you have received this email in error please immediately notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ------_=_NextPart_001_01C2B66B.0B4D0CB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: newbie question

I am also looking for a similar solution to a similar pro= blem.

I have a gpg call in a transaction loop but my users want= the password to appear only the once and not for every record that require= s decrypting.

Therefore my thinking was I could have 2 blocks of code w= ithin my loop 1 for the first record found when the password would be enter= ed and the second block which would be run only if a flag raised from the f= irst block, the second block would  contain the same gpg --decrypt typ= e command but with a password suppression option....

Please tell me such a option exists.......

Thanks.

Gareth.

-----Original Message-----
From: madrook@cox.net [mailto:madrook@cox.net]
Sent: 07 January 2003 15:01
To: Graham; GnuPG-Users
Subject: Re: newbie question


Hi Graham,

oops.  I should probably add this important factoid.=   Sorry for not saying
it earlier:

I'm trying to setup a batch system - so a GUI shell doesn= 't work unless it
can be controlled via some sort of automation process.

I read the FAQ that recommended dispensing with passphras= es altogether, but
I'm not sure I understand the full implications of that.=   It seems better to
have the management program send the password on the com= mand line that to
have no password at all.  I'm guessing that stealin= g the keyring file is all
someone would need if there were no passphrases.  I= 'd rather make them have
to steal the keyring AND find AND steal the passphrase b= efore they could use
the keys.

I've used the --password-fd 0 option to send the pwd on S= TDIN, but in
Windows that means using an input pipe from a file writt= en to disk.  Is
there another way?

I just realized something though -- these other shells mu= st have a mechanism
for getting the passphrase from themselves to GPG -- doe= s anyone know how
they do it?

Thanks,
Brad



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-use= rs



**********************************************************************
CONFIDENTIALITY.This e-mail and any attachments are
confidential and may also be privileged. If you are not the
named recipient, please notify the sender immediately and
do not disclose the contents to another person, use it for any
purpose, or store or copy the information in any medium. Any
views expressed in this message are those of the individual
sender, except where the sender specifically states them to
be the views of Pinnacle Insurance plc.

If you have received this email in error please immediately
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************
 ------_=_NextPart_001_01C2B66B.0B4D0CB0-- From RJWeddell@MarathonOil.com Tue Jan 7 19:16:02 2003 From: RJWeddell@MarathonOil.com (Weddell, R J (Rob)) Date: Tue Jan 7 19:16:02 2003 Subject: Adding Additional --charset Option Message-ID: <72B7FB6FB4C3A040BF94CE49CBB35631017171C4@FDYEXC202.mgroupnet.com> This is a multi-part message in MIME format. ------_=_NextPart_001_01C2B679.08E55CE4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable We are attempting to port gnupg to the IBM mainframe platform which uses = EBCDIC encoding as it's native character set. We have been able to build and run the gpg executable on the platform, = but to successfully exchange keys with other platforms, it looks like we = would need to specify that the OS uses the IBM-1047 character set as = opposed to ISO-8859-1. It appears that the --charset option was intended to address this type = of problem but IBM-1047 is not supported, only=20 Is --charset indeed intended to solve this type of problem? If so, has anyone had experience in adding additional character set = options who would be willing to give advice as to what code needs = modification? ------_=_NextPart_001_01C2B679.08E55CE4 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Adding Additional --charset Option

We are attempting to port gnupg to the = IBM mainframe platform which uses EBCDIC encoding as it's native = character set.

We have been able to build and run the = gpg executable on the platform, but to successfully exchange keys with = other platforms, it looks like we would need to specify that the OS uses = the IBM-1047 character set as opposed to ISO-8859-1.

It appears that the --charset option = was intended to address this type of problem but IBM-1047 is not = supported, only

Is --charset indeed intended to solve = this type of problem?

If so, has anyone had experience in = adding additional character set options who would be willing to give = advice as to what code needs modification?


------_=_NextPart_001_01C2B679.08E55CE4-- From avbidder@fortytwo.ch Tue Jan 7 21:03:05 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Jan 7 21:03:05 2003 Subject: gnupg and subkeys Message-ID: <1041969837.960.83.camel@altfrangg.fortytwo.ch> --=-UJNPVtwfiLvHPSXWTSdQ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable [replies please only to one of the mailing lists] Yo! I have updated my document about multiple subkeys (http://fortytwo.ch/subkeys) to gpg 1.2.1. There still are a few quirks, mostly it's just that the user interface could be better: * subkey creation: should offer to expire the subkey at the same time as the primary, if the primary has an expiry date set. (To discuss: should gpg forbid (except with --expert) creating subkeys that live longer than the primary?). * secret key merging: I'd consider this one a bug and not just a ui inconvenience: =3D=3D=3D=3D=3D=3D=3D=3D avbidder@altfrangg:~/tmp$ gpg --list-secret-key testuser sec# 1024D/971B7A70 2003-01-03 testuser (test key - do not use!) ssb 1024g/ACDF80C4 2003-01-03 ssb 1024R/BE9CA308 2003-01-07 avbidder@altfrangg:~/tmp$ gpg --import testuser.s=20 gpg: key 971B7A70: already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 avbidder@altfrangg:~/tmp$ gpg --list-secret-key testuser =20 sec# 1024D/971B7A70 2003-01-03 testuser (test key - do not use!) ssb 1024g/ACDF80C4 2003-01-03 ssb 1024R/BE9CA308 2003-01-07 =3D=3D=3D=3D=3D=3D=3D=3D where testuser.c is the crippled and testuser.s the full secret key. * subkey eyports: (ok, this one is really just a whishlist item): Much shuffling around with exported keys and re-importing them could be avoided if the above bug was fixed and=20 $ gpg --export-secret-[sub]key !=20 would export a stripped down version of the secret key containing only the primary [dummy] key and the specified subkey. So long... -- vbi --=20 get my gpg key here: http://fortytwo.ch/gpg/92082481 --=-UJNPVtwfiLvHPSXWTSdQ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4bMq0sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99azFQCglgmogukO4xba3LYBs/MwkBn2eKAA n3ySWO3Lv9rpFYuXrv4SWlWJnbeo =YET/ -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-UJNPVtwfiLvHPSXWTSdQ-- From wk@gnupg.org Tue Jan 7 22:00:02 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Jan 7 22:00:02 2003 Subject: Adding Additional --charset Option In-Reply-To: <72B7FB6FB4C3A040BF94CE49CBB35631017171C4@FDYEXC202.mgroupnet.com> ("Weddell, R J's message of "Tue, 7 Jan 2003 13:17:27 -0500") References: <72B7FB6FB4C3A040BF94CE49CBB35631017171C4@FDYEXC202.mgroupnet.com> Message-ID: <87smw44qwd.fsf@alberti.g10code.de> On Tue, 7 Jan 2003 13:17:27 -0500, Weddell, R J (Rob) said: > We are attempting to port gnupg to the IBM mainframe platform which > uses EBCDIC encoding as it's native character set. There used to be partial support for EBCIDC in GnuPG (e.g. a table to define what characters make up a word), but this was dropped some time ago when GNU/Linux was ported to run on VS. However there are more things to take into account, for example you will find isascii() tests at some places and the code _might_ now assume to run on an ascii system. That said, it won't be sufficient to add just a new character conversion to get a full interoperable application. OTOH, GnuPG is written as a POSIX program and should be portable to all POSIX platforms; it is just that non-ascii systems are not on very desktop or server nowadays ;-) > If so, has anyone had experience in adding additional character set > options who would be willing to give advice as to what code needs > modification? You need to change util/strgutil.c, utf8_to_native and native_to_utf8, the current implementation assumes ascii in the low 7 bits. If you need help please feel free to ask me at wk@g10code.com. Shalom-Salam, Werner From wk@gnupg.org Tue Jan 7 22:10:02 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Jan 7 22:10:02 2003 Subject: gnupg and subkeys In-Reply-To: <1041969837.960.83.camel@altfrangg.fortytwo.ch> (Adrian 'Dagurashibanipal' von Bidder's message of "07 Jan 2003 21:03:58 +0100") References: <1041969837.960.83.camel@altfrangg.fortytwo.ch> Message-ID: <87ptr84qh7.fsf@alberti.g10code.de> On 07 Jan 2003 21:03:58 +0100, Adrian 'Dagurashibanipal' von Bidder said: > [replies please only to one of the mailing lists] That's what "Mail-Followup-To: gnupg-users@gnupg.org" would be used for. > * subkey creation: should offer to expire the subkey at the same time > as the primary, if the primary has an expiry date set. (To discuss: Not required: An expired primary key renders the subkey unusable because the primary key is used to bind the subket onto the primary. > * secret key merging: I'd consider this one a bug and not just a ui > inconvenience: .... > where testuser.c is the crippled and testuser.s the full secret key. I don't understand this. > * subkey eyports: (ok, this one is really just a whishlist item): Much > shuffling around with exported keys and re-importing them could be > avoided if the above bug was fixed and > $ gpg --export-secret-[sub]key ! > would export a stripped down version of the secret key containing only > the primary [dummy] key and the specified subkey. That makes sense. Salam-Shalom, Werner From Fabian.Rodriguez@Toxik.com Tue Jan 7 23:00:01 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Tue Jan 7 23:00:01 2003 Subject: [Announce] GnuPG signature key update and X-Request-PGP In-Reply-To: <87vg1kn2ex.fsf@alberti.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know it's been a whole 2 weeks since this, but I wanted to comment on it. I still think any and all references to the (now proprietary) product should be "PGP" and those about the standard "OpenPGP". So this would become "X-Request-OpenPGP". Fabian Rodriguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 > -----Original Message----- > From: Werner Koch > Sent: Monday, December 23, 2002 11:09 AM > To: gnupg-announce@gnupg.org > Subject: [Announce] GnuPG signature key update and X-Request-PGP > > > Hello! > > [...] > On another topic: Due to problems with some of the keyservers, it > might not be possible to retrieve or refresh some keys; to work around > this, I suggest the use of a mail header to get the canonical address > of a key. This will most likely point to a web page, but other URL > schemes do also make sense. The proposed format of such a mail header > is: > > X-Request-PGP: [...] > > Please make use of this. If you are the author of a MUA, please > consider to add support for it. -----BEGIN PGP SIGNATURE----- iD8DBQE+G02TfUcTXFrypNURArNmAJ9YDBykAkI46kFnfzuHl0qOS7ynJgCgjDmS g8tyoZ2OnW51fdVuphyTCyY= =e5Vp -----END PGP SIGNATURE----- From floods@libero.it Tue Jan 7 23:03:02 2003 From: floods@libero.it (Davide Cavallari) Date: Tue Jan 7 23:03:02 2003 Subject: decrypting multipart/mixed messages Message-ID: <20030106165322.D527@frog> Sorry if this is OT, however I don't know where to ask this. How can I decrypt a message directly in mutt, if its Content-Type header is multipart/mixed? I tried to comment the line: * !^Content-Type: multipart/ in my .procmailrc file, but now both original message and attachment (which is not encrypted) are put together in the same decrypted message. Do you know the cleverest way to try? -- Cheers, Davide Cavallari Never use "etc." -- it makes people think there is more where there is not or that there is not space to list it all, etc. From madrook@cox.net Tue Jan 7 23:07:02 2003 From: madrook@cox.net (madrook@cox.net) Date: Tue Jan 7 23:07:02 2003 Subject: newbie question In-Reply-To: <200301071140.MAA04181@vulcan.xs4all.nl> Message-ID: <010201c2b699$3f85cca0$6f00a8c0@craftsmandigital.com> Hi Johan, That works. However, the space before the pipe must be removed: Echo pass|... Thank you! Brad > -----Original Message----- > From: gnupg-users-admin@gnupg.org > [mailto:gnupg-users-admin@gnupg.org] On Behalf Of Johan Wevers > Sent: Tuesday, January 07, 2003 3:41 AM > To: GnuPG users > Subject: Re: newbie question > > > You, madrook@cox.net, wrote: > > > Everytime I decrypt I get prompted for my passphrase to use > my secret > > key. > > Is there a way to enter than on the command-line? > > No, due to security arguments the passphrase can only be > entered on a file descriptor. If you use NT 4 or win2000, who > have a usefull piping mechanism, you could try something like > > echo passphrase | gpg.exe --passphrase-fd 0 file.gpg > > -- > ir. J.C.A. Wevers // Physics and science fiction site: > johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html > PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-> users > From Fabian.Rodriguez@Toxik.com Tue Jan 7 23:49:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Tue Jan 7 23:49:02 2003 Subject: [Announce] GnuPG signature key update and X-Request-PGP (re-sent with iso8859-1 encoding) In-Reply-To: <87vg1kn2ex.fsf@alberti.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know it's been a whole 2 weeks since this, but I wanted to comment on it. I still think any and all references to the (now proprietary) product should be "PGP" and those about the standard "OpenPGP". So this would become "X-Request-OpenPGP". Fabián Rodríguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 > -----Original Message----- > From: Werner Koch > Sent: Monday, December 23, 2002 11:09 AM > To: gnupg-announce@gnupg.org > Subject: [Announce] GnuPG signature key update and X-Request-PGP > > > Hello! > > [...] > On another topic: Due to problems with some of the keyservers, it > might not be possible to retrieve or refresh some keys; to work around > this, I suggest the use of a mail header to get the canonical address > of a key. This will most likely point to a web page, but other URL > schemes do also make sense. The proposed format of such a mail header > is: > > X-Request-PGP: [...] > > Please make use of this. If you are the author of a MUA, please > consider to add support for it. -----BEGIN PGP SIGNATURE----- iD8DBQE+G02TfUcTXFrypNURArNmAJ9YDBykAkI46kFnfzuHl0qOS7ynJgCgjDmS g8tyoZ2OnW51fdVuphyTCyY= =e5Vp -----END PGP SIGNATURE----- From Todd Wed Jan 8 00:01:01 2003 From: Todd (Todd) Date: Wed Jan 8 00:01:01 2003 Subject: decrypting multipart/mixed messages In-Reply-To: <20030106165322.D527@frog> References: <20030106165322.D527@frog> Message-ID: <20030107230142.GP9502@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Davide Cavallari wrote: > Sorry if this is OT, however I don't know where to ask this. If you really want to talk to mutt experts, try the mutt-users list. See http://www.mutt.org/#discuss for details. > How can I decrypt a message directly in mutt, if its Content-Type header > is multipart/mixed? You might want to upgrade to mutt 1.4 and stop using the old procmail header munging method. In mutt 1.4 there is a check-traditional-pgp function (bound to -P by default) that will parse a message for pgp content and decrypt/verify it if needed. This works even on multipart/mixed messages (most of the ones I've tested at least). - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz ============================================================================ Politicians, Like Bombers, Seldom See Their Victims... -- Dr. Donald Boudreaux, in his article, "Losing Touch" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE+G1xWuv+09NZUB1oRAmnFAJ9nSg7k8S1pDV6yhxpanpuD5pULEwCgiWpN nY0RJatodLofedeeyEj5RNw= =wjRv -----END PGP SIGNATURE----- From vedaal@hush.com Wed Jan 8 00:21:02 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Wed Jan 8 00:21:02 2003 Subject: armoring without encrypting or signing? Message-ID: <200301072321.h07NLPhW016218@mailserver2.hushmail.com> is it possible to just armor a file without signing or encrypting, as in the old pgp 2.x command: pgp -a filename.XXX i had a situation where i needed to send a word document to someone who couldn't/didn't want to receive attachments, so it was necessary to include the word.document as text within the message block i tried: gpg --armor d:\addend1.doc and got the following error message: gpg: [don't know]: invalid packet (ctb=00) i was able to do: pgp -a d:\addend1.doc and got d:\addend1.asc then did, pgp -d d:\addend1.asc and got d:\addend1 with pgp confirmation that the plaintext filename was d:\addend1.doc , and then simply re-named d:\addend1 to d:\addend1.doc and the word document opened successfully i tried the same thing in gnupg using: gpg -s --armor d:\addend1.doc and got d:\addend1.asc but do not know how to restore the file from that, back into the original .doc format is there a way to do this in gnupg? {an equivalent to the pgp -d command, or any other way? the person i need to send this to, uses gnupg but not pgp2.x and even if he did, the entire message needs to be signed and then encrypted to his dh key} tia, with Respect, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From Fabian.Rodriguez@Toxik.com Wed Jan 8 00:21:09 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Wed Jan 8 00:21:09 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'd like to know if there are any open source IM clients supporting OpenPGP via GnuPG or else, for Windows ? I'd prefer something jabber-based, I currently use Trillian for ICQ and MSN Messenger integration. It has support for encryption but is not OpenPGP compliant. The closest thing I found is SpyShield: http://www.commandcode.com/spyshield.html However it's for MSN Messenger only and I'd rather use something less intrusive/resource hungry. Any suggestions ? Fabián Rodríguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 -----BEGIN PGP SIGNATURE----- iD8DBQE+G2DBfUcTXFrypNURAne7AKCYAjWVfjPhtYGrMdav6oLzi+QRbQCfXgaP sPH2Jmc7oj9UnDRxlUy3FdQ= =9HDK -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Jan 8 00:29:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 8 00:29:02 2003 Subject: armoring without encrypting or signing? In-Reply-To: <200301072321.h07NLPhW016218@mailserver2.hushmail.com> References: <200301072321.h07NLPhW016218@mailserver2.hushmail.com> Message-ID: <20030107233022.GF27237@jabberwocky.com> On Tue, Jan 07, 2003 at 03:21:23PM -0800, vedaal@hush.com wrote: > is there a way to do this in gnupg? > {an equivalent to the pgp -d command, or any other way? gpg --enarmor gpg --dearmor David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Jan 8 00:37:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 8 00:37:02 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: References: Message-ID: <20030107233806.GG27237@jabberwocky.com> On Tue, Jan 07, 2003 at 06:20:49PM -0500, Toxik - Fabian Rodriguez wrote: > I'd like to know if there are any open source IM clients supporting > OpenPGP via GnuPG or else, for Windows ? > > I'd prefer something jabber-based, I currently use Trillian for ICQ > and MSN Messenger integration. It has support for encryption but is > not OpenPGP compliant. Jabber does (did?) have OpenPGP support in the protocol. The only client I know of offhand that implemented it is Gabber, which doesn't run on Windows. I heard a story that Jabber was dropping OpenPGP support and using something they came up with internally instead - I don't know more than that (and it may not even be true). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Todd Wed Jan 8 00:48:02 2003 From: Todd (Todd) Date: Wed Jan 8 00:48:02 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: References: Message-ID: <20030107234930.GQ9502@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Toxik - Fabian Rodriguez wrote: > I'd like to know if there are any open source IM clients supporting > OpenPGP via GnuPG or else, for Windows ? I don't use IM much, but I did spend some time recently trying to find a suitable IM program with OpenPGP support. I'd consider using IM if there were good end-to-end crypto support. There's a plugin for gaim (which does jabber and other protocols): http://gaim-e.sourceforge.net/ There's also gabber, which I'm told is a nice jabber client. Unfortunately the gpg support only works for 1.0.6 or older. :( http://gabber.sourceforge.net/ http://sourceforge.net/tracker/?group_id=1934&atid=101934&func=detail&aid=557852 https://sourceforge.net/mailarchive/forum.php?thread_id=738750&forum_id=7209 I haven't used either much at all. I started working with gabber until I ran into the problem of it not running with 1.0.7 and up. I'm not much for downgrading just for IM support that I don't use much at all. I should've tried gaim-e first, maybe it works better. I don't know, I ran out of time and patience following the 'crypto IM' tangent that day. :) I was also a little concerned with this quote from gabber's lead developer, Julian Missig: "I do not keep up with GnuPG at all, and I don't know too much about it to begin with." That doesn't inspire confidence that the gpg support will be done with the sort of attention to detail you'd want in a crypto app. :) Perhaps someone with a better eye toward secure programming could lend a hand to the gabber folks to help them get up and running with gpgme? Anyway, HTH. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz ============================================================================ I believe in the noble, aristocratic art of doing absolutely nothing. And someday, I hope to be in a position where I can do even less. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE+G2eKuv+09NZUB1oRAgqyAJ0bcgzZwlPzzWoLMdYcU3KVVn+1YgCdFgTn TFBctFWJ6cK8W8Xl1hwHWto= =kZmq -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Jan 8 00:58:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 8 00:58:02 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: <20030107234930.GQ9502@psilocybe.teonanacatl.org> References: <20030107234930.GQ9502@psilocybe.teonanacatl.org> Message-ID: <20030107235831.GH27237@jabberwocky.com> On Tue, Jan 07, 2003 at 06:49:30PM -0500, Todd wrote: > Toxik - Fabian Rodriguez wrote: > > I'd like to know if there are any open source IM clients supporting > > OpenPGP via GnuPG or else, for Windows ? > > I don't use IM much, but I did spend some time recently trying to find a > suitable IM program with OpenPGP support. I'd consider using IM if there > were good end-to-end crypto support. > > There's a plugin for gaim (which does jabber and other protocols): > > http://gaim-e.sourceforge.net/ > > There's also gabber, which I'm told is a nice jabber client. Unfortunately > the gpg support only works for 1.0.6 or older. :( This was a bug in GnuPG. It only applies to 1.0.7. 1.2.0 and later should work properly with Gabber. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Todd Wed Jan 8 01:14:02 2003 From: Todd (Todd) Date: Wed Jan 8 01:14:02 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: <20030107235831.GH27237@jabberwocky.com> References: <20030107234930.GQ9502@psilocybe.teonanacatl.org> <20030107235831.GH27237@jabberwocky.com> Message-ID: <20030108001527.GR9502@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > On Tue, Jan 07, 2003 at 06:49:30PM -0500, Todd wrote: [...] > > There's also gabber, which I'm told is a nice jabber client. Unfortunately > > the gpg support only works for 1.0.6 or older. :( > > This was a bug in GnuPG. It only applies to 1.0.7. 1.2.0 and later > should work properly with Gabber. Cool, that's nice to know. I might have to install 1.2.1 and mess around with gabber some more then. Thanks for the update David! - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz ============================================================================ Everything the government touches turns to crap. -- Ringo Starr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE+G22fuv+09NZUB1oRAvYiAKDlRm2641MZrXsdlHPtW8k3ncIGwwCfX2XQ /lCOn1qX1i7BGeM0T591ahQ= =a4YK -----END PGP SIGNATURE----- From bminton@efn.org Wed Jan 8 03:39:02 2003 From: bminton@efn.org (Brian Minton) Date: Wed Jan 8 03:39:02 2003 Subject: armoring without encrypting or signing? In-Reply-To: <20030107233022.GF27237@jabberwocky.com> References: <200301072321.h07NLPhW016218@mailserver2.hushmail.com> <20030107233022.GF27237@jabberwocky.com> Message-ID: <20030108023829.GA13145@bminton.dyn.cheapnet.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jan 07, 2003 at 06:30:22PM -0500, David Shaw wrote: > gpg --enarmor > > gpg --dearmor I didn't know about these commands, I used gpg -a --store to do it though. I do notice the difference in the output though. - --store makes an openpgp message with nothing but a data literal packet, while gpg --enarmor does base64 conversion and checksumming only. To me, it seems that -a --store is more user friendly, as no special command is required, gpg knows what to do with it by default. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+G48kcieIIFcDdHIRAtdkAKC/kzNUimBSIocq52umLXgM+zca1ACg07B5 jjQgOGxDANXyeVgydmOxSpg= =xn7Z -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Jan 8 03:55:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 8 03:55:01 2003 Subject: armoring without encrypting or signing? In-Reply-To: <20030108023829.GA13145@bminton.dyn.cheapnet.net> References: <200301072321.h07NLPhW016218@mailserver2.hushmail.com> <20030107233022.GF27237@jabberwocky.com> <20030108023829.GA13145@bminton.dyn.cheapnet.net> Message-ID: <20030108025613.GK27237@jabberwocky.com> On Tue, Jan 07, 2003 at 09:38:29PM -0500, Brian Minton wrote: > On Tue, Jan 07, 2003 at 06:30:22PM -0500, David Shaw wrote: > > gpg --enarmor > > > > gpg --dearmor > > I didn't know about these commands, I used gpg -a --store to do > it though. I do notice the difference in the output though. > - --store makes an openpgp message with nothing but a data literal > packet, while gpg --enarmor does base64 conversion and > checksumming only. To me, it seems that -a --store is more user > friendly, as no special command is required, gpg knows what to do > with it by default. Good point. Using gpg --armor --store also works more smoothly with PGP. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From johnny-5@ihug.co.nz Wed Jan 8 09:07:01 2003 From: johnny-5@ihug.co.nz (Stephen Kao) Date: Wed Jan 8 09:07:01 2003 Subject: Fw: GnuGP for Windows Message-ID: <002a01c2b6ee$08364040$050a0a0a@numbers> Hi Every, While I waiting for reply on this problem, I found some one else has the same problem posted to the list but there is no followup. But anyway I try to apply Windows 2000 SP3 to my machine, and the problem is solve. My OS is Windows 2000 professional version, and the service I download the complete service pack. Regards, Stephen ----- Original Message ----- From: "Werner Koch" To: "Stephen Kao" Sent: Wednesday, January 08, 2003 6:00 AM Subject: Re: GnuGP for Windows > On Tue, 31 Dec 2002 17:46:51 +1300, Stephen Kao said: > > > I hope you don't mind I wrote directly to you. > > Can you please redirect it to gnupg-users@gnupg.org? I am not really > an Windows expert and especially can't easily debug it (or reproduce > it at all). > > > The error message said something like The instruction at 0x77df9877 referenced memory at 0xa5a5a5c1. The memory could not be "written" > > Are you sue that your memory and CPU is sane? The bit pattern look a > bit suspicious. > > > I got VC++ install on my machine, should I recompile it from source? > > My system is Windows 2000 SP2, 256MB of RAM. Should I upgrade my system to SP3 > > It is not trivial to build it using VC++. Please try on another > machine first. > > > > Salam-Shalom, > > Werner > > From odisio@icp.inpg.fr Wed Jan 8 10:49:01 2003 From: odisio@icp.inpg.fr (Matthias Odisio) Date: Wed Jan 8 10:49:01 2003 Subject: decrypt is not de-encrypt and then verify ? Message-ID: Hello, (Thank you David for your reply to my former message.) In the manual, decrypt is told to decrypt the message and then to verify it if it is signed. The following make me think it may not be strictly the same : 0. Consider a text file f.txt 1. clearsign it: gpg -o fs.txt --clearsign f.txt 2. modify fs.txt by adding lines in the beginning (some mailers -- possibly mis-configurated :) -- do that!) ****************************** some garbage lines -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [...] -----BEGIN PGP SIGNATURE----- [...] -----END PGP SIGNATURE----- ******************************* 3. encrypt fs.txt: gpg -o fse.txt --armor --encrypt fs.txt 4. decrypt fse.txt: gpg -o fsed.txt --decrypt fse.txt decrypt don't verify signature 5. verify signature: gpg --verify fsed.txt gpg was able to perform the verification ! PGP handling by mailers appears to be quite drafty by now, and maybe that could explain misfunctionnements when sending message. In the case considered above, the mailer seems to add these 3 "garbage" lines : *** Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit *** By the way, I've subscribed to this mailing list now, so you don't need any more to cc me on reply. Matthias From Jon.Gilvar@fmr.com Wed Jan 8 11:26:02 2003 From: Jon.Gilvar@fmr.com (Gilvar, Jon) Date: Wed Jan 8 11:26:02 2003 Subject: GNUPG 1.0.6 --passphrase-fd Message-ID: I apparently don't have a clue and am proving it with my following request. I am trying to script an automated procedure on Solaris 5.8 to unencrypt a gnupg file. I am getting hung up on the --passphrase-fd (n) command; the documentation for this command is somewhat lacking, I have found some external references on what (n) is used for; none of which work correctly. I have verbose logging on; these are the scrapes from the outputs. root@mmksun5[/XXXX/bin/gnugp/bin] $ ./gpg --homedir /XXXX/bin/keys_lib/ --debug-all --passphrase-fd 3 /XXXX/bin/gnugp/bin/pass/pf -o /XXXX/bin/gnugp/bin/testout/jon.gpg -d /XXXX/bin/gnugp/bin/testin/draf.pgp gpg: reading options from `/XXXX/bin/keys_lib//options' gpg: DBG: fd_cache_open (/XXXX/bin/keys_lib//secring.gpg) miss gpg: DBG: iobuf-1.0: open `/XXXX/bin/keys_lib//secring.gpg' fd=4 gpg: DBG: iobuf-1.0: close `file_filter(fd)' gpg: DBG: /XXXX/bin/keys_lib//secring.gpg: close fd 4 gpg: DBG: fd_cache_close (/XXXX/bin/keys_lib//secring.gpg) new gpg: DBG: fd_cache_open (/XXXX/bin/keys_lib//pubring.gpg) miss gpg: DBG: iobuf-2.0: open `/XXXX/bin/keys_lib//pubring.gpg' fd=5 gpg: DBG: iobuf-2.0: close `file_filter(fd)' gpg: DBG: /XXXX/bin/keys_lib//pubring.gpg: close fd 5 gpg: DBG: fd_cache_close (/XXXX/bin/keys_lib//pubring.gpg) new Reading passphrase from file descriptor 3 ...gpg: out of secure memory while allocating 1800 bytes gpg: (this may be caused by too many secret keys used simultaneously or due to excessive large key sizes) root@mmksun5[/XXXX/bin/gnugp/bin] $ ./gpg --homedir /XXXX/bin/keys_lib/ --debug-all --passphrase-fd 0 /XXXX/bin/gnugp/bin/pass/pf2 -o /XXXX/bin/gnugp/bin/testout/jon.gpg -d /XXXX/bin/gnugp/bin/testin/draf.pgp gpg: reading options from `/XXXX/bin/keys_lib//options' gpg: DBG: fd_cache_open (/XXXX/bin/keys_lib//secring.gpg) miss gpg: DBG: iobuf-1.0: open `/XXXX/bin/keys_lib//secring.gpg' fd=4 gpg: DBG: iobuf-1.0: close `file_filter(fd)' gpg: DBG: /XXXX/bin/keys_lib//secring.gpg: close fd 4 gpg: DBG: fd_cache_close (/XXXX/bin/keys_lib//secring.gpg) new gpg: DBG: fd_cache_open (/XXXX/bin/keys_lib//pubring.gpg) miss gpg: DBG: iobuf-2.0: open `/XXXX/bin/keys_lib//pubring.gpg' fd=5 gpg: DBG: iobuf-2.0: close `file_filter(fd)' gpg: DBG: /XXXX/bin/keys_lib//pubring.gpg: close fd 5 gpg: DBG: fd_cache_close (/XXXX/bin/keys_lib//pubring.gpg) new Reading passphrase from file descriptor 0 ... At this point the PID just stays in this state; Hung. Any suggestions would be much appreciated. I can get the process to work if I create a key with no Passphrase, but dosent that negate the PGP process or is the Passphrase only part of the PGP process.? Reguards Jon.... From rjbs-gnupg@lists.manxome.org Wed Jan 8 11:26:08 2003 From: rjbs-gnupg@lists.manxome.org (Ricardo SIGNES) Date: Wed Jan 8 11:26:08 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: References: Message-ID: <20030107235622.GA32725@manxome.org> --zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 07, 2003 at 06:20:49PM -0500, Toxik - Fabian Rodriguez wrote: > I'd like to know if there are any open source IM clients supporting > OpenPGP via GnuPG or else, for Windows ? >=20 > I'd prefer something jabber-based, I currently use Trillian for ICQ > and MSN Messenger integration. It has support for encryption but is > not OpenPGP compliant. http://www.gnu.org/directory/security/crypt/gaim-e.html --=20 rjbs --zhXaljGHf11kAtnf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+G2kmoA6gqbLkFXERAu8EAJ9/XgZs8+BdsNKXPw8HELGDzJHAQQCgl9Mo Mf5rf+j5LOPiNj7KXSsCaps= =iSpc -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf-- From jonas@gazonk.org Wed Jan 8 11:26:14 2003 From: jonas@gazonk.org (Jonas Bofjall) Date: Wed Jan 8 11:26:14 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: <20030107234930.GQ9502@psilocybe.teonanacatl.org> References: <20030107234930.GQ9502@psilocybe.teonanacatl.org> Message-ID: > I don't use IM much, but I did spend some time recently trying > to find a suitable IM program with OpenPGP support. I'd consider The upcoming next version of Psi will feature OpenPGP-support using GPGME according to its author: http://psi.sf.net/ From wk@gnupg.org Wed Jan 8 11:36:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Jan 8 11:36:02 2003 Subject: decrypt is not de-encrypt and then verify ? In-Reply-To: (Matthias Odisio's message of "Wed, 8 Jan 2003 10:58:48 +0100 (CET)") References: Message-ID: <87y95w2akr.fsf@alberti.g10code.de> On Wed, 8 Jan 2003 10:58:48 +0100 (CET), Matthias Odisio said: > The following make me think it may not be strictly the same : > 0. Consider a text file f.txt > 1. clearsign it: gpg -o fs.txt --clearsign f.txt You created an arbitrary file which happens to contain an OpenPGP signed text. > 3. encrypt fs.txt: gpg -o fse.txt --armor --encrypt fs.txt You encrypted that file, but did not signed it. > 4. decrypt fse.txt: gpg -o fsed.txt --decrypt fse.txt > decrypt don't verify signature gpg can't verify a signature becuase there is no signature. The data you encrypted is opaque to gpg; it does not look into it. > 5. verify signature: gpg --verify fsed.txt > gpg was able to perform the verification ! You checked an entirely different file; the one you create in step 1. > PGP handling by mailers appears to be quite drafty by now, and maybe that > could explain misfunctionnements when sending message. In the case No. There are 3 approaches to send an encrypted an encrypted and signed message: 1. Classic PGP armor (gpg -sea) 2. PGP/MIME with combined encryptedn and signature. 3. Regular PGP/MIME where the signature is encapsulated into a MIME object and that MIME object is than encrypted and encapsulated into another MIME object. 2 and 3 are suggested; 3 has the advantage that it fits better with the MIME framework and that it allows to strip the encryption header. See RFC3156 for details. Most Windows mailers don't support 2 and 3, though. What you did is similar to 3 but without using the correct MIME syntax. MIME has the advantage that the sematics of the encrypted data is known, and thus the mailer can do the Right Thing. > considered above, the mailer seems to add these 3 "garbage" lines : > *** > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 8bit That's no garbage, but meta information about the message; see rfc2882. Shalom-Salam, Werner From wk@gnupg.org Wed Jan 8 13:34:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Jan 8 13:34:02 2003 Subject: GNUPG 1.0.6 --passphrase-fd In-Reply-To: ("Gilvar, Jon"'s message of "Tue, 7 Jan 2003 11:41:40 -0500") References: Message-ID: <87iswz3jo7.fsf@alberti.g10code.de> On Tue, 7 Jan 2003 11:41:40 -0500, Gilvar, Jon said: > gnupg file. I am getting hung up on the --passphrase-fd (n) command; the > documentation for this command is somewhat lacking, I have found some > external references on what (n) is used for; none of which work correctly. Programmers usually know what a file descriptor is; it is one of the essential concepts of Unix. echo "my passphrase" | gpg --passphrase-fd 0 The pipe symbol (|) connects the file descriptor 0 of gpg (aka stdin) with the output file descriptor of echo (aka stdout). --passphrase-fd 0 tells gpg to expect the passphrase on file descriptor 0. > gpg: DBG: fd_cache_close (/XXXX/bin/keys_lib//pubring.gpg) new > Reading passphrase from file descriptor 3 ...gpg: out of secure memory while > allocating 1800 bytes > gpg: (this may be caused by too many secret keys used simultaneously or due > to excessive large key sizes) No, becuase the passphrase is getting to large (the stuff you sent to stdin) > I can get the process to work if I create a key with no Passphrase, but > dosent that negate the PGP process or is the Passphrase only part of the PGP The passphrase is only used to protect the secret key stored on your hard disk, so that if someone gets unauthorized access to your account, he can't use the secret key instantly (has to guess your passphrase first or install a trojan to snoop for it, the next time you use the system). So for an unattended application it does not make much sense to have a passphrase at all. The FAQ (see www.gnupg.org) has also some hints on it. Salam-Shalom, Werner From George@Schoelles.com Wed Jan 8 14:40:02 2003 From: George@Schoelles.com (George Schoelles) Date: Wed Jan 8 14:40:02 2003 Subject: GnuGP for Windows In-Reply-To: <002a01c2b6ee$08364040$050a0a0a@numbers> References: <002a01c2b6ee$08364040$050a0a0a@numbers> Message-ID: <20030108052833.B230.GEORGE@Schoelles.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had a similar problem that was corrected by using the gnupg version supplied at http://www.nullify.org/. Good luck. > My OS is Windows 2000 professional version, and the service I download the > complete > service pack. > > Regards, > Stephen - -- George Schoelles -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1-nr1 (Windows 2000) - GPGshell v2.65 Comment: pgp/gnupg R used to provide security and privacy iD8DBQE+HCg69kpknr9AVYMRAjI4AKCnVsdTDDA6Caaoz+g7jKekY2FGRACgnOGB JFc2jq+U5BnspZSnMjYesNo= =si7A -----END PGP SIGNATURE----- From wk@gnupg.org Wed Jan 8 14:46:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Jan 8 14:46:02 2003 Subject: ftp.gnupg.org down Message-ID: <8765sz3gdk.fsf@alberti.g10code.de> Hi! The primary FTP server has a problem, we are fixing it ASAP. In the meantime, please use one of the mirrors (see the website for a list of them). Fortunately the Web server is this time up and running ;-) Salam-Shalom, Werner From avbidder@fortytwo.ch Wed Jan 8 15:05:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jan 8 15:05:02 2003 Subject: gnupg and subkeys In-Reply-To: <87ptr84qh7.fsf@alberti.g10code.de> References: <1041969837.960.83.camel@altfrangg.fortytwo.ch> <87ptr84qh7.fsf@alberti.g10code.de> Message-ID: <1042034806.19716.7.camel@papillon.fortytwo.ch> --=-iLT/grjro4Nww2N/Jd8y Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2003-01-07 at 22:09, Werner Koch wrote: > On 07 Jan 2003 21:03:58 +0100, Adrian 'Dagurashibanipal' von Bidder said: > > * secret key merging: I'd consider this one a bug and not just a ui > > inconvenience: > .... > > where testuser.c is the crippled and testuser.s the full secret key. >=20 > I don't understand this. When I have two secret keys differing in the subkeys (or in the presence of the primary), gpg can't import both secret keys to produce one merged secret key. After the first secret key import, it will always say something along the lines of 'secret key already present'. HTH. cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg --=-iLT/grjro4Nww2N/Jd8y Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+HDB2Kqpm2L3fmXoRAsAGAJ9MguEWhhK5m+zQU+n6LGRw9Ue40wCgv7G2 HaRntpYGeN1sPE+l94mC7tc= =iw0d -----END PGP SIGNATURE----- --=-iLT/grjro4Nww2N/Jd8y-- From Fabian.Rodriguez@Toxik.com Wed Jan 8 16:52:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Wed Jan 8 16:52:02 2003 Subject: IM client FOR WINDOWS with GnuPG support ? In-Reply-To: <20030107235622.GA32725@manxome.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I realize there's a lot non-Windows users here. I know about the Linux clients. I am NOT interested in those but only in WINDOWS IM clients with gnupg support. Sorry if that wasn't very clear from the start. I'll be sumamrizing my findings here next week. Take care, Fabian Rodriguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 > -----Original Message----- > From: Ricardo SIGNES > Sent: Tuesday, January 07, 2003 6:56 PM [...] > http://www.gnu.org/directory/security/crypt/gaim-e.html -----BEGIN PGP SIGNATURE----- iD8DBQE+HEi2fUcTXFrypNURApT9AJ9pnGv8ip8DqXBI3cVx9l+IDS6/0QCg6rSt ciN9/Pq75s2IhMOo+Pq4AYQ= =VK2p -----END PGP SIGNATURE----- From Fabian.Rodriguez@Toxik.com Wed Jan 8 17:07:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Wed Jan 8 17:07:02 2003 Subject: Clearsign problem In-Reply-To: <5.2.0.9.0.20021225235133.00aad330@10.0.0.3> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Check the charset you use when sending the email. I see there's a special char. in your signature (...Løwe), which may be converted while in transit, which is a cause for sig verification failure. Fabián Rodríguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 > -----Original Message----- > From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On > Behalf Of Andreas Løwe > Sent: Wednesday, December 25, 2002 6:12 PM > To: gnupg-users@gnupg.org > Subject: Clearsign problem > > > Hi, I have a minior problem that I would classify as a bit strange. > When I send a clearsigned email with eudora (my prefered email client) > my signature becomes "bad" and this does not happen when I send > a signed email only clearsigned emails. > > Any suggestions? > > - Andreas Løwe > > The sentence below this one is true. -----BEGIN PGP SIGNATURE----- iD8DBQE+HEnofUcTXFrypNURApPbAKCMnorHPU8aH9caotqsS49T23VEKwCg+drq vJmRKdMAJa8nW6jcGCBaAnI= =F4Ir -----END PGP SIGNATURE----- From vedaal@hush.com Wed Jan 8 17:10:15 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Wed Jan 8 17:10:15 2003 Subject: armoring without encrypting or signing? Message-ID: <200301081611.h08GBBLZ060023@mailserver2.hushmail.com> Message: 11 >Date: Tue, 7 Jan 2003 18:30:22 -0500 >From: David Shaw >To: gnupg-users@gnupg.org >Subject: Re: armoring without encrypting or signing? >On Tue, Jan 07, 2003 at 03:21:23PM -0800, vedaal@hush.com wrote: > is there a way to do this in gnupg? > {an equivalent to the pgp -d command, or any other way? >gpg --enarmor >gpg --dearmor Thanks!! I love it!!! using: gpg --enarmor d:\addendO.doc produced d:\addendO.asc opening the file in notepad to see what the armoring looks like, gives: -----BEGIN PGP ARMORED FILE----- Version: GnuPG v1.2.1-nr1 (Windows 98) Comment: Acts of Kindness better the World, and protect the Soul Comment: Use "gpg --dearmor" for unpacking .. -----END PGP ARMORED FILE----- using gpg --dearmor d:\addendO.asc gives d:\addendO.gpg renaming it to d:\addendO.doc restores the original file questions: [1] does this work for all versions of gnupg ? [2] the header PGP ARMORED FILE where is it described? {could not find it in rfc 2440} requests/suggestions: [1] could gnupg list the original filename extension after the dearmor command is used? [2] when this gets into the man.page, the user needs to know to rename the file after dearmoring {ok if not, as the sender can alert the receiver what it was and how to change it back} Thanks Again! with Respect, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From dshaw@jabberwocky.com Wed Jan 8 18:13:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 8 18:13:02 2003 Subject: armoring without encrypting or signing? In-Reply-To: <200301081611.h08GBBLZ060023@mailserver2.hushmail.com> References: <200301081611.h08GBBLZ060023@mailserver2.hushmail.com> Message-ID: <20030108171331.GD7403@jabberwocky.com> On Wed, Jan 08, 2003 at 08:11:11AM -0800, vedaal@hush.com wrote: > > Message: 11 > >Date: Tue, 7 Jan 2003 18:30:22 -0500 > >From: David Shaw > >To: gnupg-users@gnupg.org > >Subject: Re: armoring without encrypting or signing? > > >On Tue, Jan 07, 2003 at 03:21:23PM -0800, vedaal@hush.com wrote: > > > is there a way to do this in gnupg? > > {an equivalent to the pgp -d command, or any other way? > > >gpg --enarmor > > >gpg --dearmor > > Thanks!! I love it!!! > > using: > gpg --enarmor d:\addendO.doc > produced > d:\addendO.asc > > opening the file in notepad to see what the armoring looks like, gives: > > -----BEGIN PGP ARMORED FILE----- > Version: GnuPG v1.2.1-nr1 (Windows 98) > Comment: Acts of Kindness better the World, and protect the Soul > Comment: Use "gpg --dearmor" for unpacking > > .. > -----END PGP ARMORED FILE----- > > using > gpg --dearmor d:\addendO.asc > gives > d:\addendO.gpg > > renaming it to d:\addendO.doc restores the original file > > questions: > [1] does this work for all versions of gnupg ? All recent versions.. I don't know when the feature was added. > [2] the header PGP ARMORED FILE > where is it described? {could not find it in rfc 2440} It's not. This is a GnuPG-specific feature. As it happens, PGP can usually handle it, but that is not guaranteed of course. You're better off using Brian Minton's suggestion of "--armor --store". That will work with PGP. The filename problem you are having can be fixed if you are using GnuPG 1.2.2. Use --no-mangle-dos-filenames. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Wed Jan 8 19:56:01 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Jan 8 19:56:01 2003 Subject: gnupg and subkeys In-Reply-To: <1042034806.19716.7.camel@papillon.fortytwo.ch> (Adrian 'Dagurashibanipal' von Bidder's message of "08 Jan 2003 15:06:46 +0100") References: <1041969837.960.83.camel@altfrangg.fortytwo.ch> <87ptr84qh7.fsf@alberti.g10code.de> <1042034806.19716.7.camel@papillon.fortytwo.ch> Message-ID: <873co31ngm.fsf@alberti.g10code.de> On 08 Jan 2003 15:06:46 +0100, Adrian 'Dagurashibanipal' von Bidder said: > When I have two secret keys differing in the subkeys (or in the presence > of the primary), gpg can't import both secret keys to produce one merged > secret key. After the first secret key import, it will always say You mean you already have a secret key with a dummy primary one (created using --export-secret-subkeys) and then you try to import the the full secret key. This is indeed poossible. The workaround is to delete the existing key first. It does not make much sense to merge secret keys because we assume that you always know where your most recent and up to date secret key is stored. The entire secret key stuff will be changed in 1.9 and so I don't see a reason to fix something now - it would make the code more complex which is bad especially when dealing with secret keys. Shalom-Salam, Werner From wk@gnupg.org Wed Jan 8 20:00:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Jan 8 20:00:02 2003 Subject: armoring without encrypting or signing? In-Reply-To: <20030108171331.GD7403@jabberwocky.com> (David Shaw's message of "Wed, 8 Jan 2003 12:13:32 -0500") References: <200301081611.h08GBBLZ060023@mailserver2.hushmail.com> <20030108171331.GD7403@jabberwocky.com> Message-ID: <87znqbzcvy.fsf@alberti.g10code.de> On Wed, 8 Jan 2003 12:13:32 -0500, David Shaw said: > All recent versions.. I don't know when the feature was added. I added this because it was required by the test suite and to have only text files in the tarball. > It's not. This is a GnuPG-specific feature. As it happens, PGP can > usually handle it, but that is not guaranteed of course. Its actual pretty trivial: Add the header lines, base64-encode the stuff and append a header line. You would be able to do everything with standard Posix tools execpt for the armor checksum which is OpenPGP specific. From dshaw@jabberwocky.com Wed Jan 8 20:24:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 8 20:24:02 2003 Subject: gnupg and subkeys In-Reply-To: <873co31ngm.fsf@alberti.g10code.de> References: <1041969837.960.83.camel@altfrangg.fortytwo.ch> <87ptr84qh7.fsf@alberti.g10code.de> <1042034806.19716.7.camel@papillon.fortytwo.ch> <873co31ngm.fsf@alberti.g10code.de> Message-ID: <20030108192446.GJ7403@jabberwocky.com> On Wed, Jan 08, 2003 at 07:54:49PM +0100, Werner Koch wrote: > On 08 Jan 2003 15:06:46 +0100, Adrian 'Dagurashibanipal' von Bidder said: > > > When I have two secret keys differing in the subkeys (or in the presence > > of the primary), gpg can't import both secret keys to produce one merged > > secret key. After the first secret key import, it will always say > > You mean you already have a secret key with a dummy primary one > (created using --export-secret-subkeys) and then you try to import the > the full secret key. This is indeed poossible. The workaround is to > delete the existing key first. It does not make much sense to merge > secret keys because we assume that you always know where your most > recent and up to date secret key is stored. I think what he means is: Given secret key A, with subkeys A1 and A2, if you import "A+A1", you can not then import "A+A2" to create "A+A1+A2". You can only do that with public keys. For secret keys, you need to use gpgsplit and manually assemble "A+A1+A2" for import. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From ethompson@nbr.org Wed Jan 8 20:35:02 2003 From: ethompson@nbr.org (Erick Thompson) Date: Wed Jan 8 20:35:02 2003 Subject: .NET library Message-ID: <02d001c2b74d$2eb7afb0$5301a8c0@NBROFFICE.ORG> Is anyone working at creating a managed .NET wrapper for the gnupg library? I think it would be very useful. Thanks, Erick From twoaday@freakmail.de Wed Jan 8 20:57:02 2003 From: twoaday@freakmail.de (Timo Schulz) Date: Wed Jan 8 20:57:02 2003 Subject: .NET library In-Reply-To: <02d001c2b74d$2eb7afb0$5301a8c0@NBROFFICE.ORG> References: <02d001c2b74d$2eb7afb0$5301a8c0@NBROFFICE.ORG> Message-ID: <20030108200403.GB4582@daredevil.joesixpack.net> On Wed Jan 08 2003; 11:36, Erick Thompson wrote: > Is anyone working at creating a managed .NET wrapper for the gnupg library? > I think it would be very useful. Do you mean a wrapper for the GPGME lib or what gnupg lib you talk about? AFAIK nobody even started a W32 project based on any GPG code. The only Windows project which use GPGME is WinPT I guess. I still work on GPGCOM+ but it's not ready for a public release yet. In any case this is something for gnupg-devel... Timo From wk@gnupg.org Wed Jan 8 21:00:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Jan 8 21:00:02 2003 Subject: gnupg and subkeys In-Reply-To: <20030108192446.GJ7403@jabberwocky.com> (David Shaw's message of "Wed, 8 Jan 2003 14:24:46 -0500") References: <1041969837.960.83.camel@altfrangg.fortytwo.ch> <87ptr84qh7.fsf@alberti.g10code.de> <1042034806.19716.7.camel@papillon.fortytwo.ch> <873co31ngm.fsf@alberti.g10code.de> <20030108192446.GJ7403@jabberwocky.com> Message-ID: <87r8bnza4s.fsf@alberti.g10code.de> On Wed, 8 Jan 2003 14:24:46 -0500, David Shaw said: > Given secret key A, with subkeys A1 and A2, if you import "A+A1", you > can not then import "A+A2" to create "A+A1+A2". You can only do that > with public keys. For secret keys, you need to use gpgsplit and > manually assemble "A+A1+A2" for import. Should we really fix this. This requires a complex secret key management and thus it is insecure. There is nothing you gain from splitting you secret keyparts to several files. I think it is far better to have just one master copy with the key and export the subkeys you require. An enhanced --export-secret-subkeys command where you can specify which subkeys to export would indeed be useful. Shalom-Salam, Werner From ethompson@nbr.org Wed Jan 8 21:08:02 2003 From: ethompson@nbr.org (Erick Thompson) Date: Wed Jan 8 21:08:02 2003 Subject: .NET library References: <02d001c2b74d$2eb7afb0$5301a8c0@NBROFFICE.ORG> <20030108200403.GB4582@daredevil.joesixpack.net> Message-ID: <02fd01c2b751$c53e3ea0$5301a8c0@NBROFFICE.ORG> > On Wed Jan 08 2003; 11:36, Erick Thompson wrote: > > > Is anyone working at creating a managed .NET wrapper for the gnupg library? > > I think it would be very useful. > > Do you mean a wrapper for the GPGME lib or what gnupg lib you talk about? I was thinking GPGME, as it seems to be the best general purpose library. > AFAIK nobody even started a W32 project based on any GPG code. The only > Windows project which use GPGME is WinPT I guess. I still work on > GPGCOM+ but it's not ready for a public release yet. I haven't run across that project before. > In any case this is something for gnupg-devel... Good point. I won't pollute this list any further. Erick From floods@libero.it Wed Jan 8 21:24:02 2003 From: floods@libero.it (Davide Cavallari) Date: Wed Jan 8 21:24:02 2003 Subject: gpg in cygwin environement Message-ID: <20030108212446.G933@frog> I've installed gpg on a cygwin environement running on windows2000 (I want to use mutt and lots of other unix-like programs). Could you please tell me what security issues I need to consider (secret key managment, passphrase kept temporary in RAM.. I don't know..) -- Thkz a lot, Davide Cavallari LATITANTI - Poligoni con moltissime facce. From avbidder@fortytwo.ch Wed Jan 8 21:36:01 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jan 8 21:36:01 2003 Subject: gnupg and subkeys In-Reply-To: <87r8bnza4s.fsf@alberti.g10code.de> References: <1041969837.960.83.camel@altfrangg.fortytwo.ch> <87ptr84qh7.fsf@alberti.g10code.de> <1042034806.19716.7.camel@papillon.fortytwo.ch> <873co31ngm.fsf@alberti.g10code.de> <20030108192446.GJ7403@jabberwocky.com> <87r8bnza4s.fsf@alberti.g10code.de> Message-ID: <1042058230.1149.17.camel@altfrangg.fortytwo.ch> --=-v3a5M5PwSIkg3QK8RTBO Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-01-08 at 20:58, Werner Koch wrote: > On Wed, 8 Jan 2003 14:24:46 -0500, David Shaw said: >=20 > > Given secret key A, with subkeys A1 and A2, if you import "A+A1", you > > can not then import "A+A2" to create "A+A1+A2". You can only do that > > with public keys. For secret keys, you need to use gpgsplit and > > manually assemble "A+A1+A2" for import. Exactly. > Should we really fix this. This requires a complex secret key > management and thus it is insecure. There is nothing you gain from > splitting you secret keyparts to several files. I think it is far > better to have just one master copy with the key and export the > subkeys you require. =20 For me, it's not urgent. I do indeed have a complete master key - and I warn about this issue in my subkeys HOWTO. > An enhanced --export-secret-subkeys command where you can specify > which subkeys to export would indeed be useful. Looking forward to it, then :-) (Sorry, no, I won't be coding this myself.) cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg --=-v3a5M5PwSIkg3QK8RTBO Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4ci/YsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99ZiaQCgyDxLCnkYbkGPZUv/3KSaOoSnL8wA nj1R8eIsluiHBCDDdJDtFpD0QJNJ =mxHx -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-v3a5M5PwSIkg3QK8RTBO-- From twoaday@freakmail.de Wed Jan 8 21:37:02 2003 From: twoaday@freakmail.de (Timo Schulz) Date: Wed Jan 8 21:37:02 2003 Subject: .NET library In-Reply-To: <02fd01c2b751$c53e3ea0$5301a8c0@NBROFFICE.ORG> References: <02d001c2b74d$2eb7afb0$5301a8c0@NBROFFICE.ORG> <20030108200403.GB4582@daredevil.joesixpack.net> <02fd01c2b751$c53e3ea0$5301a8c0@NBROFFICE.ORG> Message-ID: <20030108204501.GA5696@daredevil.joesixpack.net> On Wed Jan 08 2003; 12:08, Erick Thompson wrote: > > Windows project which use GPGME is WinPT I guess. I still work on > > GPGCOM+ but it's not ready for a public release yet. > > I haven't run across that project before. It was part of the GPGME CVS repository but due to a project which needed native W32 COM+ support, I decided to use the source for a ATL COM project. Some things are not easy to implement with the MingW32/CPD in the COM world so I switched to Visual C/C++. If you are interested in it, I can send you the code, it's GPLed. For the case you need more information, you can contact me directly because I'm not sure if gnupg-devel is the right place for it. Timo From hhekim@mail.com Wed Jan 8 23:18:02 2003 From: hhekim@mail.com (Hakan Hekim) Date: Wed Jan 8 23:18:02 2003 Subject: How to do.......... Message-ID: <20030108221824.79405.qmail@mail.com> Hi, I have too much public keys and I do not want to import all of them but I want to use them from a file whenever I need. Is it possible? If yes how can I do it? Thanks -------------------------------- If there is no wind, row.... -------------------------------- -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Meet Singles http://corp.mail.com/lavalife From lweand@nith.no Thu Jan 9 01:27:02 2003 From: lweand@nith.no (Andreas Løwe) Date: Thu Jan 9 01:27:02 2003 Subject: IM client FOR WINDOWS with GnuPG support ? In-Reply-To: References: <20030107235622.GA32725@manxome.org> Message-ID: <5.2.0.9.0.20030109011926.00aacac0@10.0.0.3> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Short answer to your question: NONE Long answer: yes, BUT(!) you have to compile it yourself if you have the right tools etc .... >I realize there's a lot non-Windows users here. I know about the >Linux clients. I am NOT interested in those but only in WINDOWS IM >clients with gnupg support. - -- Andreas Løwe The sentence below this one is true. The sentence above this one is false. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1-nr1 (Windows 2000) - WinPT 0.7.93 Comment: http://nerull.no-ip.com/public_key.asc iD8DBQE+HMGYEXhcevmzlFYRAmFKAJ9zXZrOJf8FHNm6JvBnrpjuIfTZ2QCfeESV /yNcDpQ2J5dX6gZtzKsD6LQ= =bzKq -----END PGP SIGNATURE----- From avbidder@fortytwo.ch Thu Jan 9 10:08:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Jan 9 10:08:02 2003 Subject: How to do.......... In-Reply-To: <20030108221824.79405.qmail@mail.com> References: <20030108221824.79405.qmail@mail.com> Message-ID: <1042103353.20703.2.camel@papillon.fortytwo.ch> --=-8B+Lu1DCVCQvb1ERH2s+ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-01-08 at 23:18, Hakan Hekim wrote: > Hi, > I have too much public keys and I do not want to import all of them but = I want to use them from a file whenever I need. > Is it possible? > If yes how can I do it? You can use more than one keyring, specify with --keyring . I'm not sure how gnupg does determine in which keyring a key is imported when you use multiple keyrings; there might be some problems especially when part of the keyrings are read-only [have not played with this a long time]. cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg --=-8B+Lu1DCVCQvb1ERH2s+ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+HTw5Kqpm2L3fmXoRAiUzAJoCeP6MMrtQ3mQ1mTQPj0cgw/YkXQCfXFFM AFv9SOdRnqvP1tzG8eYkFzM= =t+4k -----END PGP SIGNATURE----- --=-8B+Lu1DCVCQvb1ERH2s+-- From thomas.lademann@siemens.com Thu Jan 9 10:25:02 2003 From: thomas.lademann@siemens.com (Thomas Lademann) Date: Thu Jan 9 10:25:02 2003 Subject: Have anyone a GNUPG for HP-UX B08.00 B ? Message-ID: <3E1D3FEE.E5C29279@siemens.com> Have anyone a precompiled version from GNUPG for HP-UX B08.00 B ? Thanks ! Thomas From wk@gnupg.org Thu Jan 9 11:52:03 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Jan 9 11:52:03 2003 Subject: How to do.......... In-Reply-To: <1042103353.20703.2.camel@papillon.fortytwo.ch> (Adrian 'Dagurashibanipal' von Bidder's message of "09 Jan 2003 10:09:13 +0100") References: <20030108221824.79405.qmail@mail.com> <1042103353.20703.2.camel@papillon.fortytwo.ch> Message-ID: <87n0may4sr.fsf@alberti.g10code.de> On 09 Jan 2003 10:09:13 +0100, Adrian 'Dagurashibanipal' von Bidder said: > You can use more than one keyring, specify with --keyring . I'm > not sure how gnupg does determine in which keyring a key is imported New keys are written to the first writable keyring. From list@daniel-luebke.de Thu Jan 9 12:11:01 2003 From: list@daniel-luebke.de (Daniel Luebke) Date: Thu Jan 9 12:11:01 2003 Subject: Deploying GnuPG into University Administration Message-ID: <3E1D5965.6030406@daniel-luebke.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello there, I'm a student at TU Clausthal and, as a member of our LUG, did a workshop for gnupg which was intended to convince students to use e-mail-encryption and signing. We had good luck and it was a great evening and so our administration asked us to do the same for them. That should be no problem but there's one question, where I'm not quite sure, what to say: Since I only used gnupg in private environments, I don't know how to centrally manage about 30 keys. 1. In my imagination there should be a central certification key which is used by the IT departement to sign all keys for the users. 2. The users should then fully trust that key, so that they needn't sign all keys of all employees. 3. The keyring should be centrally updatedable. My question how to achieve this. To create a central certification key is no problem and the administrators could modify the log on or user creation scripts accordingly, so that the central key is stored in the keyring and full ownertrust is set. But how to centrally manage all keys? One could create a central read-only keyring, which is used by gnupg where all employees' keys are stored or one could set up a keyserver?! I would like to know if anyone has deployed something similar and how they dealt with that and probably arising problems. Thanks in advance Daniel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+HVllEKRSJJognFARAuvaAJ4htFFkzC0AHoYxTdWvCORab1ymQgCdGh15 2VMzufjz2WeZxxM7QixA6Sw= =uk0C -----END PGP SIGNATURE----- From jzigna@cls.fr Thu Jan 9 13:18:02 2003 From: jzigna@cls.fr (Jean-Michel Zigna) Date: Thu Jan 9 13:18:02 2003 Subject: GnuPG and OpenVMS Message-ID: <5.1.0.14.0.20030108154845.02787fd8@pop.cls.fr> Hello, Do you know if someone is trying to run or has succeed in installing GnuPG on OpenVMS systems ? If so, can you tell me how to download a GnuPG version for OpenVMS ? Thanks. Jean-Michel ZIGNA From dlc@users.sourceforge.net Thu Jan 9 14:26:02 2003 From: dlc@users.sourceforge.net (darren chamberlain) Date: Thu Jan 9 14:26:02 2003 Subject: Deploying GnuPG into University Administration In-Reply-To: <3E1D5965.6030406@daniel-luebke.de> References: <3E1D5965.6030406@daniel-luebke.de> Message-ID: <20030109-6967a8701ebcdfe8832b6c1750c13d5d@mail.boston.com> * Daniel Luebke [2003-01-09 06:12]: > I'm a student at TU Clausthal and, as a member of our LUG, did a > workshop for gnupg which was intended to convince students to use > e-mail-encryption and signing. > We had good luck and it was a great evening and so our administration > asked us to do the same for them. Good news! > That should be no problem but there's one question, where I'm not quite > sure, what to say: Since I only used gnupg in private environments, I > don't know how to centrally manage about 30 keys. You could probably get keyserver software and run an internal keyserver. I think keyservers do all the things that you've outlined. (darren) -- Optimization hinders evolution. From avbidder@fortytwo.ch Thu Jan 9 16:01:03 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Jan 9 16:01:03 2003 Subject: Deploying GnuPG into University Administration In-Reply-To: <20030109-6967a8701ebcdfe8832b6c1750c13d5d@mail.boston.com> References: <3E1D5965.6030406@daniel-luebke.de> <20030109-6967a8701ebcdfe8832b6c1750c13d5d@mail.boston.com> Message-ID: <1042124532.1951.21.camel@altfrangg.fortytwo.ch> --=-a5aBpzXhjIVVKxDWIp88 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2003-01-09 at 14:24, darren chamberlain wrote: > > That should be no problem but there's one question, where I'm not quite > > sure, what to say: Since I only used gnupg in private environments, I > > don't know how to centrally manage about 30 keys. >=20 > You could probably get keyserver software and run an internal keyserver. > I think keyservers do all the things that you've outlined. Except distributing trust information. I think for a relatively small and homogenous group (assuming a central file server is available) a central keyring is probably easier to maintain. Distributing trust information: hmmm. Yes, distributing a default trustdb or trust setting in the default gnupg.conf on account creation is probably the only way, however, it strikes seems quite fragile: how about existing users? How about the certification key changing? This problem definitely is unsolved in the OpenGPG world (and, I feel, badly solved in the X.509 world. I can not think of a generic solution ever being implemented - trust is something everybody has to decide for themselves.) Oh, you could do this: create a key generation script for your people. This would - generate the key - publish the send the public key to the keyring manager - 'as froce as possible' the people to make a backup and create an emergency revocation cert - lsign (or even exportable sign?) the cert key, and set ownertrust - depending on your site policy, probably additional things could be done like adding a dedicated revocation key, or submitting the revocation cert to the central authority, or submitting a password-less copy of the secret key to the authority or other evil things (probably not necessary in an academical context). I think with this script available and key distribution solved, you avoid most problems. Biggest problem (in terms of actual time spent) will be users who have forgotten their password and users complaining that they can't verify some signatures or who don't know how to use their software. WARNING: I have no experience with such things whatsoever. cheers -- vbi --=20 What's the matter with the world? Why, there ain't but one thing wrong with every one of us -- and that's "selfishness." -- The Best of Will Rogers --=-a5aBpzXhjIVVKxDWIp88 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4djvQsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99aXsQCeN3+0cmkjthUShY0lH4RV1yfaAxoA oOUTXm6VLorJrhgPRR6wQCUP/5NX =o5vG -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-a5aBpzXhjIVVKxDWIp88-- From dshaw@jabberwocky.com Thu Jan 9 16:03:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 9 16:03:03 2003 Subject: How to do.......... In-Reply-To: <87n0may4sr.fsf@alberti.g10code.de> References: <20030108221824.79405.qmail@mail.com> <1042103353.20703.2.camel@papillon.fortytwo.ch> <87n0may4sr.fsf@alberti.g10code.de> Message-ID: <20030109150330.GL7403@jabberwocky.com> On Thu, Jan 09, 2003 at 11:51:32AM +0100, Werner Koch wrote: > On 09 Jan 2003 10:09:13 +0100, Adrian 'Dagurashibanipal' von Bidder said: > > > You can use more than one keyring, specify with --keyring . I'm > > not sure how gnupg does determine in which keyring a key is imported > > New keys are written to the first writable keyring. If you are running 1.3, you can also use the --primary-keyring option. This lets you specify which keyring gets new keys during an import. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Thu Jan 9 16:15:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 9 16:15:03 2003 Subject: Deploying GnuPG into University Administration In-Reply-To: <3E1D5965.6030406@daniel-luebke.de> References: <3E1D5965.6030406@daniel-luebke.de> Message-ID: <20030109151559.GM7403@jabberwocky.com> On Thu, Jan 09, 2003 at 12:13:41PM +0100, Daniel Luebke wrote: > That should be no problem but there's one question, where I'm not quite > sure, what to say: Since I only used gnupg in private environments, I > don't know how to centrally manage about 30 keys. > 1. In my imagination there should be a central certification key which > is used by the IT departement to sign all keys for the users. > 2. The users should then fully trust that key, so that they needn't sign > all keys of all employees. > 3. The keyring should be centrally updatedable. > My question how to achieve this. To create a central certification key > is no problem and the administrators could modify the log on or user > creation scripts accordingly, so that the central key is stored in the > keyring and full ownertrust is set. > But how to centrally manage all keys? One could create a central > read-only keyring, which is used by gnupg where all employees' keys are > stored or one could set up a keyserver?! A keyserver can definitely handle this. There are a handful of different keyservers available, each with advantages and disadvantages. The two main ones are: http://sourceforge.net/projects/pks/ is the "classic" keyserver that runs wwwkeys.pgp.net. It has some bugs, but basically works for common key types.... and totally mangles some other types. PGP, Inc. has a LDAP-based keyserver that has some features that makes your particular use easier (users submit their keys, the keyserver detects that they are not signed and automatically puts them on hold so they can be signed). This keyserver is not free (money) or free (speech). Ask around on the keyserver operators mailing list (pgp-keyserver-folk@flame.org), and you'll hear about some other keyservers you can use. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Thu Jan 9 17:14:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 9 17:14:02 2003 Subject: Deploying GnuPG into University Administration In-Reply-To: <1042124532.1951.21.camel@altfrangg.fortytwo.ch> References: <3E1D5965.6030406@daniel-luebke.de> <20030109-6967a8701ebcdfe8832b6c1750c13d5d@mail.boston.com> <1042124532.1951.21.camel@altfrangg.fortytwo.ch> Message-ID: <20030109161459.GO7403@jabberwocky.com> On Thu, Jan 09, 2003 at 04:02:12PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > - lsign (or even exportable sign?) the cert key, and set ownertrust .. or, since you control the gpg.conf files as each new user gets set up, stick a "trusted-key xxxxxx" in there. Simpler, and works even if the user manages to mangle their trustdb. > I think with this script available and key distribution solved, you > avoid most problems. Biggest problem (in terms of actual time spent) > will be users who have forgotten their password and users complaining > that they can't verify some signatures or who don't know how to use > their software. Users who forgot their password can have their key revoked by the CA if you are using revocation keys. > WARNING: I have no experience with such things whatsoever. I do. ;) I designed a system for a company here. It was vaguely similar to what you mention above, except it had to provide for data recovery and had to work with PGP on Windows as well. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From knut@cj.com Thu Jan 9 21:01:01 2003 From: knut@cj.com (Knut Forkalsrud) Date: Thu Jan 9 21:01:01 2003 Subject: TAB at EOL (GPG and PGP interoperability) Message-ID: I'm using GPG version 1.2.1 and some files signed using PGP 7.0.4 have caused problems. It turns out that the problem files have trailing TAB characters on some lines. All PGP versions I have tried can verify the signature easily, but GPG insists it's a BAD signature. Is this a feature or a PGP bug or a GPG bug? I have briefly looked at the FAQ, but I didn't find the answer there. Thanks in advance, Knut Forkalsrud Software Developer Commission Junction PS: Here is the public key and a sample file in case anyone wants to reproduce the case: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 7.0.3 for non-commercial use mQGiBD33/RYRBAD5WZ1Cci5U8svHfDZleuLhJVzGcg0gVTiKjLJLeQM+Nl8EQX4q 8Mv5OjlDohmN6uCwwvJDs596BBE2ZhkAr3eyA6dni+HFo8B+j/0wpa8uSWKnV78I GYc/lgrn5xIxkUYtkHQhylLyyP3oUY2VHRgQ4ROsuj/KQ9IfZCMgaJFRPwCg/ziK SMry61PXmHxwqC8GXCg88zED/jylUjBNDjv0Px4bRQVrK4MGOxfvngzSPZbirl4P wcgoHPeupv+rwqZNEd1zST2YXqk1Fm3Oe/G3BelZIFiJM0z9CHqSTTqSfvcTFX/9 UkbUeAuLnFKPWnG8E/DPz6wACruL4/wAgmiMUL4z4WKx9zQiAAcuHBQUbRRqm9MT Dej3BADyfHo2UqfkZPSNvd7HqOx31XOy4Qi+dvEYaoodcFFcjogDkIB0jaBqLgKV tKxAC/IHqZYR8T1prcMKIyu5wI01qn2D3OmqL+ZPFTsF+L6sEPfwe/Ey59TdICbl RZ7GG5pURWmGvar//YjpI6uG0WURt5spcOa4ClzOWDB4dPGJX7QaUEdQNyBVc2Vy IDxwZ3B1c2VyQGNqLmNvbT6JAFgEEBECABgFAj33/RYICwMJCAcCAQoCGQEFGwMA AAAACgkQ1EozpUwUSzRL/gCfR/U/6T9zfQrbWMIFfzA49jja/j8AoKqPR++1AXkA AlsU8CmHaOxYDU3suQINBD33/RYQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89 PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa 8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6 ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACN0LwS K/yHxtIv1IgZ/1kbIBmC43WdNDbfjcbGp9ssdQeuJwe61URjmIqjsM2AsKqjBYXj 4qHCMOvO0kElX+jYkNvJDjCuZfdIuGGS6imjFG+BvBrVv/Rn8NcHp2+GevF4PUA4 QLwQNegIsvcCxsdd51NFpaN4W2IJQr61otooeVkU31soj/urDZunVof+KbEdI5S1 uf+u0kZEochP2hVBbnT80Cp/6JZZh1ydjuvcKcMe2jL9oHcG+y8EIsIwUskuJnUC je26VDUZ79AkF/JMiPP2RMJH2Sz4Y6Yn9xtzZIhYuE3HGamCEd1IdKCQUi+V21vf NK9EeNZWp0pz0xLIiQBMBBgRAgAMBQI99/0WBRsMAAAAAAoJENRKM6VMFEs0QC8A n09uDo0Xsy072Xy26KWqrLcsapRuAKCBCVO8ertizg/bvkGLwov9BUQSGQ== =Efgi -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This line ends with a TAB -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPhzb7tRKM6VMFEs0EQJfXQCfSz383hqzAwwpgShoJixmMeNyv7MAn159 Qkdh4AZCJb0DxB3an6sJRkr/ =nO0Q -----END PGP SIGNATURE----- From knut@cj.com Thu Jan 9 21:13:02 2003 From: knut@cj.com (Knut Forkalsrud) Date: Thu Jan 9 21:13:02 2003 Subject: --batch switch not always preventing questions In-Reply-To: Message-ID: I'm using gpg 1.2.1 in an automated setup and use the --batch switch to prevent any questions. However, it has happened that a funky input file has caused gpg to hang around waiting for user input. Below is an example file that illustrates the issue. I call the file nope2.msg and try the following command: gpg --decrypt --batch --yes nope2.msg and the process hangs until I press C-c or C-d. If I omit --batch and --yes I get the question: Detached signature. Please enter name of data file: but I don't want to answer such a question, I just want to get an error message. I realize that if I replace --decrypt with --verify the program doesn't hang, and I do get an error message, but shouldn't the same be true with --decrypt? Thanks in advance, Knut Forkalsrud Software Developer Commission Junction -----BEGIN nope SIGNED MESSAGE----- Hash: nope xxxxxxxxxxx xxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPf1FXewaGl4l0cbPEQKC6QCgkgVro2GAMN0tM8RHOyU/gn5eEo0An0TX UkKJ4QW1Hg6+Zrxti2UF79Ay =UKfs -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Thu Jan 9 22:55:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 9 22:55:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: References: Message-ID: <20030109215616.GA27783@jabberwocky.com> On Thu, Jan 09, 2003 at 12:02:04PM -0800, Knut Forkalsrud wrote: > I'm using GPG version 1.2.1 and some files signed using PGP 7.0.4 have > caused problems. It turns out that the problem files have trailing > TAB characters on some lines. All PGP versions I have tried can > verify the signature easily, but GPG insists it's a BAD signature. Is > this a feature or a PGP bug or a GPG bug? I have briefly looked at > the FAQ, but I didn't find the answer there. This is a bug in PGP. The OpenPGP standard dictates that "...any trailing whitespace (spaces, and tabs, 0x09) at the end of any line is ignored when the cleartext signature is calculated." PGP only ignores spaces and includes tabs. GnuPG can automatically detect and fix this problem in PGP 2 messages, but there is no way to tell with PGP 5.x and later. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Fabian.Rodriguez@Toxik.com Thu Jan 9 23:07:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Thu Jan 9 23:07:02 2003 Subject: [PGP-USERS] Popular Mechanics article on PGP In-Reply-To: <3E06BFBC.18FEA515@Pokynet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was posted over 2 weeks ago, I am still catching up on some lists... RJ Marquette notes it's on a Mac... But I really thought it was funny to see that the example was made by using... GnuPG ! At least the reporter could have used the no-version option ;) Cheers, Fabián Rodríguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 > -----Original Message----- > Sent: Monday, December 23, 2002 2:48 AM > > RJ Marquette wrote: > > Popular Mechanics has an article about PGP. [...] > Interesting point: they use Macs, so the screen shots are of OS X, > not Windows. > > http://www.popularmechanics.com/technology/computers/2002/12/encryptin > g_email/ > > Enjoy. > -----BEGIN PGP SIGNATURE----- iD8DBQE+HfJ5fUcTXFrypNURArK/AKDKH6BXZMTYxnoQK/7vLUOOYjmKuQCgimvs Xs6ny8MPdODHfWCBc/+q4W4= =O5ho -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Thu Jan 9 23:23:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 9 23:23:01 2003 Subject: Article on PGP uses Gnupg :) Message-ID: <20030109222410.GC27783@jabberwocky.com> This is sort of funny. Popular Mechanics recently ran an article about email encryption and PGP. It's a decent introduction for newcomers to encryption. However, even though they are talking about PGP, the screen shots within the article are showing GnuPG messages... http://www.popularmechanics.com/technology/computers/2002/12/encrypting_email/ David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From vedaal@hush.com Fri Jan 10 00:08:02 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Fri Jan 10 00:08:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) Message-ID: <200301092309.h09N928g025362@mailserver4.hushmail.com> >Message: 13 >Date: Thu, 9 Jan 2003 16:56:16 -0500 >From: David Shaw >To: gnupg-users@gnupg.org >Subject: Re: TAB at EOL (GPG and PGP interoperability) >On Thu, Jan 09, 2003 at 12:02:04PM -0800, Knut Forkalsrud wrote: > I'm using GPG version 1.2.1 and some files signed using PGP 7.0.4 have > caused problems. It turns out that the problem files have trailing > TAB characters on some lines. All PGP versions I have tried can > verify the signature easily, but GPG insists it's a BAD signature. .. >This is a bug in PGP. The OpenPGP standard dictates that "...any >trailing whitespace (spaces, and tabs, 0x09) at the end of any line is >ignored when the cleartext signature is calculated." PGP only ignores >spaces and includes tabs. is it a 'bug' or a 'feature' ? ;^) it is sort-of improbable that the files Kurt was referring to just had 'tabs' added onto the end . it is more likely that some of the plaintext was arranged in columns like: 'character'TAB'character'TAB'...'character'TAB'character' and then, after pgp 'wrapping'(or e-mail wrapping), the character at the end of the line, got transferred to the beginning of the next line, leaving a TAB to end the line, but not as intentional trailing space it would seem reasonable to think about either preventing 'wrapping' from doing this, or allowing gnupg to accept it with Respect, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From shavital@netbox.com Fri Jan 10 00:08:05 2003 From: shavital@netbox.com (Charly Avital) Date: Fri Jan 10 00:08:05 2003 Subject: Article on PGP uses Gnupg :) In-Reply-To: <20030109222410.GC27783@jabberwocky.com> References: <20030109222410.GC27783@jabberwocky.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 5:24 PM -0500 1/9/03, David Shaw wrote: >This is sort of funny. > >Popular Mechanics recently ran an article about email encryption and >PGP. It's a decent introduction for newcomers to encryption. >However, even though they are talking about PGP, the screen shots >within the article are showing GnuPG messages... > >http://www.popularmechanics.com/technology/computers/2002/12/encrypting_email/ > >David > >-- > David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ This was reported and commented in pgp-users@cryptorights.org, in a thread starting with RJ Marquette's post of 12/21/02. The JPEG image in the article shows an encrypted message, in a message form of GPGMail. That's Apple's Mail.app+Stéphane Corthesy's PGP plug-in, under Mac OS X. Stéphane Corthésy's plug-in interfaces Mail.app with MacGPG (GnuPG for Mac). The Key ID at the bottom of the encrypted text is real, and the key's uids include the name shown under it, in the picture. Version is GnuPG 1.0.7 (Darwin). In PGP 8.0 for Mac OS X, the Credits scroll screen shows thanks for Stéphane Corthésy. - -- Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) Comment: GnuPG for Privacy iD8DBQE+HgEJ8SG5rMkbCF4RAnTtAJ481Lc2n6ncaQi+5ILK7d3Xbznj1ACeMngO CtgAPPbIEdyMmX22au9awSc= =L78j -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Fri Jan 10 00:44:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 10 00:44:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <200301092309.h09N928g025362@mailserver4.hushmail.com> References: <200301092309.h09N928g025362@mailserver4.hushmail.com> Message-ID: <20030109234441.GA29847@jabberwocky.com> On Thu, Jan 09, 2003 at 03:09:02PM -0800, vedaal@hush.com wrote: > >On Thu, Jan 09, 2003 at 12:02:04PM -0800, Knut Forkalsrud wrote: > > I'm using GPG version 1.2.1 and some files signed using PGP 7.0.4 have > > caused problems. It turns out that the problem files have trailing > > TAB characters on some lines. All PGP versions I have tried can > > verify the signature easily, but GPG insists it's a BAD signature. > .. > >This is a bug in PGP. The OpenPGP standard dictates that "...any > >trailing whitespace (spaces, and tabs, 0x09) at the end of any line is > >ignored when the cleartext signature is calculated." PGP only ignores > >spaces and includes tabs. > > is it a 'bug' or a 'feature' ? ;^) > > it is sort-of improbable that the files Kurt was referring to just had > 'tabs' added onto the end . > > it is more likely that some of the plaintext was arranged in columns like: > 'character'TAB'character'TAB'...'character'TAB'character' > > and then, after pgp 'wrapping'(or e-mail wrapping), the character at > the end of the line, got transferred to the beginning of the next > line, leaving a TAB to end the line, but not as intentional trailing > space This is not what happened. If you modify GnuPG to have the same bug, the file verifies properly. In any event, it doesn't matter how it got that way. If the line ends on a tab, the tab must be ignored. Period. It's not realistic for the receiving program to try an unmangle a signed file by guessing the countless different ways the sender could have broken it. The fix is for the sender to do it right in the first place. That's why we have standards. Even so, GnuPG looks for and can detect this bug in some cases, but not in this particular case. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Fri Jan 10 00:46:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 10 00:46:02 2003 Subject: Article on PGP uses Gnupg :) In-Reply-To: References: <20030109222410.GC27783@jabberwocky.com> Message-ID: <20030109234625.GB29847@jabberwocky.com> On Fri, Jan 10, 2003 at 01:09:43AM +0200, Charly Avital wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > At 5:24 PM -0500 1/9/03, David Shaw wrote: > >This is sort of funny. > > > >Popular Mechanics recently ran an article about email encryption and > >PGP. It's a decent introduction for newcomers to encryption. > >However, even though they are talking about PGP, the screen shots > >within the article are showing GnuPG messages... > > > >http://www.popularmechanics.com/technology/computers/2002/12/encryptin= g_email/ > This was reported and commented in pgp-users@cryptorights.org, in a > thread starting with RJ Marquette's post of 12/21/02. Yes, that's where I saw it. > The JPEG image in the article shows an encrypted message, in a > message form of GPGMail. >=20 > That's Apple's Mail.app+St=E9phane Corthesy's PGP plug-in, under Mac > OS X. St=E9phane Corth=E9sy's plug-in interfaces Mail.app with MacGPG > (GnuPG for Mac). > =20 > The Key ID at the bottom of the encrypted text is real, and the > key's uids include the name shown under it, in the picture. I wonder what the message is... David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From jagadeesh@jagadeesh.com Fri Jan 10 00:54:02 2003 From: jagadeesh@jagadeesh.com (Jagadeesh Venugopal) Date: Fri Jan 10 00:54:02 2003 Subject: Article on PGP uses Gnupg :) In-Reply-To: <20030109222410.GC27783@jabberwocky.com> Message-ID: <20030109235440.36076.qmail@web40110.mail.yahoo.com> --0-1047580906-1042156480=:35845 Content-Type: text/plain; charset=us-ascii That was funny! PGP may come and PGP may go, but it will forever live on as GnuPG. Now, if only we could get the same level of open source buzz around GnuPG as there is for Linux -- we want the likes of RedHat, IBM or whoever else to put some money into its development so that a good quality GUI can become available. [And an API would be very good too. While the current gpgme workaround is clever, it is too error prone] --Jag David Shaw wrote:This is sort of funny. Popular Mechanics recently ran an article about email encryption and PGP. It's a decent introduction for newcomers to encryption. However, even though they are talking about PGP, the screen shots within the article are showing GnuPG messages... http://www.popularmechanics.com/technology/computers/2002/12/encrypting_email/ David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Jagadeesh K. Venugopal, PMP --0-1047580906-1042156480=:35845 Content-Type: text/html; charset=us-ascii

That was funny!

PGP may come and PGP may go, but it will forever live on as GnuPG.

Now, if only we could get the same level of open source buzz around GnuPG as there is for Linux -- we want the likes of RedHat, IBM or whoever else to put some money into its development so that a good quality GUI can become available. [And an API would be very good too. While the current gpgme workaround is clever, it is too error prone]

 

--Jag

 

 David Shaw <dshaw@jabberwocky.com> wrote:

This is sort of funny.

Popular Mechanics recently ran an article about email encryption and
PGP. It's a decent introduction for newcomers to encryption.
However, even though they are talking about PGP, the screen shots
within the article are showing GnuPG messages...

http://www.popularmechanics.com/technology/computers/2002/12/encrypting_email/

David

--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Jagadeesh K. Venugopal, PMP --0-1047580906-1042156480=:35845-- From knut@cj.com Fri Jan 10 01:42:02 2003 From: knut@cj.com (Knut Forkalsrud) Date: Fri Jan 10 01:42:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <20030109234441.GA29847@jabberwocky.com> References: <200301092309.h09N928g025362@mailserver4.hushmail.com> <20030109234441.GA29847@jabberwocky.com> Message-ID: David Shaw writes: > The fix is for the sender to do it right in the first place. That's > why we have standards. Thanks for the answers. I mailed support@pgp.com a question/complaint about the issue and if I hear back from them I'll let you know. Knut Forkalsrud Software Developer Commission Junction From odisio@icp.inpg.fr Fri Jan 10 08:54:03 2003 From: odisio@icp.inpg.fr (Matthias Odisio) Date: Fri Jan 10 08:54:03 2003 Subject: decrypt is not de-encrypt and then verify ? In-Reply-To: <87y95w2akr.fsf@alberti.g10code.de> Message-ID: On Wed, 8 Jan 2003, Werner Koch wrote: > No. There are 3 approaches to send an encrypted an encrypted and > signed message: > > 1. Classic PGP armor (gpg -sea) > 2. PGP/MIME with combined encryptedn and signature. > 3. Regular PGP/MIME where the signature is encapsulated into a MIME > object and that MIME object is than encrypted and encapsulated into > another MIME object. > > 2 and 3 are suggested; 3 has the advantage that it fits better with > the MIME framework and that it allows to strip the encryption header. > See RFC3156 for details. Most Windows mailers don't support 2 and 3, > though. > > What you did is similar to 3 but without using the correct MIME > syntax. MIME has the advantage that the sematics of the encrypted > data is known, and thus the mailer can do the Right Thing. > > > considered above, the mailer seems to add these 3 "garbage" lines : > > *** > > Content-Type: text/plain; charset=ISO-8859-1 > > Content-Transfer-Encoding: 8bit > > That's no garbage, but meta information about the message; see rfc2882. > > > Shalom-Salam, > > Werner Thank you for that fine answer ! Matthias From wk@gnupg.org Fri Jan 10 10:30:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Jan 10 10:30:02 2003 Subject: --batch switch not always preventing questions In-Reply-To: (Knut Forkalsrud's message of "09 Jan 2003 12:14:15 -0800") References: Message-ID: <87of6pqrmr.fsf@alberti.g10code.de> On 09 Jan 2003 12:14:15 -0800, Knut Forkalsrud said: > gpg --decrypt --batch --yes nope2.msg Either gpg --decrypt --batch --yes nope2.msg nope2.data or gpg --decrypt --batch --yes nope2.msg < nope2.data If a detached signature is not expected you can simply force an error by gpg --decrypt --batch --yes nope2.msg < /dev/null In general it is always good to connect stdin with /dev/null in an automated environment. Shalom-Salam, Werner From jhill@munis.com Fri Jan 10 12:38:02 2003 From: jhill@munis.com (John Hill) Date: Fri Jan 10 12:38:02 2003 Subject: Error 0509-136 running GnuPG on AIX 4.3.3.0 Message-ID: <000201c2b828$fa870330$6578a8c0@ccs.munis.com> Hello, I have installed GnuPG v1.2.1 on a machine running AIX 4.3.3.0. The installation was from a binary file. When I try to run gpg I get the following error messages: Symbol strsep (number 140) is not exported from dependent module /usr/lib/libc.a (shr.o). Symbol strsep (number 143) is not exported from dependent module /usr/lib/libc.a (shr.o). The machine also has the gcc compiler (version 2.95.2.0) loaded. Any insight would be greatly appreciated. Thanks. John Hill From wk@gnupg.org Fri Jan 10 14:44:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Jan 10 14:44:02 2003 Subject: Error 0509-136 running GnuPG on AIX 4.3.3.0 In-Reply-To: <000201c2b828$fa870330$6578a8c0@ccs.munis.com> (jhill@munis.com's message of "Thu, 9 Jan 2003 16:49:24 -0500") References: <000201c2b828$fa870330$6578a8c0@ccs.munis.com> Message-ID: <87d6n5p1dl.fsf@alberti.g10code.de> On Thu, 9 Jan 2003 16:49:24 -0500, John Hill said: > I have installed GnuPG v1.2.1 on a machine running AIX 4.3.3.0. The > installation was from a binary file. When I try to run gpg I get the > following error messages: > Symbol strsep (number 140) is not exported from dependent module > /usr/lib/libc.a (shr.o). That binary is for a different version of AIX. > The machine also has the gcc compiler (version 2.95.2.0) loaded. Any Get the source tarball (see http://www.gnupg.org/download/) and install from source. From avbidder@fortytwo.ch Fri Jan 10 17:36:01 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Fri Jan 10 17:36:01 2003 Subject: BAD signature (was Re: Article on PGP uses Gnupg :)) In-Reply-To: References: <20030109222410.GC27783@jabberwocky.com> Message-ID: <1042216639.1283.5.camel@altfrangg.fortytwo.ch> --=-qzwWzKPtIY7AXhIa+9oR Content-Type: text/plain Content-Transfer-Encoding: quoted-printable The ongoing let's-annoy-everybody-as-long-as-it-doesn't-work campain... On Fri, 2003-01-10 at 00:09, Charly Avital wrote: > -----BEGIN PGP SIGNED MESSAGE----- gpg: Signature made Fri Jan 10 00:08:57 2003 CET using DSA key ID C91B085E gpg: BAD signature from "Charly Avital (1.0.7) " http://fortytwo.ch/~avbidder/badsig.20030110.1.gz Is the message, as saved from evolution-1.2.1-1 (local compile) cheers -- vbi --=20 featured link: http://fortytwo.ch/smtp --=-qzwWzKPtIY7AXhIa+9oR Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4e9r4sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99YYqACgr8EbvShLXJ02Ufs3OujR+ACCLaIA oONFy4e/txxJlodkE1oO2wlu9NlT =txkD -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-qzwWzKPtIY7AXhIa+9oR-- From vedaal@hush.com Fri Jan 10 18:27:02 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Fri Jan 10 18:27:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) Message-ID: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> >Message: 5 >Date: Thu, 9 Jan 2003 18:44:41 -0500 >From: David Shaw >To: gnupg-users@gnupg.org >Subject: Re: TAB at EOL (GPG and PGP interoperability) .. >> and then, after pgp 'wrapping'(or e-mail wrapping), the character at >> the end of the line, got transferred to the beginning of the next >> line, leaving a TAB to end the line, but not as intentional trailing >> space .. >This is not what happened. If you modify GnuPG to have the same bug, >the file verifies properly. .. >In any event, it doesn't matter how it got that way. If the line ends >on a tab, the tab must be ignored. Period. .. you're right. neither pgp nor gnupg will wrap a line ending in a tab followed by a character, and leave an empty tab space, but interestingly, they do treat 'tab's differently: assuming that gnupg wraps a clearsigned message at 64 characters, and pgp at 76 characters consider a plaintext of the following 3 lines: abcdefghi1abcdefghi2 ... abcdefghi9 a'TAB''TAB' ... 'TAB'b'TAB'c the first line has 90 characters, and is meant as a reference line. the second line is empty, to allow to see what is 'wrapped' from the clearsigning. the third line is the 'test' line: one character at the beginning, then tabs until position 81, with a character at position 81, then one more tab, and a character at position 89 when clearsigned by gnupg, the first line wraps as expected, with all the characters after the 64th, moved to the next line. but the test line does not wrap at all, instead the tabs are 'compressed' and the three 'real' characters stay on the same line, with the last character at the 47th position. when clearsigned by pgp, again, the first line wraps, this time after the 76th character, but the test line is *unchanged* no wrap, no compression, and is allowed to remain at the 89th position. either way, both gnupg and pgp each verify the clearsigned messages of the other, which leaves a puzzling question: why would the files Knut was referring to have a 'tab' at the end of a line? {sorry for having mis-spelled the name in a previous post, have been holding off on getting the 'glasses with the lines in them' have since increased the text size in the reader ;^) } with Respect, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From knut@cj.com Fri Jan 10 19:16:02 2003 From: knut@cj.com (Knut Forkalsrud) Date: Fri Jan 10 19:16:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> References: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> Message-ID: vedaal@hush.com writes: > which leaves a puzzling question: > why would the files Knut was referring to have a 'tab' at the end of > a line? There may be all sorts of reasons. I have no control of what people type when they send me a message. One case may be that someone hits TAB in their editor by accident. Most editors don't show trailing whitespace, so it's easy to overlook. Another possibility is that they try to send me a file for my spread sheet with TAB separated values. If the last value on a line is empty, a TAB may become the last character on that line. -Knut From lists@oak-wood.co.uk Fri Jan 10 19:28:02 2003 From: lists@oak-wood.co.uk (Chris Hastie) Date: Fri Jan 10 19:28:02 2003 Subject: Finding the key-id of an armoured key Message-ID: I need to be able to establish various details about a key (public or secret) that is held as armoured text, preferably without having to import it into a keyring first. Many can be parsed from the output of "gpg --list-packets /path/to/file" but I can see no reliable way of getting the key id or its digest algorithm from this. The digest algorithm can probably be established from a self-signature if I know what the key id is so that I can match it. The best I can come up with for the key id is to import the key into a temporary keyring and then use --fingerprint, along with options to restrict it to the temporary key ring, and parse the output from there. This has a lot of problems for me though, and I'd prefer something cleaner. It also doesn't work for secret keys, AFAICT. Any suggestions as to how I can get this information. I'm sure it should be simple, but I just can't see it. -- Chris Hastie From twoaday@freakmail.de Fri Jan 10 19:57:02 2003 From: twoaday@freakmail.de (Timo Schulz) Date: Fri Jan 10 19:57:02 2003 Subject: Finding the key-id of an armoured key Message-ID: <20030110190432.GA1869@daredevil.joesixpack.net> On Fri Jan 10 2003; 18:29, Chris Hastie wrote: > Many can be parsed from the output of "gpg --list-packets /path/to/file" > but I can see no reliable way of getting the key id or its digest > algorithm from this. The digest algorithm can probably be established > from a self-signature if I know what the key id is so that I can match What's wrong with gpg --export foo | gpg --with-colons. In your case gpg --with-colons /path/to/file. Then the output looks like this: pub:u:1024:17:ED4681C9BF3DF9B4:1999-04-29:::u:Timo Schulz It should be easy to parse the output due to the colon format and I guess there is every information you need. Timo -- "Ich habe das Interesse an meiner eigenen Frage verloren." -- John Cage From greg@turnstep.com Fri Jan 10 20:24:04 2003 From: greg@turnstep.com (greg@turnstep.com) Date: Fri Jan 10 20:24:04 2003 Subject: Finding the key-id of an armoured key In-Reply-To: Message-ID: <87c549780c16c4b5f03f89f4274259b3@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message > I need to be able to establish various details about a key (public or > secret) that is held as armoured text, preferably without having to > import it into a keyring first. >... > Any suggestions as to how I can get this information. I'm sure it should > be simple, but I just can't see it. The --dry-run option is nice for this, as well as liberal use of -v and --status-fd: gpg --status-fd 0 -v -v --dry-run --import pubkey.14964AC8.asc -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200301101423 -----BEGIN PGP SIGNATURE----- Comment: http://www.turnstep.com/pgp.html iD8DBQE+Hx38vJuQZxSWSsgRAj7DAJ9CS39CRBtUVXv7UTmrBBK3CxKB0QCfQLZc AlhKkNU+JQw7u1zra8c3Pwg= =BN0L -----END PGP SIGNATURE----- From burns@runbox.com Sat Jan 11 00:18:02 2003 From: burns@runbox.com (Burns) Date: Sat Jan 11 00:18:02 2003 Subject: Finding the key-id of an armoured key In-Reply-To: Message-ID: <20030110231849.82604.qmail@web10502.mail.yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paste it into the text window at: http://www.pgpdump.net/ That will give you all sorts of information about the public key, including the key ID. Randy On Friday, January 10, 2003, you wrote: > I need to be able to establish various details about a key (public or > secret) that is held as armoured text, preferably without having to > import it into a keyring first. > > Many can be parsed from the output of "gpg --list-packets > /path/to/file" > but I can see no reliable way of getting the key id or its digest > algorithm from this. The digest algorithm can probably be established > from a self-signature if I know what the key id is so that I can match > it. > > The best I can come up with for the key id is to import the key into a > temporary keyring and then use --fingerprint, along with options to > restrict it to the temporary key ring, and parse the output from there. > This has a lot of problems for me though, and I'd prefer something > cleaner. It also doesn't work for secret keys, AFAICT. > > Any suggestions as to how I can get this information. I'm sure it > should > be simple, but I just can't see it. > -- > Chris Hastie > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1-nr1 (Windows Me) - GPGshell v2.65 Comment: 0x3D78B385 / 0x2CECAE1F - http://www.geocities.com/burns98 iD8DBQE+H1PNhNLaTSzsrh8RAikCAKDb4mjt42N//MkWOmFBXGRC/FFtLQCgoklJ 6MdOFQMqmD3N6sfNokVYwmM= =hzx+ -----END PGP SIGNATURE----- From John.Clare@ArvinMeritor.com Sat Jan 11 15:43:02 2003 From: John.Clare@ArvinMeritor.com (Clare, John) Date: Sat Jan 11 15:43:02 2003 Subject: GnuPG Install Errors Message-ID: I am hoping that someone might have an insight into the install issues I am having. First of all after downloding the source from the primary server I ran the 'fsum' utility in 'md5sum' mode and got a perfect match to the checksum on the website: 83e02b4905dab34c4dc25652936022f9 *gnupg-1.2.1.tar.gz My problem started when I untarred the source onto our UNIX Solaris platform. I received the following 'tar' error: tar: directory checksum error When I executed the./configure, after the 'tar', it aborted with the following: config.status: creating checks/Makefile config.status: error: cannot find input file: checks/Makefile.in Does anyone have any idea as to what caused my problem or where I can get the missing file(s) ? Thanks John Clare B2B COMMUNICATIONS GROUP B2B Technical SPECIALIST _________________________________ 2135 West Maple Road Troy, MI 48084-7186 email: john.clare@arvinmeritor.com PHONE: (248) 435-1034 FAX: (248) 435-5586 From sco@tfz.net Sat Jan 11 16:27:02 2003 From: sco@tfz.net (S C) Date: Sat Jan 11 16:27:02 2003 Subject: newbie problem about signing Message-ID: <3E203775.5080404@tfz.net> hi, i was using pgp 6.5.8 ckt in my windows box, i exported my keys including private ones and imported them using gnupgp in my linux. now each time i sign a message i have warning, for example with kmail : "Message was signed by myname (Key ID: 0xxxxxxxxx). The signature is valid, but the key's validity is unknown. message here End of signed message" and with enigmail in mozilla messenger, each time i sign a message and then click on the decrypt /verify icon : a pop up window appears : " OpenPGP security info Error - signature verification failed gpg command line and output : /usr/bin/gpg --batch --no-tty --status-fd 2 -d gpg: Signature made sat 11 Jan 2003 02:55:59 AM CET using DSA key ID xxxxxxxx gpg: BAD signature from "myname " so i checked the help and found about lsign and sign : 1/ what is the difference between signing a key locally and signing? 2/ when i try both i have each time to cancel because at the end of process : [t@localhost t]$ gpg --nrlsign-key xxxxxxxx pub 1024D/xxxxxxxx created: 2002-04-06 expires: never trust: -/- sub 2048g/xxxxxxxx created: 2002-04-06 expires: never (1).myname pub 1024D/xxxxxxx created: 2002-04-06 expires: never trust: -/- Primary key fingerprint: ********************************************* myname How carefully have you verified the key you are about to sign actually belongs to the person named above? If you don't know what to answer, enter "0". (0) I will not answer. (default) (1) I have not checked at all. (2) I have done casual checking. (3) I have done very careful checking. Your selection? 3 Are you really sure that you want to sign this key with your key: "my nym name " The signature will be marked as non-exportable. The signature will be marked as non-revocable. I have checked this key very carefully. Really sign? y gpg: protection algorithm 1 (IDEA) is not supported gpg: the IDEA cipher plugin is not present gpg: please see http://www.gnupg.org/why-not-idea.html for more information gpg: signing failed: unknown cipher algorithm Command> my problem is why is my nym email adress used by default to sign my keys? i cannot use my nym since a nym adress must have no relation with the real owner, with his real email. it is used to hide real email address. so, how can i make myemail@xx.com the defaut id used to sign my keys? 3/ and do i have to add idea support for gupg? 4/ is signing the method to be used to make those warning messages disappear in both kmail and mozilla messenger? any help appreciated From gustavo.hlv@gmx.net Sat Jan 11 22:47:02 2003 From: gustavo.hlv@gmx.net (Gustavo Vasconcelos) Date: Sat Jan 11 22:47:02 2003 Subject: [Fwd: lpked draft] Message-ID: <3E209116.5080308@gmx.net> --------------030003070406020604070002 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Bellow is a draft for what may come to be a "portable GnuPG" for use with removable medias. I am forwarding with the consent of Voremo (see email address at the bottom of the message). This subject has been thoughly discussed in these mailing lists, and probably they are a good place to gather ideas/resources to this project. []'s Gustavo -------- Original Message -------- Subject: lpked draft Date: Sat, 11 Jan 2003 19:25:51 +0000 From: voremo@SAFe-mail.net To: gustavo.hlv@gmx.net Hi Gustavo, Thanks for the comments. Yes, please pass it on to any mailing list you consider appropriate. If not too much trouble, please include the version that follows below; it contains minor text editing and error corrections. I am looking for a small number of collaborators that would extract (and, where necessary, modify) components from GPG source tree. I can do provide component interface specifications and integration and "outer shell" programming. But, in contrast to many open-source collaborative efforts, I first and foremost want to establish a firm, a-priory "functionality fence". ================================================== ================================================= "lpked": ("Lean Public Key Encryptor/Decryptor") ================================================= Introduction: ============= GPG/PGP in its present state can not be used unless it is "installed" on a computer. Installing a program on the computer on which it is used is in many instances impractical, impossible or generates its own set of serious liabilities. A simplified form of public-key encryptor is thus proposed. It has reduced functionality; most notably it does not attempt to incorporate the "trust model". (Note: is a public-key encryptor/decryptor that does not implement the "trust model" useful at all? The answer to this question is outside the scope of this document: the proposed program will be for those that already believe this to be the case). The program is meant to be used ONLY by those that have read the source, understood it, recognized the security problems involved and consider them acceptable. (Or, perhaps, for those that have delegated the above to someone they TRUST PERSONALLY). What follows are the design parameters for such a variant of GPG; one that might be dubbed "drive-by-GPG". Design parameters: ================== It is extremely important that the program can be built from its source with ABSOLUTE MINIMUM of development tools and expertise, on any 32-bit computer where C compiler is available. Therefore, there will be only one version, one file of clean, standard C code (with NO IFDEFS whatsoever!). It can be compiled using "gcc lpked.c -o lpked" or equivalent on any 32-bit platform. Linking is static, int is 32 bits, endian-ness is dealt with at run-time. All entropy is supplied by the operator via key-strokes and timer, at run-time. All user-interface is via "command-line". The format of command line is designed so as to make it somewhat practical to write GUI front-ends, but the security of such use is left unaddressed and is assumed to be highly problematic. Program runs clean; i.e., it NEVER writes to any file that is not specified on its command-line. It does not allocate dynamic memory or interacts with the operating system in any manner whatsoever, except for reading the timer and console and file i/o. It is assumed that in most common use-model both the program and data will be residing on removable media (USB flash "disk", floppy, CD, or combination of these). There is no attempt to implement the "trust model" (message or key signing etc...). Each public and private key is in its own, separate file. Private key is encrypted using a symmetric cipher. The program performs encryption and decryption of files; no assumption is made of how these will be stored or communicated. There is no attempt to implement any ancillary function (ASCII encoding, encryption of files using symmetric cipher etc.). There is no choice of ciphers: Blowfish is used for symmetric, Diffie-Hellman for public and MD5 for hash. Source code will be taken from the existing GPG source tree whenever possible; program will be distributed as A SINGLE C language source file: lpked.c. That source will be public domain, BSD and/or GNU licensed. Pass-word/-phrase and entropy can be supplied on the command line (to make possible simple GUI front-ends); if not given on the command line (normal modus operandi), program will prompt the operator via keyboard/console. Command line: ============= Program is invoked by a standard-format command line consisting of single-letter "flags" introduced by "-", possibly followed by "=" and the option value and one, two or three file names. For example: lpked -e bob.key msgbob.txt msgbob.xxx (To encrypt a file we will pass on to Bob. See below for full explanation and more examples.) Flags: ====== Flags are "Function", "Data" and "Auxiliary". Function flags have no ("=...") value associated with them and they define the function that the program is to perform. Depending on the function, one or more data flags and one, two or three file names may also have to be given. Function flags are: -g generate public/private key pair. Private key is placed in the first file, public in second. -e using public key in first file encrypt the message in the second file and place the result into third file. -d using private key in first file decrypt the message in the second file and place the result into third file. -f generate a fingerprint of the first file and put it into the second file if given, write on console in hex-ASCII format otherwise. For -g ("generate"), -k, -s, -q or -r flags (and data) may be given; otherwise the program prompts the operator for key and/or random data. For -e ("encrypt"), -r flag may be given or the program will prompt the operator for random keystrokes. For -d ("decrypt), -k, -s or -q flags may be given or the program will prompt the operator. Data flags introduce the key, passphrase or random data as follows: -k=ssssss where "ssssss" is (optionally quote) key-string. -s=wwwwww similar to the above, passphrase. -z=ffffff where ffffff is 16 bytes of hex-formatted key data. -x=ffffff where ffffff is 4-bytes hex-formated pointer to memory block with 16 bytes of key data. -y=ffffff as above, pointing to a block of 4096 random bytes. In two of the above (-x=..., -y=...) it is assumed that the memory pointer is provided by the GUI "front-end" program that invoked lpked; it is the responsibility of this invoking program to ensure this memory can be read from, and that the clean-up is performed afterwards. Auxiliary flags are: -h for console output of short usage/help "synopsis". -p to pause for key-press after the program has been loaded but before it starts the execution. This enables replacing of removable medium (most likely, a floppy disk) on which program is resident with the one on which the data is resident. -q to suppress any console output. Files: ====== Files that the program operates on can be specified ONLY on the command line. The program makes no assumption of the paths, names or suffixes. File integrity and authenticity is the responsibility of the operator and NOT of the program. Files are binary and cross-platform (i.e. when there are 4-byte integers/words in files, specifications are byte-order (little-endian) specific). Public key file: first 2048 bytes are interpreted as public key, rest is ignored. Private key file: first 16 bytes are interpreted as IV, followed by next 2048 bytes of encrypted private key, rest is ignored. Plaintext file: bytes. "User-community-agreed" maximum size may apply. Ciphertext file: First 16 bytes are an IV, second 16 bytes are a session key encrypted with recipient's public key. Next is a number of 16-byte blocks of encrypted data. Size of an optional partial block at the end of the file specifies that the previous block is the last data block and the number of data bytes in it. (Ciphertext file MUST NOT contain ANY data object that an intruder can use to confirm its "creating application", use or origin). Fingerprint file: 32 bytes of hex-ascii data. Examples: ========= lpked -e a:\fred.key a:\msgFred.txt a:\msgFred.xxx Encrypt msgFred.txt message to msgFred.xxx using (Fred's) public key in file fred.key. The program will prompt the user for random bytes. See below for more examples). lpked -d a:\my.key a:\msgFred.xxx a:\msgFred.txt Decrypt message (...xxx) using private key in my.key and place output in msgFred.txt. Prompt for key or passphrase used to decrypt private key. lpked -g a:\mysecret.key a:\tom.key Generate public/private key pair. Place private key in mysecret.key and public in tom.key. Prompt for random data and key or passphrase to encrypt private key. lpked -d -z=a802e71d027c382dae57e302817dfe14 my.key msg.xxx msg.txt Decrypt message msg.xxx using my.key private key. Private key decryption key is supplied in hex format on the command line. lpked -f anastasia.key Write on the console the fingerprint of the public key file anastasia.key ====================== end =========================== All commnets are welcome. Please write to: voremo@SAFe-mail.net -- Gustavo Vasconcelos OpenPGP Key ID: 0xFF006747 --------------030003070406020604070002 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Bellow is a draft for what may come to be a "portable GnuPG" for use with removable medias. I am forwarding with the consent of Voremo (see email address at the bottom of the message).

This subject has been thoughly discussed in these mailing lists, and probably they are a good place to gather ideas/resources to this project.

[]'s
Gustavo

-------- Original Message --------
Subject: lpked draft
Date: Sat, 11 Jan 2003 19:25:51 +0000
From: voremo@SAFe-mail.net
To: gustavo.hlv@gmx.net 


Hi Gustavo,

Thanks for the comments. Yes, please pass it on to
any mailing list you consider appropriate. If not 
too much trouble, please include the version that 
follows below; it contains minor text editing and 
error corrections.

I am looking for a small number of collaborators
that would extract (and, where necessary, modify)
components from GPG source tree. I can do provide
component interface specifications and integration
and "outer shell" programming. But, in contrast to
many open-source collaborative efforts, I first 
and foremost want to establish a firm, a-priory 
"functionality fence".
 
==================================================

=================================================
"lpked": ("Lean Public Key Encryptor/Decryptor")
=================================================

Introduction:
=============

GPG/PGP in its present state can not be used
unless it is "installed" on a computer. Installing
a program on the computer on which it is used is
in many instances impractical, impossible or
generates its own set of serious liabilities.

A simplified form of public-key encryptor
is thus proposed. It has reduced functionality;
most notably it does not attempt to incorporate
the "trust model". (Note: is a public-key
encryptor/decryptor that does not implement the
"trust model" useful at all? The answer to this
question is outside the scope of this document:
the proposed program will be for those that
already believe this to be the case).

The program is meant to be used ONLY by those
that have read the source, understood it,
recognized the security problems involved and
consider them acceptable. (Or, perhaps, for
those that have delegated the above to someone
they TRUST PERSONALLY).

What follows are the design parameters for
such a variant of GPG; one that might be
dubbed "drive-by-GPG".

Design parameters:
==================

It is extremely important that the program
can be built from its source with ABSOLUTE
MINIMUM of development tools and expertise,
on any 32-bit computer where C compiler is
available. Therefore, there will be only one
version, one file of clean, standard C code
(with NO IFDEFS whatsoever!). It can be compiled
using "gcc lpked.c -o lpked" or equivalent on
any 32-bit platform. Linking is static, int is
32 bits, endian-ness is dealt with at run-time.

All entropy is supplied by the operator
via key-strokes and timer, at run-time.

All user-interface is via "command-line".
The format of command line is designed so
as to make it somewhat practical to write
GUI front-ends, but the security of such
use is left unaddressed and is assumed to be
highly problematic.

Program runs clean; i.e., it NEVER writes
to any file that is not specified on its
command-line. It does not allocate dynamic
memory or interacts with the operating system
in any manner whatsoever, except for reading
the timer and console and file i/o. It is
assumed that in most common use-model both
the program and data will be residing on
removable media (USB flash "disk", floppy,
CD, or combination of these).

There is no attempt to implement the "trust
model" (message or key signing etc...). Each
public and private key is in its own, separate
file. Private key is encrypted using a symmetric
cipher.

The program performs encryption and decryption
of files; no assumption is made of how these
will be stored or communicated.

There is no attempt to implement any ancillary
function (ASCII encoding, encryption of files
using symmetric cipher etc.).

There is no choice of ciphers: Blowfish is
used for symmetric, Diffie-Hellman for public
and MD5 for hash.

Source code will be taken from the existing
GPG source tree whenever possible; program
will be distributed as A SINGLE C language
source file: lpked.c. That source will be
public domain, BSD and/or GNU licensed.

Pass-word/-phrase and entropy can be supplied
on the command line (to make possible simple
GUI front-ends); if not given on the command
line (normal modus operandi), program will
prompt the operator via keyboard/console.


Command line:
=============

Program is invoked by a standard-format
command line consisting of single-letter
"flags" introduced by "-", possibly followed
by "=" and the option value and one, two or
three file names. For example:

lpked -e bob.key msgbob.txt msgbob.xxx

(To encrypt a file we will pass on to Bob. See
below for full explanation and more examples.)


Flags:
======

Flags are "Function", "Data" and "Auxiliary".

Function flags have no ("=...") value
associated with them and they define the
function that the program is to perform.
Depending on the function, one or more data
flags and one, two or three file names may also
have to be given. Function flags are:

-g generate public/private key pair. Private key
   is placed in the first file, public in second.

-e using public key in first file encrypt the
   message in the second file and place the result
   into third file.

-d using private key in first file decrypt the
   message in the second file and place the result
   into third file.

-f generate a fingerprint of the first file and
   put it into the second file if given, write on
   console in hex-ASCII format otherwise.

For -g ("generate"), -k, -s, -q or -r flags
(and data) may be given; otherwise the program
prompts the operator for key and/or random data.

For -e ("encrypt"), -r flag may be given or the
program will prompt the operator for random
keystrokes.

For -d ("decrypt), -k, -s or -q flags may be given
or the program will prompt the operator.

Data flags introduce the key, passphrase or random
data as follows:

-k=ssssss where "ssssss" is (optionally quote)
          key-string.

-s=wwwwww similar to the above, passphrase.

-z=ffffff where ffffff is 16 bytes of hex-formatted
          key data.

-x=ffffff where ffffff is 4-bytes hex-formated pointer
          to memory block with 16 bytes of key data.

-y=ffffff as above, pointing to a block of 4096
          random bytes.

In two of the above (-x=..., -y=...) it is assumed
that the memory pointer is provided by the GUI
"front-end" program that invoked lpked; it is the
responsibility of this invoking program to ensure
this memory can be read from, and that the clean-up
is performed afterwards.

Auxiliary flags are:

-h for console output of short usage/help "synopsis".

-p to pause for key-press after the program has been
   loaded but before it starts the execution. This
   enables replacing of removable medium (most likely,
   a floppy disk) on which program is resident with
   the one on which the data is resident.

-q to suppress any console output.

Files:
======

Files that the program operates on can be specified
ONLY on the command line. The program makes no
assumption of the paths, names or suffixes. File
integrity and authenticity is the responsibility
of the operator and NOT of the program. Files
are binary and cross-platform (i.e. when there
are 4-byte integers/words in files, specifications
are byte-order (little-endian) specific).

Public key file: first 2048 bytes are interpreted as
public key, rest is ignored.

Private key file: first 16 bytes are interpreted as
IV, followed by next 2048 bytes of encrypted private
key, rest is ignored.

Plaintext file: bytes. "User-community-agreed"
maximum size may apply.

Ciphertext file: First 16 bytes are an IV, second 16
bytes are a session key encrypted with recipient's
public key. Next is a number of 16-byte blocks of
encrypted data. Size of an optional partial block at
the end of the file specifies that the previous block
is the last data block and the number of data bytes
in it. (Ciphertext file MUST NOT contain ANY data
object that an intruder can use to confirm its
"creating application", use or origin).

Fingerprint file: 32 bytes of hex-ascii data.


Examples:
=========

lpked -e a:\fred.key a:\msgFred.txt a:\msgFred.xxx

Encrypt msgFred.txt message to msgFred.xxx
using (Fred's) public key in file fred.key.
The program will prompt the user for random bytes.
See below for more examples).


lpked -d a:\my.key a:\msgFred.xxx a:\msgFred.txt

Decrypt message (...xxx) using private key in
my.key and place output in msgFred.txt. Prompt
for key or passphrase used to decrypt private key.


lpked -g a:\mysecret.key a:\tom.key

Generate public/private key pair. Place private
key in mysecret.key and public in tom.key. Prompt
for random data and key or passphrase to encrypt
private key.


lpked -d -z=a802e71d027c382dae57e302817dfe14 my.key msg.xxx msg.txt

Decrypt message msg.xxx using my.key private key.
Private key decryption key is supplied in hex format
on the command line.


lpked -f anastasia.key

Write on the console the fingerprint of the public key
file anastasia.key

====================== end ===========================

All commnets are welcome. Please write to:

voremo@SAFe-mail.net

 




-- 
Gustavo Vasconcelos
OpenPGP Key ID: 0xFF006747
--------------030003070406020604070002-- From jharris@widomaker.com Sun Jan 12 20:48:01 2003 From: jharris@widomaker.com (Jason Harris) Date: Sun Jan 12 20:48:01 2003 Subject: intermediate (2003-01-12) keyanalyze results Message-ID: <20030112194840.GB1477@pm1.ric-30.lft.widomaker.com> --K8nIJk4ghYZn606h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable New intermediate keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2003-01-12/ Earlier intermediate reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --K8nIJk4ghYZn606h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+IcaVSypIl9OdoOMRAs/FAJ9/aDwE5LAKOsz+w03IAG9hBIFGPACgpqWg V25QCt8smLZS0HI/zsnKL4w= =b579 -----END PGP SIGNATURE----- --K8nIJk4ghYZn606h-- From redbird@rbisland.cx Mon Jan 13 05:11:02 2003 From: redbird@rbisland.cx (Gordon Worley) Date: Mon Jan 13 05:11:02 2003 Subject: Article on PGP uses Gnupg :) In-Reply-To: <20030110042806.GA5975@mail.volta.dyndns.org> Message-ID: <1EF49859-26AD-11D7-B985-000A27B4DEFC@rbisland.cx> On Thursday, January 9, 2003, at 11:28 PM, mike ledoux wrote: > I've used my Amazing Powers(tm)[1] to decode the message[2], which was: > > Now is the time for all good men to come to the aid of their country. Ahem, in that case, let's hope that no one actually uses that key. Of course, since the person is obviously a Mac GPG users, he would never, ever do anything like that. ;-) -- Gordon Worley - Mac GPG Project http://macgpg.sourceforge.net/ ``Doveriai no proveriai.'' redbird@rbisland.cx --Russian proverb PGP: 0xBBD3B003 From johanw@vulcan.xs4all.nl Mon Jan 13 11:07:02 2003 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Mon Jan 13 11:07:02 2003 Subject: [Fwd: lpked draft] In-Reply-To: <3E209116.5080308@gmx.net> from Gustavo Vasconcelos at "Jan 11, 2003 06:48:06 pm" Message-ID: <200301122326.AAA01581@vulcan.xs4all.nl> Gustavo Vasconcelos wrote: > Bellow is a draft for what may come to be a "portable GnuPG" for use > with removable medias. I am forwarding with the consent of Voremo (see > email address at the bottom of the message). Hmmm. I think that if you just add DH/DSS keys, and possibly v4 RSA keys (does anyone really uses those?) to Disastry's pgp 2.6.3ia-multi06 the resulting executable will do most of the things you want this program to do. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From posting@vodacomm.ca Mon Jan 13 17:39:02 2003 From: posting@vodacomm.ca (Stephen Bosch) Date: Mon Jan 13 17:39:02 2003 Subject: GnuPG main site down Message-ID: <3E22EC09.4030601@vodacomm.ca> Hi: I'm sure I'm not the first or only person who's noticed this, but I've only just subscribed to the list -- the gnupg.org site is down, has been since at least yesterday evening, and I'm worried. I had a look at one of the mirrors and the information on that mirror is nearly two years old, so I'm starting to wonder if Gnupg still exists. Can anybody fill me in? -Stephen- From wronkiew@foozone.org Mon Jan 13 18:17:01 2003 From: wronkiew@foozone.org (Matt Wronkiewicz) Date: Mon Jan 13 18:17:01 2003 Subject: newbie problem about signing In-Reply-To: <3E203775.5080404@tfz.net> References: <3E203775.5080404@tfz.net> Message-ID: <20030113172023.GB23751@ghs.com> > i cannot use my nym since a nym adress must have no relation > with the real owner, with his real email. it is used to hide > real email address. so, how can i make myemail@xx.com the > defaut id used to sign my keys? If you are using two secret keys, one for your regular address, and one as a pseudonym, you can select which key to use by passing --default-key to gpg. You can set the default secret key to use for signing in the options file as well. Add the line "default-key " to the options file. > 4/ is signing the method to be used to make those warning > messages disappear in both kmail and mozilla messenger? You can also make the messages go away by invoking: gpg --edit-key trust and choosing "5" for ultimate trust. -- Matt Wronkiewicz Signature policy: http://www.foozone.org/crypto_policy.asc From rasoul@rhythm.com Mon Jan 13 18:35:02 2003 From: rasoul@rhythm.com (Rasoul Hajikhani) Date: Mon Jan 13 18:35:02 2003 Subject: Certificate Question Message-ID: <3E22F919.D2B9DF31@rhythm.com> Hello Folks, I have a question in regards to a gpg certificate. How, or is there way, to find out who certified a document? Thanks in advance -r From dshaw@jabberwocky.com Mon Jan 13 18:51:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Jan 13 18:51:01 2003 Subject: Certificate Question In-Reply-To: <3E22F919.D2B9DF31@rhythm.com> References: <3E22F919.D2B9DF31@rhythm.com> Message-ID: <20030113175216.GD24274@jabberwocky.com> On Mon, Jan 13, 2003 at 09:36:25AM -0800, Rasoul Hajikhani wrote: > Hello Folks, > I have a question in regards to a gpg certificate. How, or is there way, > to find out who certified a document? Signatures contain the keyid of the signer inside them. If you run gpg on the file, you will see a line that reads something like: gpg: Signature made Mon 13 Jan 2003 12:51:07 PM EST using RSA key ID xxxxxxxx The 'xxxxxxxx' is the keyid of the signer. You can then find that keyid on any keyserver you like to give you a name. If you use 'keyserver-options auto-key-retrieve' in your gpg.conf file, gpg will do this automatically for you. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From madrook@cox.net Mon Jan 13 21:02:02 2003 From: madrook@cox.net (madrook@cox.net) Date: Mon Jan 13 21:02:02 2003 Subject: GnuPG main site down In-Reply-To: <3E22EC09.4030601@vodacomm.ca> Message-ID: <004f01c2bb3e$c3b32820$6f00a8c0@craftsmandigital.com> I was on the site a week ago and downloaded GPG with no troubles, so it existed that recently (unlike the mirrors), so I assume GPG is still actively supported (?). I cannot access the site either though. I'm also curious as to what this implies. Brad > -----Original Message----- > From: gnupg-users-admin@gnupg.org > [mailto:gnupg-users-admin@gnupg.org] On Behalf Of Stephen Bosch > Sent: Monday, January 13, 2003 8:41 AM > To: gnupg-users@gnupg.org > Subject: GnuPG main site down > > > Hi: > > I'm sure I'm not the first or only person who's noticed this, > but I've > only just subscribed to the list -- > > the gnupg.org site is down, has been since at least yesterday > evening, > and I'm worried. I had a look at one of the mirrors and the > information > on that mirror is nearly two years old, so I'm starting to wonder if > Gnupg still exists. Can anybody fill me in? > > -Stephen- > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-> users > From xantor@linux.be Mon Jan 13 22:10:02 2003 From: xantor@linux.be (Michael Anckaert) Date: Mon Jan 13 22:10:02 2003 Subject: GnuPG main site down In-Reply-To: <3E22EC09.4030601@vodacomm.ca> References: <3E22EC09.4030601@vodacomm.ca> Message-ID: <20030113201708.3358bd81.xantor@linux.be> --=.jX,DYz2k4OXhfJ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 13 Jan 2003 09:40:41 -0700 Stephen Bosch wrote: > Hi: > > I'm sure I'm not the first or only person who's noticed this, but I've > > only just subscribed to the list -- > > the gnupg.org site is down, has been since at least yesterday evening, > > and I'm worried. I had a look at one of the mirrors and the > information on that mirror is nearly two years old, so I'm starting to > wonder if Gnupg still exists. Can anybody fill me in? > I'm sure gnupg still exists, maybe some normal server probs or (*fantasy*) malicious government interventions ;) -- Greetings, Michael Anckaert aka The XanTor Email: xantor@linux.be OpenPGP Key: 0xC772D5C1 Jabber: xantor@jabber.org vim, for the real geeks --=.jX,DYz2k4OXhfJ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj4jELkACgkQNXNxmMdy1cFkLACeNr1O6q4TEC02M9a5qWmkMzmc JtIAnjnJCh7bD2J3USpnxdONqgFzULYD =Rvbk -----END PGP SIGNATURE----- --=.jX,DYz2k4OXhfJ-- From hdbtroll@moment.net Mon Jan 13 22:26:02 2003 From: hdbtroll@moment.net (DB Troll) Date: Mon Jan 13 22:26:02 2003 Subject: [Fwd: ftp.gnupg.org down] Message-ID: <3E23302C.2080105@moment.net> This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig37A02F4DB5A9110AAF3C6774 Content-Type: multipart/mixed; boundary="------------030805040707070600000201" This is a multi-part message in MIME format. --------------030805040707070600000201 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit To all of you who have been asking about the ftp server please see the attached. David --------------030805040707070600000201 Content-Type: message/rfc822; name="ftp.gnupg.org down" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ftp.gnupg.org down" Return-Path: Delivered-To: hdbtroll@moment.net Received: (qmail 16729 invoked by uid 0); 8 Jan 2003 07:54:12 -0600 Received: from gnupg-users-admin@gnupg.org by mail.moment.net by uid 92 with qmail-scanner-1.12 (avp. Clear:. Processed in 0.052271 secs); 08 Jan 2003 13:54:12 -0000 Received: from unknown (HELO trithemius.gnupg.org) (217.69.76.44) by smtp.moment.net with SMTP; 8 Jan 2003 07:54:12 -0600 Received: from localhost ([127.0.0.1] helo=trithemius.gnupg.org) by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian)) id 18WGX0-0004zN-00; Wed, 08 Jan 2003 14:46:06 +0100 Received: from kerckhoffs.g10code.com ([217.69.77.222]) by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian)) id 18WGWY-0004xy-00 for ; Wed, 08 Jan 2003 14:45:38 +0100 Received: from porta.u64.de ([194.77.88.106]) by kerckhoffs.g10code.com with esmtp (Exim 3.35 #1 (Debian)) id 18WGUL-0007wy-00 for ; Wed, 08 Jan 2003 14:43:21 +0100 Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.32 #1 (Debian)) id 18WHYo-0001yd-00; Wed, 08 Jan 2003 15:52:02 +0100 Received: from wk by alberti.g10code.de with local (Exim 3.35 #1 (Debian)) id 18WGVr-0000mD-00; Wed, 08 Jan 2003 14:44:55 +0100 To: gnupg-users@gnupg.org Subject: ftp.gnupg.org down From: Werner Koch Organisation: g10 Code GmbH X-Request-PGP: finger:wk@g10code.com X-PGP-KeyID: 621CC013 X-FSFE-Info: http://fsfeurope.org Mail-Followup-To: gnupg-users@gnupg.org Message-ID: <8765sz3gdk.fsf@alberti.g10code.de> User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: gnupg-users-admin@gnupg.org Errors-To: gnupg-users-admin@gnupg.org X-BeenThere: gnupg-users@gnupg.org X-Mailman-Version: 2.0.11 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Help and discussion among users of GnuPG List-Unsubscribe: , List-Archive: X-Original-Date: Wed, 08 Jan 2003 14:44:55 +0100 Date: Wed, 08 Jan 2003 14:44:55 +0100 Hi! The primary FTP server has a problem, we are fixing it ASAP. In the meantime, please use one of the mirrors (see the website for a list of them). Fortunately the Web server is this time up and running ;-) Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users --------------030805040707070600000201-- --------------enig37A02F4DB5A9110AAF3C6774 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+IzA53VVncqMjOZsRAtmAAJ9YyGzvw7eCidxTVaSWxhdHOVrhyQCghb5r 3e14DvhWjOF6j5P8T36S0wE= =pOr8 -----END PGP SIGNATURE----- --------------enig37A02F4DB5A9110AAF3C6774-- From remailer@aarg.net Mon Jan 13 22:47:02 2003 From: remailer@aarg.net (AARG! Anonymous) Date: Mon Jan 13 22:47:02 2003 Subject: [Fwd: lpked draft] Message-ID: > From: voremo@SAFe-mail.net > Source code will be taken from the existing > GPG source tree whenever possible; program > will be distributed as A SINGLE C language > source file: lpked.c. That source will be > public domain, BSD and/or GNU licensed. Are you sure that you can take GNU licensed code and then redistribute it as public domain? Me thinks not. The GNU parts will have to be distributed _only_ under GPL. From private@asgard.cert.dfn.de Mon Jan 13 22:47:12 2003 From: private@asgard.cert.dfn.de (Olaf Gellert) Date: Mon Jan 13 22:47:12 2003 Subject: elGamal Keys to Sign+Encrypt Message-ID: <20030113122344.GA1308@asgard.cert.dfn.de> Hi all, I just tried to generate an elGamal-only key (for signing and encryption). I noticed, that obviously the elGamal-only keys are deprecated in GPG version 1.2.1 and you can only generate them in the expert- mode. Some issues (security flaws, ...) with these keys? We are thinking about which keys we want to sign with our certification authority, so are there any arguments against elGamal (besides that nearly no application can handle them)? Cheers... Olaf -- Olaf Gellert _ - __o gellert@arasca.de _- _`\<,_ http://www.arasca.de/olaf/ - (_)/ (_) ---------------------------------------------------------------------- Most people would sooner die than think; in fact, they do so. -- Bertrand Russell ---------------------------------------------------------------------- From private@asgard.cert.dfn.de Mon Jan 13 22:47:21 2003 From: private@asgard.cert.dfn.de (Olaf Gellert) Date: Mon Jan 13 22:47:21 2003 Subject: Automatic Signing via Script Message-ID: <20030113165004.GA2269@asgard.cert.dfn.de> Hi all, I am writing some scripts for a certification authority. These scripts are presenting the information of the keys to be signed to the person who is signing them, ask if everything is alright, and then just sign the key without further user-interaction. What I do is: Call "gpg --edit-key" with the necessary commands following (so something like gpg --edit-key 1 sign save would choose the first uid and sign it). This works. But: It does not work when signing keys that have an expiry date set, because gpg then asks: This key is due to expire on YYYY-MM-DD. Do you want your signature to expire at the same time? (Y/n) How can I skip this question? I already use "--yes" but it does not work in this case. If I use "--batch" gpg exits in this case. Any suggestions? Cheers... Olaf -- Olaf Gellert _ - __o gellert@arasca.de _- _`\<,_ http://www.arasca.de/olaf/ - (_)/ (_) ---------------------------------------------------------------------- Most people would sooner die than think; in fact, they do so. -- Bertrand Russell ---------------------------------------------------------------------- From thomas-ml@vollmeronline.de Mon Jan 13 22:47:32 2003 From: thomas-ml@vollmeronline.de (Thomas Vollmer) Date: Mon Jan 13 22:47:32 2003 Subject: Instant messaging client with GnuPG support ? In-Reply-To: References: Message-ID: <200301131834.19024.thomas-ml@vollmeronline.de> --Boundary-02=_bivI+HkDWTjK/Mb Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 08 January 2003 00:20, Toxik - Fabian Rodriguez wrote: > Hello, Hi, > I'd like to know if there are any open source IM clients supporting > OpenPGP via GnuPG or else, for Windows ? I use kopete ( see http://kopete.kde.org/ ) from CVS. It works quite=20 good, but only when both sides have kopete. But then it works=20 independed from the IM protocol. Thomas =2D-=20 --Boundary-02=_bivI+HkDWTjK/Mb Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+IvibCF8pGcJq9OsRArPfAKCKmG0DQJHm50Y+HqKu+Oq7L8UWnwCfZPXe iPluAe5ziQVJzlMaFCOEzmk= =AhB5 -----END PGP SIGNATURE----- --Boundary-02=_bivI+HkDWTjK/Mb-- From dshaw@jabberwocky.com Mon Jan 13 23:07:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Jan 13 23:07:02 2003 Subject: GnuPG main site down In-Reply-To: <004f01c2bb3e$c3b32820$6f00a8c0@craftsmandigital.com> References: <3E22EC09.4030601@vodacomm.ca> <004f01c2bb3e$c3b32820$6f00a8c0@craftsmandigital.com> Message-ID: <20030113220822.GF24274@jabberwocky.com> On Mon, Jan 13, 2003 at 12:02:55PM -0800, madrook@cox.net wrote: > I was on the site a week ago and downloaded GPG with no troubles, so it > existed that recently (unlike the mirrors), so I assume GPG is still > actively supported (?). I cannot access the site either though. GnuPG is still very actively supported. The web site seems to have had a failure of some sort. Don't worry, I'm sure it'll be back up soon. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From volker.gaibler@urz.uni-heidelberg.de Tue Jan 14 00:41:02 2003 From: volker.gaibler@urz.uni-heidelberg.de (Volker Gaibler) Date: Tue Jan 14 00:41:02 2003 Subject: elGamal Keys to Sign+Encrypt In-Reply-To: <20030113122344.GA1308@asgard.cert.dfn.de> References: <20030113122344.GA1308@asgard.cert.dfn.de> Message-ID: <20030114004113.A1606@gina.local> On Mon, Jan 13, 2003 at 01:23:44PM +0100, Olaf Gellert wrote: > mode. Some issues (security flaws, ...) with these > keys? > > We are thinking about which keys we want to sign > with our certification authority, so are there any > arguments against elGamal (besides that nearly > no application can handle them)? Don't know too much about security issues for ElGamal keys, but I can just agree with the status "deprecated" because they're *really* slow and when you want to use them to verify emails your readers won't be too happy. I just deleted one because waiting for more than one minute just to verify a signature is not too comfortable. Of course this doesn't mean you should not certify them. Volker -- Volker Gaibler contact: http://www.volker-gaibler.de mail@volker-gaibler.de OpenPGP key: 0x86ECAC0B get my public key from website above +---------------------------------------------------------------------+ From dshaw@jabberwocky.com Tue Jan 14 00:54:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Jan 14 00:54:03 2003 Subject: Automatic Signing via Script In-Reply-To: <20030113165004.GA2269@asgard.cert.dfn.de> References: <20030113165004.GA2269@asgard.cert.dfn.de> Message-ID: <20030113235438.GG24274@jabberwocky.com> On Mon, Jan 13, 2003 at 05:50:05PM +0100, Olaf Gellert wrote: > Hi all, > > I am writing some scripts for a certification authority. > These scripts are presenting the information of the keys to > be signed to the person who is signing them, ask if > everything is alright, and then just sign the key without > further user-interaction. > > What I do is: Call "gpg --edit-key" with the necessary > commands following (so something like gpg --edit-key 1 sign save > would choose the first uid and sign it). > > This works. But: It does not work when signing keys that > have an expiry date set, because gpg then asks: > > This key is due to expire on YYYY-MM-DD. > Do you want your signature to expire at the same time? (Y/n) > > How can I skip this question? I already use "--yes" but it does > not work in this case. If I use "--batch" gpg exits in this > case. Any suggestions? In general, it is not a good idea to drive gpg via the "human being" interface. There may be changes in the interface that break your script. Rather, you should use the --status-fd and --command-fd messages, which are designed for this sort of use. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Tue Jan 14 01:04:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Jan 14 01:04:02 2003 Subject: elGamal Keys to Sign+Encrypt In-Reply-To: <20030113122344.GA1308@asgard.cert.dfn.de> References: <20030113122344.GA1308@asgard.cert.dfn.de> Message-ID: <20030114000522.GH24274@jabberwocky.com> On Mon, Jan 13, 2003 at 01:23:44PM +0100, Olaf Gellert wrote: > I just tried to generate an elGamal-only key (for > signing and encryption). I noticed, that obviously > the elGamal-only keys are deprecated in GPG version > 1.2.1 and you can only generate them in the expert- > mode. Some issues (security flaws, ...) with these > keys? > > We are thinking about which keys we want to sign > with our certification authority, so are there any > arguments against elGamal (besides that nearly > no application can handle them)? Well, that's a pretty big argument against ElGamal ;) It's also incredibly slow, makes big signatures, and requires special care when generating the key or signatures from the key can be forged. However, that said, why should a CA care? I wouldn't make the CA signing key an Elgamal signing key, but it shouldn't matter if you certify an ElGamal key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From christophe ollier Tue Jan 14 01:20:02 2003 From: christophe ollier (christophe ollier) Date: Tue Jan 14 01:20:02 2003 Subject: Problem between version 1.2.1 and hushmail.com Message-ID: <495922966.20030114012619@free.fr> Hello fellow gnupg users, I just ran into a problem using GnuPG to encrypt an email message sent to an hushmail (free) account. Newbie warning : I'm rather new to the world of GnuPG ! Here's what I've done : gpg -r autoXXXX@hushmail.com --armor --encrypt my_message Then I sent the output to the above adress. Here's the error message I got on hushmail.com : "An encrypted message should only have at least one public key encrypted session key packet and a symmetricaly encrypted data packet". Am I doing something wrong, or is something broken with GnuPG or Hushmail ? Thanks for your help ! -- Best regards, christophe ollier c.ollier@free.fr Il y a 10 sortes de personnes : celles qui pensent en binaire et les autres. From dshaw@jabberwocky.com Tue Jan 14 03:26:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Jan 14 03:26:02 2003 Subject: elGamal Keys to Sign+Encrypt In-Reply-To: References: <20030114000522.GH24274@jabberwocky.com> Message-ID: <20030114022708.GC29894@jabberwocky.com> On Mon, Jan 13, 2003 at 04:57:06PM -0800, Len Sassaman wrote: > On Mon, 13 Jan 2003, David Shaw wrote: > > > However, that said, why should a CA care? I wouldn't make the CA > > signing key an Elgamal signing key, but it shouldn't matter if you > > certify an ElGamal key. > > It depends on your CSP. A CA is making an assertion that the entity > possessing the secret key corresponding to a given public key is or has > some bit of information included in the certificate. Well, I agree that it comes down to policy. My point was that there is no technical issue with making such a signature. However, it is an interesting question what the appropriate policy is. > If the public key algorithm is too weak to reasonably trust that the > private key cannot be discovered by a third party, it is not wise to > sign. Traditional OpenPGP certification signatures do not attempt to say more than some variation on "I certify that such-and-such entity (or role) matches such-and-such key". I'm not talking about trust signatures here, of course, which are a different beast. It raises some interesting issues whether the signer should take into account something other than key ownership when making a certification. There are of course exceptions to this, and a signer is free to do whatever the heck they like anyway. How different is the example above with signing the key of someone who is known to make willy-nilly bad signatures? Your certification is still strong, despite the poor certification policy that the keyholder has. On the other side of this is the fact that nobody likes to be the one to "enable" a weak link in the web of trust. No one answer here, I'm afraid. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From ingo.kloecker@epost.de Tue Jan 14 09:10:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Tue Jan 14 09:10:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> References: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> Message-ID: <200301140007.20979@erwin.ingo-kloecker.de> --Boundary-02=_oa0I+rBMC7kzKKX Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 10 January 2003 18:28, vedaal@hush.com wrote: > assuming that gnupg wraps a clearsigned message at 64 characters, > and pgp at 76 characters Neither GnuPG nor PGP do any line wrapping. The lines are wrapped by the=20 applications (e.g. the mail clients) that use gpg/pgp to clearsign=20 messages. Regards, Ingo --Boundary-02=_oa0I+rBMC7kzKKX Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+I0aoGnR+RTDgudgRAmNtAJ9bNP5WQD/MVNJun1N1c+uEhJuYlwCeNHO9 h+gv3lKppc7mqNZ8BO8KNuM= =muZP -----END PGP SIGNATURE----- --Boundary-02=_oa0I+rBMC7kzKKX-- From ingo.kloecker@epost.de Tue Jan 14 09:11:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Tue Jan 14 09:11:02 2003 Subject: BAD signature (was Re: Article on PGP uses Gnupg :)) In-Reply-To: <1042216639.1283.5.camel@altfrangg.fortytwo.ch> References: <20030109222410.GC27783@jabberwocky.com> <1042216639.1283.5.camel@altfrangg.fortytwo.ch> Message-ID: <200301140018.27269@erwin.ingo-kloecker.de> --Boundary-02=_Dl0I+966/z0a3zw Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 10 January 2003 17:37, Adrian 'Dagurashibanipal' von Bidder=20 wrote: > The ongoing let's-annoy-everybody-as-long-as-it-doesn't-work > campain... > > On Fri, 2003-01-10 at 00:09, Charly Avital wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > gpg: Signature made Fri Jan 10 00:08:57 2003 CET using DSA key ID > C91B085E gpg: BAD signature from "Charly Avital (1.0.7) > " Same here with KMail 1.5. So at l(e)ast KMail and Evolution agree. ;-) Regards, Ingo --Boundary-02=_Dl0I+966/z0a3zw Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+I0lDGnR+RTDgudgRAqp6AJ0QXyZLaBbuSWa8R0gLAFRrnJjV1wCbBJO8 HjOCx5zIGsMiqXQH3Ghim3Y= =kdGJ -----END PGP SIGNATURE----- --Boundary-02=_Dl0I+966/z0a3zw-- From ingo.kloecker@epost.de Tue Jan 14 09:11:05 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Tue Jan 14 09:11:05 2003 Subject: newbie problem about signing In-Reply-To: <3E203775.5080404@tfz.net> References: <3E203775.5080404@tfz.net> Message-ID: <200301140030.29032@erwin.ingo-kloecker.de> --Boundary-02=_Uw0I+Sa4NIQEjH+ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Saturday 11 January 2003 16:25, S C wrote: > hi, > i was using pgp 6.5.8 ckt in my windows box, i exported my keys > including private ones and imported them using gnupgp in my linux. You have to give your keys ultimate trust (cf. Matt's message) because=20 GnuPG doesn't trust secret keys anymore automatically since GnuPG=20 1.0.7. Regards, Ingo --Boundary-02=_Uw0I+Sa4NIQEjH+ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+I0wUGnR+RTDgudgRAgunAKC3RUO264eMXdjx+BGEf8sF478fXACfY3zf KgICUq9w/7ruDR5IN5BPVuQ= =b9Bs -----END PGP SIGNATURE----- --Boundary-02=_Uw0I+Sa4NIQEjH+-- From wk@gnupg.org Tue Jan 14 11:12:01 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Jan 14 11:12:01 2003 Subject: GnuPG main site down In-Reply-To: <20030113220822.GF24274@jabberwocky.com> (David Shaw's message of "Mon, 13 Jan 2003 17:08:22 -0500") References: <3E22EC09.4030601@vodacomm.ca> <004f01c2bb3e$c3b32820$6f00a8c0@craftsmandigital.com> <20030113220822.GF24274@jabberwocky.com> Message-ID: <87bs2kca6k.fsf@alberti.g10code.de> On Mon, 13 Jan 2003 17:08:22 -0500, David Shaw said: > GnuPG is still very actively supported. The web site seems to have > had a failure of some sort. Don't worry, I'm sure it'll be back up We had a disk crash on ftp.gnupg.org so we let www.gnupg.org also handle the ftp traffic until the other box gets fixed. Unfortunately it makes Caudium (our web and ftp server) even more unstable. I am sorry for that, Werner From martin.bretschneider@gmx.de Tue Jan 14 11:26:01 2003 From: martin.bretschneider@gmx.de (Martin Bretschneider) Date: Tue Jan 14 11:26:01 2003 Subject: What kind of key do I have? Message-ID: --=.aY9Abu3p7VaoaO Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: base64 SGkgR251UEdzLA0KDQpJIGZpbGwgYSBmb3JtIHRvIG1ha2UgYSBjZXJ0aWZpY2F0aW9uIG1vdGlv brkuIEkgaGF2ZSB0byBzcGVjaWZ5DQp3aGV0aGVyIG15IGtleSBpcyBSU0Egb3IgRFNTL0RIIGJ1 dCBJIGd1ZXNzIEkgaGF2ZSBEU0EgJiBFbEdhbWFsDQooZGVmYXVsdCBvZiBHbnVQRykuIEFtIEkg cmlnaHQ/IEFyZSB0aGVzZSBrZXlzIHVzZWFibGUgd2l0aCBQR1ANCjUuMGkoTGludXgpPw0KDQpJ J3ZlIGNyZWF0ZWQgbXkga2V5cyAoMHg0RUE1MjU4MykgaW4gQXByaWwgb2YgMjAwMSB1c2luZyBH bnVQRyAxLjAuNA0Kb3Igc28uIE5vdyBJIHVzZSBHbnVQRyAxLjIuMS4NCg0KVElBIGFuZCBraW5k IHJlZ2FyZHMgZnJvbSBHZXJtYW55DQoNCrljJ3QgLSBjcnlwdG8tY2FtcGFpZ24gLS0+IGh0dHA6 Ly93d3cuaGVpc2UuZGUvY3QvcGdwQ0EvDQotLSANCiAgIHd3dy5icmV0c2NobmVpZGVybmV0LmRl ICAgT3BlblBHUF8weDRFQTUyNTgzICAgICAgIElDUV8xMTA1NDM4MjQNCiAgICAgICAgICAgIF9v KShvXyAgICAgICAgICAgICAgICAgICAgICBNYXJrIFR3YWluOg0KICAgICAgICAgIC0uL1xcLy9c Li0gICAgICAgICAgICAgV2hlcmUgcHJlanVkaWNlIGV4aXN0cyBpdA0KICAgICAgICAgICBfXF9W Vl8vXyAgICAgICAgICAgYWx3YXlzIGRpc2NvbG9ycyBvdXIgdGhvdWdodHMuDQo= --=.aY9Abu3p7VaoaO Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+I+XGGK1ebE6lJYMRAp8aAJ48ck8yd2jFOZjQ8W4dqcsMhpW1sACgiEhb aRn1c5751DZmsZnF2d9FKCg= =Vc+/ -----END PGP SIGNATURE----- --=.aY9Abu3p7VaoaO-- From peter@palfrader.org Tue Jan 14 12:03:02 2003 From: peter@palfrader.org (Peter Palfrader) Date: Tue Jan 14 12:03:02 2003 Subject: --edit and trustdb Message-ID: <20030114004814.GB24358@valiant> --f2QGlHpHGjS2mn6Y Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, running gnupg --edit (and so --sign-key as well) requires that the trust database is up to date. When signing several keys in batch this is taking up a lot of time since the trustdb gets obsolete after each minor modfication - like signing a key. Is there anything I can do to make it run faster (i.e. skip the trustdb update for --edit/--sign-key)? (waiting for almost two minutes every time is quite a bit annoying[0]) yours, peter (running 1.2.2rc1) 0. Yes, the keydb cashes are rebuilt. --=20 PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ --f2QGlHpHGjS2mn6Y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2rc1 (GNU/Linux) iD8DBQE+I15O3nqvbpTAnH8RAgM3AKCyf5S9BAgceyqH4/4PeBIP25dMVgCbB4J3 hvkJ0Xdqo867cjl5sh0VbL8= =538b -----END PGP SIGNATURE----- --f2QGlHpHGjS2mn6Y-- From rabbi@abditum.com Tue Jan 14 12:03:09 2003 From: rabbi@abditum.com (Len Sassaman) Date: Tue Jan 14 12:03:09 2003 Subject: Problem between version 1.2.1 and hushmail.com In-Reply-To: <495922966.20030114012619@free.fr> Message-ID: On Tue, 14 Jan 2003, christophe ollier wrote: > Am I doing something wrong, or is something broken with GnuPG or > Hushmail ? This is a known issue with Hushmail. I reported it to them a few months ago. I believe that it should be fixed in the next version of Hushmail. For now, you can work-around by adding the --disable-mdc flag to the gpg commandline prior to encrypting. From rabbi@abditum.com Tue Jan 14 12:03:16 2003 From: rabbi@abditum.com (Len Sassaman) Date: Tue Jan 14 12:03:16 2003 Subject: elGamal Keys to Sign+Encrypt In-Reply-To: <20030114000522.GH24274@jabberwocky.com> Message-ID: On Mon, 13 Jan 2003, David Shaw wrote: > However, that said, why should a CA care? I wouldn't make the CA > signing key an Elgamal signing key, but it shouldn't matter if you > certify an ElGamal key. It depends on your CSP. A CA is making an assertion that the entity possessing the secret key corresponding to a given public key is or has some bit of information included in the certificate. If the public key algorithm is too weak to reasonably trust that the private key cannot be discovered by a third party, it is not wise to sign. Similar logic dictates that Verisign is broken for signing 384 bit RSA SSL certificates. From wk@gnupg.org Tue Jan 14 13:02:01 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Jan 14 13:02:01 2003 Subject: --edit and trustdb In-Reply-To: <20030114004814.GB24358@valiant> (Peter Palfrader's message of "Tue, 14 Jan 2003 01:48:15 +0100") References: <20030114004814.GB24358@valiant> Message-ID: <8765ss9byr.fsf@alberti.g10code.de> On Tue, 14 Jan 2003 01:48:15 +0100, Peter Palfrader said: > key. Is there anything I can do to make it run faster (i.e. skip the > trustdb update for --edit/--sign-key)? (waiting for almost two minutes > every time is quite a bit annoying[0]) I always use --no-auto-check-trustdb and run --check-trustdb when GnuPG indicates that it should be run. You can also put a gpg --batch --check-trustdb into cour crontab. From pt@radvis.nu Tue Jan 14 13:43:02 2003 From: pt@radvis.nu (Per Tunedal) Date: Tue Jan 14 13:43:02 2003 Subject: What kind of key do I have? In-Reply-To: Message-ID: <5.1.0.14.2.20030114124640.02934fc0@localhost> At 11:26 2003-01-14 +0100, you wrote: >Hi GnuPGs, > >I fill a form to make a certification motion=B9. I have to specify >whether my key is RSA or DSS/DH but I guess I have DSA & ElGamal >(default of GnuPG). Am I right? Are these keys useable with PGP >5.0i(Linux)? > >I've created my keys (0x4EA52583) in April of 2001 using GnuPG 1.0.4 >or so. Now I use GnuPG 1.2.1. > >TIA and kind regards from Germany > Hi Martin, Your key is a DSS/DH which is the same as DSA & ElGamal. The key type is=20 default both when using GPG and PGP. Per Tunedal=20 From gellert@arasca.de Tue Jan 14 15:31:02 2003 From: gellert@arasca.de (Olaf Gellert) Date: Tue Jan 14 15:31:02 2003 Subject: Automatic Signing via Script In-Reply-To: <20030113235438.GG24274@jabberwocky.com> References: <20030113165004.GA2269@asgard.cert.dfn.de> <20030113235438.GG24274@jabberwocky.com> Message-ID: <20030114122853.GA1492@asgard.local> Hi David, > > I am writing some scripts for a certification authority. > > These scripts are presenting the information of the keys to > > be signed to the person who is signing them, ask if > > everything is alright, and then just sign the key without > > further user-interaction. > > > > What I do is: Call "gpg --edit-key" with the necessary > > commands following (so something like gpg --edit-key 1 sign save > > would choose the first uid and sign it). > > > > This works. But: It does not work when signing keys that > > have an expiry date set, because gpg then asks: > > > > This key is due to expire on YYYY-MM-DD. > > Do you want your signature to expire at the same time? (Y/n) > > > > How can I skip this question? I already use "--yes" but it does > > not work in this case. If I use "--batch" gpg exits in this > > case. Any suggestions? > > In general, it is not a good idea to drive gpg via the "human being" > interface. There may be changes in the interface that break your > script. > > Rather, you should use the --status-fd and --command-fd messages, > which are designed for this sort of use. I was already aware of --status-fd and --passphrase-fd but not of --command-fd. I think this will solve my problem (looks good). Thanks, David! Cheers... Olaf -- Olaf Gellert _ - __o gellert@arasca.de _- _`\<,_ http://www.arasca.de/olaf/ - (_)/ (_) ---------------------------------------------------------------------- Most people would sooner die than think; in fact, they do so. -- Bertrand Russell ---------------------------------------------------------------------- From avbidder@fortytwo.ch Tue Jan 14 15:47:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Jan 14 15:47:02 2003 Subject: What kind of key do I have? In-Reply-To: References: Message-ID: <1042555675.667.15.camel@altfrangg.fortytwo.ch> --=-jKah8U1lP+XxFQqTiQmA Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable On Tue, 2003-01-14 at 11:26, Martin Bretschneider wrote: > Hi GnuPGs, >=20 > I fill a form to make a certification motion=B9. I have to specify > whether my key is RSA or DSS/DH but I guess I have DSA & ElGamal > (default of GnuPG). Am I right? Are these keys useable with PGP > 5.0i(Linux)? >=20 > I've created my keys (0x4EA52583) in April of 2001 using GnuPG 1.0.4 > or so. Now I use GnuPG 1.2.1. Hi! You can see the key type from the gpg --list-key output: pub 1024D/4EA52583 ... sub 4096g/364DD298 ... This means a 1024 bit DSA key with a 4096 bit ElGamal subkey. RSA keys have 'R'. cheers -- vbi --=20 featured link: http://fortytwo.ch/gpg/subkeys --=-jKah8U1lP+XxFQqTiQmA Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4kIxssGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99bR9QCgte8MFF9PSQBLSOVQ1uJKToUyimIA oJoITD4fkKCteW8SFWWlr6RMf76U =QYXv -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-jKah8U1lP+XxFQqTiQmA-- From Owen.Singleton@ubsw.com Tue Jan 14 17:12:02 2003 From: Owen.Singleton@ubsw.com (Owen.Singleton@ubsw.com) Date: Tue Jan 14 17:12:02 2003 Subject: Please Help - Compilation Failed on Solaris 8 Message-ID: <16EDF46C7F8E0B43947A13EC734B4018AC2A89@NZURC900PEX1.ubsgs.ubsgroup.net> Hello, I'm attempting to compile gnupg 1.2.1 on Solaris 8 but am getting an = error. The details are below. Any help would be greatly appreciated. Best Regards, Owen Singleton gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 = -Wall -c `test -f 'misc.c' || echo './'`misc.c In file included from misc.c:35: /usr/include/sys/resource.h:193: warning: `struct rlimit64' declared = inside parameter list /usr/include/sys/resource.h:193: warning: its scope is only this = definition or declaration, /usr/include/sys/resource.h:193: warning: which is probably not what you = want. /usr/include/sys/resource.h:194: warning: `struct rlimit64' declared = inside parameter list misc.c: In function `disable_core_dumps': misc.c:91: storage size of `limit' isn't known misc.c:91: warning: unused variable `limit' make[2]: *** [misc.o] Error 1 make[2]: Leaving directory `/home/singleow/gnupg-1.2.1/g10' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/singleow/gnupg-1.2.1' make: *** [all] Error=20 Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. From dshaw@jabberwocky.com Tue Jan 14 17:55:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Jan 14 17:55:02 2003 Subject: What kind of key do I have? In-Reply-To: <1042555675.667.15.camel@altfrangg.fortytwo.ch> References: <1042555675.667.15.camel@altfrangg.fortytwo.ch> Message-ID: <20030114165552.GA6956@jabberwocky.com> On Tue, Jan 14, 2003 at 03:47:56PM +0100, Adrian 'Dagurashibanipal' von B= idder wrote: > On Tue, 2003-01-14 at 11:26, Martin Bretschneider wrote: > > Hi GnuPGs, > >=20 > > I fill a form to make a certification motion=B9. I have to specify > > whether my key is RSA or DSS/DH but I guess I have DSA & ElGamal > > (default of GnuPG). Am I right? Are these keys useable with PGP > > 5.0i(Linux)? > >=20 > > I've created my keys (0x4EA52583) in April of 2001 using GnuPG 1.0.4 > > or so. Now I use GnuPG 1.2.1. >=20 > Hi! >=20 > You can see the key type from the gpg --list-key output: >=20 > pub 1024D/4EA52583 ... > sub 4096g/364DD298 ... >=20 > This means a 1024 bit DSA key with a 4096 bit ElGamal subkey. RSA keys > have 'R'. Some keys don't map particularly well to the "RSA" vs "DSS/DH" question. My key (99242560) is a "RSA/DH". Adrian, what would your key be - a DSS/DH/DSS/DSS? ;) David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From avbidder@fortytwo.ch Tue Jan 14 18:23:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Jan 14 18:23:02 2003 Subject: What kind of key do I have? In-Reply-To: <20030114165552.GA6956@jabberwocky.com> References: <1042555675.667.15.camel@altfrangg.fortytwo.ch> <20030114165552.GA6956@jabberwocky.com> Message-ID: <1042565071.667.45.camel@altfrangg.fortytwo.ch> --=-2yhGBRpe8TFlMdNVQ90E Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2003-01-14 at 17:55, David Shaw wrote: > > You can see the key type from the gpg --list-key output: > >=20 > > pub 1024D/4EA52583 ... > > sub 4096g/364DD298 ... > >=20 > > This means a 1024 bit DSA key with a 4096 bit ElGamal subkey. RSA keys > > have 'R'. >=20 > Some keys don't map particularly well to the "RSA" vs "DSS/DH" > question. My key (99242560) is a "RSA/DH". Adrian, what would your > key be - a DSS/DH/DSS/DSS? ;) Hmmm, good question :-) I *meant* to indicate that the 'g' in the subkey description stands for ElGamal and the 'D' stands for DSA. The heise form having only the choice of RSA and DSS/DH, I'd probably chose the type of the primary, or ... I think for all purposes the pgpca at c't (heise) it's not really about RSA vs. PGP but it's about pgp2 compatibility or not. So they really should correct that form to 'v3 key vs. v4 key', but how is a user going to tell the difference then??? ... I'd chose DSS/DH even if my primary were RSA, because no pgp2 user ever is going to use my key. (Yes, I've not written this email in sequential order.) Speaking about the Heise keys... can anyone tell me what they'd need an encryption subkey for? cheers -- vbi --=20 featured link: http://fortytwo.ch/smtp --=-2yhGBRpe8TFlMdNVQ90E Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4kR88sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99bTngCgmwWXOIP81jnJBH3+cqmiimDwmTEA oNFWIPJi1DAx96HuVYLjn6Ix6wpZ =77Ao -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-2yhGBRpe8TFlMdNVQ90E-- From pt@radvis.nu Tue Jan 14 19:43:02 2003 From: pt@radvis.nu (Per Tunedal) Date: Tue Jan 14 19:43:02 2003 Subject: elGamal Keys to Sign+Encrypt Message-ID: <5.1.0.14.2.20030114194235.0291a608@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 21:27 2003-01-13 -0500, you wrote: >On Mon, Jan 13, 2003 at 04:57:06PM -0800, Len Sassaman wrote: >> On Mon, 13 Jan 2003, David Shaw wrote: >> >> > However, that said, why should a CA care? I wouldn't make the CA >> > signing key an Elgamal signing key, but it shouldn't matter if you >> > certify an ElGamal key. >> >> It depends on your CSP. A CA is making an assertion that the entity >> possessing the secret key corresponding to a given public key is or has >> some bit of information included in the certificate. > >Well, I agree that it comes down to policy. My point was that there >is no technical issue with making such a signature. > >However, it is an interesting question what the appropriate policy is. > >> If the public key algorithm is too weak to reasonably trust that the >> private key cannot be discovered by a third party, it is not wise to >> sign. > >Traditional OpenPGP certification signatures do not attempt to say >more than some variation on "I certify that such-and-such entity (or >role) matches such-and-such key". I'm not talking about trust >signatures here, of course, which are a different beast. It raises >some interesting issues whether the signer should take into account >something other than key ownership when making a certification. There >are of course exceptions to this, and a signer is free to do whatever >the heck they like anyway. > >How different is the example above with signing the key of someone who >is known to make willy-nilly bad signatures? Your certification is >still strong, despite the poor certification policy that the keyholder >has. On the other side of this is the fact that nobody likes to be >the one to "enable" a weak link in the web of trust. > >No one answer here, I'm afraid. > >David > > My answer is that it is important that a CA publishes the policy. Everyone can then decide how much to trust the CA (that applies to the robot-CA as well ...) It might be useful with a CA with a restrictive policy: it might be more trusted than other CA:s. In fact it's the only reson not to have only robot-CA:s: i.e. a human CA has the advantage to be able to perform complicated checks and have a judgment of what to sign. Even a robot can deny to sign certain kinds of keys ... ;-) Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.9096 iD8DBQE+JFpBV+WjFXkFqqkRAmwmAKD5kmjK3ViTuN2kuVjXR619uulLhQCgsD6S jjuBe9lh9T4vV47D06XbI2M= =k3ZO -----END PGP SIGNATURE----- From vedaal@hush.com Tue Jan 14 19:45:01 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Tue Jan 14 19:45:01 2003 Subject: TAB at EOL (GPG and PGP interoperability) Message-ID: <200301141846.h0EIk318052450@mailserver4.hushmail.com> >Message: 1 >From: Ingo =?iso-8859-1?q?Kl=F6cker?= >To: gnupg-users@gnupg.org >Subject: Re: TAB at EOL (GPG and PGP interoperability) >Date: Tue, 14 Jan 2003 00:07:16 +0100 .. >On Friday 10 January 2003 18:28, vedaal@hush.com wrote: >> assuming that gnupg wraps a clearsigned message at 64 characters, > >> and pgp at 76 characters > >Neither GnuPG nor PGP do any line wrapping. The lines are wrapped >by the=20 >applications (e.g. the mail clients) that use gpg/pgp to clearsign=20 >messages. .. if you mean that neither pgp nor gnupg wrap a line that ends with a tab followed by a character, this is true only for pgp, which, even though it wraps at 76, will not wrap if there is a tab anywhere after position 76 for gnupg, as long as the position of wrapping will not result in a line ending with a tab, then it will wrap, usually at position 64 {is it possible to change the position of the wrapping in gnupg i.e. the length of the line ?} tia, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From dshaw@jabberwocky.com Tue Jan 14 20:49:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Jan 14 20:49:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <200301140007.20979@erwin.ingo-kloecker.de> References: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> <200301140007.20979@erwin.ingo-kloecker.de> Message-ID: <20030114195008.GK7972@jabberwocky.com> On Tue, Jan 14, 2003 at 12:07:16AM +0100, Ingo Kl=F6cker wrote: Content-Description: signed data > On Friday 10 January 2003 18:28, vedaal@hush.com wrote: > > assuming that gnupg wraps a clearsigned message at 64 characters, > > and pgp at 76 characters >=20 > Neither GnuPG nor PGP do any line wrapping. The lines are wrapped by th= e=20 > applications (e.g. the mail clients) that use gpg/pgp to clearsign=20 > messages. PGP does have a word wrap function. Since some mailers do their wrapping after PGP has been run on the mail, that would break the signature. To help avoid this, PGP can wrap as part of the signing function. The idea is you make PGP wrap at a lower value than your mail client, so the mail client never has anything to do. GnuPG never wraps. Mailers in the *nix world tend to handle filtering properly so it is not necessary. I'm not sure if WinPT wraps or not. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.co= m/ +------------------------------------------------------------------------= ---+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Tue Jan 14 22:47:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Jan 14 22:47:02 2003 Subject: What kind of key do I have? In-Reply-To: <1042565071.667.45.camel@altfrangg.fortytwo.ch> References: <1042555675.667.15.camel@altfrangg.fortytwo.ch> <20030114165552.GA6956@jabberwocky.com> <1042565071.667.45.camel@altfrangg.fortytwo.ch> Message-ID: <20030114214736.GM7972@jabberwocky.com> On Tue, Jan 14, 2003 at 06:24:31PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > I think for all purposes the pgpca at c't (heise) it's not really about > RSA vs. PGP but it's about pgp2 compatibility or not. So they really > should correct that form to 'v3 key vs. v4 key', but how is a user going > to tell the difference then??? True. In fact, some programmers have made the same mistake and used "is it an RSA key" when they should have asked "is it a v3 key". That's why v4 RSA keys have mangled keyids on the pksd keyserver, and why you can't search for v4 RSA keys by subkey ID on the LDAP keyserver. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From twoaday@freakmail.de Tue Jan 14 23:08:03 2003 From: twoaday@freakmail.de (Timo Schulz) Date: Tue Jan 14 23:08:03 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <20030114195008.GK7972@jabberwocky.com> References: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> <200301140007.20979@erwin.ingo-kloecker.de> <20030114195008.GK7972@jabberwocky.com> Message-ID: <20030114214433.GA1054@daredevil.joesixpack.net> On Tue Jan 14 2003; 14:50, David Shaw wrote: > GnuPG never wraps. Mailers in the *nix world tend to handle filtering > properly so it is not necessary. I'm not sure if WinPT wraps or not. There is a setting for this. If it's enabled WinPT do some wrapping. Timo From johanw@vulcan.xs4all.nl Wed Jan 15 01:09:09 2003 From: johanw@vulcan.xs4all.nl (Johan Wevers) Date: Wed Jan 15 01:09:09 2003 Subject: What kind of key do I have? In-Reply-To: from Martin Bretschneider at "Jan 14, 2003 11:26:09 am" Message-ID: <200301142050.VAA01778@vulcan.xs4all.nl> Martin Bretschneider wrote: > Are these keys useable with PGP 5.0i(Linux)? Probably yes, but you should not use pgp 5.0i for any Unix because it contains a faulty random number generator. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From ingo.kloecker@epost.de Wed Jan 15 02:03:04 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Wed Jan 15 02:03:04 2003 Subject: What kind of key do I have? In-Reply-To: <1042565071.667.45.camel@altfrangg.fortytwo.ch> References: <20030114165552.GA6956@jabberwocky.com> <1042565071.667.45.camel@altfrangg.fortytwo.ch> Message-ID: <200301150154.01167@erwin.ingo-kloecker.de> --Boundary-02=_pELJ+bSJbGJLFH5 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Tuesday 14 January 2003 18:24, Adrian 'Dagurashibanipal' von Bidder=20 wrote: > Speaking about the Heise keys... can anyone tell me what they'd need > an encryption subkey for? Most likely they simply generated their certification key 0xB3B2A12C as=20 standard key and didn't realize that the encryption subkey is=20 superfluous. Regards, Ingo --Boundary-02=_pELJ+bSJbGJLFH5 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+JLEpGnR+RTDgudgRAlMOAKDcOTzoQVlomYQAhskCm4TlhpE2FACeKPH4 n49XRuh8EuZAxpRh2aIbNJY= =lEWQ -----END PGP SIGNATURE----- --Boundary-02=_pELJ+bSJbGJLFH5-- From ingo.kloecker@epost.de Wed Jan 15 02:03:07 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Wed Jan 15 02:03:07 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <200301141846.h0EIk318052450@mailserver4.hushmail.com> References: <200301141846.h0EIk318052450@mailserver4.hushmail.com> Message-ID: <200301150201.03327@erwin.ingo-kloecker.de> --Boundary-02=_PLLJ+m2LwcwNhMX Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Tuesday 14 January 2003 19:46, vedaal@hush.com wrote: > From: Ingo Kl=F6cker > > Neither GnuPG nor PGP do any line wrapping. The lines are wrapped > > by the applications (e.g. the mail clients) that use gpg/pgp to > > clearsign messages. > > if you mean that neither pgp nor gnupg wrap a line that ends with a > tab followed by a character, > this is true only for pgp, which, even though it wraps at 76, > will not wrap if there is a tab anywhere after position 76 > > for gnupg, as long as the position of wrapping will not result in a > line ending with a tab, then it will wrap, usually at position 64 Huh? If I run > echo "1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234=20 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234=20 6789 1234 6789 1234 6789 1234 6789 1234 6789" | gpg --clearsign then this will result in a single (not wrapped) clearsigned line. How do=20 you make gpg wrap lines? Regards, Ingo --Boundary-02=_PLLJ+m2LwcwNhMX Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+JLLPGnR+RTDgudgRArI0AJ4gra5Z5zKTN9+TM677EPrdBnsezwCeLIlX IEaYmciVf7KdnmnajeZ2y8M= =M0B/ -----END PGP SIGNATURE----- --Boundary-02=_PLLJ+m2LwcwNhMX-- From volker.gaibler@urz.uni-heidelberg.de Wed Jan 15 02:43:11 2003 From: volker.gaibler@urz.uni-heidelberg.de (Volker Gaibler) Date: Wed Jan 15 02:43:11 2003 Subject: What kind of key do I have? In-Reply-To: References: Message-ID: <20030115024103.C2002@gina.local> Hi, On Tue, Jan 14, 2003 at 11:26:09AM +0100, Martin Bretschneider wrote: > I fill a form to make a certification motion=B9. I have to specify > whether my key is RSA or DSS/DH but I guess I have DSA & ElGamal > (default of GnuPG). Am I right? Are these keys useable with PGP > 5.0i(Linux)? just a short note: Take care that your key has one subkey only because they manage the keys via a keyserver (with the well known bug that mangles the keys) - at least that happened with my key last year.=20 So if you've got more than one subkey, maybe you should send them a copy without the other subkeys. When you get the key back their signature will be merged into your complete key. Cheers, Volker --=20 Volker Gaibler contact: http://www.volker-gaibler.de mail@volker-gaibler.de OpenPGP key: 0x86ECAC0B get my public key from website above=20 +---------------------------------------------------------------------+ From colstar@iprimus.com.au Wed Jan 15 02:47:11 2003 From: colstar@iprimus.com.au (Colin Brown) Date: Wed Jan 15 02:47:11 2003 Subject: (no subject) Message-ID: <000001c2bc38$1ccd9220$e26e32d2@workstation> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I would like to write a front end for GnuPG using C# .net, a bit like a = PGP clone for windows. And I am wondering if there is a SDK available for GnuPG for the windows = environment. Any help appreciated with this enquiry Many Thanks Colin. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE+JL1Aa7XhVS1wirkRAvnAAJ9SPfM63pZU03ZuiVmyR+a9W3Kc9QCdFvln NvrPlWT8ZGDB0HJP23Garak=3D =3DWPdX -----END PGP SIGNATURE----- From colstar@iprimus.com.au Wed Jan 15 07:56:07 2003 From: colstar@iprimus.com.au (Colin Brown) Date: Wed Jan 15 07:56:07 2003 Subject: GnuPG SDK Message-ID: <000401c2bc63$6456f5c0$6a6b32d2@workstation> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I would like to write a front end for GnuPG using C# .net, a bit like a = PGP clone for windows. And I am wondering if there is a SDK available = for GnuPG for the windows environment. Any help appreciated with this enquiry Many Thanks Colin. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE+JQZca7XhVS1wirkRAsGjAKCSkNOT1mm844g3EZXvfVJ8qyagdACgicf5 4t1+CN/owB5q1o1k/l6B1Mw=3D =3DMsiY -----END PGP SIGNATURE----- From pt@radvis.nu Wed Jan 15 09:18:16 2003 From: pt@radvis.nu (Per Tunedal) Date: Wed Jan 15 09:18:16 2003 Subject: Decoded message was: Re: Article on PGP uses Gnupg :) In-Reply-To: <1EF49859-26AD-11D7-B985-000A27B4DEFC@rbisland.cx> References: <20030110042806.GA5975@mail.volta.dyndns.org> Message-ID: <5.1.0.14.2.20030115091251.029155f0@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 23:11 2003-01-12 -0500, you wrote: > >On Thursday, January 9, 2003, at 11:28 PM, mike ledoux wrote: > >> I've used my Amazing Powers(tm)[1] to decode the message[2], which was: >> >> Now is the time for all good men to come to the aid of their country. > >Ahem, in that case, let's hope that no one actually uses that key. Of >course, since the person is obviously a Mac GPG users, he would never, >ever do anything like that. ;-) > >-- >Gordon Worley - Mac GPG Project What's the implication of this? The encryption key 0x7846C3D2 that Christopher Allbritton used is a 1024 bits ElGamal key. Can it easily be broken? What's Amazing Powers(tm)?? How fast was the message decoded? On what kind of hardware? Should the keys be longer for secure encryption? And what about the signing keys? Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.9096 iD8DBQE+JRllV+WjFXkFqqkRAtvzAJ96HVXgWusg4HytRx/ekwz1Gjr/NwCgr0bM 9MzopdTiEB9BiqoAvmDIWrM= =lCaM -----END PGP SIGNATURE----- From anton.bruckner@gmx.net Wed Jan 15 11:08:02 2003 From: anton.bruckner@gmx.net (Anton Bruckner) Date: Wed Jan 15 11:08:02 2003 Subject: newbie : passphrase as an env. variable or command-line option ? References: Message-ID: <003a01c2bbc2$ff623170$3498fea9@gornd> Hello, Is there a possibility of giving the passphrase in the command line or as an environnement variable so as to have no further interaction with gpg, or should one use the library instead ? I didnt find it in the documentation. Many Thanks, Anton Bruckner From peter@palfrader.org Wed Jan 15 11:08:10 2003 From: peter@palfrader.org (Peter Palfrader) Date: Wed Jan 15 11:08:10 2003 Subject: --edit and trustdb In-Reply-To: <8765ss9byr.fsf@alberti.g10code.de> References: <20030114004814.GB24358@valiant> <8765ss9byr.fsf@alberti.g10code.de> Message-ID: <20030114121224.GJ24358@valiant> --FEz7ebHBGB6b2e8X Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, 14 Jan 2003, Werner Koch wrote: > On Tue, 14 Jan 2003 01:48:15 +0100, Peter Palfrader said: >=20 > > key. Is there anything I can do to make it run faster (i.e. skip the > > trustdb update for --edit/--sign-key)? (waiting for almost two minutes > > every time is quite a bit annoying[0]) >=20 > I always use --no-auto-check-trustdb and run --check-trustdb when > GnuPG indicates that it should be run. You can also put a > gpg --batch --check-trustdb=20 > into cour crontab. Ah. I remember having tried that several months back and I think it didn't convince me then (either it worked not that well or I expected something else). Or it was playing with --no-expensive-trust-checks, I'm not sure. Now I've tried it again and it seems to be exactly what I want. Thanks a lot yours, peter --=20 PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred. | : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `- http://www.debian.org/ --FEz7ebHBGB6b2e8X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2rc1 (GNU/Linux) iD8DBQE+I/6o3nqvbpTAnH8RApNMAJ41loflHFqmT6/PAZlul7P0iDuBiwCffxCl q3QCLMGQybuqqrKISZ4j/L8= =azPA -----END PGP SIGNATURE----- --FEz7ebHBGB6b2e8X-- From jhill@munis.com Wed Jan 15 11:08:18 2003 From: jhill@munis.com (John Hill) Date: Wed Jan 15 11:08:18 2003 Subject: Error during make - i386ld fatal:Symbol referencing error Message-ID: <000b01c2bc14$9c3f30f0$6578a8c0@ccs.munis.com> Hello all, I am trying to compile GnuPG v1.2.1 on an SCO 5.0.6 system. The configure looks like it goes well (I run it with the --disable-asm option) but when I issue the make command I get the messages below. I am using Gnu make 3.80. When running the build.sh script for make I got a message "command line: fatal: cannot open ./remote-@REMOTE@.c: No such file or directory." So I changed the line "REMOTE = '@REMOTE@' in the build.sh to "REMOTE = 'stub'. I also get the message "command line: fatal: cannot open ./getloadavg$U.c: No such file or directory" So I deleted the $U from the line "extras='getloadavg$U'. Is this acceptable? What are the implications. Thanks. John Hill /u1/db_bu/GNU/gnupg-1.2.1/../make all-recursive make[1]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1' Making all in intl make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/intl' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/intl' Making all in zlib make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/zlib' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/zlib' Making all in util make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/util' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/util' Making all in mpi make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/mpi' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/mpi' Making all in cipher make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/cipher' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/cipher' Making all in tools make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/tools' cc -g -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libut il.a -lsocket ../intl/libintl.a undefined first referenced symbol in file inet_addr /usr/lib/libsocket.a dn_expand /usr/lib/libsocket.a h_errno /usr/lib/libsocket.a __dn_skipname /usr/lib/libsocket.a _getshort /usr/lib/libsocket.a _res /usr/lib/libsocket.a __res_init /usr/lib/libsocket.a inet_aton /usr/lib/libsocket.a __res_search /usr/lib/libsocket.a __res_query /usr/lib/libsocket.a inet_ntoa /usr/lib/libsocket.a i386ld fatal: Symbol referencing errors. No output written to bftest make[2]: *** [bftest] Error 13 make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/tools' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1' make: *** [all] Error 2 From shavital@netbox.com Wed Jan 15 11:15:02 2003 From: shavital@netbox.com (Charly Avital) Date: Wed Jan 15 11:15:02 2003 Subject: Decoded message was: Re: Article on PGP uses Gnupg :) In-Reply-To: <5.1.0.14.2.20030115091251.029155f0@localhost> References: <20030110042806.GA5975@mail.volta.dyndns.org> <5.1.0.14.2.20030115091251.029155f0@localhost> Message-ID: At 9:18 AM +0100 1/15/03, Per Tunedal wrote: [...] >What's the implication of this? The encryption key 0x7846C3D2 that >Christopher Allbritton used is a 1024 bits ElGamal key. Can it easily be >broken? The quoted Popular Mechanics article included two pict files, one showing the message "before" encryption, and the second one, the message "after" encryptyion. Apart from the fact that the key is real, there is no way to know whether the messages themselves are real. >What's Amazing Powers(tm)?? How fast was the message decoded? On what kind >of hardware? > "Amazing Powers (tm)" was surely intended as a joke. At least, that's the way I understood it. >Should the keys be longer for secure encryption? And what about the signing >keys? The key is real. Let's assume that both messges, before and after encryption, are real, meaning that the cyphertext is the result of the plaintext encrypted to that key. Let's also assume that both pict files can be scanned and OCR'd into real data material, would it be possible then to retrieve the secret key (and passphrase)? And if it is possible (?), who would want to do that? Charly From avbidder@fortytwo.ch Wed Jan 15 12:18:03 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jan 15 12:18:03 2003 Subject: newbie : passphrase as an env. variable or command-line option ? In-Reply-To: <003a01c2bbc2$ff623170$3498fea9@gornd> References: <003a01c2bbc2$ff623170$3498fea9@gornd> Message-ID: <1042629549.30038.10.camel@papillon.fortytwo.ch> --=-Xx8rgUG8FiZ8x9xpUjC3 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable [ please don't steal threads - i.e. reply to a message to start a new topic ] On Tue, 2003-01-14 at 12:49, Anton Bruckner wrote: > Hello, >=20 > Is there a possibility of giving the passphrase in the command line or as= an > environnement variable so as to have no further interaction with gpg, or > should one use the library instead ? Both, command line and environment, are not secure. gpg has various --*-fd arguments to remote-control it, including a --passphrase-fd. cheers -- vbi --=20 get my gpg key here: http://fortytwo.ch/gpg/92082481 --=-Xx8rgUG8FiZ8x9xpUjC3 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+JUOtKqpm2L3fmXoRAmy3AJ4uEmcIsBHRI4ycGjGXFAC1qcI13gCgnZde cIR02wBNMHIrAxQ7uXkUjiU= =LiN3 -----END PGP SIGNATURE----- --=-Xx8rgUG8FiZ8x9xpUjC3-- From pt@radvis.nu Wed Jan 15 13:09:02 2003 From: pt@radvis.nu (Per Tunedal) Date: Wed Jan 15 13:09:02 2003 Subject: How to use a keyserver Message-ID: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have never managed to use keyservers from GPG. Today I tried: 1) entering - --keyserver http://keyserver.kjsl.com:80 in the gpg.conf-file and then in a command window: gpg --recv-keys GPG said I hadn't specified any keyserver ... 2) I tried: gpg --keyserver http://keyserver.kjsl.com:80 GPG replied "Please enter your message:" and then I entered: - --recv-keys Nothing happened. 3) Then I tried: - --recv-keys F661F608 I am using WindowsXP. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.9096 iD8DBQE+JU93V+WjFXkFqqkRAg9yAJwLu+oocl7rQle341BewHXPfwmP1ACgphFX EmipzEBu8RBVe6amNHurFr4= =ppWt -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Jan 15 14:51:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 14:51:02 2003 Subject: How to use a keyserver In-Reply-To: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> References: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> Message-ID: <20030115135200.GA14424@jabberwocky.com> On Wed, Jan 15, 2003 at 01:09:07PM +0100, Per Tunedal wrote: > I have never managed to use keyservers from GPG. Today I tried: > > 1) entering > - --keyserver http://keyserver.kjsl.com:80 > in the gpg.conf-file > and then in a command window: > > gpg --recv-keys --keyserver hkp://keyserver.kjsl.com HKP keyservers are not HTTP, though they do share some similarities. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Jan 15 14:53:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 14:53:01 2003 Subject: Error during make - i386ld fatal:Symbol referencing error In-Reply-To: <000b01c2bc14$9c3f30f0$6578a8c0@ccs.munis.com> References: <000b01c2bc14$9c3f30f0$6578a8c0@ccs.munis.com> Message-ID: <20030115135336.GB14424@jabberwocky.com> On Tue, Jan 14, 2003 at 04:33:41PM -0500, John Hill wrote: > make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/tools' > cc -g -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a > ../util/libut > il.a -lsocket ../intl/libintl.a > undefined first referenced > symbol in file > inet_addr /usr/lib/libsocket.a > dn_expand /usr/lib/libsocket.a > h_errno /usr/lib/libsocket.a > __dn_skipname /usr/lib/libsocket.a > _getshort /usr/lib/libsocket.a > _res /usr/lib/libsocket.a > __res_init /usr/lib/libsocket.a > inet_aton /usr/lib/libsocket.a > __res_search /usr/lib/libsocket.a > __res_query /usr/lib/libsocket.a > inet_ntoa /usr/lib/libsocket.a > i386ld fatal: Symbol referencing errors. No output written to bftest Looks like you're missing a library. What happens if you manually add -lnsl to your link line? i.e.: cc -g -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a -lsocket -lnsl ../intl/libintl.a David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Fabian.Rodriguez@Toxik.com Wed Jan 15 14:58:01 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Wed Jan 15 14:58:01 2003 Subject: How to use a keyserver - keyserver.kjsl.com In-Reply-To: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Per, Maybe try this: gpg --keyserver keyserver.kjsl.com --search-keys F661F608 Then: gpg --keyserver keyserver.kjsl.com --recv-keys F661F608 Strangely, the web interface at http://keyserver.kjsl.com/~jharris/skylane/pks-commands.php#extract finds the mentioned key, but the command line always returns gpg: key "F661F608" not found on keyserver I tried different public keys with the same results. However, the recv-keys command imports Ingo Kloeckers's public key! Cheers, Fabian Rodriguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 -----BEGIN PGP SIGNATURE----- iD8DBQE+JWiWfUcTXFrypNURAjgjAJwLZB5PrapKb9q0t0MVztucVxm8RQCgw5x5 auOR0hDtEpVXRQM1kejhvy4= =55r8 -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Jan 15 15:02:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 15:02:02 2003 Subject: Decoded message was: Re: Article on PGP uses Gnupg :) In-Reply-To: References: <20030110042806.GA5975@mail.volta.dyndns.org> <5.1.0.14.2.20030115091251.029155f0@localhost> Message-ID: <20030115140318.GC14424@jabberwocky.com> On Wed, Jan 15, 2003 at 12:16:23PM +0200, Charly Avital wrote: > Let's assume that both messges, before and after encryption, are real, > meaning that the cyphertext is the result of the plaintext encrypted to > that key. > > Let's also assume that both pict files can be scanned and OCR'd into real > data material, would it be possible then to retrieve the secret key (and > passphrase)? That is known as a known-plaintext attack. All algorithms used in OpenPGP are resistant to such attacks. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Jan 15 15:04:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 15:04:01 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <20030114214433.GA1054@daredevil.joesixpack.net> References: <200301101728.h0AHS4kU087485@mailserver3.hushmail.com> <200301140007.20979@erwin.ingo-kloecker.de> <20030114195008.GK7972@jabberwocky.com> <20030114214433.GA1054@daredevil.joesixpack.net> Message-ID: <20030115140441.GD14424@jabberwocky.com> On Tue, Jan 14, 2003 at 10:44:33PM +0100, Timo Schulz wrote: > On Tue Jan 14 2003; 14:50, David Shaw wrote: > > > GnuPG never wraps. Mailers in the *nix world tend to handle filtering > > properly so it is not necessary. I'm not sure if WinPT wraps or not. > > There is a setting for this. If it's enabled WinPT do some wrapping. Good. Seems to me that's the right place for wrapping. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From shavital@netbox.com Wed Jan 15 15:11:02 2003 From: shavital@netbox.com (Charly Avital) Date: Wed Jan 15 15:11:02 2003 Subject: How to use a keyserver In-Reply-To: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> References: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> Message-ID: At 1:09 PM +0100 1/15/03, Per Tunedal wrote: >1) entering >- --keyserver http://keyserver.kjsl.com:80 >in the gpg.conf-file Try: keyserver x-hkp://keyserver.kjsl.com >and then in a command window: > >gpg --recv-keys Try gpg --recv-keys [key ID] or gpg --search-keys Ingo Kloecker >GPG said I hadn't specified any keyserver ... Probably you hadn't specified any keyserver, because if you really typed: --keyserver [whatever], the two dashes at the beginning of the line make that entry invalid. If you didn't type the two dashes, and started correctly the line with: keyserver , then http://...etc... is not, in my opinion, the correct syntax. It should be, as pointed out before: x-hkp://...etc... >2) I tried: >gpg --keyserver http://keyserver.kjsl.com:80 > >GPG replied "Please enter your message:" > >and then I entered: > >- --recv-keys > >Nothing happened. Nothing should happen. I think that after the prompt "Please enter your message", or "gpg: Go ahead and type your message ..." you are supposed to enter the text of a message I use that method to copy/paste an encrypted message, in order to find out what keys were used to encrypt it. >3) Then I tried: > >- --recv-keys F661F608 What happened? If you had set a keyserver as an option in the gpg.conf file, or typed: gpg --keyserver [keyserver's name + correct syntax], then the --recv-keys option followed by the argument F661F608 (key ID) you should have obtained a valid output (see further) >I am using WindowsXP. I am using Mac OS X, but I believe the platform is not an issue. To sum up, I think that: - if you want to set any server as your default server, you should enter its name, using the correct syntax, in a unmarked line in your gpg.conf file, and, for good luck, hit [return] at the end of the server's name, to create an empty line after the line containing the servers's name. e.g. keyserver x-hkp://keyserver.kjsl.com - if you want to use, on a one-time basis, a certain server, you should type gpg --keyserver [keyserver's name/correct syntax] --search-keys [name], or --recv-keys [key ID]. Actual example: ================================================== [---------]% gpg --keyserver x-hkp://keyserver.kjsl.com --search-keys Ingo Kloecker gpg: searching for "Ingo Kloecker" from HKP server keyserver.kjsl.com Keys 1-2 of 2 for "Ingo Kloecker" (1) Ingo Kl\xf6\x63ker 1024 bit DSA key F661F608, created 2002-01-24 (2) Ingo Kloecker 1024 bit RSA key AC0EB35D, created 1997-03-12 Enter number(s), N)ext, or Q)uit > ================================================== Please note that "Kl\xf6\x63ker" is, I think, the server's rendition of: Kl[o+umlaut]cker. I hope this helps. Charly >Per Tunedal [...] >-----BEGIN GPG OUTPUT----- >gpg: Signature made Wed Jan 15 14:09:27 2003 IST using DSA key ID 7905AAA9 >gpg: Good signature from "RADVIS " >gpg: aka "Info RADVIS Tjanstekvalitet " >gpg: aka "Jobb RADVIS Tjanstekvalitet " >gpg: please do a --check-trustdb >gpg: WARNING: This key is not certified with a trusted signature! >gpg: There is no indication that the signature belongs to the owner. >Primary key fingerprint: 09D5 1EA1 8056 0D6C 1684 4D22 57E5 A315 7905 AAA9 >-----END GPG OUTPUT----- From gareth.woodhouse@pinnacle.co.uk Wed Jan 15 15:14:02 2003 From: gareth.woodhouse@pinnacle.co.uk (Gareth Woodhouse) Date: Wed Jan 15 15:14:02 2003 Subject: newbie : passphrase as an env. variable or command-line optio n ? Message-ID: This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C2BCA0.74DEE870 Content-Type: text/plain; charset="iso-8859-1" What you can do is use the gpg-agent programs WINGPGA.exe and killagent.exe with the -use-agent (something like that). WINGPGA.exe starts a background agent that holds the pass phrase after entering it one time and holds it in memory automatically entering it for any further decryptions the killagent.exe kills the background agent clearing the memory and eliminating the threat of the pass phrase being stolen. This was the only way I managed to limit user interaction in a windows environment whilst keeping my key and data secure. Gareth Woodhouse. -----Original Message----- From: Adrian 'Dagurashibanipal' von Bidder [mailto:avbidder@fortytwo.ch] Sent: 15 January 2003 11:19 To: Gnupg-users@gnupg.org Subject: Re: newbie : passphrase as an env. variable or command-line option ? [ please don't steal threads - i.e. reply to a message to start a new topic ] On Tue, 2003-01-14 at 12:49, Anton Bruckner wrote: > Hello, > > Is there a possibility of giving the passphrase in the command line or as an > environnement variable so as to have no further interaction with gpg, or > should one use the library instead ? Both, command line and environment, are not secure. gpg has various --*-fd arguments to remote-control it, including a --passphrase-fd. cheers -- vbi -- get my gpg key here: http://fortytwo.ch/gpg/92082481 ********************************************************************** CONFIDENTIALITY.This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Pinnacle Insurance plc. If you have received this email in error please immediately notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ------_=_NextPart_001_01C2BCA0.74DEE870 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: newbie : passphrase as an env. variable or command-line option ?=

What you can do is use the gpg-agent programs WINGPGA.exe= and killagent.exe with the -use-agent (something like that).
WINGPGA.exe starts a background agent that holds the pas= s phrase after entering it one time and holds it in memory automatically en= tering it for any further decryptions the killagent.exe kills the backgroun= d agent clearing the memory and eliminating the threat of the pass phrase b= eing stolen.

This was the only way I managed to limit user interaction= in a windows environment whilst keeping my key and data secure.

Gareth Woodhouse.

-----Original Message-----
From: Adrian 'Dagurashibanipal' von Bidder [mailto:avbidder@fortytwo.ch]
Sent: 15 January 2003 11:19
To: Gnupg-users@gnupg.org
Subject: Re: newbie : passphrase as an env. variable or = command-line
option ?


[ please don't steal threads - i.e. reply to a message to= start a new
topic ]

On Tue, 2003-01-14 at 12:49, Anton Bruckner wrote:
> Hello,
>
> Is there a possibility of giving the passphrase in = the command line or as an
> environnement variable so as to have no further int= eraction with gpg, or
> should one use the library instead ?

Both, command line and environment, are not secure. gpg h= as various
--*-fd arguments to remote-control it, including a --pas= sphrase-fd.

cheers
-- vbi

--
get my gpg key here: http://fortytwo.ch/gpg/92082481



**********************************************************************
CONFIDENTIALITY.This e-mail and any attachments are
confidential and may also be privileged. If you are not the
named recipient, please notify the sender immediately and
do not disclose the contents to another person, use it for any
purpose, or store or copy the information in any medium. Any
views expressed in this message are those of the individual
sender, except where the sender specifically states them to
be the views of Pinnacle Insurance plc.

If you have received this email in error please immediately
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************
 ------_=_NextPart_001_01C2BCA0.74DEE870-- From shavital@netbox.com Wed Jan 15 15:14:10 2003 From: shavital@netbox.com (Charly Avital) Date: Wed Jan 15 15:14:10 2003 Subject: Decoded message was: Re: Article on PGP uses Gnupg :) In-Reply-To: <20030115140318.GC14424@jabberwocky.com> References: <20030110042806.GA5975@mail.volta.dyndns.org> <5.1.0.14.2.20030115091251.029155f0@localhost> <20030115140318.GC14424@jabberwocky.com> Message-ID: At 9:03 AM -0500 1/15/03, David Shaw wrote: [...] > >That is known as a known-plaintext attack. All algorithms used in >OpenPGP are resistant to such attacks. > >David Thanks, I feel better. Charly From pt@radvis.nu Wed Jan 15 15:18:01 2003 From: pt@radvis.nu (Per Tunedal) Date: Wed Jan 15 15:18:01 2003 Subject: How to use a keyserver - keyserver.kjsl.com Message-ID: <5.1.0.14.2.20030115151756.027f4688@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:56 2003-01-15 -0500, you wrote: Hi Fabian, your suggestion works OK. But how do I use the optionsfile? I would like to set the preferred keyserver and not have to enter it any more. And get keys when needed. I tried to enter the following in the options file: keyserver http://keyserver.kjsl.com keyserver-options auto-key-retrieve But GPG doesn't use it. Per Tunedal >Hi Per, > >Maybe try this: > gpg --keyserver keyserver.kjsl.com --search-keys F661F608 > >Then: > gpg --keyserver keyserver.kjsl.com --recv-keys F661F608 > > >Fabian Rodriguez - Toxik Technologies, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) - GPGrelay v0.9096 iD8DBQE+JW2oV+WjFXkFqqkRAq5nAKDh2G+sUsO6N29akFTdWVqA1lxIXQCfSeWq JjWLn7AgvFKdjrC57d26St0= =WgO1 -----END PGP SIGNATURE----- From Fabian.Rodriguez@Toxik.com Wed Jan 15 15:35:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Wed Jan 15 15:35:02 2003 Subject: How to use a keyserver - keyserver.kjsl.com In-Reply-To: <5.1.0.14.2.20030115151008.00c0afb8@localhost> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Per, I doubt you need the "http://" prefix in the options file. Try it without it. I don't think the MAN page has been updated (specially for GnuPG 1.2.x), but it doesn't mention keyserver-options . However it says: - --no-auto-key-retrieve This option disables the automatic retrieving of keys from a keyserver while verifying signatures. This option allows to keep a keyserver in the options file or the --send-keys and --recv-keys commands. So my guess is that GnuPG automatically retrieves public keys from a keyserver if it's been specified in the options file. Can anyone verify this ? Fabian Rodriguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 > At 08:56 2003-01-15 -0500, you wrote: > Hi Fabian, > your suggestion works OK. But how do I use the optionsfile? I > would like to > set the preferred keyserver and not have to enter it any more. > And get keys when needed. > > I tried to enter the following in the options file: > > keyserver http://keyserver.kjsl.com > keyserver-options auto-key-retrieve > > But GPG doesn't use it. -----BEGIN PGP SIGNATURE----- iD8DBQE+JXEifUcTXFrypNURAolJAKDYTjZZCH1N4U3e+R1aqikql+D09QCfWJQM mVL6Cm2ijev+rkpjeX8jVRQ= =wx0O -----END PGP SIGNATURE----- From duckwing@duckwing.ca Wed Jan 15 16:32:01 2003 From: duckwing@duckwing.ca (Carl B. Constantine) Date: Wed Jan 15 16:32:01 2003 Subject: Problems using --keyring Message-ID: <20030115153033.GC29976@Mallard> --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'm trying to host a GPG Signing party for members of our LUG (VLUG -- http://www.vlug.org) as described in this excelent article: http://www.cryptnet.net/fdp/crypto/gpg-party.html. However, the --keyring option in GnuPG doesn't seem to be working. I exported a bunch of keys to a separate file from my current public keyring. if I run gpg --fingerprint --keyring newkeyfile.gpg, I get fingerprints from my regular public keyring not the new file. It doesn't seem to matter if the gpg file is in armor ascii or binary format. Also, commands like this: gpg --import keyfile.asc --keyfile newfile.gpg do not work either, ie: it won't create ~/.gnupg/newfile.gpg or even ~/newfile.gpg, it just imports into my regular public keyring. I've tried this using GnuPG 1.2.1 on Debian 3.0 and RedHat 8.0 to the same effect. Is there a setting I'm missing? How can I manage multple public keyrings? I don't see any docs on this other than the information about --keyring in the man pages. Thanks in advance. --=20 .''`. Carl B. Constantine : :' : duckwing@duckwing.ca `. `' GnuPG: 135F FC30 7A02 B0EB 61DB 34E3 3AF1 DC6C 9F7A 3FF8 `- Debian GNU/Linux -- The power of freedom --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JX6ZOvHcbJ96P/gRAnhNAKCVIz7jb7qjSe9qrVnd6SOEWD2fLQCfccuv AabLbt2kEWoyvOioMjv1CWo= =PWod -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- From jhill@munis.com Wed Jan 15 16:38:02 2003 From: jhill@munis.com (John Hill) Date: Wed Jan 15 16:38:02 2003 Subject: Error during make - i386ld fatal:Symbol referencing error Message-ID: <000901c2bcab$e39a3980$6578a8c0@ccs.munis.com> Thanks David. I issued command cc -g -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a \ -lsocket -lnsl ../intl/libintl.a on the command line from the tools subdirectory and received the same error message, which I have included again. I have link in the /usr/lib directory for libsocket.a. It points to the file /var/opt/K/SCO/tcpdev/2.1.1Ga/usr/lib/libsocket.a. This file had permissions 444, is owned by bin and is in the bin group. It is 245426 bytes in size and is dated Jul 19,2000. undefined first referenced symbol in file inet_addr /usr/lib/libsocket.a dn_expand /usr/lib/libsocket.a h_errno /usr/lib/libsocket.a __dn_skipname /usr/lib/libsocket.a _getshort /usr/lib/libsocket.a _res /usr/lib/libsocket.a __res_init /usr/lib/libsocket.a inet_aton /usr/lib/libsocket.a __res_search /usr/lib/libsocket.a __res_query /usr/lib/libsocket.a inet_ntoa /usr/lib/libsocket.a i386ld fatal: Symbol referencing errors. No output written to bftest John Hill > -----Original Message----- > From: John Hill [mailto:jhill@munis.com] > Sent: Tuesday, January 14, 2003 4:34 PM > To: 'gnupg-users@gnupg.org' > Subject: Error during make - i386ld fatal:Symbol referencing error > > Hello all, > > I am trying to compile GnuPG v1.2.1 on an SCO 5.0.6 system. The configure looks like it goes well (I run it with the --disable-asm option) but when I issue the make command I get the messages below. I am using Gnu make 3.80. When running the build.sh script for make I got a message "command line: fatal: cannot open ./remote-@REMOTE@.c: No such file or directory." So I changed the line "REMOTE = '@REMOTE@' in the build.sh to "REMOTE = 'stub'. I also get the message "command line: fatal: cannot open ./getloadavg$U.c: No such file or directory" So I deleted the $U from the line "extras='getloadavg$U'. Is this acceptable? What are the implications. Thanks. > > John Hill > > /u1/db_bu/GNU/gnupg-1.2.1/../make all-recursive > make[1]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1' > Making all in intl > make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/intl' > make[2]: Nothing to be done for `all'. > make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/intl' > Making all in zlib > make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/zlib' > make[2]: Nothing to be done for `all'. > make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/zlib' > Making all in util > make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/util' > make[2]: Nothing to be done for `all'. > make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/util' > Making all in mpi > make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/mpi' > make[2]: Nothing to be done for `all'. > make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/mpi' > Making all in cipher > make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/cipher' > make[2]: Nothing to be done for `all'. > make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/cipher' > Making all in tools > make[2]: Entering directory `/u1/db_bu/GNU/gnupg-1.2.1/tools' > cc -g -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a ../util/libut > il.a -lsocket ../intl/libintl.a > undefined first referenced > symbol in file > inet_addr /usr/lib/libsocket.a > dn_expand /usr/lib/libsocket.a > h_errno /usr/lib/libsocket.a > __dn_skipname /usr/lib/libsocket.a > _getshort /usr/lib/libsocket.a> > _res /usr/lib/libsocket.a > __res_init /usr/lib/libsocket.a > inet_aton /usr/lib/libsocket.a > __res_search /usr/lib/libsocket.a > __res_query /usr/lib/libsocket.a > inet_ntoa /usr/lib/libsocket.a > i386ld fatal: Symbol referencing errors. No output written to bftest > make[2]: *** [bftest] Error 13 > make[2]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1/tools' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/u1/db_bu/GNU/gnupg-1.2.1' > make: *** [all] Error 2 From Ralf.Huels@schufa.de Wed Jan 15 16:40:02 2003 From: Ralf.Huels@schufa.de (Huels, Ralf SCORE) Date: Wed Jan 15 16:40:02 2003 Subject: Problems using --keyring Message-ID: <51896D38E5E4D111BE560001FA68BA369FBD00@SBO1002> > Is there a setting I'm missing? --no-default-keyring, IIRC. Tschuess, Ralf From vedaal@hush.com Wed Jan 15 17:07:03 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Wed Jan 15 17:07:03 2003 Subject: TAB at EOL (GPG and PGP interoperability) Message-ID: <200301151607.h0FG7444004159@mailserver2.hushmail.com> >Message: 8 >From: Ingo =?iso-8859-1?q?Kl=F6cker?= >To: gnupg-users@gnupg.org >Subject: Re: TAB at EOL (GPG and PGP interoperability) >Date: Wed, 15 Jan 2003 02:01:02 +0100 .. >Huh? > >If I run > >> echo "1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 >1234=20 >6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 >1234=20 >6789 1234 6789 1234 6789 1234 6789 1234 6789" | gpg --clearsign > >then this will result in a single (not wrapped) clearsigned line. >How do=20 >you make gpg wrap lines? .. you are right. sorry :( was using the front ends for gnupg to sign, and both win pt and gpgshell wrap at position 64 by default checking it in the command line with just the --clearsign command produced no wrapping. but i still don't understand something: if the plaintext line ends in a 'tab' and is clearsigned by gnupg, the signature will be 'bad' if the 'tab' is deleted from the end of the line in the clearsigned text, so is gnupg calculating the 'tab' in the hash, even if it is at the end of a line, and if it is, then why not have both gnupg and pgp agree to calculate it in the same way? tia, vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From dshaw@jabberwocky.com Wed Jan 15 17:11:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 17:11:02 2003 Subject: Error during make - i386ld fatal:Symbol referencing error In-Reply-To: <000901c2bcab$e39a3980$6578a8c0@ccs.munis.com> References: <000901c2bcab$e39a3980$6578a8c0@ccs.munis.com> Message-ID: <20030115161127.GF14424@jabberwocky.com> On Wed, Jan 15, 2003 at 10:36:35AM -0500, John Hill wrote: > Thanks David. > > I issued command > cc -g -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a > ../util/libutil.a \ > -lsocket -lnsl ../intl/libintl.a > > on the command line from the tools subdirectory and received the same error > message, which I have included again. Ah, I love the game of "guess the dependency"! Can you take a look in your /usr/lib directory and see which library defines the missing symbols? You might also try -lresolv (which in turn may require -lnsl - try both). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Jan 15 17:32:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 17:32:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <200301151607.h0FG7444004159@mailserver2.hushmail.com> References: <200301151607.h0FG7444004159@mailserver2.hushmail.com> Message-ID: <20030115163230.GB26839@jabberwocky.com> On Wed, Jan 15, 2003 at 08:07:04AM -0800, vedaal@hush.com wrote: > > > >Message: 8 > >From: Ingo =?iso-8859-1?q?Kl=F6cker?= > >To: gnupg-users@gnupg.org > >Subject: Re: TAB at EOL (GPG and PGP interoperability) > >Date: Wed, 15 Jan 2003 02:01:02 +0100 > .. > >Huh? > > > >If I run > > > >> echo "1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 > >1234=20 > >6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 > >1234=20 > >6789 1234 6789 1234 6789 1234 6789 1234 6789" | gpg --clearsign > > > >then this will result in a single (not wrapped) clearsigned line. > >How do=20 > >you make gpg wrap lines? > .. > > you are right. > sorry :( > > was using the front ends for gnupg to sign, > and both win pt and gpgshell wrap at position 64 by default > > checking it in the command line with just the --clearsign command produced no wrapping. > > but i still don't understand something: > > if the plaintext line ends in a 'tab' and is clearsigned by gnupg, > the signature will be 'bad' if the 'tab' is deleted from the end of > the line in the clearsigned text, so is gnupg calculating the 'tab' > in the hash, even if it is at the end of a line, It doesn't. If you delete the tab at the end of the line, the signature should still validate correctly. However: if you are using a v3 RSA key, GnuPG guesses you want to be compatible with PGP 2.x, so it includes the tab. Using the --openpgp flag makes this strictly RFC-2440, so it will not include the tab. > and if it is, then > why not have both gnupg and pgp agree to calculate it in the same > way? They should both calculate it the same way. The standard says that the way GnuPG does it is right, which makes what PGP is doing wrong. I have a good bit of sympathy for the PGP developers here. This is a problem they've had for a long time, and it's very difficult to fix without breaking backwards compatibility. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Thomas.Arend@t-online.de Wed Jan 15 17:50:02 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Wed Jan 15 17:50:02 2003 Subject: Decoded message was: Re: Article on PGP uses Gnupg :) In-Reply-To: <20030115140318.GC14424@jabberwocky.com> References: <20030110042806.GA5975@mail.volta.dyndns.org> <20030115140318.GC14424@jabberwocky.com> Message-ID: <200301151752.18368.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Mittwoch, 15. Januar 2003 15:03 schrieb David Shaw: > On Wed, Jan 15, 2003 at 12:16:23PM +0200, Charly Avital wrote: > > Let's assume that both messges, before and after encryption, are real= , > > meaning that the cyphertext is the result of the plaintext encrypted= to > > that key. > > > > Let's also assume that both pict files can be scanned and OCR'd into = real > > data material, would it be possible then to retrieve the secret key (= and > > passphrase)? > > That is known as a known-plaintext attack. All algorithms used in > OpenPGP are resistant to such attacks. > > David All public key systems must be resistant to such attacks because everybod= y can=20 generate as much pair plain / cipher text as he liked. But it's only a matter of time or storage capacity and energy to crack an= open=20 key. but the univers isn't endless only 10^80 atoms a very small number=20 compared to a 1024 or 2048 bit key. But used symetric keys aren't as much resistant. Nevertheless I think the= re=20 are not many private messages worth the money needed to break the key. Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JZHA2TqsmTFMxwkRAhlEAJwIhZKJfVbfS2tGZt+PxRHaLEYekACgnA/o tfqihFXSc0IT9uE/hWVXb04=3D =3Dr2LZ -----END PGP SIGNATURE----- From Thomas.Arend@t-online.de Wed Jan 15 18:11:02 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Wed Jan 15 18:11:02 2003 Subject: How to use a keyserver In-Reply-To: References: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> Message-ID: <200301151813.53855.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > keyserver x-hkp://keyserver.kjsl.com the x-hkp:// is not needed 7doesn#t work with every keyserver. the option =09 =09keserver x-hkp://blackhole.pca.dfn.de results in an error. thomas@r1:~> gpg --search-key thomas arend gpg: unable to execute program "gpgkeys_xhkp": Datei oder Verzeichnis nic= ht=20 gefunden gpg: no handler for keyserver scheme "xhkp" - ----- The option: =09keyserver blackhole.pca.dfn.de works fine. Best regards Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JZbP2TqsmTFMxwkRAv6lAKCmNw0CuMQpHlFUUL5ODRtEA4D4QwCfW53G XJqp3Q/i90A6ApLSTIh7cmk=3D =3DCYY1 -----END PGP SIGNATURE----- From duckwing@duckwing.ca Wed Jan 15 18:59:03 2003 From: duckwing@duckwing.ca (Carl B. Constantine) Date: Wed Jan 15 18:59:03 2003 Subject: Problems using --keyring In-Reply-To: <51896D38E5E4D111BE560001FA68BA369FBD00@SBO1002> References: <51896D38E5E4D111BE560001FA68BA369FBD00@SBO1002> Message-ID: <20030115175804.GA31240@Mallard> --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Huels, Ralf SCORE (Ralf.Huels@schufa.de) wrote: > > Is there a setting I'm missing?=20 >=20 > --no-default-keyring, IIRC. Sorry, I should have mentioned this, but I did try that: gpg --no-default-keyring --keyring newfile.gpg --fingerprint To that, I get no results at all. Nothing happens. --=20 .''`. Carl B. Constantine : :' : duckwing@duckwing.ca `. `' GnuPG: 135F FC30 7A02 B0EB 61DB 34E3 3AF1 DC6C 9F7A 3FF8 `- Debian GNU/Linux -- The power of freedom --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JaEsOvHcbJ96P/gRAijvAJ0bag1ZODXz53IyAJmKtbcKENbJJwCgt6QK s2MxUF4H5SKN7EGsnbL0F6c= =9EZb -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb-- From dshaw@jabberwocky.com Wed Jan 15 19:20:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 19:20:02 2003 Subject: How to use a keyserver In-Reply-To: <200301151813.53855.thomas.arend@t-online.de> References: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> <200301151813.53855.thomas.arend@t-online.de> Message-ID: <20030115182028.GD26839@jabberwocky.com> On Wed, Jan 15, 2003 at 06:13:51PM +0100, Thomas Arend wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > keyserver x-hkp://keyserver.kjsl.com > > the x-hkp:// is not needed 7doesn#t work with every keyserver. > > the option > > keserver x-hkp://blackhole.pca.dfn.de > > results in an error. > > thomas@r1:~> gpg --search-key thomas arend > gpg: unable to execute program "gpgkeys_xhkp": Datei oder Verzeichnis nicht > gefunden > gpg: no handler for keyserver scheme "xhkp" "x-hkp" != "xhkp". David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From vedaal@hush.com Wed Jan 15 19:20:10 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Wed Jan 15 19:20:10 2003 Subject: TAB at EOL (GPG and PGP interoperability) Message-ID: <200301151820.h0FIKtNn043802@mailserver2.hushmail.com> >Message: 10 >Date: Wed, 15 Jan 2003 11:32:30 -0500 >From: David Shaw >To: gnupg-users@gnupg.org >Subject: Re: TAB at EOL (GPG and PGP interoperability) .. > However: if you are >using >a v3 RSA key, GnuPG guesses you want to be compatible with PGP 2.x, > so >it includes the tab. Using the --openpgp flag makes this strictly >RFC-2440, so it will not include the tab. .. actually, if i use a dh key, then it verifies with either the tab present, or without it, but if i use a v3 rsa key, it produces a clearsigned file with a tab in place, but does not verify at all {either 'unchanged' with the tab in place, or with the tab removed} my plaintext was just the two letters ab followed by a tab, and the file saved as d:\ab.txt here is the gnupg output {commandline Nullify 1.2.1nr1 win 98}: C:\gnupg>gpg --clearsign d:\ab.txt gpg: NOTE: old default options file `C:\GnuPG\options' ignored You need a passphrase to unlock the secret key for user: "vedaal nistar " 2048-bit RSA key, ID 85306D25, created 2000-09-05 gpg: writing to `d:\ab.asc' gpg: RSA signature from: "85306D25 vedaal nistar " C:\gnupg>gpg --verify d:\ab.asc gpg: NOTE: old default options file `C:\GnuPG\options' ignored gpg: armor: BEGIN PGP SIGNED MESSAGE gpg: armor header: Hash: RIPEMD160 :packet 63: length 11 - gpg control packet gpg: armor: BEGIN PGP SIGNATURE gpg: armor header: Version: GnuPG v1.2.1-nr1 (Windows 98) gpg: armor header: Comment: Acts of Kindness better the World, and protect the S oul :literal data packet: mode t, created 0, name="", raw data: 0 bytes gpg: original file name='' :signature packet: algo 1, keyid 6A05A0B785306D25 version 3, created 1042651767, md5len 5, sigclass 01 digest algo 3, begin of digest 7f bb data: [2047 bits] gpg: Signature made 01/15/03 12:29:27 Eastern Standard Time using RSA key ID 853 06D25 gpg: BAD signature from "vedaal nistar " Thanks for pointing out the 2.x difference issue. vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From duckwing@duckwing.ca Wed Jan 15 19:39:02 2003 From: duckwing@duckwing.ca (Carl B. Constantine) Date: Wed Jan 15 19:39:02 2003 Subject: fixed --keyring problems Message-ID: <20030115183815.GA31774@Mallard> --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ok, I found out why this wasn't working. --keyring wants the full path to the keyfile or it assumes ~/.gnupg/keyfile if one isn't provided. So, while gpg --fingerprint --keyfile newfile.gpg doesn't work, this command does: gpg --fingerprint --keyfile ./newfile.gpg and you have to use the --no-default-keyring if you want to eliminate that from the output. However, I think this is counter-intuitive and should be changed in a future release. --=20 .''`. Carl B. Constantine : :' : duckwing@duckwing.ca `. `' GnuPG: 135F FC30 7A02 B0EB 61DB 34E3 3AF1 DC6C 9F7A 3FF8 `- Debian GNU/Linux -- The power of freedom --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JaqXOvHcbJ96P/gRAn74AKDP0hIBibWHuru+rEOHkBSFFm8EewCfQ4/x H6sOa2KItodP1K2XbJb/gb8= =JOYK -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q-- From dshaw@jabberwocky.com Wed Jan 15 19:44:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 19:44:02 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <200301151820.h0FIKtNn043802@mailserver2.hushmail.com> References: <200301151820.h0FIKtNn043802@mailserver2.hushmail.com> Message-ID: <20030115184501.GF26839@jabberwocky.com> On Wed, Jan 15, 2003 at 10:20:55AM -0800, vedaal@hush.com wrote: > > > >Message: 10 > >Date: Wed, 15 Jan 2003 11:32:30 -0500 > >From: David Shaw > >To: gnupg-users@gnupg.org > >Subject: Re: TAB at EOL (GPG and PGP interoperability) > .. > > However: if you are > >using > >a v3 RSA key, GnuPG guesses you want to be compatible with PGP 2.x, > > so > >it includes the tab. Using the --openpgp flag makes this strictly > >RFC-2440, so it will not include the tab. > .. > actually, if i use a dh key, then it verifies with either the tab > present, or without it, Yes, that is what I am saying. The tab is not included in the hash so it doesn't matter if you delete it or not, or even add 30 more tabs there. > gpg: armor header: Hash: RIPEMD160 If you use a hash other than MD5, then GnuPG won't detect the message as PGP 2.x compatible so will not turn on the tab detector. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Wed Jan 15 19:50:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Jan 15 19:50:02 2003 Subject: GnuPG SDK In-Reply-To: <000401c2bc63$6456f5c0$6a6b32d2@workstation> ("Colin Brown"'s message of "Wed, 15 Jan 2003 14:57:32 +0800") References: <000401c2bc63$6456f5c0$6a6b32d2@workstation> Message-ID: <87u1ga5jvn.fsf@alberti.g10code.de> On Wed, 15 Jan 2003 14:57:32 +0800, Colin Brown said: > I would like to write a front end for GnuPG using C# .net, a bit > like a PGP clone for windows. And I am wondering if there is a SDK > available for GnuPG for the windows environment. In the free world, we use libraries and not SDKs ;-) A library to access most functions of GnuPG and possible other backends is GPGME (http://www.gnupg.org/related_software/gpgme/). Be aware that GPGME is GPLed. Shalom-Salam, Werner From steve.weaver@amd.com Wed Jan 15 20:17:02 2003 From: steve.weaver@amd.com (steve.weaver@amd.com) Date: Wed Jan 15 20:17:02 2003 Subject: GnuPG on Mainframe Message-ID: Has anyone out there been able to get GnuPG to work on an OS/390 (or MVS or Z/OS) Unix platform? Steve From avbidder@fortytwo.ch Wed Jan 15 20:27:03 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jan 15 20:27:03 2003 Subject: How to use a keyserver - keyserver.kjsl.com In-Reply-To: References: Message-ID: <1042658914.2530.4.camel@altfrangg.fortytwo.ch> --=-+SQi/hgCZNqVhwfsjOqv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-01-15 at 14:56, Toxik - Fabian Rodriguez wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 sig was bad for me. > Maybe try this: > gpg --keyserver keyserver.kjsl.com --search-keys F661F608 gpg --keyserver keyserver.kjsl.com --search-keys 0xF661F608 works for me. This is a limitation of the keyserver, it needs the leading 0x to determine that it's a keyid and not a part of a userid. cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg --=-+SQi/hgCZNqVhwfsjOqv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4ltmIsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99ZbQgCfTW3Pdk+lIjmXa4rIEXZs9vxYpuoA oIMmUOwzthduUAwVMwSQ/hRJkbEU =MOfV -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-+SQi/hgCZNqVhwfsjOqv-- From Thomas.Arend@t-online.de Wed Jan 15 20:35:03 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Wed Jan 15 20:35:03 2003 Subject: How to use a keyserver In-Reply-To: <20030115182028.GD26839@jabberwocky.com> References: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> <200301151813.53855.thomas.arend@t-online.de> <20030115182028.GD26839@jabberwocky.com> Message-ID: <200301152037.47861.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Mittwoch, 15. Januar 2003 19:20 schrieb David Shaw: > On Wed, Jan 15, 2003 at 06:13:51PM +0100, Thomas Arend wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > keyserver x-hkp://keyserver.kjsl.com > > > > the x-hkp:// is not needed 7doesn#t work with every keyserver. > > > > the option > > > > =09keserver x-hkp://blackhole.pca.dfn.de > > > > results in an error. > > > > thomas@r1:~> gpg --search-key thomas arend > > gpg: unable to execute program "gpgkeys_xhkp": Datei oder Verzeichnis > > nicht gefunden > > gpg: no handler for keyserver scheme "xhkp" > > "x-hkp" !=3D "xhkp". > > David David you are write. I was sure not to miss the "-". Unfortuneatly I have no ba= ckup=20 of the not working options file. It's not the "keserver" typing error. I=20 tried it again. However, now it works fine with and without "x-hkp://" Thomas=20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JbiK2TqsmTFMxwkRAjy0AJ4m7rrN6SQeX/aj7pFVru/GdMWtGwCgkfHr kXjBBL9b9hXJyzWb6dkq2JQ=3D =3DNUE/ -----END PGP SIGNATURE----- From shavital@netbox.com Wed Jan 15 20:40:02 2003 From: shavital@netbox.com (Charly Avital) Date: Wed Jan 15 20:40:02 2003 Subject: How to use a keyserver In-Reply-To: <200301151813.53855.thomas.arend@t-online.de> References: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> <200301151813.53855.thomas.arend@t-online.de> Message-ID: At 6:13 PM +0100 1/15/03, Thomas Arend wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >> keyserver x-hkp://keyserver.kjsl.com > >the x-hkp:// is not needed 7doesn#t work with every keyserver. It works fine with that particular server, and as you will see, also with blackhole.pca.dfn.de that you have tested. >the option > > keserver x-hkp://blackhole.pca.dfn.de > >results in an error. Are you sure about "keserver"? keyserver would be better. >thomas@r1:~> gpg --search-key thomas arend >gpg: unable to execute program "gpgkeys_xhkp": Datei oder Verzeichnis nicht >gefunden >gpg: no handler for keyserver scheme "xhkp" It is not "xhkp' it is "x-hkp" For your information, this is what I got in my Terminal: [-----]% gpg --keyserver x-hkp://blackhole.pca.dfn.de --search-keys Thomas Arend gpg: searching for "Thomas Arend" from HKP server blackhole.pca.dfn.de Keys 1-10 of 10 for "Thomas Arend" (1) Thomas Arend (Fregatte Koeln SELO) 1024 bit key 29A70CA2, created 2002-12-15 (2) Thomas Arend (Fregatte Köln SELO) 1024 bit key 29A70CA2, created 2002-12-15 (3) Thomas Arend (Der Adler) (revoked) 1024 bit key 4216352F, created 2002-12-14 (4) Thomas Arend (Wilhelmshaven) 1024 bit key 314CC709, created 2002-12-12 (5) Thomas Arend (Der Adler) 1024 bit key 314CC709, created 2002-12-12 (6) Thomas Arend (Der Adler) 1024 bit key 314CC709, created 2002-12-12 (7) Thomas Arend (Der Adler) 1024 bit key 314CC709, created 2002-12-12 (8) Thomas Arend (Wilhelmshaven) 1024 bit key 314CC709, created 2002-12-12 (9) Thomas Arend (Wilhelmshaven) 1024 bit key 314CC709, created 2002-12-12 (10) Thomas Arend (Wilhelmshaven) 1024 bit key 314CC709, created 2002-12-12 Enter number(s), N)ext, or Q)uit > Works OK for me. And it is also OK with only hkp, without x-hkp: [--]% gpg --keyserver hkp://blackhole.pca.dfn.de --search-keys Thomas Arend gpg: searching for "Thomas Arend" from HKP server blackhole.pca.dfn.de Keys 1-10 of 10 for "Thomas Arend" (1) Thomas Arend (Fregatte Koeln SELO) 1024 bit key 29A70CA2, created 2002-12-15 [snip - same list of keys as before] >- ----- >The option: > keyserver blackhole.pca.dfn.de [..]% gpg --keyserver blackhole.pca.dfn.de --search-keys Thomas Arend gpg: searching for "Thomas Arend" from HKP server blackhole.pca.dfn.de Keys 1-10 of 10 for "Thomas Arend" (1) Thomas Arend (Fregatte Koeln SELO) 1024 bit key 29A70CA2, created 2002-12-15 [snip - same list of keys as above] >works fine. The *three* possibilities work identically fine, at least for those two servers. >Best regards Best regards too, Charly From jhill@munis.com Wed Jan 15 20:52:02 2003 From: jhill@munis.com (John Hill) Date: Wed Jan 15 20:52:02 2003 Subject: Error during make - i386ld fatal:Symbol referencing error In-Reply-To: <20030115161127.GF14424@jabberwocky.com> Message-ID: <001201c2bccf$54587290$6578a8c0@ccs.munis.com> -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On Behalf Of David Shaw Sent: Wednesday, January 15, 2003 11:11 AM To: gnupg-users@gnupg.org Subject: Re: Error during make - i386ld fatal:Symbol referencing error On Wed, Jan 15, 2003 at 10:36:35AM -0500, John Hill wrote: > Thanks David. > > I issued command > cc -g -o bftest bftest.o ../cipher/libcipher.a ../mpi/libmpi.a > ../util/libutil.a \ > -lsocket -lnsl ../intl/libintl.a > > on the command line from the tools subdirectory and received the same error > message, which I have included again. Ah, I love the game of "guess the dependency"! Can you take a look in your /usr/lib directory and see which library defines the missing symbols? You might also try -lresolv (which in turn may require -lnsl - try both). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------- + "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users It looks like my first reply didn't make it. I think it may have went directly to David. I am new to most of this so please bear with me. How would I check the libraries to find where these functions are defines. I tried looking at the .a files but those look like they are binary files. I also tried to compile from the command line adding the -lresolv and both the -lresolv and -lsnl options and I get the same message. Thanks for all of your help. John Hill From dshaw@jabberwocky.com Wed Jan 15 21:08:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 21:08:03 2003 Subject: Error during make - i386ld fatal:Symbol referencing error In-Reply-To: <001201c2bccf$54587290$6578a8c0@ccs.munis.com> References: <20030115161127.GF14424@jabberwocky.com> <001201c2bccf$54587290$6578a8c0@ccs.munis.com> Message-ID: <20030115200846.GH26839@jabberwocky.com> On Wed, Jan 15, 2003 at 02:50:16PM -0500, John Hill wrote: > It looks like my first reply didn't make it. I think it may have went > directly to David. I am new to most of this so please bear with me. How > would I check the libraries to find where these functions are defines. I > tried looking at the .a files but those look like they are binary files. I > also tried to compile from the command line adding the -lresolv and both > the -lresolv and -lsnl options and I get the same message. Use the program "nm" on the .a files. You are looking for the name of the missing symbols plus a capital letter "T". If you see that, then the symbols are defined in that .a file. I'm assuming your nm is like mine here. I'm not familiar with the SCO nm. Anyone out there with a SCO box have any other ideas? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From knut@cj.com Wed Jan 15 21:18:03 2003 From: knut@cj.com (Knut Forkalsrud) Date: Wed Jan 15 21:18:03 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: <20030115184501.GF26839@jabberwocky.com> References: <200301151820.h0FIKtNn043802@mailserver2.hushmail.com> <20030115184501.GF26839@jabberwocky.com> Message-ID: David Shaw writes: > If you use a hash other than MD5, then GnuPG won't detect the > message as PGP 2.x compatible so will not turn on the tab detector. I'm just thinking it could be possible to calculate two hashes of the same message, one ignoring TAB at end of line and the other doing it the right way. If the right hash doesn't look like the one in the signature, the alternative one might match. I'm no GPG (or PGP) expert, but is there something preventing an approach like this from working (working in the sense working around the bug in PGP)? -Knut -- The early worm gets the bird. From dshaw@jabberwocky.com Wed Jan 15 21:21:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 21:21:02 2003 Subject: Please Help - Compilation Failed on Solaris 8 In-Reply-To: <16EDF46C7F8E0B43947A13EC734B4018AC2A89@NZURC900PEX1.ubsgs.ubsgroup.net> References: <16EDF46C7F8E0B43947A13EC734B4018AC2A89@NZURC900PEX1.ubsgs.ubsgroup.net> Message-ID: <20030115202132.GI26839@jabberwocky.com> On Tue, Jan 14, 2003 at 05:11:20PM +0100, Owen.Singleton@ubsw.com wrote: > Hello, > > I'm attempting to compile gnupg 1.2.1 on Solaris 8 but am getting an error. The details are below. Any help would be greatly appreciated. > > Best Regards, > > Owen Singleton > > gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../intl -g -O2 -Wall -c `test -f 'misc.c' || echo './'`misc.c > In file included from misc.c:35: > /usr/include/sys/resource.h:193: warning: `struct rlimit64' declared inside parameter list > /usr/include/sys/resource.h:193: warning: its scope is only this definition or declaration, > /usr/include/sys/resource.h:193: warning: which is probably not what you want. > /usr/include/sys/resource.h:194: warning: `struct rlimit64' declared inside parameter list This is a known problem with Solaris (search for the error message with google and you'll see it happens with many different programs). Is _LARGEFILE_SOURCE defined in your config.h file ? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From dshaw@jabberwocky.com Wed Jan 15 21:31:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 15 21:31:03 2003 Subject: TAB at EOL (GPG and PGP interoperability) In-Reply-To: References: <200301151820.h0FIKtNn043802@mailserver2.hushmail.com> <20030115184501.GF26839@jabberwocky.com> Message-ID: <20030115203216.GJ26839@jabberwocky.com> On Wed, Jan 15, 2003 at 12:19:12PM -0800, Knut Forkalsrud wrote: > David Shaw writes: > > > If you use a hash other than MD5, then GnuPG won't detect the > > message as PGP 2.x compatible so will not turn on the tab detector. > > I'm just thinking it could be possible to calculate two hashes of the > same message, one ignoring TAB at end of line and the other doing it > the right way. If the right hash doesn't look like the one in the > signature, the alternative one might match. > > I'm no GPG (or PGP) expert, but is there something preventing an > approach like this from working (working in the sense working around > the bug in PGP)? No, that will work (and in fact there is a place within GnuPG where we do something similar), but it incurs a cost since we must in effect process every clearsigned file twice. Given how often this is a problem (this is the first time I've seen this problem come up in over a year), the cost would outweigh the benefit of the fix. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From avbidder@fortytwo.ch Wed Jan 15 21:48:03 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jan 15 21:48:03 2003 Subject: Problems using --keyring In-Reply-To: <20030115153033.GC29976@Mallard> References: <20030115153033.GC29976@Mallard> Message-ID: <1042663728.2601.32.camel@altfrangg.fortytwo.ch> --=-PWf0PV1c9XlCSepMx4y+ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-01-15 at 16:30, Carl B. Constantine wrote: > I'm trying to host a GPG Signing party for members of our LUG (VLUG -- > http://www.vlug.org) as described in this excelent article: > http://www.cryptnet.net/fdp/crypto/gpg-party.html. However, the > --keyring option in GnuPG doesn't seem to be working. >=20 > I exported a bunch of keys to a separate file from my current public > keyring. if I run gpg --fingerprint --keyring newkeyfile.gpg, I get > fingerprints from my regular public keyring not the new file. It doesn't > seem to matter if the gpg file is in armor ascii or binary format. - a keyring is not just exported keys written to a file, keyrings have a special format. So you'll have to export them and then do '--keyring blah.gpg --import < keys' - you may want to use the --no-default-keyring (or such) option, too, to get the results for *only* the new keyring. cheers -- vbi --=20 get my gpg key here: http://fortytwo.ch/gpg/92082481 --=-PWf0PV1c9XlCSepMx4y+ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4lyTAsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99beCACgsbPtn0o9NOEvOB5+tQT6FYdSiAgA n2m0RG3yeoAuwQab4Fgy9gwUPUTG =MFQj -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-PWf0PV1c9XlCSepMx4y+-- From jhill@munis.com Wed Jan 15 22:41:03 2003 From: jhill@munis.com (John Hill) Date: Wed Jan 15 22:41:03 2003 Subject: Error during make - i386ld fatal:Symbol referencing error In-Reply-To: <20030115200846.GH26839@jabberwocky.com> Message-ID: <001601c2bcde$a2db5540$6578a8c0@ccs.munis.com> -----Original Message----- From: gnupg-users-admin@gnupg.org [mailto:gnupg-users-admin@gnupg.org]On Behalf Of David Shaw Sent: Wednesday, January 15, 2003 3:09 PM To: gnupg-users@gnupg.org Subject: Re: Error during make - i386ld fatal:Symbol referencing error On Wed, Jan 15, 2003 at 02:50:16PM -0500, John Hill wrote: > It looks like my first reply didn't make it. I think it may have went > directly to David. I am new to most of this so please bear with me. How > would I check the libraries to find where these functions are defines. I > tried looking at the .a files but those look like they are binary files. I > also tried to compile from the command line adding the -lresolv and both > the -lresolv and -lsnl options and I get the same message. Use the program "nm" on the .a files. You are looking for the name of the missing symbols plus a capital letter "T". If you see that, then the symbols are defined in that .a file. I'm assuming your nm is like mine here. I'm not familiar with the SCO nm. Anyone out there with a SCO box have any other ideas? David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------- + "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Thanks for all of the help. I found another reference to inet_addr in the libresolv.a library. I change the Makefile in the tools and g10 directories to add /usr/lib/libresolv.a to the needed_libs variable and everything compiled fine. My first question, is this the best way to correct this or should I do something else. Now when I run gpg --gen-key the application locks up after I enter my name, email, and comment fields (I am leaving email and comment blank) and I select O for okay. I never get asked to enter a passphrase. Thanks again. John Hill From Fabian.Rodriguez@Toxik.com Thu Jan 16 00:21:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Thu Jan 16 00:21:02 2003 Subject: FW: How to add an X.509 cert to an OpenPGP key (was: [Enigmail] Encryption systems compared) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I thought I'd FWD this to the gnupg-users, perhaps somebody can answer it ? Has this changed since this message from W.Koch ?: http://marc.theaimsgroup.com/?l=3Dgnupg-users&m=3D98405199609527&w= =3D2 Fabi=E1n Rodr=EDguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 > -----Original Message----- > From: enigmail-admin@mozdev.org [mailto:enigmail-admin@mozdev.org]On > Behalf Of Vincent Stoessel > Sent: Wednesday, January 15, 2003 2:05 PM > To: Graham; EnigMail Users > Subject: Re: [Enigmail] Encryption systems compared > > > The best way to use both systems is to have your X509 certificate added > > to your GnuPG key and then use that. You will thus have an objective > > certification of trust used with stronger encryption. > > Is there an easy way to do this? > > -- > Vincent Stoessel > Linux Systems Developer > vincent xaymaca.com -----BEGIN PGP SIGNATURE----- iD8DBQE+Jey7fUcTXFrypNURAjKwAJ0cSN8L9W3wQJP/AEUavfbRkVMVjQCfbXEO RPZDV5ZDHon3e9zEMply+Ig=3D =3D9dpF -----END PGP SIGNATURE----- From Owen.Singleton@ubsw.com Thu Jan 16 01:12:02 2003 From: Owen.Singleton@ubsw.com (Owen.Singleton@ubsw.com) Date: Thu Jan 16 01:12:02 2003 Subject: Using IDEA Message-ID: <16EDF46C7F8E0B43947A13EC734B4018AC2AA7@NZURC900PEX1.ubsgs.ubsgroup.net> We are trying to use the IDEA algorithm to decrypt a number of files = sent to use. We have obtained idea.c and compiled it, placed it in = $HOME/lib and added the 'load-extension idea' line to the options file. = gpg is not able to find/load the extension though. Could someone please = give us a pointer or to? I am sure the answer is very simple but we = haven't been able to work it out. We are using gpg 1.2.1 on Solaris 8 Unix. Thanks Owen Singleton Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. From ingo.kloecker@epost.de Thu Jan 16 02:01:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu Jan 16 02:01:02 2003 Subject: How to use a keyserver In-Reply-To: References: <5.1.0.14.2.20030115130227.0291bde0@mail4.it-norr.com> Message-ID: <200301160154.56872@erwin.ingo-kloecker.de> --Boundary-02=_gLgJ+z+qDlIwVoy Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 15 January 2003 15:12, Charly Avital wrote: > Actual example: > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > [---------]% gpg --keyserver x-hkp://keyserver.kjsl.com --search-keys > Ingo Kloecker gpg: searching for "Ingo Kloecker" from HKP server > keyserver.kjsl.com Keys 1-2 of 2 for "Ingo Kloecker" > (1) Ingo Kl\xf6\x63ker > 1024 bit DSA key F661F608, created 2002-01-24 > (2) Ingo Kloecker > 1024 bit RSA key AC0EB35D, created 1997-03-12 > Enter number(s), N)ext, or Q)uit > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D > > Please note that "Kl\xf6\x63ker" is, I think, the server's rendition > of: Kl[o+umlaut]cker. Actually "Kl\xf6\x63ker" is what you get when you list a key which was=20 generated with PGP since PGP doesn't encode non-ASCII characters with=20 the utf-8 encoding (which is a must according to the OpenPGP specs).=20 Instead PGP simply uses latin1. And JFYI, the first key above is not my key. It belongs to a name-clone.=20 The second key is my old key and shouldn't be used anymore. To get the keys I currently use try 'gpg --search-keys ingo.kloecker'. Regards, Ingo --Boundary-02=_gLgJ+z+qDlIwVoy Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+JgLgGnR+RTDgudgRAs1WAKCu75tI/gTiPKS5RwWrSJj5sDKegQCgiYZa SmUmUBrEiDGWGOgMDbbH5zQ= =DmQq -----END PGP SIGNATURE----- --Boundary-02=_gLgJ+z+qDlIwVoy-- From kyle@toehold.com Thu Jan 16 04:43:02 2003 From: kyle@toehold.com (Kyle Hasselbacher) Date: Thu Jan 16 04:43:02 2003 Subject: Prefered decryption key? Message-ID: <20030116034454.GA21373@longshot.toehold.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a couple of secret keys, one I use a lot, and one I don't use as much. I sometimes have files encrypted with both of them. When I go to decrypt one, GnuPG usually asks me for the passphrase of the key I DON'T use as much. I'd like to tell it that, given a choice, it should decrypt with my more commonly used key (because that passphrase is "worn in" on my fingers much more). Is there a way to do this? Thanks! - -- Kyle Hasselbacher | Information may want to be free, kyle@toehold.com | but entertainment wants to be paid. -- Jerry Pournelle -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Jiq210sofiqUxIQRAoEQAKCX3Ju8v3yE8EDSDKrmjM1cG3ARNQCeJo1/ VGV9DYhi0z43XhoIrDuq4N0= =FlWm -----END PGP SIGNATURE----- From avbidder@fortytwo.ch Thu Jan 16 08:04:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Jan 16 08:04:02 2003 Subject: Using IDEA In-Reply-To: <16EDF46C7F8E0B43947A13EC734B4018AC2AA7@NZURC900PEX1.ubsgs.ubsgroup.net> References: <16EDF46C7F8E0B43947A13EC734B4018AC2AA7@NZURC900PEX1.ubsgs.ubsgroup.net> Message-ID: <1042700711.581.11.camel@altfrangg.fortytwo.ch> --=-zMPTrZelLqpUhYd+ZPht Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-01-15 at 19:14, Owen.Singleton@ubsw.com wrote: > We are trying to use the IDEA algorithm to decrypt a number of files sent= to use. We have obtained idea.c and compiled it, placed it in $HOME/lib a= nd added the 'load-extension idea' line to the options file. gpg is not ab= le to find/load the extension though. Could someone please give us a point= er or to? I am sure the answer is very simple but we haven't been able to = work it out. >=20 > We are using gpg 1.2.1 on Solaris 8 Unix. The idea.c commonly found does only work up to gpg 1.0.7. If you've got only a few files, easiest thing is probably to just compile 1.0.7 to decrypt these files. If you can't make the sender send further files in non-idea ciphers, you need an updated idea.c (and iirc, since the loadable module concept was dropped, you have to build gpg yourself with the new idea.c in the source dir. No, I don't know where to get that new idea.c file). [ad snipped] >=20 > This message contains confidential information [...] I doubt it. > E-mail transmission cannot be guaranteed to be secure or error-free=20 > as information could be intercepted, corrupted,[...] Then use signatures and encryption. cheers -- vbi --=20 featured link: http://fortytwo.ch/gpg/subkeys --=-zMPTrZelLqpUhYd+ZPht Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4mWacsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99aamwCgn+7SciqZwTwq0aJb4yloXP2yRagA niX2J0W9I9K+/f7eV0fEdI4ijgsq =GEK6 -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-zMPTrZelLqpUhYd+ZPht-- From avbidder@fortytwo.ch Thu Jan 16 08:05:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Jan 16 08:05:02 2003 Subject: Prefered decryption key? In-Reply-To: <20030116034454.GA21373@longshot.toehold.com> References: <20030116034454.GA21373@longshot.toehold.com> Message-ID: <1042700814.2269.14.camel@altfrangg.fortytwo.ch> --=-SUhoTlcvkberIKiSQnZv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2003-01-16 at 04:44, Kyle Hasselbacher wrote: > I have a couple of secret keys, one I use a lot, and one I don't use as > much. I sometimes have files encrypted with both of them. When I go to > decrypt one, GnuPG usually asks me for the passphrase of the key I DON'T > use as much. I'd like to tell it that, given a choice, it should decrypt > with my more commonly used key (because that passphrase is "worn in" on m= y > fingers much more). Is there a way to do this? Hmmm. I'd think that it depends on the order of the keys in the secret keyring. Try exporting all secret keys and re-importing them in different orders. Dunno if there's a config option for this. cheers -- vbi --=20 featured link: http://fortytwo.ch/smtp --=-SUhoTlcvkberIKiSQnZv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iHMEABECADMFAj4mWg4sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99bQDgCdFHVXQ9Ghd24+GXcUojC9rG8AUREA n2+z2dSMJybpk7dM4XRxuqrHJTPv =eHBT -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-SUhoTlcvkberIKiSQnZv-- From shavital@netbox.com Thu Jan 16 08:16:02 2003 From: shavital@netbox.com (Charly Avital) Date: Thu Jan 16 08:16:02 2003 Subject: Using IDEA In-Reply-To: <16EDF46C7F8E0B43947A13EC734B4018AC2AA7@NZURC900PEX1.ubsgs.ubsgroup.net> References: <16EDF46C7F8E0B43947A13EC734B4018AC2AA7@NZURC900PEX1.ubsgs.ubsgroup.net> Message-ID: At 7:14 PM +0100 1/15/03, Owen.Singleton@ubsw.com wrote: >We are trying to use the IDEA algorithm to decrypt a number of files sent >to use. We have obtained idea.c and compiled it, placed it in $HOME/lib >and added the 'load-extension idea' line to the options file. gpg is not >able to find/load the extension though. Could someone please give us a >pointer or to? I am sure the answer is very simple but we haven't been >able to work it out. > >We are using gpg 1.2.1 on Solaris 8 Unix. > >Thanks >Owen Singleton [...] Hi, I have noticed a previous post about your compiling problems. I have no experience whatsoever with Solaris, but this is the way I have loaded the idea.c module when compiling 1.2.1 for Mac OS X. Perhaps it would work for Solaris too (?): Downloaded the idea.c module from GnuPG's site, and patched it for PPC and other big endian processors, with a patch and instructions provided by David Shaw. Please note that the current idea.c module available from the Danish ftp site posted in GnuPG,has been patched for PPC and other big endian processors. Placed it in 1.2.1 source code in the 'cipher' directory. Built 1.2.1 from that "amended" source code. Hope this helps. Charly From shavital@netbox.com Thu Jan 16 10:02:01 2003 From: shavital@netbox.com (Charly Avital) Date: Thu Jan 16 10:02:01 2003 Subject: Prefered decryption key? In-Reply-To: <20030116034454.GA21373@longshot.toehold.com> References: <20030116034454.GA21373@longshot.toehold.com> Message-ID: At 9:44 PM -0600 1/15/03, Kyle Hasselbacher wrote: >I have a couple of secret keys, one I use a lot, and one I don't use as >much. I sometimes have files encrypted with both of them. When I go to >decrypt one, GnuPG usually asks me for the passphrase of the key I DON'T >use as much. I'd like to tell it that, given a choice, it should decrypt >with my more commonly used key (because that passphrase is "worn in" on my >fingers much more). Is there a way to do this? > >Thanks! >- -- Change the passphrase of the not so used key, so that it is the same as the key's passphrase you use more commonly? or Revoke the key you don't use so much? Charly From furner@netmon.ch Thu Jan 16 11:49:02 2003 From: furner@netmon.ch (Mark Furner) Date: Thu Jan 16 11:49:02 2003 Subject: Importing SMIME and PGP7 into GPG Message-ID: <20030115115419.5fb11de9.furner@netmon.ch> Hello I've just looked at the FAQ and documentation for GPG but can't find how to import a public key from a S/MIME certificate that was attached to a mail I received (smime.p7s) or from a PGP signed email. I saved this signature as a text file, and extracted the smime certificate but the format was not recognised. (I use Sylpheed as a mailer but was working from the GPG command line in Debian Linux. Does GPG support either of these formats? Thanks for your help Mark -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ ... [removed] ... A/R/25PBo86C68P/pbs/Ys6TM5GEcDYVG1MCIEuEHLOk0TiHGp8Auw== =PrT7 -----END PGP SIGNATURE----- From Jon.Gilvar@fmr.com Thu Jan 16 11:49:12 2003 From: Jon.Gilvar@fmr.com (Gilvar, Jon) Date: Thu Jan 16 11:49:12 2003 Subject: NAI PGP 7.0 & gnuPG 1.2.1 Message-ID: I have a client using NAI PGP 7.0 sending an encrypted file. When I try to decrypt using gnupg 1.0.6 or 1.2.1 (Platform Solaris 2.8). I am getting this error ( gpg: decryption failed : bad key ). Note: The key I am using is successfully run in multiple other instances on a daily basis. I have found some information concerning the --pgp6 switch, when I use this I get the same error. Any suggestions? Thank you in advance. Jon C Gilvar From ke6sls@arrl.net Thu Jan 16 11:49:25 2003 From: ke6sls@arrl.net (Jaye Inabnit ke6sls) Date: Thu Jan 16 11:49:25 2003 Subject: comment, propagation, and key servers Message-ID: <20030115202828.CFO14880.fed1mtao05.cox.net@there> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings: I have a few questions that I have so far been unable to find solutions to regarding Gnupg (gpg). I decided to send a message here in hopes that I might find someone with enough experience with Gnupg to help me. I have had several people ask me where to find my public key. It seems that the default key server didn't propagate well enough so that other key servers knew my public key. The key server I used was www.keyserver.net. Today, I uploaded (I think) to 5 other key servers to hopefully make my public key more easily found. One user said that I could edit my comment section to include the public key server. Sounded like a terrific idea, but how do I do this? My current comment looks like this: #[-----BEGIN PGP SIGNATURE-----] #[Version: GnuPG v1.0.6 (GNU/Linux)] #[Comment: For info see http://www.gnupg.org] Currently, I have Gpa (front end) and I don't see an option for editing comments. The man page lists some options, however, I don't know how I would cause Gnupg to add this line *by default*. Finally, as I went through the faq and various documentation for Gnupg, I didn't find a list of key servers. Wouldn't it be a good idea to have several listed in these documents so users could upload (export?) their keys to more than one to help in key propagation? Thank you for your time, help, and comments. I'll check the list archive in a week or two for replies, else kindly CC me directly. Best regards - -- Jaye InabnitA Debian-Gnu/Linux user If it's stupid, but works, it ain't stupid. I SHOUT JUST FOR FUN. Free software, in a free world, for a free spirit. Please Support freedom! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+JcSVZHBxKsta6kMRAkQ2AJ4v5fg0lU5uME09Y0OotdWZWcPwmQCeKxua bHnBdyTvk0hyg5bCfhHJVmE= =gzgQ -----END PGP SIGNATURE----- From alex@syjon.fantastyka.net Thu Jan 16 11:49:34 2003 From: alex@syjon.fantastyka.net (Janusz A. Urbanowicz) Date: Thu Jan 16 11:49:34 2003 Subject: Prefered decryption key? In-Reply-To: <20030116034454.GA21373@longshot.toehold.com> Message-ID: > I have a couple of secret keys, one I use a lot, and one I don't use as > much. I sometimes have files encrypted with both of them. When I go to > decrypt one, GnuPG usually asks me for the passphrase of the key I DON'T > use as much. I'd like to tell it that, given a choice, it should decrypt > with my more commonly used key (because that passphrase is "worn in" on my > fingers much more). Is there a way to do this? No, your data is encrypted in a way that can be decrypted using the private key correspodning to the public key the data is encrypted with. You may decrypt the data reencrypt the data to the other key, though. Alex From alex@syjon.fantastyka.net Thu Jan 16 11:49:42 2003 From: alex@syjon.fantastyka.net (Janusz A. Urbanowicz) Date: Thu Jan 16 11:49:42 2003 Subject: FW: How to add an X.509 cert to an OpenPGP key (was: [Enigmail] Encryption systems compared) In-Reply-To: Message-ID: > I thought I'd FWD this to the gnupg-users, perhaps somebody can > answer it ? Has this changed since this message from W.Koch ?: > http://marc.theaimsgroup.com/?l=gnupg-users&m=98405199609527&w=2 I don't think so. Embedding X.509 data in OpenPGP keys is still a feature of commercial PGP. Alex From Ralf.Huels@schufa.de Thu Jan 16 12:12:03 2003 From: Ralf.Huels@schufa.de (Huels, Ralf SCORE) Date: Thu Jan 16 12:12:03 2003 Subject: AW: Importing SMIME and PGP7 into GPG Message-ID: <51896D38E5E4D111BE560001FA68BA369FBD06@SBO1002> > I've just looked at the FAQ and documentation for GPG but > can't find how to import a public key from a S/MIME > certificate that was attached to a mail I received > (smime.p7s) or from a PGP signed email. ... > Does GPG support either of these formats? S/MIME is not currently supported. For some information on the differences, see for example http://www.imc.org/smime-pgpmime.html You can usually verify a PGP signature with GnuPG, however the key itself is usually *not* included in the message. You'll have to process the signature, get the key ID from the output and retrieve the key from a public key server. You can configure GnuPG so that it automagically retrieves unknown keys, though I don't know the relevant options right now. If the key is not present on your favorite key server, you'll have to ask your correspondent to send his public key to you in a separate message (or get it from his home page, maybe). HTH. Tschuess, Ralf From avbidder@fortytwo.ch Thu Jan 16 12:27:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Jan 16 12:27:02 2003 Subject: comment, propagation, and key servers In-Reply-To: <20030115202828.CFO14880.fed1mtao05.cox.net@there> References: <20030115202828.CFO14880.fed1mtao05.cox.net@there> Message-ID: <1042716477.2269.104.camel@altfrangg.fortytwo.ch> --=-V1NnftH4rJFwa9OAlur+ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-01-15 at 21:29, Jaye Inabnit ke6sls wrote: > knew my public key. The key server I used was www.keyserver.net. Today,= I=20 > uploaded (I think) to 5 other key servers to hopefully make my public key= =20 This is the basic fault you're making. keyserver.net has several difficulties: - they don't (or do not often?) synchronize with the rest of the world - I have frequently had troubles accessing them - apparently, only 1 server is working. - their server software is commercial (ok, this one does not matter for normal use). I'd recommend everybody to use the wwwkeys.pgp.net group of servers (using wwwkeys.pgp.net gives a random server, you can use a specific server if you want, it should not be necessary normally). Hmmm, comment header - from the manpage: --comment string Use string as comment string in clear text signatures. = The default is not do write a comment string. To write any option into gpg.conf, just leave the '--' off: comment: use the keyserver blah blah (good idea, btw) cheers -- vbi --=20 pub 1024D/92082481 2002-02-22 Adrian von Bidder=20 Key fingerprint =3D EFE3 96F4 18F5 8D65 8494 28FC 1438 5168 9208 2481 --=-V1NnftH4rJFwa9OAlur+ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj4mlz0sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99YKXACgiGhZnsVKC2iRGK0I8WFtyB4CxIMA njV4+h2Dfhmmk68cRR2UFI3+3ZJ4 =ZZ67 -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-V1NnftH4rJFwa9OAlur+-- From shavital@netbox.com Thu Jan 16 12:28:02 2003 From: shavital@netbox.com (Charly Avital) Date: Thu Jan 16 12:28:02 2003 Subject: comment, propagation, and key servers In-Reply-To: <20030115202828.CFO14880.fed1mtao05.cox.net@there> References: <20030115202828.CFO14880.fed1mtao05.cox.net@there> Message-ID: At 12:29 PM -0800 1/15/03, Jaye Inabnit ke6sls wrote: >Today, I >uploaded (I think) to 5 other key servers to hopefully make my public key >more easily found. It's best to have a little patience, and wait until the keyserver you uploaded your key to, syncs with other keyservers. Uploading the same key to additional keyservers might be frowned upon, and considered to put an unnecessary load on keyservers in general. >One user said that I could edit my comment section to include the public key >server. Sounded like a terrific idea, but how do I do this? I think the best way is to add it in your Options file. In gpg prior to 1.2.0, it was called ~/.gnupg/options. In later versions, it is ~/.gpg.conf. You could open that file, with a text editor, and type one clean line, e.g.: comment [the text you want to be displayed] then hit return, to create an empty line, save the changes in the text editor, and quit the text editor. > >Finally, as I went through the faq and various documentation for Gnupg, I >didn't find a list of key servers. Wouldn't it be a good idea to have >several listed in these documents so users could upload (export?) their keys >to more than one to help in key propagation? There is a command line that will display, in the Terminal, a list of available keyservers. Unfortunately, I can't remember now what it is, sorry. [...] Hope this helps. Charly >-----BEGIN GPG OUTPUT----- >gpg: Signature made Wed Jan 15 22:29:09 2003 IST using DSA key ID CB5AEA43 >gpg: Good signature from "M.J. Inabnit " >gpg: please do a --check-trustdb >gpg: WARNING: This key is not certified with a trusted signature! >gpg: There is no indication that the signature belongs to the owner. >Primary key fingerprint: 56E2 FAE1 39D0 269E B227 8AF9 6470 712A CB5A EA43 >-----END GPG OUTPUT----- From wk@gnupg.org Thu Jan 16 12:30:02 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Jan 16 12:30:02 2003 Subject: Importing SMIME and PGP7 into GPG In-Reply-To: <20030115115419.5fb11de9.furner@netmon.ch> (Mark Furner's message of "Wed, 15 Jan 2003 11:54:19 +0100") References: <20030115115419.5fb11de9.furner@netmon.ch> Message-ID: <87bs2hmix0.fsf@alberti.g10code.de> On Wed, 15 Jan 2003 11:54:19 +0100, Mark Furner said: > I've just looked at the FAQ and documentation for GPG but can't find > how to import a public key from a S/MIME certificate that was S/MIME is based on CMS and X.509 which is entirely different standard. There is no way to use such a certificate with OpenPGP. However, we have a similar software (gpgsm) which supports this protocol; see http://gnupg.org/aegypten.html. Eventually it will be included into the GnuPG package. Shalom-Salam, Werner From dshaw@jabberwocky.com Thu Jan 16 14:16:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 16 14:16:02 2003 Subject: comment, propagation, and key servers In-Reply-To: <1042716477.2269.104.camel@altfrangg.fortytwo.ch> References: <20030115202828.CFO14880.fed1mtao05.cox.net@there> <1042716477.2269.104.camel@altfrangg.fortytwo.ch> Message-ID: <20030116131636.GA2450@jabberwocky.com> On Thu, Jan 16, 2003 at 12:27:57PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > On Wed, 2003-01-15 at 21:29, Jaye Inabnit ke6sls wrote: > > > knew my public key. The key server I used was www.keyserver.net. Today, I > > uploaded (I think) to 5 other key servers to hopefully make my public key > > This is the basic fault you're making. keyserver.net has several > difficulties: > - they don't (or do not often?) synchronize with the rest of the world > - I have frequently had troubles accessing them - apparently, only 1 > server is working. > - their server software is commercial (ok, this one does not matter for > normal use). Plus: the server has a bug that makes it not work properly with GnuPG on all platforms.... David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From Fabian.Rodriguez@Toxik.com Thu Jan 16 15:08:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Thu Jan 16 15:08:02 2003 Subject: comment, propagation, and key servers In-Reply-To: <20030115202828.CFO14880.fed1mtao05.cox.net@there> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've had this problem myself. I've found that one of the easiest interfaces to get/publish my public key(s) is Biglumber.com, for the following reasons: - The www link is short - It includes links to KeyAnalyze reports (to verify signature paths =66rom/to you) - It supports (and displays!) image IDs without additional software - Its authentication nicely incorporates encryption for password delivery (a nice example of OpenPGP use) - last but not least... it lists keysigning events, as well as people who are interested in keysignings. The maintainer is very receptive to suggestions, too. BTW, since I have several keys, I'll be giving out one URL with various biglumber.com links and maybe the preferred keyservers I use. One of my biglumber.com entries is: http://www.biglumber.com/x/web?ev=3D50497;qs=3D174 Of course, this does not eliminate the propagation problem you mentioned. I actually upload my keys to several different keyservers, which was discussed (well, at least replied to) in this thread: http://marc.theaimsgroup.com/?l=3Dgnupg-users&m=3D104022334232030&w= =3D2 Let us know what works best for you. Fabi=E1n Rodr=EDguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 [...] > I have had several people ask me where to find my public key. [...] -----BEGIN PGP SIGNATURE----- iD8DBQE+JryVfUcTXFrypNURAjvaAJwKom7uwHPbNi0brh9QrGasI/8toACcDCIX RvGLvIM1M0TWwRrrP3GyP2Q=3D =3D05QZ -----END PGP SIGNATURE----- From dsandler@paychex.com Thu Jan 16 16:02:02 2003 From: dsandler@paychex.com (David M Sandler) Date: Thu Jan 16 16:02:02 2003 Subject: Migrating GnuPG and EGD to another server Message-ID: <3E26C990.68E965D2@paychex.com> I recently built EGD 0.8 and GnuPG 1.2.0 on a HP-UX 11.0 server. I need to migrate them to another HP-UX 11.0 server. Can anyone point me to documentation that would tell me which components need to be migrated, and where they are located? --Dave David M Sandler Paychex Incorporated dsandler@paychex.com From duckwing@duckwing.ca Thu Jan 16 16:40:02 2003 From: duckwing@duckwing.ca (Carl B. Constantine) Date: Thu Jan 16 16:40:02 2003 Subject: options -> gpg.conf Message-ID: <20030116153858.GC3981@Mallard> --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I upgraded my gnupg from 1.0.6 to 1.2.1 recently. It didn't put a new configuration file in my ~/.gnupg directory, but continues to use the options file.=20 I tried to copy the options.skel file from /usr/share/gnupg to ~/.gnupg/gpg.conf but received some errors on the file when I tried to sign an email. Is there documention on the gpg.conf file and what should be in there? What about converting from options to gpg.conf? Thanks. --=20 .''`. Carl B. Constantine : :' : duckwing@duckwing.ca `. `' GnuPG: 135F FC30 7A02 B0EB 61DB 34E3 3AF1 DC6C 9F7A 3FF8 `- Debian GNU/Linux -- The power of freedom --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JtISOvHcbJ96P/gRAhTSAJ9j7n14vqPegXcJELSjVswh/E8I9QCgsmmF gm/VoipPzmEcUErthM6mwVE= =O8tu -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- From vedaal@hush.com Thu Jan 16 17:09:02 2003 From: vedaal@hush.com (vedaal@hush.com) Date: Thu Jan 16 17:09:02 2003 Subject: Prefered decryption key? Message-ID: <200301161609.h0GG9m73089753@mailserver2.hushmail.com> >Message: 2 >Subject: Re: Prefered decryption key? >From: Adrian 'Dagurashibanipal' von Bidder >To: gnupg-users@gnupg.org >Organization: >Date: 16 Jan 2003 08:06:54 +0100 .. >On Thu, 2003-01-16 at 04:44, Kyle Hasselbacher wrote: > >> I have a couple of secret keys, one I use a lot, and one I don't >use as >> much. I sometimes have files encrypted with both of them. When >I go to >> decrypt one, GnuPG usually asks me for the passphrase of the key >I DON'T >> use as much. I'd like to tell it that, given a choice, it should >decrypt >> with my more commonly used key (because that passphrase is "worn >in" on m= >y >> fingers much more). Is there a way to do this? > >Hmmm. I'd think that it depends on the order of the keys in the >secret >keyring. Try exporting all secret keys and re-importing them in >different orders. .. or you could just press three times, and gnupg will go on to the next key vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From dshaw@jabberwocky.com Thu Jan 16 17:28:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 16 17:28:01 2003 Subject: options -> gpg.conf In-Reply-To: <20030116153858.GC3981@Mallard> References: <20030116153858.GC3981@Mallard> Message-ID: <20030116162849.GA9247@jabberwocky.com> On Thu, Jan 16, 2003 at 07:38:58AM -0800, Carl B. Constantine wrote: > I upgraded my gnupg from 1.0.6 to 1.2.1 recently. It didn't put a new > configuration file in my ~/.gnupg directory, but continues to use the > options file. > > I tried to copy the options.skel file from /usr/share/gnupg to > ~/.gnupg/gpg.conf but received some errors on the file when I tried to > sign an email. Remove the first three lines. > Is there documention on the gpg.conf file and what should be in there? The options.skel file has some documentation. There is also more complete documentation on the man page. > What about converting from options to gpg.conf? cd .gnupg mv options gpg.conf David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Thu Jan 16 17:38:02 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Jan 16 17:38:02 2003 Subject: options -> gpg.conf In-Reply-To: <20030116153858.GC3981@Mallard> ("Carl B. Constantine"'s message of "Thu, 16 Jan 2003 07:38:58 -0800") References: <20030116153858.GC3981@Mallard> Message-ID: <877kd5m4qw.fsf@alberti.g10code.de> On Thu, 16 Jan 2003 07:38:58 -0800, Carl B Constantine said: > I upgraded my gnupg from 1.0.6 to 1.2.1 recently. It didn't put a new > configuration file in my ~/.gnupg directory, but continues to use the > options file. mv ~/.gnupg/options ~/.gnupg/gpg.conf That's all you need to be preapred for the future. > I tried to copy the options.skel file from /usr/share/gnupg to > ~/.gnupg/gpg.conf but received some errors on the file when I tried to > sign an email. Read the file. The first lines must be removed if you copy it manually. > Is there documention on the gpg.conf file and what should be in there? > What about converting from options to gpg.conf? Only the name changed. Salam-Shalom, Werner From kyle@toehold.com Thu Jan 16 17:45:02 2003 From: kyle@toehold.com (Kyle Hasselbacher) Date: Thu Jan 16 17:45:02 2003 Subject: Prefered decryption key? In-Reply-To: <200301161609.h0GG9m73089753@mailserver2.hushmail.com> References: <200301161609.h0GG9m73089753@mailserver2.hushmail.com> Message-ID: <20030116164617.GA26265@longshot.toehold.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Jan 16, 2003 at 08:09:48AM -0800, vedaal@hush.com wrote: >or you could just press three times, and gnupg will go on to the >next key Aha! Thank you! That works well enough for me. - -- Kyle Hasselbacher | If you haven't got anything nice to say about anyone, kyle@toehold.com | come sit here by me. -- Alice Roosevelt Longworth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JuHY10sofiqUxIQRAsTtAKDILeKIDP+3spQFoHQ+XJNcSnfrQACfUwFJ WjQsNsreX9A4oFerSa14YZ4= =TwhK -----END PGP SIGNATURE----- From Jeff_Newton@pmc-sierra.com Thu Jan 16 18:07:02 2003 From: Jeff_Newton@pmc-sierra.com (Jeff Newton) Date: Thu Jan 16 18:07:02 2003 Subject: Grouping Keys Message-ID: <3E26E6DD.6A82C3A4@pmc-sierra.com> Can someone explain how to assign a name to a group of keys in gpg 1.2.0? According to man, I thought the following would work: gpg --group =, But gpg asks for additional input (Go ahead and type your message ...) Cheers, -- Jeff Newton From Fabian.Rodriguez@Toxik.com Thu Jan 16 18:26:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Thu Jan 16 18:26:02 2003 Subject: Keysigning a "corporate" key - how ? In-Reply-To: <3E26E6DD.6A82C3A4@pmc-sierra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'll be attending a keysigning party today and it's the first time I'd lik to have our "corporate" key signed as well. For personal keys, one usually shows up with personal IDs including pictures, like a passport, etc. What would be the best for "corporate" ID verification ? We're a Canadian company and as such our company records show up at Strategis.gc.ca (Industry Canada's corporations directory) and a provincial site too (www.igif.gouv.qc.ca). However, what physical proof(s) would be recognized by the most people (including non-locals), in your opinion ? Thanks for any advice. The key in question is 0xFC26E547, available here: http://www.biglumber.com/x/web?qs=3Dtoxik Fabi=E1n Rodr=EDguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 -----BEGIN PGP SIGNATURE----- iD8DBQE+JurMfUcTXFrypNURAjj9AJ9c/3mZn+UQHl0wYqfkDogWgoIccgCeO7ne Wr3edWlMnEYGTgD8C2uugjg=3D =3DcgUP -----END PGP SIGNATURE----- From avbidder@fortytwo.ch Thu Jan 16 18:35:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Jan 16 18:35:02 2003 Subject: Grouping Keys In-Reply-To: <3E26E6DD.6A82C3A4@pmc-sierra.com> References: <3E26E6DD.6A82C3A4@pmc-sierra.com> Message-ID: <1042738557.582.151.camel@altfrangg.fortytwo.ch> --=-av0gIUGB0j1ZRG+M4ZoZ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2003-01-16 at 18:07, Jeff Newton wrote: > Can someone explain how to assign a name to a group of keys in gpg > 1.2.0? >=20 > According to man, I thought the following would work: >=20 > gpg --group =3D, >=20 > But gpg asks for additional input (Go ahead and type your message ...) The group thing is just an option - so you still need to tell gpg what to do (and by default it reads a signed/encrypted message from stdin and tries to encrypt/verify it). The group option is really most useful in the config file, so the group is available everytime you use gpg. cheers -- vbi --=20 OpenPGP encrypted mail welcme - my key: http://fortytwo.ch/gpg/92082481 --=-av0gIUGB0j1ZRG+M4ZoZ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj4m7X0sGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99ZbAgCfdNuesTZInsurly6QV/axncrAyqYA oIIzXgwAEv9HQ1ZnyJyuF0Nf6OVX =D4OQ -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-av0gIUGB0j1ZRG+M4ZoZ-- From dshaw@jabberwocky.com Thu Jan 16 18:45:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 16 18:45:02 2003 Subject: Grouping Keys In-Reply-To: <3E26E6DD.6A82C3A4@pmc-sierra.com> References: <3E26E6DD.6A82C3A4@pmc-sierra.com> Message-ID: <20030116174607.GB10074@jabberwocky.com> On Thu, Jan 16, 2003 at 09:07:41AM -0800, Jeff Newton wrote: > > Can someone explain how to assign a name to a group of keys in gpg > 1.2.0? > > According to man, I thought the following would work: > > gpg --group =, > > But gpg asks for additional input (Go ahead and type your message ...) You defined a group, but didn't use it. Defining groups (while it does work), is not that useful on the command line. Try putting the group line in your gpg.conf file, and then encrypting to the groupname just like you'd encrypt to any name. (-r groupname). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From wk@gnupg.org Thu Jan 16 19:02:02 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Jan 16 19:02:02 2003 Subject: Grouping Keys In-Reply-To: <3E26E6DD.6A82C3A4@pmc-sierra.com> (Jeff Newton's message of "Thu, 16 Jan 2003 09:07:41 -0800") References: <3E26E6DD.6A82C3A4@pmc-sierra.com> Message-ID: <87lm1lkm98.fsf@alberti.g10code.de> On Thu, 16 Jan 2003 09:07:41 -0800, Jeff Newton said: > Can someone explain how to assign a name to a group of keys in gpg > 1.2.0? > According to man, I thought the following would work: > gpg --group =, You better put the group option into your gpg.conf; using it on the command line does not make much sense and you need to take care of correct quoting. Write this into your gpg.conf group foo@example=11111111 22222222 33333333 If the group consists of the 3 keys with these keyids. Take care that there is no space around the '=' and that there is exactly one space used as delimiter (this is a bug which will be fixed in 1.2.2). > But gpg asks for additional input (Go ahead and type your message ...) Use the group name like any other name: gpg -e -r foo@example test.txt Shalom-Salam, Werner From Thomas.Arend@t-online.de Thu Jan 16 19:09:02 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Thu Jan 16 19:09:02 2003 Subject: comment, propagation, and key servers In-Reply-To: References: <20030115202828.CFO14880.fed1mtao05.cox.net@there> Message-ID: <200301161911.46037.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Donnerstag, 16. Januar 2003 12:29 schrieb Charly Avital: > At 12:29 PM -0800 1/15/03, Jaye Inabnit ke6sls wrote: > >Today, I > >uploaded (I think) to 5 other key servers to hopefully make my public = key > >more easily found. > > It's best to have a little patience, and wait until the keyserver you > uploaded your key to, syncs with other keyservers. Uploading the same k= ey > to additional keyservers might be frowned upon, and considered to put a= n > unnecessary load on keyservers in general. > > >One user said that I could edit my comment section to include the publ= ic > > key server. Sounded like a terrific idea, but how do I do this? > > I think the best way is to add it in your Options file. > In gpg prior to 1.2.0, it was called ~/.gnupg/options. > In later versions, it is ~/.gpg.conf. > the man page says: ~/.gnupg/gpg.conf Default configuration file ~/.gnupg/options Old style configuration file; only used when gpg.conf is not found Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+JvXa2TqsmTFMxwkRApq8AJ4vd4UGlvKrI8TtMwPl8zmiee7BtACfYmwd wju6skjxYq0v7Bvyi8D4Eoc=3D =3DDB7w -----END PGP SIGNATURE----- From wronkiew@foozone.org Thu Jan 16 20:10:04 2003 From: wronkiew@foozone.org (Matt Wronkiewicz) Date: Thu Jan 16 20:10:04 2003 Subject: Keysigning a "corporate" key - how ? In-Reply-To: References: <3E26E6DD.6A82C3A4@pmc-sierra.com> Message-ID: <20030116191101.GC235@ghs.com> --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > What would be the best for "corporate" ID verification ? What would be best in my opinion to verify your corporate key, is to sign the corporate key with your personal key. Then bring you personal key, but not your corporate key to the key-signing party. People who want to verify that your corporate key is valid can decide for themselves whether they trust you to correctly verify the corporate key, after they have already verified your personal key. Convince your coworkers to do the same, to provide a better web of trust. This way the people at the key-signing event are not put in a position where they have to determine, from their own limited knowledge of your company, whether you are a trusted representative from your company or if you are trying to push a phony key. --=20 Matt Wronkiewicz Fingerprint: 914B FFE7 1C00 7B63 04D1 051D BA18 9B5D 6845 2D6E Signature policy: http://www.foozone.org/crypto_policy.asc --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (SunOS) iHAEARECADAFAj4nA8UpGmh0dHA6Ly93d3cuZm9vem9uZS5vcmcvY3J5cHRvX3Bv bGljeS5hc2MACgkQuhibXWhFLW4exgCgmAIvPicK/kxPrPEv6rWwQiVEjkQAn3s2 bNPp2ERIjZ8U32JUFLQEBe6k =MExL -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi-- From dshaw@jabberwocky.com Thu Jan 16 20:24:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 16 20:24:02 2003 Subject: Keysigning a "corporate" key - how ? In-Reply-To: References: <3E26E6DD.6A82C3A4@pmc-sierra.com> Message-ID: <20030116192443.GB11271@jabberwocky.com> On Thu, Jan 16, 2003 at 12:25:04PM -0500, Toxik - Fabian Rodriguez wrote: > I'll be attending a keysigning party today and it's the first time > I'd lik to have our "corporate" key signed as well. For personal > keys, one usually shows up with personal IDs including pictures, like > a passport, etc. > > What would be the best for "corporate" ID verification ? We're a > Canadian company and as such our company records show up at > Strategis.gc.ca (Industry Canada's corporations directory) and a > provincial site too (www.igif.gouv.qc.ca). However, what physical > proof(s) would be recognized by the most people (including > non-locals), in your opinion ? This is a difficult question since signing such a key doesn't really fit into the traditional "identify a person, match that person to a key, sign the key" model. Some people will sign such a key, and some people will not. In a way, it is similar to the question of whether someone other than a robot CA operator should sign the robot CA key. I would recommend that people sign your personal key (as they can verify who you are, etc), and then you sign the corporate key (since you can verify it is correct). David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From jharris@widomaker.com Thu Jan 16 21:09:02 2003 From: jharris@widomaker.com (Jason Harris) Date: Thu Jan 16 21:09:02 2003 Subject: Keysigning a "corporate" key - how ? In-Reply-To: <20030116191101.GC235@ghs.com> References: <3E26E6DD.6A82C3A4@pmc-sierra.com> <20030116191101.GC235@ghs.com> Message-ID: <20030116201028.GB528@pm1.ric-14.lft.widomaker.com> --0ntfKIWw70PvrIHh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 16, 2003 at 11:11:01AM -0800, Matt Wronkiewicz wrote: > > What would be the best for "corporate" ID verification ? >=20 > same, to provide a better web of trust. This way the people at > the key-signing event are not put in a position where they have > to determine, from their own limited knowledge of your company, > whether you are a trusted representative from your company or > if you are trying to push a phony key. Signatures from (alleged) employees still serve to "push" (i.e., certify) the (alleged) corporate key. This is good, not bad, but needs to be supplemented. I would also recommend the following: a) publish the corporate key on the company website b) publish the key via https secured with a CA-issued certificate, which shows that the issuing CA also checked your company records c) verify key <-> email mappings for the corporate key (by accepting encrypted messages and signing outgoing messages) d) sign employee keys with the corporate key (and revoke the signatures when employees leave) e) put the key fingerprint on printed documents: letterhead, brochures, business cards, etc. f) verify the key fingerprint via phone when requested Carefully consider who has access to the private key though. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --0ntfKIWw70PvrIHh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+JxGzSypIl9OdoOMRAtCdAKCsSdZPoGPs7skTbQre6WwpOUL2NACg0g3s E7ohCL0FL+dXAMY5ImfwcBI= =pdaq -----END PGP SIGNATURE----- --0ntfKIWw70PvrIHh-- From greg@turnstep.com Thu Jan 16 21:24:01 2003 From: greg@turnstep.com (greg@turnstep.com) Date: Thu Jan 16 21:24:01 2003 Subject: Keysigning a "corporate" key - how ? In-Reply-To: Message-ID: <3ae2e411eed0ed50f6541647bb6eaa36@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message > I'll be attending a keysigning party today... > > What would be the best for "corporate" ID verification ? We're a > Canadian company and as such our company records show up at > Strategis.gc.ca (Industry Canada's corporations directory) and a > provincial site too (www.igif.gouv.qc.ca). However, what physical > proof(s) would be recognized by the most people (including > non-locals), in your opinion ? I am not comfortable with signing a "corporate" ID, but an additional check would be to put something unique on the company's web page, under the assumption that nobody but the company has control over that domain. For example, if I were at the party, I would give you a secret phrase. You would then encrypt the phrase (to me only), sign it with the corporate key, and then post the encrypted (armored) text somewhere on the website, preferably somewhere prominent to prevent some lone employee from creating obscure URLs. I would check the page, decrypt the message, verify the phrase, and check that it was made by the same key as the one at the key signing. Listing the key in the whois record would be a nice touch as well. After all that, I probably would not have signed it :), but I think it constitutes at least some additional assurances. -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200301161520 -----BEGIN PGP SIGNATURE----- Comment: http://www.turnstep.com/pgp.html iD8DBQE+JxTXvJuQZxSWSsgRArc7AKDlk1ShAxaLbUj420epeFbSzknNTQCgyel0 dR5vTcm4Om8lPVgLlWFy8SI= =O5Wd -----END PGP SIGNATURE----- From dsandler@paychex.com Thu Jan 16 22:31:02 2003 From: dsandler@paychex.com (David M Sandler) Date: Thu Jan 16 22:31:02 2003 Subject: How to resolve "mpi too large" error? Message-ID: <3E2724DD.F885423@paychex.com> I was trying to decrypt a file and received a "mpi too large" error. Could anyone shed some light on this, and tell me how to resolve it? --Dave -- David M Sandler Paychex Incorporated dsandler@paychex.com From wk@gnupg.org Fri Jan 17 10:00:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Jan 17 10:00:02 2003 Subject: How to resolve "mpi too large" error? In-Reply-To: <3E2724DD.F885423@paychex.com> ("David M Sandler"'s message of "Thu, 16 Jan 2003 16:32:13 -0500") References: <3E2724DD.F885423@paychex.com> Message-ID: <87fzrskv8f.fsf@alberti.g10code.de> On Thu, 16 Jan 2003 16:32:13 -0500, David M Sandler said: > I was trying to decrypt a file and received a "mpi too large" error. > Could anyone shed some light on this, and tell me how to resolve it? Most likely the file is corrupted. For FTP, make sure that you use binary mode. From Pavel Fri Jan 17 10:36:03 2003 From: Pavel (Pavel) Date: Fri Jan 17 10:36:03 2003 Subject: --batch create public and secret keys Message-ID: <1817038348.20030116170000@Reich.com> Hello gnupg-devel, How can i create public and secret keys in --batch mode (no interactivity)? I have only command line (system() C function). -- Best regards, Pavel From jerry.wawrzyniak@nwa.com Fri Jan 17 10:36:18 2003 From: jerry.wawrzyniak@nwa.com (Wawrzyniak, Jerry L) Date: Fri Jan 17 10:36:18 2003 Subject: A version for USS on mainframe Message-ID: Do you know if there a version of gnuPG that will run on the mainframe? = If not, what steps are necessary to make a copy run on the mainframe? Jerry Wawrzyniak Northwest Airlines, Inc 612.726.7946 From RParr@TemporalArts.COM Fri Jan 17 10:36:33 2003 From: RParr@TemporalArts.COM (Randall J. Parr) Date: Fri Jan 17 10:36:33 2003 Subject: GnuPG with Perl 5.8 (or best replacement)? Message-ID: <3E271220.40400@TemporalArts.com> I have been given the task of migrating some Perl scripts from Red Hat 6.x with Perl 5.6 using GnuPG to Red Hat 8.0 which has Perl 5.8. Attempts to install the GnuPG 0.09 module fail. It appears there is some Perl 5.8 incompatibility. I have "googled" 'til my fingers hurt but have been unable to discover any guidance as to a version of GnuPG that will install in Perl 5.8 and/or a recommended module which can replace and/or supercede GnuPG. I am sorry to contact you directly but I *really* appreciate any guidance as to if/how I can install GnuPG with Perl 5.8 or (if that is not possible) how best to replace the GnuPG code. Any pointers / references would be greatly appreciated Thank you R.Parr Temporal Arts From ke6sls@arrl.net Fri Jan 17 10:36:48 2003 From: ke6sls@arrl.net (Jaye Inabnit ke6sls) Date: Fri Jan 17 10:36:48 2003 Subject: comment, propagation, and key servers In-Reply-To: <200301161911.46037.thomas.arend@t-online.de> References: <20030115202828.CFO14880.fed1mtao05.cox.net@there> <200301161911.46037.thomas.arend@t-online.de> Message-ID: <20030116204347.LCAP327.fed1mtao01.cox.net@there> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 16 January 2003 10:11 am, you wrote: > Am Donnerstag, 16. Januar 2003 12:29 schrieb Charly Avital: > > At 12:29 PM -0800 1/15/03, Jaye Inabnit ke6sls wrote: > > >Today, I > > >uploaded (I think) to 5 other key servers to hopefully make my public > > > key more easily found. > > > > It's best to have a little patience, and wait until the keyserver you > > uploaded your key to, syncs with other keyservers. Uploading the same key > > to additional keyservers might be frowned upon, and considered to put an > > unnecessary load on keyservers in general. Agreed. I originally installed and configured Gnupg about 1 year ago. This is why I wondered about how these key servers exchange data and with what other key servers. > > >One user said that I could edit my comment section to include the public > > > key server. Sounded like a terrific idea, but how do I do this? > > > > I think the best way is to add it in your Options file. > > In gpg prior to 1.2.0, it was called ~/.gnupg/options. > > In later versions, it is ~/.gpg.conf. > > the man page says: > > ~/.gnupg/gpg.conf > Default configuration file > > ~/.gnupg/options > Old style configuration file; only used when > gpg.conf is not found > Thomas > Charly said: >You could open that file, with a text editor, and type one clean line, e.g.: >comment [the text you want to be displayed] then hit return, to create an >empty line, save the changes in the text editor, and quit the text editor. > This worked very well as you can see. I do have the options file (running Debian stable here) and editing/adding my comment entry worked without a problem--thank you. :) The propagation issue is still bothers me. Why didn't www.keyserver.net pass along my key to other key servers? This is beyond my expereince, yet I think those that are active in coding Gnupg might want to address the situation. I do not know if it is customary to upload to more than a single key server, but I received two messages indicating that others had expereinced the same problem as I had (lack of key propagation). Thank you all for responding so rapidly! wishing you my best. - -- Jaye InabnitA Debian-Gnu/Linux user If it's stupid, but works, it ain't stupid. I SHOUT JUST FOR FUN. Free software, in a free world, for a free spirit. Please Support freedom! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: My key available from www.keyserver.net iD8DBQE+JxmsZHBxKsta6kMRAmNpAKC3iowTZIRvJ/uiVIgOfycL2zriDQCfXLpO 1uJehwNtl4G57yuSQyOjywg= =yJUn -----END PGP SIGNATURE----- From colstar@iprimus.com.au Fri Jan 17 11:32:03 2003 From: colstar@iprimus.com.au (Colin Brown) Date: Fri Jan 17 11:32:03 2003 Subject: How to use gpgme with MSVS7 Message-ID: <000001c2be13$ce06e690$496832d2@workstation> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I was wondering if anyone could explain to me how to use gpgme. I have compiled it into gpgme.lib, but cannot seem to get it to work = with MS Visual Studio 7(.net) I am very new to GnuPG and gpgme. (I am current looking at the source for winpt to get a better idea of = how to use it) Any information would be appreciated Many Thanks Colin Taking the easy way out=20 "Windows 95 is a=20 32-bit shell for a=20 16-bit extension to an=20 8-bit operating system designed for a=20 4-bit microprocessor by a=20 2-bit company that can't stand one bit of competition." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE+J9vSa7XhVS1wirkRAqEMAJ9rTIli2oDJF7scSK35Y07vu6xz0QCfZify Mjm8eFEZgV+0dMcsF6WPBWE=3D =3DNbcM -----END PGP SIGNATURE----- From avbidder@fortytwo.ch Fri Jan 17 11:35:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Fri Jan 17 11:35:02 2003 Subject: comment, propagation, and key servers In-Reply-To: <20030116204347.LCAP327.fed1mtao01.cox.net@there> References: <20030115202828.CFO14880.fed1mtao05.cox.net@there> <200301161911.46037.thomas.arend@t-online.de> <20030116204347.LCAP327.fed1mtao01.cox.net@there> Message-ID: <1042799784.31553.2.camel@papillon.fortytwo.ch> --=-Sq25RXWp003Cd5IYkyFN Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2003-01-16 at 21:44, Jaye Inabnit ke6sls wrote: > The propagation issue is still bothers me. Why didn't www.keyserver.net = pass=20 > along my key to other key servers? This is beyond my expereince, yet I t= hink=20 > those that are active in coding Gnupg might want to address the situation= . This is not something the gnupg community can easily address: www.keyserver.net is commercial, and they claim it's 'service to the community' to run those keyservers - it's just marketing for their keyservers - see my other message on this in this thread. cheers -- vbi --=20 this email is protected by a digital signature: http://fortytwo.ch/gpg --=-Sq25RXWp003Cd5IYkyFN Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+J9yoKqpm2L3fmXoRArHoAKCMV5B3WAaJ+OLKIvxDnVSKlMMUZACcCJf9 RBU+mpfEGMQ+BHZ1t2f6SHk= =B3vy -----END PGP SIGNATURE----- --=-Sq25RXWp003Cd5IYkyFN-- From shavital@netbox.com Fri Jan 17 12:05:02 2003 From: shavital@netbox.com (Charly Avital) Date: Fri Jan 17 12:05:02 2003 Subject: comment, propagation, and key servers In-Reply-To: <20030116204347.LCAP327.fed1mtao01.cox.net@there> References: <20030115202828.CFO14880.fed1mtao05.cox.net@there> <200301161911.46037.thomas.arend@t-online.de> <20030116204347.LCAP327.fed1mtao01.cox.net@there> Message-ID: At 12:44 PM -0800 1/16/03, Jaye Inabnit ke6sls wrote: >*** PGP Signature Status: good >*** Signer: M.J. Inabnit >*** Signed: 1/16/03 at 10:44 PM >*** Verified: 1/17/03 at 12:57 PM >*** BEGIN PGP VERIFIED MESSAGE *** > [...] >This worked very well as you can see. I do have the options file (running >Debian stable here) and editing/adding my comment entry worked without a >problem--thank you. :) Glad it helped. >The propagation issue is still bothers me. Why didn't www.keyserver.net pass >along my key to other key servers? This is beyond my expereince, yet I think >those that are active in coding Gnupg might want to address the situation. You have surely seen a post in this list from Adrian 'Dagurashibanipal' von Bidder , pointing at the fact that www.keyserver.net doesn't sync with other servers, you'd better read the exact words in that message. And you should use a different server. The server issue does not depend only, I think, on experienced people that are active in coding GnuPG. It probably depends a lot more on how each particular server performs, and that's not withing the realm of GnuPG. >I do not know if it is customary to upload to more than a single key server, >but I received two messages indicating that others had expereinced the same >problem as I had (lack of key propagation). There can be problems in propagation and sync, but I believe that particular server, www.keyserver.net, is not a good example. >wishing you my best. Thanks. C. From wk@gnupg.org Fri Jan 17 13:54:07 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Jan 17 13:54:07 2003 Subject: --batch create public and secret keys In-Reply-To: <1817038348.20030116170000@Reich.com> (Pavel's message of "Thu, 16 Jan 2003 17:00:00 +0600") References: <1817038348.20030116170000@Reich.com> Message-ID: <87u1g8j5uy.fsf@alberti.g10code.de> On Thu, 16 Jan 2003 17:00:00 +0600, Pavel said: > Hello gnupg-devel, > How can i create public and secret keys in --batch mode (no > interactivity)? I have only command line (system() C function). See doc/DETAILS under the section Unattended Key Generation From dsandler@paychex.com Fri Jan 17 17:08:02 2003 From: dsandler@paychex.com (David M Sandler) Date: Fri Jan 17 17:08:02 2003 Subject: How to resolve "mpi too large" error? References: <3E2724DD.F885423@paychex.com> <87fzrskv8f.fsf@alberti.g10code.de> Message-ID: <3E282ABA.F62A46B3@paychex.com> --------------442D2FF7377005BA2836DBCD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The "mpi too large" error occurred while trying to decrypt a file transferred in binary mode. When I transfer the file in ascii mode and then try to decrypt it, I do not get the "mpi too large" error. In addition, I have another separate problem while trying to decrypt the file transferred in ascii mode. I type the following command to decrypt: gpg --decrypt filename.ext and I get the following error: gpg: public key decryption failed: wrong secret key used gpg: decryption failed: secret key not available My public and private keys have not changed recently as far as I can tell. Any suggestions? --Dave Werner Koch wrote: > On Thu, 16 Jan 2003 16:32:13 -0500, David M Sandler said: > > > I was trying to decrypt a file and received a "mpi too large" error. > > Could anyone shed some light on this, and tell me how to resolve it? > > Most likely the file is corrupted. For FTP, make sure that you use > binary mode. -- David M Sandler Paychex Incorporated dsandler@paychex.com --------------442D2FF7377005BA2836DBCD Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit  
The "mpi too large" error occurred while trying to decrypt a file transferred in binary mode.  When I transfer the file in ascii mode and then try to decrypt it, I do not get the "mpi too large" error.

In addition, I have another separate problem while trying to decrypt the file transferred in ascii mode.  I type the following command to decrypt:

gpg --decrypt filename.ext
and I get the following error:
gpg: public key decryption failed: wrong secret key used
gpg: decryption failed: secret key not available
My public and private keys have not changed recently as far as I can tell.

Any suggestions?

--Dave

Werner Koch wrote:

On Thu, 16 Jan 2003 16:32:13 -0500, David M Sandler said:

> I was trying to decrypt a file and received a "mpi too large" error.
> Could anyone shed some light on this, and tell me how to resolve it?

Most likely the file is corrupted.  For FTP, make sure that you use
binary mode.

--

David M Sandler
Paychex Incorporated
dsandler@paychex.com
  --------------442D2FF7377005BA2836DBCD-- From Thomas.Arend@t-online.de Fri Jan 17 17:48:02 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Fri Jan 17 17:48:02 2003 Subject: How to resolve "mpi too large" error? In-Reply-To: <3E282ABA.F62A46B3@paychex.com> References: <3E2724DD.F885423@paychex.com> <87fzrskv8f.fsf@alberti.g10code.de> <3E282ABA.F62A46B3@paychex.com> Message-ID: <200301171750.38029.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Freitag, 17. Januar 2003 17:09 schrieb David M Sandler: =2E. > In addition, I have another separate problem while trying to decrypt th= e > file transferred in ascii mode. I type the following command to decryp= t: > > gpg --decrypt filename.ext > > and I get the following error: > > gpg: public key decryption failed: wrong secret key used > gpg: decryption failed: secret key not available > > My public and private keys have not changed recently as far as I can te= ll. > > Any suggestions? Would you mind to provied a little bit more information? Do you have more than one secret key? Is gnupg asking for an mantra? etc = =2E.. Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+KDRc2TqsmTFMxwkRAtE1AKCYuZiQ8HRhj28U2rSaxPRJWF+HHgCePuV4 cnVROvYYm7+lhlVeB7x3wug=3D =3DLkwf -----END PGP SIGNATURE----- From dsandler@paychex.com Fri Jan 17 18:11:02 2003 From: dsandler@paychex.com (David M Sandler) Date: Fri Jan 17 18:11:02 2003 Subject: How to resolve "mpi too large" error? References: <3E2724DD.F885423@paychex.com> <87fzrskv8f.fsf@alberti.g10code.de> <3E282ABA.F62A46B3@paychex.com> <200301171750.38029.thomas.arend@t-online.de> Message-ID: <3E28397A.39F926C6@paychex.com> > Would you mind to provied a little bit more information? > > Do you have more than one secret key? Is gnupg asking for an mantra? etc ... > I have a public and secret key pair that I generated, and I also have a public key from another source which I imported and signed. That is all. The file that I am trying to decrypt was encrypted by this other source. I don't understand what a mantra is, but GnuPG is not asking for one. I apologize if I am not being entirely clear. I'm new to GnuPG. --Dave -- David M Sandler Paychex Incorporated dsandler@paychex.com From Thomas.Arend@t-online.de Fri Jan 17 18:32:01 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Fri Jan 17 18:32:01 2003 Subject: How to resolve "mpi too large" error? In-Reply-To: <3E28397A.39F926C6@paychex.com> References: <3E2724DD.F885423@paychex.com> <200301171750.38029.thomas.arend@t-online.de> <3E28397A.39F926C6@paychex.com> Message-ID: <200301171834.38778.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Freitag, 17. Januar 2003 18:12 schrieb David M Sandler: > > Would you mind to provied a little bit more information? > > > > Do you have more than one secret key? Is gnupg asking for an mantra? = etc > > ... > > I have a public and secret key pair that I generated, and I also have a > public key from another source which I imported and signed. That is al= l.=20 > The file that I am trying to decrypt was encrypted by this other source= =2E You can only decrypt file with your secret keys wich where encrypted with= your=20 private keys. When the file was encrypted with the public key from the ot= her=20 source then you have no chance to decrypt it. Or you must get hold of the= =20 other secret key. > > I don't understand what a mantra is, but GnuPG is not asking for one. A Mantra is a password for the secret keys. You are asked for when you=20 generate your key-pair. > > I apologize if I am not being entirely clear. I'm new to GnuPG. > > --Dave Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+KD6n2TqsmTFMxwkRAo/KAKCD0tjMM5JYYTVCZvkfWJhJCwBM4gCeIkEM n8ltX5sbUPPNIasMzXoa4yw=3D =3DbVBM -----END PGP SIGNATURE----- From dsandler@paychex.com Fri Jan 17 18:57:02 2003 From: dsandler@paychex.com (David M Sandler) Date: Fri Jan 17 18:57:02 2003 Subject: How to resolve "mpi too large" error? References: <3E2724DD.F885423@paychex.com> <200301171750.38029.thomas.arend@t-online.de> <3E28397A.39F926C6@paychex.com> <200301171834.38778.thomas.arend@t-online.de> Message-ID: <3E284424.F1E6E19D@paychex.com> > You can only decrypt file with your secret keys wich where encrypted with your > private keys. When the file was encrypted with the public key from the other > source then you have no chance to decrypt it. Or you must get hold of the > other secret key. > I exported my public key and sent it to the other source. He imported my public key, signed it, encrypted a file with it, and sent the encrypted file to me. This was done at least two months ago. Back then, I was able to successfully decrypt the file with my secret key. But I cannot do it today. I have the same encrypted file that was transmitted to me two months ago. I also have the same key rings that I used two months ago. GnuPG needed to be rebuilt within the last two months on the server on which I am working, and seems to have been rebuilt properly. This is the first time I have attempted to decrypt a file since GnuPG was rebuilt on this server. > > A Mantra is a password for the secret keys. You are asked for when you > generate your key-pair. Was there an option to not have a password on the secret key? If so, we may have chosen not to assign a password for this test. --Dave -- David M Sandler Paychex Incorporated dsandler@paychex.com From nelson@bignachos.com Fri Jan 17 22:02:03 2003 From: nelson@bignachos.com (Brian Nelson) Date: Fri Jan 17 22:02:03 2003 Subject: gpg: Ohhhh jeeee: mpi crosses packet border Message-ID: <87ptqvv6fm.fsf@sirius.bignachos.com> Today, for most gpg operations I try, I get the message: gpg: Ohhhh jeeee: mpi crosses packet border secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/16384 Aborted What does this mean, and how can I make it go away? -- My secret to happiness... is that I have a heart of a 12-year-old boy. It's over here in a jar. Would you like to see it? From wk@gnupg.org Sat Jan 18 15:24:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Jan 18 15:24:02 2003 Subject: gpg: Ohhhh jeeee: mpi crosses packet border In-Reply-To: <87ptqvv6fm.fsf@sirius.bignachos.com> (Brian Nelson's message of "Fri, 17 Jan 2003 12:59:25 -0800") References: <87ptqvv6fm.fsf@sirius.bignachos.com> Message-ID: <87iswmilks.fsf@alberti.g10code.de> On Fri, 17 Jan 2003 12:59:25 -0800, Brian Nelson said: > gpg: Ohhhh jeeee: mpi crosses packet border If you get this for every oepration it is likely that your keyring is corrupted. Using the option --debug 1 might give some hints. OS version, Gnupg version, what compiler? From twoaday@freakmail.de Sat Jan 18 20:41:02 2003 From: twoaday@freakmail.de (Timo Schulz) Date: Sat Jan 18 20:41:02 2003 Subject: How to use gpgme with MSVS7 In-Reply-To: <000001c2be13$ce06e690$496832d2@workstation> References: <000001c2be13$ce06e690$496832d2@workstation> Message-ID: <20030118194852.GC1212@daredevil.joesixpack.net> On Fri Jan 17 2003; 18:32, Colin Brown wrote: > I was wondering if anyone could explain to me how to use gpgme. > I have compiled it into gpgme.lib, but cannot seem to get it to work with > MS Visual Studio 7(.net) What is the problem you have? If you succeeded to compile the code as a library (static) you should be able to use it. Did you get unresolved functions (GNU C functions which are missing for MSVC)? > (I am current looking at the source for winpt to get a better idea of how > to use it) Please remember that the GPGME version in WinPT was heavily modified and this is why I call it MyGPGME! Actually it's not compatible with 0.3.x or later in most cases. Timo From gnupg@interlap.com.ar Sun Jan 19 00:56:01 2003 From: gnupg@interlap.com.ar (gnupg@interlap.com.ar) Date: Sun Jan 19 00:56:01 2003 Subject: Problema con kmail Message-ID: <1042941560.3e2a067844401@www.interlap.com.ar> Hola: Resulta que hasta hace poco tenia e mandrake 8.0 gnupg funcinando muy bien e kmail, luego actualize a mandrake 9.0 (tambien lo instale de 0), y ya no puedo utilizar el programa.....en kmail me aparecen los iconos, pero sin activar. A alguno le sucedio esto ??? Como lo soluciono?? y si no es asi, tienen alguna idea de que hacer ??? Desde ya gracias Maximo PD: Me intereza realmente solucionar el tema. ============================================================== http://www.interlap.com.ar - Tu Email POP3 Gratis. http://www.interlap.com.ar/acceso - Accede Gratis a Internet. http://www.interlap.com.ar/webhosting - Muda tu web a InterLAP. ============================================================== From ingo.kloecker@epost.de Sun Jan 19 11:18:02 2003 From: ingo.kloecker@epost.de (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sun Jan 19 11:18:02 2003 Subject: Problema con kmail In-Reply-To: <1042941560.3e2a067844401@www.interlap.com.ar> References: <1042941560.3e2a067844401@www.interlap.com.ar> Message-ID: <200301191108.20971@erwin.ingo-kloecker.de> --Boundary-02=_UknK+C8+gCG5DC8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline Halo Maximo: On Sunday 19 January 2003 02:59, gnupg@interlap.com.ar wrote: > Hola: > > Resulta que hasta hace poco tenia e mandrake 8.0 gnupg funcinando muy > bien e kmail, > > luego actualize a mandrake 9.0 (tambien lo instale de 0), y ya no > puedo utilizar el programa.....en kmail me aparecen los iconos, pero > sin activar. Did you specify the OpenPGP key which should be used with your identity? =BFHas especificado el llave de OpenPGP que KMail tiene que utilizar con=20 tu identidad? Regards, Ingo --Boundary-02=_UknK+C8+gCG5DC8 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+KnkUGnR+RTDgudgRAqZEAJ9LLd7xjiFxGzZQib6K7SbayPv35gCfXo0V Sz7oehuDdIcGlvZA/s6rRjM= =R4GS -----END PGP SIGNATURE----- --Boundary-02=_UknK+C8+gCG5DC8-- From linux@thorstenhau.de Sun Jan 19 11:31:02 2003 From: linux@thorstenhau.de (Thorsten Haude) Date: Sun Jan 19 11:31:02 2003 Subject: Cannot connect to Keyservers In-Reply-To: <20030103123058.GA2735@eumel.yoo.local> References: <20030103123058.GA2735@eumel.yoo.local> Message-ID: <20030119103204.GC970@eumel.yoo.local> --XOIedfhf+7KOe/yw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Moin, * Thorsten Haude [2003-01-03 13:30]: >Hi, > >I have trouble connecting to several keyservers with GnuPG 1.0.5: >- - - Schnipp - - - >yooden@eumel> gpg --send-key 4065A1DA >gpg: Senden an `wwwkeys.eu.pgp.net' erfolglos (status=3D400) >- - - Schnapp - - - I changed to 1.0.6 and the problem went away. Thorsten --=20 It has become appallingly obvious that our technology has exceeded our huma= nity. - Albert Einstein --XOIedfhf+7KOe/yw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe http://www.gnupg.org iD8DBQE+Kn6jW/x2JEBlodoRAkdvAKCl5bh/E8iq4Pk26kuXo4B3lkNOLgCcCjPF +NgEiEJSN9k7gNqW83GFwxM= =c+JU -----END PGP SIGNATURE----- --XOIedfhf+7KOe/yw-- From nelson@bignachos.com Sun Jan 19 18:09:02 2003 From: nelson@bignachos.com (Brian Nelson) Date: Sun Jan 19 18:09:02 2003 Subject: gpg: Ohhhh jeeee: mpi crosses packet border In-Reply-To: <87iswmilks.fsf@alberti.g10code.de> (Werner Koch's message of "Sat, 18 Jan 2003 15:22:59 +0100") References: <87ptqvv6fm.fsf@sirius.bignachos.com> <87iswmilks.fsf@alberti.g10code.de> Message-ID: <87d6mtcbh6.fsf@scabbers.bignachos.com> --=-=-= Content-Transfer-Encoding: quoted-printable Werner Koch writes: > On Fri, 17 Jan 2003 12:59:25 -0800, Brian Nelson said: > >> gpg: Ohhhh jeeee: mpi crosses packet border > > If you get this for every oepration it is likely that your keyring is > corrupted. Using the option --debug 1 might give some hints. > > OS version, Gnupg version, what compiler? Apparently, it was the result of sharing the same pubring.gpg on a Debian and a Cygwin installation. Both have version 1.2.1. The Debian version is compiled with gcc 2.95, and I think the Cygwin version is compiled with 3.2. I was only getting those errors in Debian; it worked fine in Cygwin. I keep my pubring.gpg and trustdb.gpg under revision control, so I reverted to a previous revision to get it working again. Is there any reason why I'm having trouble sharing the pubring on Debian and Cygwin? I would have though that the same versions would play nicely together... =2D-=20 My secret to happiness... is that I have a heart of a 12-year-old boy. It's over here in a jar. Would you like to see it? --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Ktvp1Ng1YWbyRSERAu9DAJ46+UFuCIM6pNKBsPrSVCxE82J2IACfQFhc Mh8KJbAgX1hnObc151AELDY= =l2Zb -----END PGP SIGNATURE----- --=-=-=-- From miked2miked@yahoo.com Mon Jan 20 02:12:01 2003 From: miked2miked@yahoo.com (miked2miked@yahoo.com) Date: Mon Jan 20 02:12:01 2003 Subject: How do I export a secret key? Message-ID: <20030120011316.16450.qmail@web14508.mail.yahoo.com> I looked through the documentation and is says how to export a public key. How do I move my secret key from the computer where I generated it to (for example) a floppy disk for transfer to another computer? What is the command? Thank you. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com From Todd Mon Jan 20 02:38:01 2003 From: Todd (Todd) Date: Mon Jan 20 02:38:01 2003 Subject: How do I export a secret key? In-Reply-To: <20030120011316.16450.qmail@web14508.mail.yahoo.com> References: <20030120011316.16450.qmail@web14508.mail.yahoo.com> Message-ID: <20030120013840.GB7178@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 miked2miked@yahoo.com wrote: > I looked through the documentation and is says how to > export a public key. How do I move my secret key from > the computer where I generated it to (for example) a > floppy disk for transfer to another computer? What is > the command? You might feel silly when you find out the command is listed only a few lines below the --export command in the man page. The command you want is the cryptically named --export-secret-keys. :) HTH, - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ============================================================================ Every normal man must be tempted at times to spit upon his hands, hoist the black flag and begin slitting throats. -- H.L. Mencken -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQE+K1Mguv+09NZUB1oRAr32AKDPEfTur3VsO+DfGDm5lpFm9XJtLwCfeKSS unWbo+JCWwIp/hlaMDvZHIo= =DrGP -----END PGP SIGNATURE----- From wk@gnupg.org Mon Jan 20 08:52:02 2003 From: wk@gnupg.org (Werner Koch) Date: Mon Jan 20 08:52:02 2003 Subject: gpg: Ohhhh jeeee: mpi crosses packet border In-Reply-To: <87d6mtcbh6.fsf@scabbers.bignachos.com> (Brian Nelson's message of "Sun, 19 Jan 2003 09:09:57 -0800") References: <87ptqvv6fm.fsf@sirius.bignachos.com> <87iswmilks.fsf@alberti.g10code.de> <87d6mtcbh6.fsf@scabbers.bignachos.com> Message-ID: <87k7h0gsy9.fsf@alberti.g10code.de> On Sun, 19 Jan 2003 09:09:57 -0800, Brian Nelson said: > I was only getting those errors in Debian; it worked fine in Cygwin. I > keep my pubring.gpg and trustdb.gpg under revision control, so I > reverted to a previous revision to get it working again. You used the -kb flag, right? > Is there any reason why I'm having trouble sharing the pubring on Debian > and Cygwin? I would have though that the same versions would play > nicely together... No, the format of the pubring and the trustdb are architecture independent. From wk@gnupg.org Mon Jan 20 13:12:03 2003 From: wk@gnupg.org (Werner Koch) Date: Mon Jan 20 13:12:03 2003 Subject: [Announce] Libgcrypt 1.1.12 released Message-ID: <87vg0kf4ri.fsf@alberti.g10code.de> Hello! I am pleased to announce a new Beta version of Libgcrypt, GNU's implementation of basic crypto functions. Libgcrypt is a general purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptograhic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, TIGER-192), MACs (HMAC for all hash algorithms), public key algorithms (RSA, ElGamal, DSA), large integer functions, random numbers and a lot of supporting functions. Libgcrypt is available under the GNU Lesser General Public License (LGPL). See also http://www.gnu.org/directory/security/libgcrypt.html Libgcrypt can be downloaded from ftp.gnupg.org or one of the mirrors as listed at http://www.gnupg.org/download/mirrors.html . ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.12.tar.gz (724k) ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.12.tar.gz.sig or as a diff against version 1.1.11: ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.1.11-1.1.12.diff.gz (83k) Please check the signature, the key is available by finger:wk@g10code.com . Aside of bug fixes here are some real news: * gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an optional pkcs1 flags parameter in the S-expression. A similar flag may be passed to gcry_pk_decrypt but it is only syntactically implemented. * New convenience macro gcry_md_get_asnoid. * There is now some real stuff in the manual. We are now heading for a stable (non-Beta) 1.2 release within the next few months. Salam-Shalom, Werner p.s. If you want to help with further development by donating money please visit https://order.kagi.com/?P3G . _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From ajgpgml@tesla.inka.de Mon Jan 20 19:12:02 2003 From: ajgpgml@tesla.inka.de (Andreas John) Date: Mon Jan 20 19:12:02 2003 Subject: --edit and trustdb References: <20030114004814.GB24358@valiant> <8765ss9byr.fsf@alberti.g10code.de> Message-ID: <000c01c2c0af$5d974640$0c02a8c0@de> Hi! > I always use --no-auto-check-trustdb and run --check-trustdb when > GnuPG indicates that it should be run. You can also put a > gpg --batch --check-trustdb=20 > into cour crontab. BTW: Wouldn't it be nice to have the indication also be reported on the = Status-fd? Or can an external application tell otherwise when it's neccessary to = check the trustdb? Bye! From nelson@bignachos.com Tue Jan 21 01:06:02 2003 From: nelson@bignachos.com (Brian Nelson) Date: Tue Jan 21 01:06:02 2003 Subject: gpg: Ohhhh jeeee: mpi crosses packet border In-Reply-To: <87k7h0gsy9.fsf@alberti.g10code.de> (Werner Koch's message of "Mon, 20 Jan 2003 08:51:10 +0100") References: <87ptqvv6fm.fsf@sirius.bignachos.com> <87iswmilks.fsf@alberti.g10code.de> <87d6mtcbh6.fsf@scabbers.bignachos.com> <87k7h0gsy9.fsf@alberti.g10code.de> Message-ID: <87k7gzbc37.fsf@scabbers.bignachos.com> --=-=-= Content-Transfer-Encoding: quoted-printable Werner Koch writes: > On Sun, 19 Jan 2003 09:09:57 -0800, Brian Nelson said: > >> I was only getting those errors in Debian; it worked fine in Cygwin. I >> keep my pubring.gpg and trustdb.gpg under revision control, so I >> reverted to a previous revision to get it working again. > > You used the -kb flag, right? I use subversion, which handles binary files automatically. >> Is there any reason why I'm having trouble sharing the pubring on Debian >> and Cygwin? I would have though that the same versions would play >> nicely together... > > No, the format of the pubring and the trustdb are architecture independen= t. Well, it is on the same processor. Is there a better way to share the pubring and trustdb across arches? I'd rather not have to maintain multiple copies of them. =2D-=20 My secret to happiness... is that I have a heart of a 12-year-old boy. It's over here in a jar. Would you like to see it? --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+LI8Q1Ng1YWbyRSERAtgsAJ4uOo5g9VmVcV75wgb62X8ntwsfnQCghWsN TS/PvMV/wrJvE3ugeelScQA= =ocaI -----END PGP SIGNATURE----- --=-=-=-- From hdbtroll@moment.net Tue Jan 21 06:33:02 2003 From: hdbtroll@moment.net (DB Troll) Date: Tue Jan 21 06:33:02 2003 Subject: 1.2.1 src.rpm Message-ID: <3E2CDCDF.8030806@moment.net> This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig340EE039E0EF204DB193403E Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit When trying to rebuid I get the following error > + chmod 0644 /var/tmp/gpg-1.2.1-build//usr/lib/gnupg/gpgkeys_ldap > chmod: getting attributes of > `/var/tmp/gpg-1.2.1-build//usr/lib/gnupg/gpgkeys_ldap': No such file > or directory > Bad exit status from /var/tmp/rpm-tmp.68052 (%install) > linux:/home/dbtrol # Could someone please tell me what is wrong, so that I might fix it and upgrade to 1.2.1 from 1.0.7. TIA David --------------enig340EE039E0EF204DB193403E Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+LNzu3VVncqMjOZsRAnlfAJ9f2Xp7/Nx5sbIz51lnIYI4ZiLRuACeJBEX M1biepasyICtFzjZAh2lV+I= =nCtg -----END PGP SIGNATURE----- --------------enig340EE039E0EF204DB193403E-- From St. D. Leedle Tue Jan 21 11:14:02 2003 From: St. D. Leedle (St. D. Leedle ) Date: Tue Jan 21 11:14:02 2003 Subject: Command line option Message-ID: <15429269978.20030120214018@secondimpact.de> Hi! Just one short question I couldn't find the answer for in the manual: On doing a symmetric encryption with a password (to encrypt a file without using public and secret keys) I wan't to write a script (batch file or simmilar) to do the work for me. Is there a command line option to give the gpg.exe the password? Either on decryption or even on encryption? Thanks for help, and please don't be angry with me if I overread the option in the manual! Greetings, St. D. Leedle AKA Verlorene Seele PS: I _will not_ write the password into the script, please believe me, I'm sane! From cova@ferrara.linux.it Tue Jan 21 13:46:02 2003 From: cova@ferrara.linux.it (Fabio Coatti) Date: Tue Jan 21 13:46:02 2003 Subject: 1.2.1 src.rpm In-Reply-To: <3E2CDCDF.8030806@moment.net> References: <3E2CDCDF.8030806@moment.net> Message-ID: <200301211347.15965.cova@ferrara.linux.it> Il 06:38, martedì 21 gennaio 2003, DB Troll ha scritto: > When trying to rebuid I get the following error > > > + chmod 0644 /var/tmp/gpg-1.2.1-build//usr/lib/gnupg/gpgkeys_ldap > > chmod: getting attributes of > > `/var/tmp/gpg-1.2.1-build//usr/lib/gnupg/gpgkeys_ldap': No such file > > or directory > > Bad exit status from /var/tmp/rpm-tmp.68052 (%install) > > linux:/home/dbtrol # > > Could someone please tell me what is wrong, so that I might fix it and > upgrade to 1.2.1 from 1.0.7. > TIA > David I've to check.. maybe you haven't installed ldap package and the spec file tries to install ldap extension of gpg anyway, I'll have a look at this, -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. From hdbtroll@moment.net Tue Jan 21 16:25:02 2003 From: hdbtroll@moment.net (DB Troll) Date: Tue Jan 21 16:25:02 2003 Subject: 1.2.1 src.rpm References: <3E2CDCDF.8030806@moment.net> <200301211347.15965.cova@ferrara.linux.it> Message-ID: <3E2D67B8.7000403@moment.net> This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig07AD2FF1C92C1A9271F0EE93 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Fabio Coatti wrote: >Il 06:38, martedì 21 gennaio 2003, DB Troll ha scritto: > > >>When trying to rebuid I get the following error >> >> >> >>>+ chmod 0644 /var/tmp/gpg-1.2.1-build//usr/lib/gnupg/gpgkeys_ldap >>>chmod: getting attributes of >>>`/var/tmp/gpg-1.2.1-build//usr/lib/gnupg/gpgkeys_ldap': No such file >>>or directory >>>Bad exit status from /var/tmp/rpm-tmp.68052 (%install) >>>linux:/home/dbtrol # >>> >>> >>Could someone please tell me what is wrong, so that I might fix it and >>upgrade to 1.2.1 from 1.0.7. >>TIA >>David >> >> > >I've to check.. maybe you haven't installed ldap package and the spec file >tries to install ldap extension of gpg anyway, I'll have a look at this, > > > > Fabio, Thanks that was the problem, I did not have all of the ldap packages installed namely ldap-lib. I had one glitch in the rebuild > inux:/usr/src/packages/RPMS/i386 # rpm -Uvh gpg-1.2.1-1.i386.rpm > gpg > ################################################## > cannot remove /usr/lib/gnupg - directory not empty > linux:/usr/src/packages/RPMS/i386 # I am new at this so do not know if this is important or not. David --------------enig07AD2FF1C92C1A9271F0EE93 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+LWfF3VVncqMjOZsRAiyVAJ9egR0WmCO75nstsnA3n5QPj8oFxgCeKrJB o6qeS5GSd08iWrqThKD9f9E= =d30k -----END PGP SIGNATURE----- --------------enig07AD2FF1C92C1A9271F0EE93-- From riha@schulte.cz Wed Jan 22 11:07:02 2003 From: riha@schulte.cz (=?iso-8859-2?Q?Bohuslav_=D8=EDha?=) Date: Wed Jan 22 11:07:02 2003 Subject: question about zip Message-ID: <000701c2c1f0$16f4d0d0$bc0101be@lanman> Hi, I would like to ask a question: - is it possible to define maximal file size when ciphering/zipping a file? I need to cipher and zip +-20GB file and I need the final file to be separated to more files that I can burn onto CDs (the compression rating should better then 80%). Is it possible in one step? Or do I need to cipher the file with no compression, and then use for example rar to pack it? Also - I hope there is no limit related to the file size (is it possible to cipher/zip so big files I hope). I need to use win32 version of GnuPG and symmetric cipher. OS is W2K Advanced server. Please help. Thank you, kind regards B. Riha. From gnupg+Steven.Murdoch@cl.cam.ac.uk Wed Jan 22 11:55:02 2003 From: gnupg+Steven.Murdoch@cl.cam.ac.uk (gnupg+Steven.Murdoch@cl.cam.ac.uk) Date: Wed Jan 22 11:55:02 2003 Subject: question about zip In-Reply-To: Message from =?iso-8859-2?Q?Bohuslav_=D8=EDha?= of "Wed, 22 Jan 2003 09:27:23 +0100." <000701c2c1f0$16f4d0d0$bc0101be@lanman> Message-ID: > - is it possible to define maximal file size when ciphering/zipping a file? Not as far as I know. > I need to cipher and zip +-20GB file and I need the final file to be > separated to more files that I can burn onto CDs (the compression rating > should better then 80%). > > Is it possible in one step? Or do I need to cipher the file with no > compression, and then use for example rar to pack it? If you encrypted the file using no compression then RAR will not be able to compress it very well (in general encrypted data compresses very poorly). Also encrypting content that is uncompressed *may* decrease security by a small amount, however there is some discussion as to whether the converse is true. You would be better encrypting the data with compression turned on then using RAR/Zip etc... to split the file into smaller chunks. This splitting step will not reduce the size significantly but it will split up the data. For the second splitting step you could even turn off compression in the program you are using to save time. Another option is compressing the file before encrypting it, this may or may not make your file smaller - it depends on the nature of the original file. > Also - I hope there is no limit related to the file size (is it possible to > cipher/zip so big files I hope). Sorry, I don't know. Steven Murdoch. From xantor@linux.be Wed Jan 22 16:31:02 2003 From: xantor@linux.be (Michael Anckaert) Date: Wed Jan 22 16:31:02 2003 Subject: compression and encryption Message-ID: <20030122163512.316e19ed.xantor@linux.be> --=.bw6zsjiZvKHPeW Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hello all, is it possible to encrypt a tar archive and then bzip2 it, or will this cause problems? -- Greetings, Michael Anckaert aka The XanTor Email: xantor@linux.be OpenPGP Key: 0xC772D5C1 Jabber: xantor@jabber.org --=.bw6zsjiZvKHPeW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj4uujYACgkQNXNxmMdy1cGtEgCfV8zMYYyIZoo+Pc+Y0WD3HLkE fpsAoL3XGf62Tmz7miIxyRm0YtJYW0ly =uxoW -----END PGP SIGNATURE----- --=.bw6zsjiZvKHPeW-- From avbidder@fortytwo.ch Wed Jan 22 16:48:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jan 22 16:48:02 2003 Subject: compression and encryption In-Reply-To: <20030122163512.316e19ed.xantor@linux.be> References: <20030122163512.316e19ed.xantor@linux.be> Message-ID: <1043250568.597.4.camel@altfrangg.fortytwo.ch> --=-ZhQ3Rruyg12KIV+lQHBc Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mit, 2003-01-22 at 16:35, Michael Anckaert wrote: > Hello all, >=20 > is it possible to encrypt a tar archive and then bzip2 it, or will this > cause problems? It won't cause any problems (apart from tar not being able to deal with it, but I guess you knew that). But it won't compress it: compression needs redundancy in the data - and redundancy in encrypted data basically means that the encryption algorithm is bad. And, as we all hope, gpg uses good encryption algorithms. In other words: any data compression must come before encryption to gain anything. gpg usually compresses data anyway before encrypting it, so you could try how good you get without explicit compression. NOTE: this is of course only if you don't use ascii armored output. The ascii armored output can of course be compressed again, but I don't think it makes sense, better just use binary gpg output. cheers -- vbi --=20 get my gpg key here: http://fortytwo.ch/gpg/92082481 --=-ZhQ3Rruyg12KIV+lQHBc Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj4uvYcsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99akngCg9wywdnnKz8pm+ws+UFQPA0YI0WEA oKWo+ApEnUJ+qbhzjJu3lAMo3FkJ =ThlJ -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-ZhQ3Rruyg12KIV+lQHBc-- From xantor@linux.be Wed Jan 22 21:30:02 2003 From: xantor@linux.be (Michael Anckaert) Date: Wed Jan 22 21:30:02 2003 Subject: compression and encryption In-Reply-To: <1043250568.597.4.camel@altfrangg.fortytwo.ch> References: <20030122163512.316e19ed.xantor@linux.be> <1043250568.597.4.camel@altfrangg.fortytwo.ch> Message-ID: <20030122213350.48b7c312.xantor@linux.be> --=.2yt4i0TKYLhu)k Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On 22 Jan 2003 16:49:28 +0100 Adrian 'Dagurashibanipal' von Bidder wrote: > It won't cause any problems (apart from tar not being able to deal > with it, but I guess you knew that). But it won't compress it: > compression needs redundancy in the data - and redundancy in encrypted > data basically means that the encryption algorithm is bad. And, as we > all hope, gpg uses good encryption algorithms. I sure hope so too. :-) > > In other words: any data compression must come before encryption to > gain anything. gpg usually compresses data anyway before encrypting > it, so you could try how good you get without explicit compression. I'm using bzip2 and think (correct me when wrong) that this is better compression than the one gpg uses. > > NOTE: this is of course only if you don't use ascii armored output. > The ascii armored output can of course be compressed again, but I > don't think it makes sense, better just use binary gpg output. > So to put it simply: archive -> compress -> encrypt -- Greetings, Michael Anckaert aka The XanTor Email: xantor@linux.be OpenPGP Key: 0xC772D5C1 Jabber: xantor@jabber.org --=.2yt4i0TKYLhu)k Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iEYEARECAAYFAj4vADQACgkQNXNxmMdy1cGXUQCdF7ozQ+5T9jtKnrFPkxGKh9Tq kHgAn1/8HzMQ3D9OWFvp5Tb4j6/g75Qx =Dq5I -----END PGP SIGNATURE----- --=.2yt4i0TKYLhu)k-- From Fabian.Rodriguez@Toxik.com Thu Jan 23 00:59:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Thu Jan 23 00:59:02 2003 Subject: Keysigning a "corporate" key - how ? In-Reply-To: <3ae2e411eed0ed50f6541647bb6eaa36@biglumber.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Just an update on this... I finally opted to bring with me the incorporation/registration papers, which list me and my personal address, which establishes a link with my "employer" (using my IDs where my address is). Also brought a company invoice with my name on it. During the keysigning that I attended, most people were surprised to see a request for signing a "corporate" key. Most agreed that I sould sign it, and that my web of trust would extend to this corporate key, but that I did not need to have both signed. Some people also suggested to put the fingerprint on letterhead and other places. It's on our WHOIS record now, as someone else suggested. On this fascinating subject, somebody also wrote me this, which is more or less the same, only better explained: > legal persons (companies, Inc.)are persons that are represented by human > beings. i would legally recommend the following, being unaware wether > some hints apply to Canada: > > In Germany Companies, also Incorporates, are officially registered with > their full name, adress and representing board members. These record > entries are officially trusted. If there is a corresponding way of > registration in Canada you should bring: > > 1. The official record showing what person or persons are legally > representing the Inc. with full names and Inc. adress. > > This would serve as ID-card together with 2. > > 2. A paper showing : the Inc. issues a key to sign and encrypt with keys > data as you would do with your private keys, physically signed by the > staff mentioned in 1. (acoording to your website Dann, Martial and you.) > > This is also part of the ID-card (because the issueing person and the > person bound by the key (the Inc.) are different which they are not when > private keys are signed !!) > > 3. The ID-card(s) of the person presenting the key if similar to one in > 1. > > This should prove to everybody that the key is correct. Fabi=E1n Rodr=EDguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 -----BEGIN PGP SIGNATURE----- iD8DBQE+Ly2/fUcTXFrypNURAiLJAKDnc2prKkyNaZS6rfPrOXzUHBB07QCbBfsj E0f3R8GhkWF9Rcw7lqyI2R8=3D =3DgaSu -----END PGP SIGNATURE----- From rasoul@rhythm.com Thu Jan 23 02:55:02 2003 From: rasoul@rhythm.com (Rasoul Hajikhani) Date: Thu Jan 23 02:55:02 2003 Subject: gpg Signature Message-ID: <3E2F4BCF.B493A9E6@rhythm.com> Hello there, I have a question about gpg signature that I am hoping some one may be able to answer. I have created a signature file with the '--sign' option. The file contained plain text and now I would like to de-sign the file, that is I want to convert the content of the file to plain text again. The gpg man pages does not mention how it is done. It talks about 'verifying' a signature, but I would like to get my plain text back. Is that possible? Thanks In Advance -r From avbidder@fortytwo.ch Thu Jan 23 08:59:06 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Jan 23 08:59:06 2003 Subject: compression and encryption In-Reply-To: <20030122213350.48b7c312.xantor@linux.be> References: <20030122163512.316e19ed.xantor@linux.be> <1043250568.597.4.camel@altfrangg.fortytwo.ch> <20030122213350.48b7c312.xantor@linux.be> Message-ID: <1043308852.7168.2.camel@papillon.fortytwo.ch> --=-3A0D1DijQ09zwQMnHjYd Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2003-01-22 at 21:33, Michael Anckaert wrote: > > In other words: any data compression must come before encryption to > > gain anything. gpg usually compresses data anyway before encrypting > > it, so you could try how good you get without explicit compression. > I'm using bzip2 and think (correct me when wrong) that this is better > compression than the one gpg uses. Yes. I just thought that perhaps the (g)zip compression used in gpg would already suffice for your purposes, and bzip2 is not only good, but also quite slow... But I agree that it's quite a bit better in most (all) cases. > So to put it simply: > archive -> compress -> encrypt Yep. cheers -- vbi --=20 OpenPGP encrypted mail welcme - my key: http://fortytwo.ch/gpg/92082481 --=-3A0D1DijQ09zwQMnHjYd Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+L6E0Kqpm2L3fmXoRAhgvAKCw4IZQ5JI3UHxNKYsrCsli0pIuyQCfR+pr 1zBzAooNwBsMF/zBUCzdHKA= =07ES -----END PGP SIGNATURE----- --=-3A0D1DijQ09zwQMnHjYd-- From Pavel Reich Thu Jan 23 11:12:02 2003 From: Pavel Reich (Pavel Reich) Date: Thu Jan 23 11:12:02 2003 Subject: permissions of *.gpg files Message-ID: <16314509840.20030122201037@Reich.com> Hello gnupg-users, I have a problem with encrypt files (or anything). GnuPG can't read *.gpg files by permissions. What the permissions and owner i have for *.gpg files? How i can run GnuPG for creating *.gpg files with more other owner that execute owner? stan@server $ /usr/local/bin/gpg --no-secmem-warning --homedir=/home/web/stan/ .gnupg --armor --always-trust --yes -r Pavel@Reich.com --encrypt-files /home/web /stan/.gnupg/82ab04f05eaa4ae42f24c919ba40adab.tmp gpg: WARNING: unsafe permissions on homedir "/home/web/stan/.gnupg" gpg: /home/web/stan/.gnupg/trustdb.gpg: can't access: Permission denied gpg: fatal: can't init trustdb: trust database error secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/16384 -- Best regards, Pavel mailto:Pavel@Reich.com From agreene@pobox.com Thu Jan 23 13:03:02 2003 From: agreene@pobox.com (Anthony E. Greene) Date: Thu Jan 23 13:03:02 2003 Subject: gpg Signature In-Reply-To: <"from rasoul"@rhythm.com> References: <3E2F4BCF.B493A9E6@rhythm.com> Message-ID: <20030123065852.A18640@cp5340.hyatsv01.md.comcast.net> On 22-Jan-2003/17:56 -0800, Rasoul Hajikhani wrote: >Hello there, >I have a question about gpg signature that I am hoping some one may be >able to answer. I have created a signature file with the '--sign' >option. The file contained plain text and now I would like to de-sign >the file, that is I want to convert the content of the file to plain >text again. >The gpg man pages does not mention how it is done. It talks about >'verifying' a signature, but I would like to get my plain text back. Is >that possible? Send the output to another file: gpg --verify -o textfile.txt signedfile.gpg Tony -- Anthony E. Greene OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Messenger: TonyG05 HomePage: Linux. The choice of a GNU generation From dshaw@jabberwocky.com Thu Jan 23 20:54:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Thu Jan 23 20:54:02 2003 Subject: question about zip In-Reply-To: References: <000701c2c1f0$16f4d0d0$bc0101be@lanman> Message-ID: <20030123195453.GA11765@jabberwocky.com> On Wed, Jan 22, 2003 at 10:56:09AM +0000, gnupg+Steven.Murdoch@cl.cam.ac.uk wrote: > > Also - I hope there is no limit related to the file size (is it possible to > > cipher/zip so big files I hope). > > Sorry, I don't know. If the underlying OS supports large files (e.g. LARGEFILE), GnuPG will take advantage of it. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From zenn" hi all... after successfully compiling gnupg on my rh7.2 linux box, no errors, when trying to run the pksd by /usr/local/bin/pksd /etc/pksd.conf i keep getting this error " pksd: kd_open: Error opening num_keydb (errno = 2)" it looks like i'm missing the num_keydb file but for the life of me don't know how to create one, i tried... [root@testbox /root]# /usr/local/bin/pksclient /usr/local/var/db/create /usr/local/bin/pksclient /db/path create [num_files] /usr/local/bin/pksclient /db/path recover /usr/local/bin/pksclient /db/path add filename [flags] /usr/local/bin/pksclient /db/path get userid [flags] /usr/local/bin/pksclient /db/path index userid [flags] /usr/local/bin/pksclient /db/path since time [flags] /usr/local/bin/pksclient /db/path delete userid [flags] /usr/local/bin/pksclient /db/path disable userid [flags] any ideas ? From LAAG0007@mail.crk.umn.edu Fri Jan 24 10:26:03 2003 From: LAAG0007@mail.crk.umn.edu (Laager, Richard James) Date: Fri Jan 24 10:26:03 2003 Subject: Create Subkey Binding Message-ID: <9917001057C4B440ADF50E9100777F088E51D7@catfish.umcrookston.edu> =20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a DSS/DH key pair that I'm trying to use with GPG. It refuses to encrypt to the key because there is no subkey (i.e. gpg --list-key 0xMYKEYID doesn't list any "sub" keys). However, gpg --edit-key 0xMEKEYID...toggle lists the ssb. PGP 7.0.3 lists the key as having a subkey, but doesn't allow it to be used for encryption. Running pgpdump shows that there is no subkey binding. How can I create a subkey binding so that this key can be used? Thanks, Richard Laager P.S. For those that are curious, I'm trying to import a key from s-mail.com. If someone has an easier way to do this, I'd take that as well. I'd still be curious to know if it's possible to add a subkey binding. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjDRb231OrleHxvOEQJqqQCfTxkF4+3g+Qi8r2z0ei+hgoU3qeAAnRiz 1HFNWHRq0YC63ss+9O434eAS =3Du8Ig -----END PGP SIGNATURE----- From zenn" sorry about that guys, I posted my previous question to the wrong list :-) From dshaw@jabberwocky.com Fri Jan 24 15:40:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 24 15:40:02 2003 Subject: Create Subkey Binding In-Reply-To: <9917001057C4B440ADF50E9100777F088E51D7@catfish.umcrookston.edu> References: <9917001057C4B440ADF50E9100777F088E51D7@catfish.umcrookston.edu> Message-ID: <20030124144112.GE13174@jabberwocky.com> On Thu, Jan 23, 2003 at 11:39:11PM -0600, Laager, Richard James wrote: > I have a DSS/DH key pair that I'm trying to use with GPG. It refuses > to encrypt to the key because there is no subkey (i.e. gpg --list-key > 0xMYKEYID doesn't list any "sub" keys). However, gpg --edit-key > 0xMEKEYID...toggle lists the ssb. PGP 7.0.3 lists the key as having a > subkey, but doesn't allow it to be used for encryption. Running > pgpdump shows that there is no subkey binding. How can I create a > subkey binding so that this key can be used? Let me make sure I understand what you are trying to do - you have a secret/public keypair that has no subkey binding, so you want to add a binding to the subkey so you can use it. There is no easy way to do this, as GnuPG obviously wants to reject an invalid/corrupt subkey. You'd have to patch the code to override the checks and force GnuPG to put a binding signature in place. > P.S. For those that are curious, I'm trying to import a key from > s-mail.com. If someone has an easier way to do this, I'd take that as > well. I'd still be curious to know if it's possible to add a subkey > binding. I took a look at s-mail.com, and it looks rather similar to hushmail. Was the key generated by s-mail.com and exported to you? Subkeys without bindings are not at all secure since any random person can insert one and become a man in the middle. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From lists@reiteration.net Fri Jan 24 16:23:08 2003 From: lists@reiteration.net (lists) Date: Fri Jan 24 16:23:08 2003 Subject: gnupg oddities Message-ID: <20030124152343.GA24881@reiteration.net> Hello list I'm having major headaches with Gpg, namely: gpg: decryption failed: secret key not available I get this when i try to read an email that has been encrypted to me. I have their public key, and they have mine. I can see my pubkey and seckey in ~/.gnupg and gpg is suid root. It also happens if I send an (encrypted) email, then go to read the email in sent items. I have default-recipient-self uncommented in gpg.conf There are plenty of instances on google quoting gpg: decryption failed: secret key not available but these seem to be in relation to 3rd party products. The problem I am having I can replicate on the commandline. The system is freebsd 4.7-Rp2 and gpg is: bash-2.05b$ gpg --version gpg (GnuPG) 1.2.1 Copyright (C) 2002 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, TIGER192 Compress: Uncompressed, ZIP, ZLIB would be grateful of any pointers on how to fix this thanks -- From rlaager@wiktel.com Fri Jan 24 16:27:02 2003 From: rlaager@wiktel.com (Richard Laager) Date: Fri Jan 24 16:27:02 2003 Subject: Create Subkey Binding In-Reply-To: <20030124144112.GE13174@jabberwocky.com> Message-ID: <001c01c2c3bd$45ae47c0$30a63992@umcrookston.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > Let me make sure I understand what you are trying to do - you have > a secret/public keypair that has no subkey binding, so you want to > add a binding to the subkey so you can use it. There is no easy > way to do this, as GnuPG obviously wants to reject an > invalid/corrupt subkey. You'd have to patch the code to override > the checks and force GnuPG to put a binding signature in place. Yes, that's what I want to do. > I took a look at s-mail.com, and it looks rather similar to > hushmail. Was the key generated by s-mail.com and exported to you? > Subkeys > without bindings are not at all secure since any random person can > insert one and become a man in the middle. Yes, it seems similar to hushmail in concept. I've never used either of them before yesterday. The key was generated by a Java applet on my machine and sent to s-mail via SSL. All client/sever transactions are encrypted by SSL. I went to their export secret key page, and it gave me a PGP keyring (.skr file). I'm not really too interested in using s-mail. I'm perfectly capable of doing PGP messages the way I have been. However, a contact of mine has created an s-mail account and I'm interested in exchanging encrypted and signed mail with him. I realize that subkeys without bindings are insecure. However, in this senario, a MITM attack isn't needed. To replace this file as I was downloading it probably means they have access to my secret key anyways. And, if they've broken the SSL to do that, they also have my passphrase that I sent to s-mail in the same transaction. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjFbnW31OrleHxvOEQLCqQCgti9cmw/m+O/V/WWFKRja6oi4E58AniAi X10NyoU09ITloe0r2QXmIGD6 =KJ4Q -----END PGP SIGNATURE----- From eleuteri@myrealbox.com Fri Jan 24 16:49:01 2003 From: eleuteri@myrealbox.com (=?iso-8859-1?Q?David_Pic=F3n_=C1lvarez?=) Date: Fri Jan 24 16:49:01 2003 Subject: gnupg oddities References: <20030124152343.GA24881@reiteration.net> Message-ID: <024401c2c3bf$f4e73c40$f92489c3@enterprise> Hi, > gpg: decryption failed: secret key not available > > I get this when i try to read an email that has been encrypted to me. I > have their public key, and they have mine. I can see my pubkey and > seckey in ~/.gnupg and gpg is suid root. It also happens if I send an > (encrypted) email, then go to read the email in sent items. I have > default-recipient-self uncommented in gpg.conf 1) Are you sure the e-mail has been encrypted to you? By this I mean maybe the person sending it made a mistake and encrypted to their own public key. 2) If you encrypt an e-mail to, let's say, me, you can't read it yourself unless you encrypt to yourself also. This is because I'm the only one capable to decrypt something encrypted with my pubkey. There is a tweak on the options file, I think it's precisely default-recipient-self, which encrypts to your own key in addition to whatever other key, so that you can decrypt your own e-mails. Personally. HTH, --David. From dshaw@jabberwocky.com Fri Jan 24 17:27:17 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 24 17:27:17 2003 Subject: Create Subkey Binding In-Reply-To: <001c01c2c3bd$45ae47c0$30a63992@umcrookston.edu> References: <20030124144112.GE13174@jabberwocky.com> <001c01c2c3bd$45ae47c0$30a63992@umcrookston.edu> Message-ID: <20030124162736.GL13174@jabberwocky.com> On Fri, Jan 24, 2003 at 09:28:38AM -0600, Richard Laager wrote: > David Shaw wrote: > > Let me make sure I understand what you are trying to do - you have > > a secret/public keypair that has no subkey binding, so you want to > > add a binding to the subkey so you can use it. There is no easy > > way to do this, as GnuPG obviously wants to reject an > > invalid/corrupt subkey. You'd have to patch the code to override > > the checks and force GnuPG to put a binding signature in place. > > Yes, that's what I want to do. > > > I took a look at s-mail.com, and it looks rather similar to > > hushmail. Was the key generated by s-mail.com and exported to you? > > Subkeys > > without bindings are not at all secure since any random person can > > insert one and become a man in the middle. > > Yes, it seems similar to hushmail in concept. I've never used either > of them before yesterday. The key was generated by a Java applet on > my machine and sent to s-mail via SSL. All client/sever transactions > are encrypted by SSL. I went to their export secret key page, and it > gave me a PGP keyring (.skr file). > > I'm not really too interested in using s-mail. I'm perfectly capable > of doing PGP messages the way I have been. However, a contact of mine > has created an s-mail account and I'm interested in exchanging > encrypted and signed mail with him. > > I realize that subkeys without bindings are insecure. However, in > this senario, a MITM attack isn't needed. To replace this file as I > was downloading it probably means they have access to my secret key > anyways. And, if they've broken the SSL to do that, they also have my > passphrase that I sent to s-mail in the same transaction. Not a MITM with you receiving the secret key - a MITM between the rest of the world and you during use of the public key. If your key has no subkey binding, then anyone in the world can (for example) upload a new subkey to a keyserver. In any event, both GnuPG and PGP will properly refuse to use the corrupted key. I think you need to get the s-mail people to fix the bug. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From rlaager@wiktel.com Fri Jan 24 18:31:02 2003 From: rlaager@wiktel.com (Richard Laager) Date: Fri Jan 24 18:31:02 2003 Subject: Create Subkey Binding In-Reply-To: <20030124162736.GL13174@jabberwocky.com> Message-ID: <000501c2c3ce$8f94fb20$30a63992@umcrookston.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > On Fri, Jan 24, 2003 at 09:28:38AM -0600, Richard Laager wrote: > > I realize that subkeys without bindings are insecure. However, in > > this senario, a MITM attack isn't needed. To replace this file as > > I was downloading it probably means they have access to my secret > > key anyways. And, if they've broken the SSL to do that, they > also have my > > passphrase that I sent to s-mail in the same transaction. > > Not a MITM with you receiving the secret key - a MITM between the > rest of the world and you during use of the public key. If your > key has no subkey binding, then anyone in the world can (for > example) upload a new subkey to a keyserver. Nobody can use the subkey unless it has a proper binding. This is how it should be. Nobody has the public key yet. S-Mail doesn't publish them on a keyserver that I've found yet. If I could get the subkey binding made, then the key would be useable, and I could post it to a keyserver. However, this is probably a moot point since S-Mail likely doesn't support encrypted messages arriving from outside their service. > In any event, both GnuPG and PGP will properly refuse to use the > corrupted key. I think you need to get the s-mail people to fix > the bug. I've sent them some information on the issue. I don't know what'll happen, but I did what I could. Unless S-Mail follows my suggestions, there service is basically a webmail account that happens to use OpenPGP internally. However, their client is the only thing that sees the OpenPGP encryption, and so the user can't verify what its doing anyways. Since the encryption (and signing) are for S-Mail to S-Mail users only, very little protection is offered over a standard mail setup. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjF4o231OrleHxvOEQJnRgCeOoMIZJjTclVEJcxRAB8lOe9I3JsAoLj4 w2yz5Q24YFzVV5KJmQciLJhT =bswx -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Fri Jan 24 18:47:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Jan 24 18:47:02 2003 Subject: Create Subkey Binding In-Reply-To: <000501c2c3ce$8f94fb20$30a63992@umcrookston.edu> References: <20030124162736.GL13174@jabberwocky.com> <000501c2c3ce$8f94fb20$30a63992@umcrookston.edu> Message-ID: <20030124174727.GP13174@jabberwocky.com> On Fri, Jan 24, 2003 at 11:32:24AM -0600, Richard Laager wrote: > > In any event, both GnuPG and PGP will properly refuse to use the > > corrupted key. I think you need to get the s-mail people to fix > > the bug. > > I've sent them some information on the issue. I don't know what'll > happen, but I did what I could. Unless S-Mail follows my suggestions, > there service is basically a webmail account that happens to use > OpenPGP internally. However, their client is the only thing that sees > the OpenPGP encryption, and so the user can't verify what its doing > anyways. Since the encryption (and signing) are for S-Mail to S-Mail > users only, very little protection is offered over a standard mail > setup. Indeed. You might tell the S-Mail people that such keys also violate RFC-2440. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From sco@tfz.net Sat Jan 25 16:15:02 2003 From: sco@tfz.net (S C) Date: Sat Jan 25 16:15:02 2003 Subject: problem with gpa Message-ID: <3E32A65C.4070207@tfz.net> hi, i installed the gpgme-0.4.0, with no problems, but i have the following error msg when trying to install gpa-0.6.0 : [t@localhost gpa-0.6.0]$ ./configure checking for a BSD-compatible install... /usr//bin/install -c checking whether build environment is sane... yes checking for gawk... gawk .................... ........................ checking for bison... bison checking version of bison... 1.35, ok checking whether NLS is requested... yes checking whether included gettext is requested... no checking for GNU gettext in libc... yes checking for pkg-config... /usr//bin/pkg-config checking for GTK+ - version >= 2.0.0... no *** Could not run GTK+ test program, checking why... *** The test program failed to compile or link. See the file config.log for the *** exact error that occured. This usually means GTK+ is incorrectly installed. configure: error: Cannot find GTK+ 2.0 [t@localhost gpa-0.6.0]$ i'm sure to have have gtk+ installed, cause the following command gives: [t@localhost t]$ rpm -qi $(rpm -qa |grep -i gtk+) Name : libgtk+mdk0.1_6-devel Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 15 Dec 2002 12:26:32 PM CET Build Host: bi.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 191170 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : Mandrake specific GTK+ Widgets Description : Static libraries and header files for the Mandrake specific GTK+ Widgets. Name : gtk+mdk Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 01 Dec 2002 07:18:02 PM CET Build Host: bi.mandrakesoft.com Group : System/Libraries Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 232661 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : MandrakeSoft specific GTK+ Widgets Description : This library provides some widgets which use is very encouraged in every GTK+ based mandrake applications. Name : libgtk+1.2-devel Relocations: (not relocateable) Version : 1.2.10 Vendor: MandrakeSoft Release : 29mdk Build Date: Wed 11 Sep 2002 12:10:16 PM CET Install date: Sun 01 Dec 2002 07:30:08 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+-1.2.10-29mdk.src.rpm Size : 5444354 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development tools for GTK+ (GIMP ToolKit) applications. Description : The libgtk+1.2-devel package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. The libgtk+1.2-devel package contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). Install libgtk+1.2-devel if you need to develop GTK+ applications. You'll also need to install the gtk+ package. Name : libgtk+-linuxfb-2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 15 Dec 2002 11:53:43 AM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2798304 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Frame-Buffer backend of The GIMP ToolKit (GTK+) Description : This package contains the Frame Buffer version of library needed to run programs dynamically linked with gtk+. Name : gtk+2.0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:16:18 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2346845 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : The GIMP ToolKit (GTK+), a library for creating GUIs Description : The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. Name : libgtk+-x11-2.0_0-devel Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:30:07 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2076 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development files for X11 backend of GTK+ Description : This package contains the development files needed to compile programs with gtk+ X11 version. Name : libgtk+mdk0.1_6 Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 15 Dec 2002 11:53:43 AM CET Build Host: bi.mandrakesoft.com Group : System/Libraries Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 126309 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : Mandrake specific GTK+ Widgets Description : This package contains the library needed to run programs dynamically linked with libgtk+mdk. Name : libgtk+-x11-2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:15:40 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2793632 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : X11 backend of The GIMP ToolKit (GTK+) Description : This package contains the X11 version of library needed to run programs dynamically linked with gtk+. Name : libgtk+2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:16:17 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 183076 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : The GIMP ToolKit (GTK+), a library for creating GUIs Description : This package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. It contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). This package contains the library needed to run programs dynamically linked with gtk+. Name : libgtk+2.0_0-devel Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:30:02 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 9212723 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development files for GTK+ (GIMP ToolKit) applications. Description : The libgtk+-devel package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. The libgtk+-devel package contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). Name : libgtk+extra0 Relocations: (not relocateable) Version : 0.99.17 Vendor: (none) Release : 1mdk8_1 Build Date: Fri 30 Nov 2001 10:32:21 PM CET Install date: Sun 15 Dec 2002 11:42:11 AM CET Build Host: heppc22.cithep.caltech.edu Group : System/Libraries Source RPM: gtk+extra-0.99.17-1mdk8_1.src.rpm Size : 607537 License: LGPL URL : http://gtkextra.sourceforge.net/ Summary : A library of gtk+ widgets Description : The gtk+extra package includes the libraries. Name : libgtk+1.2 Relocations: (not relocateable) Version : 1.2.10 Vendor: MandrakeSoft Release : 29mdk Build Date: Wed 11 Sep 2002 12:10:16 PM CET Install date: Sun 01 Dec 2002 07:15:33 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+-1.2.10-29mdk.src.rpm Size : 2048449 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Main library for gtk+ Description : This package contains the library needed to run programs dynamically linked with gtk+. [t@localhost t]$ is there any options to add to./configure command? or is it due to my system? thank you From mcoca@gnu.org Sat Jan 25 17:57:02 2003 From: mcoca@gnu.org (Miguel Coca) Date: Sat Jan 25 17:57:02 2003 Subject: problem with gpa In-Reply-To: <3E32A65C.4070207@tfz.net> References: <3E32A65C.4070207@tfz.net> Message-ID: <20030125165755.GA16737@mycroft> --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 25, 2003 at 15:59:40 +0100, S C wrote: > hi, > i installed the gpgme-0.4.0, with no problems, but i have the following= =20 > error msg when trying to install gpa-0.6.0 : [...] > checking for pkg-config... /usr//bin/pkg-config > checking for GTK+ - version >=3D 2.0.0... no > *** Could not run GTK+ test program, checking why... > *** The test program failed to compile or link. See the file config.log= =20 > for the > *** exact error that occured. This usually means GTK+ is incorrectly=20 > installed. > configure: error: Cannot find GTK+ 2.0 > [t@localhost gpa-0.6.0]$ That's strange. Could you send me your config.log file? I may be able to find out what happened from it. > i'm sure to have have gtk+ installed, cause the following command gives: It looks allright, but I'm no expert in Madrake's setup. Have you compiled any other GTK+2 application recently? Cheers, --=20 Miguel Coca (mcoca@gnu.org) http://zipi.fi.upm.es/~e970095/ OpenPGP: E60A CBF4 5C6F 914E B6C1 C402 8C4D C7B6 27FC 3CA8 --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+MsISjE3Htif8PKgRAp0iAJ42q+wVuY909S3/MpwidR/imY+58gCgktrB Oor1GKG0DK3QUL0nme6xfEo= =vw/d -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- From sco@tfz.net Sun Jan 26 11:52:01 2003 From: sco@tfz.net (S C) Date: Sun Jan 26 11:52:01 2003 Subject: problem with gpa-0.6.0 Message-ID: <3E33BDA2.3090009@tfz.net> hi, i installed the gpgme-0.4.0, with no problems, but i have the following error msg when trying to install gpa-0.6.0 : [t@localhost gpa-0.6.0]$ ./configure checking for a BSD-compatible install... /usr//bin/install -c checking whether build environment is sane... yes checking for gawk... gawk .................... ........................ checking for bison... bison checking version of bison... 1.35, ok checking whether NLS is requested... yes checking whether included gettext is requested... no checking for GNU gettext in libc... yes checking for pkg-config... /usr//bin/pkg-config checking for GTK+ - version >= 2.0.0... no *** Could not run GTK+ test program, checking why... *** The test program failed to compile or link. See the file config.log for the *** exact error that occured. This usually means GTK+ is incorrectly installed. configure: error: Cannot find GTK+ 2.0 [t@localhost gpa-0.6.0]$ i'm sure to have have gtk+ installed, cause the following command gives: hi, i installed the gpgme-0.4.0, with no problems, but i have the following error msg when trying to install gpa-0.6.0 : [t@localhost gpa-0.6.0]$ ./configure checking for a BSD-compatible install... /usr//bin/install -c checking whether build environment is sane... yes checking for gawk... gawk .................... ........................ checking for bison... bison checking version of bison... 1.35, ok checking whether NLS is requested... yes checking whether included gettext is requested... no checking for GNU gettext in libc... yes checking for pkg-config... /usr//bin/pkg-config checking for GTK+ - version >= 2.0.0... no *** Could not run GTK+ test program, checking why... *** The test program failed to compile or link. See the file config.log for the *** exact error that occured. This usually means GTK+ is incorrectly installed. configure: error: Cannot find GTK+ 2.0 [t@localhost gpa-0.6.0]$ i'm sure to have have gtk+ installed, cause the following command gives: [t@localhost t]$ rpm -qi $(rpm -qa |grep -i gtk+) Name : libgtk+mdk0.1_6-devel Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 15 Dec 2002 12:26:32 PM CET Build Host: bi.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 191170 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : Mandrake specific GTK+ Widgets Description : Static libraries and header files for the Mandrake specific GTK+ Widgets. Name : gtk+mdk Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 01 Dec 2002 07:18:02 PM CET Build Host: bi.mandrakesoft.com Group : System/Libraries Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 232661 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : MandrakeSoft specific GTK+ Widgets Description : This library provides some widgets which use is very encouraged in every GTK+ based mandrake applications. Name : libgtk+1.2-devel Relocations: (not relocateable) Version : 1.2.10 Vendor: MandrakeSoft Release : 29mdk Build Date: Wed 11 Sep 2002 12:10:16 PM CET Install date: Sun 01 Dec 2002 07:30:08 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+-1.2.10-29mdk.src.rpm Size : 5444354 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development tools for GTK+ (GIMP ToolKit) applications. Description : The libgtk+1.2-devel package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. The libgtk+1.2-devel package contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). Install libgtk+1.2-devel if you need to develop GTK+ applications. You'll also need to install the gtk+ package. Name : libgtk+-linuxfb-2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 15 Dec 2002 11:53:43 AM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2798304 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Frame-Buffer backend of The GIMP ToolKit (GTK+) Description : This package contains the Frame Buffer version of library needed to run programs dynamically linked with gtk+. Name : gtk+2.0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:16:18 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2346845 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : The GIMP ToolKit (GTK+), a library for creating GUIs Description : The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. Name : libgtk+-x11-2.0_0-devel Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:30:07 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2076 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development files for X11 backend of GTK+ Description : This package contains the development files needed to compile programs with gtk+ X11 version. Name : libgtk+mdk0.1_6 Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 15 Dec 2002 11:53:43 AM CET Build Host: bi.mandrakesoft.com Group : System/Libraries Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 126309 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : Mandrake specific GTK+ Widgets Description : This package contains the library needed to run programs dynamically linked with libgtk+mdk. Name : libgtk+-x11-2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:15:40 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2793632 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : X11 backend of The GIMP ToolKit (GTK+) Description : This package contains the X11 version of library needed to run programs dynamically linked with gtk+. Name : libgtk+2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:16:17 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 183076 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : The GIMP ToolKit (GTK+), a library for creating GUIs Description : This package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. It contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). This package contains the library needed to run programs dynamically linked with gtk+. Name : libgtk+2.0_0-devel Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:30:02 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 9212723 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development files for GTK+ (GIMP ToolKit) applications. Description : The libgtk+-devel package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. The libgtk+-devel package contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). Name : libgtk+extra0 Relocations: (not relocateable) Version : 0.99.17 Vendor: (none) Release : 1mdk8_1 Build Date: Fri 30 Nov 2001 10:32:21 PM CET Install date: Sun 15 Dec 2002 11:42:11 AM CET Build Host: heppc22.cithep.caltech.edu Group : System/Libraries Source RPM: gtk+extra-0.99.17-1mdk8_1.src.rpm Size : 607537 License: LGPL URL : http://gtkextra.sourceforge.net/ Summary : A library of gtk+ widgets Description : The gtk+extra package includes the libraries. Name : libgtk+1.2 Relocations: (not relocateable) Version : 1.2.10 Vendor: MandrakeSoft Release : 29mdk Build Date: Wed 11 Sep 2002 12:10:16 PM CET Install date: Sun 01 Dec 2002 07:15:33 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+-1.2.10-29mdk.src.rpm Size : 2048449 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Main library for gtk+ Description : This package contains the library needed to run programs dynamically linked with gtk+. [t@localhost t]$ is there any options to add to./configure command? or is it due to my system? thank you [t@localhost t]$ rpm -qi $(rpm -qa |grep -i gtk+) Name : libgtk+mdk0.1_6-devel Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 15 Dec 2002 12:26:32 PM CET Build Host: bi.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 191170 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : Mandrake specific GTK+ Widgets Description : Static libraries and header files for the Mandrake specific GTK+ Widgets. Name : gtk+mdk Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 01 Dec 2002 07:18:02 PM CET Build Host: bi.mandrakesoft.com Group : System/Libraries Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 232661 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : MandrakeSoft specific GTK+ Widgets Description : This library provides some widgets which use is very encouraged in every GTK+ based mandrake applications. Name : libgtk+1.2-devel Relocations: (not relocateable) Version : 1.2.10 Vendor: MandrakeSoft Release : 29mdk Build Date: Wed 11 Sep 2002 12:10:16 PM CET Install date: Sun 01 Dec 2002 07:30:08 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+-1.2.10-29mdk.src.rpm Size : 5444354 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development tools for GTK+ (GIMP ToolKit) applications. Description : The libgtk+1.2-devel package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. The libgtk+1.2-devel package contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). Install libgtk+1.2-devel if you need to develop GTK+ applications. You'll also need to install the gtk+ package. Name : libgtk+-linuxfb-2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 15 Dec 2002 11:53:43 AM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2798304 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Frame-Buffer backend of The GIMP ToolKit (GTK+) Description : This package contains the Frame Buffer version of library needed to run programs dynamically linked with gtk+. Name : gtk+2.0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:16:18 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2346845 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : The GIMP ToolKit (GTK+), a library for creating GUIs Description : The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. Name : libgtk+-x11-2.0_0-devel Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:30:07 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2076 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development files for X11 backend of GTK+ Description : This package contains the development files needed to compile programs with gtk+ X11 version. Name : libgtk+mdk0.1_6 Relocations: (not relocateable) Version : 0.1.6 Vendor: MandrakeSoft Release : 12mdk Build Date: Thu 05 Sep 2002 07:41:13 PM CET Install date: Sun 15 Dec 2002 11:53:43 AM CET Build Host: bi.mandrakesoft.com Group : System/Libraries Source RPM: gtk+mdk-0.1.6-12mdk.src.rpm Size : 126309 License: GPL Packager : Pablo Saratxaga URL : http://www.mandrakelinux.com/ Summary : Mandrake specific GTK+ Widgets Description : This package contains the library needed to run programs dynamically linked with libgtk+mdk. Name : libgtk+-x11-2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:15:40 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 2793632 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : X11 backend of The GIMP ToolKit (GTK+) Description : This package contains the X11 version of library needed to run programs dynamically linked with gtk+. Name : libgtk+2.0_0 Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:16:17 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 183076 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : The GIMP ToolKit (GTK+), a library for creating GUIs Description : This package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. It contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). This package contains the library needed to run programs dynamically linked with gtk+. Name : libgtk+2.0_0-devel Relocations: (not relocateable) Version : 2.0.6 Vendor: MandrakeSoft Release : 8mdk Build Date: Wed 11 Sep 2002 12:59:35 PM CET Install date: Sun 01 Dec 2002 07:30:02 PM CET Build Host: hp6.mandrakesoft.com Group : Development/GNOME and GTK+ Source RPM: gtk+2.0-2.0.6-8mdk.src.rpm Size : 9212723 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Development files for GTK+ (GIMP ToolKit) applications. Description : The libgtk+-devel package contains the static libraries and header files needed for developing GTK+ (GIMP ToolKit) applications. The libgtk+-devel package contains GDK (the General Drawing Kit, which simplifies the interface for writing GTK+ widgets and using GTK+ widgets in applications), and GTK+ (the widget set). Name : libgtk+extra0 Relocations: (not relocateable) Version : 0.99.17 Vendor: (none) Release : 1mdk8_1 Build Date: Fri 30 Nov 2001 10:32:21 PM CET Install date: Sun 15 Dec 2002 11:42:11 AM CET Build Host: heppc22.cithep.caltech.edu Group : System/Libraries Source RPM: gtk+extra-0.99.17-1mdk8_1.src.rpm Size : 607537 License: LGPL URL : http://gtkextra.sourceforge.net/ Summary : A library of gtk+ widgets Description : The gtk+extra package includes the libraries. Name : libgtk+1.2 Relocations: (not relocateable) Version : 1.2.10 Vendor: MandrakeSoft Release : 29mdk Build Date: Wed 11 Sep 2002 12:10:16 PM CET Install date: Sun 01 Dec 2002 07:15:33 PM CET Build Host: hp6.mandrakesoft.com Group : System/Libraries Source RPM: gtk+-1.2.10-29mdk.src.rpm Size : 2048449 License: LGPL Packager : Mandrake Linux Team URL : http://www.gtk.org Summary : Main library for gtk+ Description : This package contains the library needed to run programs dynamically linked with gtk+. [t@localhost t]$ is there any options to add to./configure command? or is it due to my system? thank you From Fabian.Rodriguez@Toxik.com Sun Jan 26 18:50:02 2003 From: Fabian.Rodriguez@Toxik.com (Toxik - Fabian Rodriguez) Date: Sun Jan 26 18:50:02 2003 Subject: Reorganization, new release Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am pleased to announce several important changes in the WinPT project. This includes a new name for the project (Windows Privacy Tools), an improved installer, multilingual tools for Windows users, and more. I invite you to see the full annoucement at: http://marc.theaimsgroup.com/?l=3Dwinpt-dev&m=3D104360249517136&w= =3D2 Thank you, Fabi=E1n Rodr=EDguez - Toxik Technologies, Inc. www.toxik.com - (514) 528-6945 @221 OpenPGP: 0x5AF2A4D5 -----BEGIN PGP SIGNATURE----- iD4DBQE+NB9pfUcTXFrypNURAql1AKC+oVH09moJjHMegHrsByVmZfNT6gCY27HT UN+c+pjPwSS1TMn7Cfge1Q=3D=3D =3DhqKl -----END PGP SIGNATURE----- From eocnex@hnyoregn.pn Mon Jan 27 12:07:02 2003 From: eocnex@hnyoregn.pn (Rob Park) Date: Mon Jan 27 12:07:02 2003 Subject: gnupg oddities In-Reply-To: <024401c2c3bf$f4e73c40$f92489c3@enterprise> References: <20030124152343.GA24881@reiteration.net> <024401c2c3bf$f4e73c40$f92489c3@enterprise> Message-ID: <20030124191944.GE1094@ualberta.ca> Alas! David Pic=F3n =C1lvarez spake thus: > 2) If you encrypt an e-mail to, let's say, me, you can't read it yourse= lf > unless you encrypt to yourself also. This is because I'm the only one > capable to decrypt something encrypted with my pubkey. There is a tweak= on > the options file, I think it's precisely default-recipient-self, which > encrypts to your own key in addition to whatever other key, so that you= can > decrypt your own e-mails. Personally. I believe default-recipient-self will make gpg encrypt something to yourself, ONLY if it is not encrypted to anybody else (in other words, it is a _default_ that is overridden by the --recipient option). This seems to be consistent with what the manpage says: --default-recipient-self Use the default key as default recipient if option --recipi- ent is not used and don't ask if this is a valid one. The default key is the first one from the secret keyring or the one set with --default-key. If you want to have gpg encrypt to you *and* the person you're sending th= e email to, add 'encrypt-to YOURKEYID' to your gpg config file. Be aware th= at if you encrypt anything with gpg, it will then be encrypted to yourself and whoever else you specify. That's nice for emails, but sometimes it's not = what you want to do ;) It's probably better to configure your mail client to call gpg with the option '--encrypt-to YOURKEYID' instead. That way, all your outgoing mail will be encrypted to you and your recipient, so you can both read the mail, but when you use gpg outside of your mail client, the files you encrypt will only be encrypted to whoever you want them encrypted to. --=20 Rob Park http://www.ualberta.ca/~rbpark -- Don't put off for tomorrow what you can do today because if you enjoy it = today, you can do it again tomorrow. From aaron@philngood.com Tue Jan 28 17:16:03 2003 From: aaron@philngood.com (Aaron P. Martinez) Date: Tue Jan 28 17:16:03 2003 Subject: different keys for different machine? Message-ID: <1043770585.2554.8.camel@aaron.proficuous.com> I was generating a key the other day and then on a different machine, i wanted to do it again..well, then i realized that i was going to have the same name associated with different keys. I have about 4 machines that i will need to do this on. Should i simply move my key pair to all of my machines or make new one's on each machine? Thanks in advance, aaron martinez From agreene@pobox.com Tue Jan 28 18:15:02 2003 From: agreene@pobox.com (Anthony E. Greene) Date: Tue Jan 28 18:15:02 2003 Subject: different keys for different machine? Message-ID: <00bf01c2c6f1$07484530$e55014ac@lanham-agreene.iitri.org> Aaron P. Martinez wrote: >I was generating a key the other day and then on a different machine, i >wanted to do it again..well, then i realized that i was going to have >the same name associated with different keys. I have about 4 machines >that i will need to do this on. Should i simply move my key pair to all >of my machines or make new one's on each machine? It sounds like you should use the same key pair on all machines. From wronkiew@foozone.org Tue Jan 28 19:03:27 2003 From: wronkiew@foozone.org (Matt Wronkiewicz) Date: Tue Jan 28 19:03:27 2003 Subject: different keys for different machine? In-Reply-To: <1043770585.2554.8.camel@aaron.proficuous.com> References: <1043770585.2554.8.camel@aaron.proficuous.com> Message-ID: <20030128180346.GA13288@ghs.com> --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > Should i simply move my key pair to all of my machines or make > new one's on each machine? You will encounter problems if you have multiple keys with the same email address. One potential problem is that someone who wants to send you an encrypted message will have to choose between several keys to encrypt to. If you retrieve this message on a machine that does not have the corresponding private key, then you are stuck. On the other hand, if one or more of these computers is not as secure as the others, such as a computer at your office that you do not have control over, you may want to keep a separate, low security key on that machine. In this case you would want to generate a revocation certificate and keep it secure in case someone gets into your files. --=20 Matt Wronkiewicz Fingerprint: 914B FFE7 1C00 7B63 04D1 051D BA18 9B5D 6845 2D6E Signature policy: http://www.foozone.org/crypto_policy.asc --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (SunOS) iHAEARECADAFAj42xgIpGmh0dHA6Ly93d3cuZm9vem9uZS5vcmcvY3J5cHRvX3Bv bGljeS5hc2MACgkQuhibXWhFLW5ZygCg6LPtCOQ9q18pzJRGxerXBQmaV2sAoNHt p7t5pe/FKSQRnJ62gIYvDtoj =LXtl -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF-- From duckwing@duckwing.ca Tue Jan 28 19:18:02 2003 From: duckwing@duckwing.ca (Carl B. Constantine) Date: Tue Jan 28 19:18:02 2003 Subject: Problems with mutt & gnupg 1.2.1 on solaris 8 x86 Message-ID: <20030128181604.GA17840@Mallard> --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Actually, there are two problems. One is general gnupg and one is specific to my solaris install at work. 1) if a user types gpg --gen-key for the very first time, gnupg creates the ~/.gnupg dir, the pubring.gpg file, the random_seed, and the gpg.conf but fails to create the secring.gpg file. This happened to me on my RedHat install and my solaris install. I had to "touch ~/.gnupg/secring.gpg" and then generate the key pair. 2) I'm using mutt 1.4 with gnupg. The .muttrc file from my home machine (which I'm using right now) is exactly the same as my .muttrc for my work machine (Solaris 8 for x86). However, when I try to sign a message at my work machine, I type in the passphrase and get the following error: "Can't open PGP subprocess!: Invalid argument (errno =3D 22). any ideas as to why this is occuring? here are the relevant commands in my =2Emuttrc that pertain to gnupg|pgp: unset pgp_replysign # always sign reply to signed message unset pgp_show_unusable # Show non-usable keys on the PGP key selection men= u? set pgp_timeout=3D1000 # number of seconds to cache passphrase auto_view text/html text/enriched application/x-gunzip application/postscri= pt /gif application/x-tar-gz application/pgp-signature image/* macro pager J "!gpg --keyserver search.keyserver.net --recv-key " "Get PGP = Key"macro pager K "!gpg --lsign-key " "Sign PGP Key" again, I'm using the same commands at work. gnupg is on my path. at home I'm using BASH, at work tcsh if that helps. --=20 .''`. Carl B. Constantine : :' : duckwing@duckwing.ca `. `' GnuPG: 135F FC30 7A02 B0EB 61DB 34E3 3AF1 DC6C 9F7A 3FF8 `- Debian GNU/Linux -- The power of freedom --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+NsjkOvHcbJ96P/gRAjMsAJ9sEyUz/RQq5r8dy4x303HrsPoIAgCglsQO s5XfEC8U0Q6/O5W3mhDdlbY= =qEX/ -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2-- From Thomas.Arend@t-online.de Tue Jan 28 19:55:01 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Tue Jan 28 19:55:01 2003 Subject: different keys for different machine? In-Reply-To: <1043770585.2554.8.camel@aaron.proficuous.com> References: <1043770585.2554.8.camel@aaron.proficuous.com> Message-ID: <200301281957.40319.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Dienstag, 28. Januar 2003 17:16 schrieb Aaron P. Martinez: > I was generating a key the other day and then on a different machine, i > wanted to do it again..well, then i realized that i was going to have > the same name associated with different keys. I have about 4 machines > that i will need to do this on. Should i simply move my key pair to al= l > of my machines or make new one's on each machine? > > Thanks in advance, > > aaron martinez You should copy your key-ring or export / import your secret key if you w= ant=20 to be able to decrypt all your mail on every maschine.=20 On linux on an network it's quite easy user1@maschine1:~> ssh -l user2 maschine2 gpg --export-secret-key | gpg=20 - --import Or you can share you secret-key-ring via nfs Best regards Thomas =20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+NtKi2TqsmTFMxwkRAiDWAJ456hjxaYhUvNCvygLZP42VUQGrIgCcCy7j 0PPgwjxSPQgKXj00vNgPo34=3D =3DWZAT -----END PGP SIGNATURE----- From Thomas.Arend@t-online.de Tue Jan 28 20:19:01 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Tue Jan 28 20:19:01 2003 Subject: different keys for different machine? In-Reply-To: <20030128180346.GA13288@ghs.com> References: <1043770585.2554.8.camel@aaron.proficuous.com> <20030128180346.GA13288@ghs.com> Message-ID: <200301282021.25354.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Dienstag, 28. Januar 2003 19:03 schrieb Matt Wronkiewicz: > > Should i simply move my key pair to all of my machines or make > > new one's on each machine? > > You will encounter problems if you have multiple keys with the > same email address. One potential problem is that someone who > wants to send you an encrypted message will have to choose > between several keys to encrypt to. If you retrieve this message > on a machine that does not have the corresponding private key, > then you are stuck. > > On the other hand, if one or more of these computers is not as > secure as the others, such as a computer at your office that you > do not have control over, you may want to keep a separate, low > security key on that machine. In this case you would want to > generate a revocation certificate and keep it secure in case > someone gets into your files. Maybe a memory-stick and linking ~/.gnupg to the memory stick on every ma= chine=20 would do in sthis case. This requires the permission to mout the memory=20 stick. Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Ntg02TqsmTFMxwkRAsyTAKCNPwxrJgQkKeyaUVoatXDTXAFMXQCeOuH/ zhH1oUZ9dG30L09AauJCA7w=3D =3DhbfP -----END PGP SIGNATURE----- From rlaager@wiktel.com Tue Jan 28 21:03:01 2003 From: rlaager@wiktel.com (Richard Laager) Date: Tue Jan 28 21:03:01 2003 Subject: different keys for different machine? In-Reply-To: <1043770585.2554.8.camel@aaron.proficuous.com> Message-ID: <002a01c2c708$578c1820$13a63992@umcrookston.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aaron P. Martinez wrote: > I was generating a key the other day and then on a different > machine, i > wanted to do it again..well, then i realized that i was going to > have the same name associated with different keys. I have about 4 > machines that i will need to do this on. Should i simply move my > key > pair to all > of my machines or make new one's on each machine? Will you be using the key for signing or encryption or both? Will you be doing the same functions (signing/encryption/both) on each machine? Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPjbh6W31OrleHxvOEQIx8QCg3fKq2A0vViYsKPbKznPTP9R49PcAn0zs n2ekR5KdyPKiNyeHWrGBJ2lA =I6cZ -----END PGP SIGNATURE----- From aaron@philngood.com Tue Jan 28 21:46:01 2003 From: aaron@philngood.com (Aaron P. Martinez) Date: Tue Jan 28 21:46:01 2003 Subject: different keys for different machine? In-Reply-To: <200301281957.40319.thomas.arend@t-online.de> References: <1043770585.2554.8.camel@aaron.proficuous.com> <200301281957.40319.thomas.arend@t-online.de> Message-ID: <1043786810.2554.91.camel@aaron.proficuous.com> Wow, this is way more in depth than i was hoping for... Ok...lets say, for security sake..that i really only need one, no lets say two..one linux and one window's box to send email from..I use an imap server so i often connect to the server from one of the two machines. The rest of the machines are server machines. My network is set up as such..... internet gateway/firewall/router----int. router/samba/fw/---internal net | | | DMZ (ascii art---not my forte) The internal net is where my email boxes are of course. on the dmz currently i have one maching doing most work...SMTP, IMAP, HTTP, SSH, WEBMAIL, the ohter machine is just a haylafax server. and then there is my internal router/firewall/samba server. I'm not sure this clears it up..but it sounds like what the best thing in this situation to do is share the key on my two workstation machines..(can i share the key on a windows and linux box?) and then create a seperate key for each of the other machines for encryption purposes? I suspect that for the main dmz machine, i should actually get a key through a CA so i don't get the dreaded "untrusted key" or worse yet, my customers? Hope this clears it up..and thanks for the quick responses. Aaron martinez On Tue, 2003-01-28 at 12:57, Thomas Arend wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am Dienstag, 28. Januar 2003 17:16 schrieb Aaron P. Martinez: > > I was generating a key the other day and then on a different machine, i > > wanted to do it again..well, then i realized that i was going to have > > the same name associated with different keys. I have about 4 machines > > that i will need to do this on. Should i simply move my key pair to all > > of my machines or make new one's on each machine? > > > > Thanks in advance, > > > > aaron martinez > > You should copy your key-ring or export / import your secret key if you want > to be able to decrypt all your mail on every maschine. > > On linux on an network it's quite easy > > user1@maschine1:~> ssh -l user2 maschine2 gpg --export-secret-key | gpg > - --import > > Or you can share you secret-key-ring via nfs > > Best regards > > > Thomas > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+NtKi2TqsmTFMxwkRAiDWAJ456hjxaYhUvNCvygLZP42VUQGrIgCcCy7j > 0PPgwjxSPQgKXj00vNgPo34= > =WZAT > -----END PGP SIGNATURE----- > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From avbidder@fortytwo.ch Tue Jan 28 22:41:01 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Jan 28 22:41:01 2003 Subject: different keys for different machine? In-Reply-To: <1043770585.2554.8.camel@aaron.proficuous.com> References: <1043770585.2554.8.camel@aaron.proficuous.com> Message-ID: <1043790105.3574.408.camel@altfrangg.fortytwo.ch> --=-k9oY1HYkx/TQdT8TX3s4 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable [yes, you know what's coming] On Die, 2003-01-28 at 17:16, Aaron P. Martinez wrote: > I was generating a key the other day and then on a different machine, i > wanted to do it again..well, then i realized that i was going to have > the same name associated with different keys. I have about 4 machines > that i will need to do this on. Should i simply move my key pair to all > of my machines or make new one's on each machine? Some good comments already. Additionally: if you have multiple keys, everybody will have to sign all four keys I think the memory stick (or, for low-tech, floppy) approach is the best one if you don't trust your computers enough to just leave the secret key on it. If you're prepared to deal with some difficulties regarding keyservers, you could use multiple subkeys. Be sure to read all of http://fortytwo.ch/gpg/subkeys - the issues are not theoretical 'it might happen' issues but real problems. But personally, I feel I can live with it. cheers -- vbi --=20 featured link: http://fortytwo.ch/gpg/intro --=-k9oY1HYkx/TQdT8TX3s4 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iHMEABECADMFAj42+RksGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99a0vACghNtVVi0BSt+SkT/rme9q+CqQGggA oK7ZC3ccXaUS9kICpcU0u2POqZ8d =qEO8 -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822 --=-k9oY1HYkx/TQdT8TX3s4-- From greg@turnstep.com Wed Jan 29 01:30:02 2003 From: greg@turnstep.com (greg@turnstep.com) Date: Wed Jan 29 01:30:02 2003 Subject: different keys for different machine? In-Reply-To: <1043790105.3574.408.camel@altfrangg.fortytwo.ch> Message-ID: <4d5091b83fe73f36037e2e8024b37909@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message > I think the memory stick (or, for low-tech, floppy) approach > is the best one if you don't trust your computers enough to > just leave the secret key on it. The memory sticks (specifically, flash USB drives) are very nice and perfect for carrying your key. They are extremely durable (no moving parts), hold far more than a floppy, and very small (usually can fit on a keychain, or easily in a pocket). Do a search on pricewatch.com and you can get them as cheap as $25. If you go with removable media, just don't forget to unmount them when done (as opposed to just physically removing them) as some OSs will cache the contents of the drive. -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200301271929 -----BEGIN PGP SIGNATURE----- Comment: http://www.turnstep.com/pgp.html iD8DBQE+NbQGvJuQZxSWSsgRAh7RAJ40l7cNdj8cB2jJuSHVZLOYYFscqQCgxcVa FLwaFnfZe9VgUvGBeIPFnt4= =zEH/ -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Wed Jan 29 01:38:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Jan 29 01:38:03 2003 Subject: different keys for different machine? In-Reply-To: <1043790105.3574.408.camel@altfrangg.fortytwo.ch> References: <1043770585.2554.8.camel@aaron.proficuous.com> <1043790105.3574.408.camel@altfrangg.fortytwo.ch> Message-ID: <20030129003854.GA16044@jabberwocky.com> On Tue, Jan 28, 2003 at 10:41:45PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote: > If you're prepared to deal with some difficulties regarding keyservers, > you could use multiple subkeys. Be sure to read all of > http://fortytwo.ch/gpg/subkeys - the issues are not theoretical 'it > might happen' issues but real problems. But personally, I feel I can > live with it. I have a fix in that prevents pksd from mangling multiple subkey keys. It should be a part of the next pksd release. Note this doesn't mean that pksd will actually store the multiple subkeys, but it does mean that it won't mangle the key if you try. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson From reichenb@pdkue.bwl.de Wed Jan 29 06:49:04 2003 From: reichenb@pdkue.bwl.de (Stephan Reichenbach) Date: Wed Jan 29 06:49:04 2003 Subject: keyupdate Message-ID: <3E3779A1.21480.47924FB@localhost> hello, I haven=B4t read the mailing list for a long time, so sorry if this=20 question has been asked=20 before. I have serveral user (many..!) that createt their keys under gpg 1.06=20 (pubring, secring trustdb). now I want to update to version 1.21. the user work in a closed environment (no explorer etc, desktop has only = some=20 programms, running mainly windows nt on the clients) and I want to ask, i= f the keys are=20 compatible meens, can I use my keys furhter on with 1.21 or do I have to = make a=20 conversion? if so, how? From avbidder@fortytwo.ch Wed Jan 29 09:12:09 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jan 29 09:12:09 2003 Subject: different keys for different machine? In-Reply-To: <1043786810.2554.91.camel@aaron.proficuous.com> References: <1043770585.2554.8.camel@aaron.proficuous.com> <200301281957.40319.thomas.arend@t-online.de> <1043786810.2554.91.camel@aaron.proficuous.com> Message-ID: <1043828000.9042.3.camel@papillon.fortytwo.ch> --=-navwXMHPA/94VADwl3wC Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Die, 2003-01-28 at 21:46, Aaron P. Martinez wrote: > Wow, this is way more in depth than i was hoping for... >=20 > Ok...lets say, for security sake..that i really only need one, no lets > say two..one linux and one window's box to send email from..I use an > imap server so i often connect to the server from one of the two > machines. The rest of the machines are server machines. My network is > set up as such..... >=20 > internet gateway/firewall/router----int. router/samba/fw/---internal net > | > | > | > DMZ >=20 > (ascii art---not my forte) =20 >=20 > The internal net is where my email boxes are of course. on the dmz > currently i have one maching doing most work...SMTP, IMAP, HTTP, SSH, > WEBMAIL, the ohter machine is just a haylafax server. and then there is > my internal router/firewall/samba server. I'm not sure this clears it > up..but it sounds like what the best thing in this situation to do is > share the key on my two workstation machines..(can i share the key on a > windows and linux box?) and then create a seperate key for each of the > other machines for encryption purposes? Ok, yes: if you think that both machines are safe enough for you, juist share the key. It's no problem to share keys between windows and Linux. There have been some problems in the past with new gpg versions and older pgp versions, but if you use gpg on both, or recent versions of both programs, there should be no problems. I don't know why you want keys on the other machines at all. To transfer data within the network, use ssh and all is ok. To encrypt file, have your public key on the routers, so you can encrypt things you want to send yourself. The only reason would be when you want to store encrypted data - but then I would not have the secret key on the machines... Hope you see what I mean. cheers -- vbi --=20 Available for key signing in Z=FCrich and Basel, Switzerland (what's this? Look at http://fortytwo.ch/gpg/intro) --=-navwXMHPA/94VADwl3wC Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+N40gKqpm2L3fmXoRAptVAKCGO0i3p0bLfhWNEDez4LMqS4t/KgCgj3ZO oM62pkXGQy+nNXCi/AkdbTU= =8CCE -----END PGP SIGNATURE----- --=-navwXMHPA/94VADwl3wC-- From Thomas.Arend@t-online.de Wed Jan 29 17:25:13 2003 From: Thomas.Arend@t-online.de (Thomas Arend) Date: Wed Jan 29 17:25:13 2003 Subject: different keys for different machine? In-Reply-To: <1043786810.2554.91.camel@aaron.proficuous.com> References: <1043770585.2554.8.camel@aaron.proficuous.com> <200301281957.40319.thomas.arend@t-online.de> <1043786810.2554.91.camel@aaron.proficuous.com> Message-ID: <200301291727.58320.thomas.arend@t-online.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Dienstag, 28. Januar 2003 21:46 schrieb Aaron P. Martinez: > Wow, this is way more in depth than i was hoping for... > > Ok...lets say, for security sake..that i really only need one, no lets > say two..one linux and one window's box to send email from..I use an > imap server so i often connect to the server from one of the two > machines. The rest of the machines are server machines. My network is > set up as such..... > > internet gateway/firewall/router----int. router/samba/fw/---internal ne= t > > > > DMZ > > (ascii art---not my forte) > > The internal net is where my email boxes are of course. on the dmz > currently i have one maching doing most work...SMTP, IMAP, HTTP, SSH, > WEBMAIL, the ohter machine is just a haylafax server. and then there i= s > my internal router/firewall/samba server. I'm not sure this clears it > up..but it sounds like what the best thing in this situation to do is > share the key on my two workstation machines..(can i share the key on a > windows and linux box?) and then create a seperate key for each of the > other machines for encryption purposes? I suspect that for the main dm= z > machine, i should actually get a key through a CA so i don't get the > dreaded "untrusted key" or worse yet, my customers? I will give only a general answer. I use Samba as a "domain controler" an= d log=20 on with a samba/linux userid on my windows box. /home/userid is exported = to=20 drive Z:. The registry-key to the key-ring is set to z:.gungp.=20 With gnupg 1.2.1 this works fine. With an earlier version I had some problems I never investigated until th= e=20 end. You can have more than one secret key in the keyring. best is to use for = all=20 keys the same passphrase or matra (as it's called in the German version).= =20 Otherwise you will get a little confused. You only need your private / secret key for signing and decryption. For=20 encryption you need the public key of the corrospondend you send your=20 messages. =20 Thomas > > Hope this clears it up..and thanks for the quick responses. > > Aaron martinez [snip] =2E.. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+OAEM2TqsmTFMxwkRAjWmAKCz8HvClSFHfTg+P5ZJxVK+nftiGwCfUYYn pLmM9lj8dtv2/tzYrYDYn74=3D =3Drnkf -----END PGP SIGNATURE----- From bmord@icon-nicholson.com Wed Jan 29 19:41:24 2003 From: bmord@icon-nicholson.com (Ben Mord) Date: Wed Jan 29 19:41:24 2003 Subject: random seed file questions In-Reply-To: Message-ID: Hi, My apologies if this email was already sent to the list. I mailed this a couple days ago, and am resending because it never seemed to go through. It is my understanding that GnuPG stores a random seed file in its working directory. This file is changed each time you use GnuPG. I have looked for more information about this file in the manual and faq, but have not found it. (There is some information in the man page.) If the confidentiality or integrity of the random seed file is compromised, should all subsequent messages created with it then be assumed to be compromised? Or all subsequent messages generated within a certain time period? Suppose you reuse an old version of this file, such that exactly the same random seed file state was used for multiple messages. For example, suppose you restore your gnupg working directory from an old backup, and then use this to encrypt or sign more data files. Or suppose you copy your gnupg directory to multiple computers, and then use multiple copies that all started in the same state. Would this be insecure? Suppose you have reason to believe that your random seed file has been compromised, or that you are using the same version of this file multiple times (e.g. restored from backup, or copied and then used on multiple computers.) Is there a way to tell gnupg to regenerate the seed file from scratch, perhaps using random input from the user? How is entropy gathered in the windows port? If you elect not to use the random seed file, then is security weakened, or only performance? On Pentium III architectures, is the built-in hardware random number generator used? See below: http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf Thanks, Ben From pgpgp@pollinger.org.uk Thu Jan 30 00:56:18 2003 From: pgpgp@pollinger.org.uk (Ben Pollinger) Date: Thu Jan 30 00:56:18 2003 Subject: Using GnuPG within CGI Message-ID: <006701c2c7f2$2b443aa0$4da987d9@linear> Hello all, I have a formmail set up at: http://www.psyclick.34sp.com/contact.html It uses the more secure (spam-resistant) version of formmail.pl from: http://nms-cgi.sourceforge.net/formmail.zip I finally got it working but would like to use GnuPG to encrypt the output from this form, before it is emailed to me. (I realise this only protects data between the server and me, but this is OK for my purposes) Can this be done within a CGI environment? I can use perl, php4, pyton etc. regards, Ben -- Ben Pollinger www.pollinger.org.uk www.psyclick.org.uk PGP'd email welcome From jon@02feb02.com Thu Jan 30 04:20:29 2003 From: jon@02feb02.com (Jon Roberts) Date: Thu Jan 30 04:20:29 2003 Subject: Permissions Error with php Message-ID: <00df01c2c8a5$67f73b10$0a00a8c0@ORAC> I had gnuPg working from php fine, but recently it has developed an error, I was using this to encrypt: system("/usr/local/bin/gpg --encrypt -ao $crypted -r $recip $plainTxt"); gpg: fatal: /root/.gnupg: can't create directory: No such file or directory secmem usage: 0/0 bytes in 0/0 blocks of pool 0/16384 and is not generating any output Could anyone help me please Thanks, Jon Roberts. From timothy.nam@db.com Thu Jan 30 16:51:01 2003 From: timothy.nam@db.com (Timothy Nam) Date: Thu Jan 30 16:51:01 2003 Subject: Having a problem with encrypting and decrypting files. Message-ID: I was wondering if somebody could help shine some light to a problem I am having. I have a public key generated using version 1.0.7 (SunOS) , the counterparty I am exchanging keys with is using version 1.2.1 (MingW32). I have imported his key, as well as him importing mine, but when I try and decrypt a file which is signed and encrypted by the other party, I get the error gpg: decryption failed: secret key not available. Is there a compatibility issue with the versions we are using? regards Timothy (Ting) Nam From eocnex@hnyoregn.pn Thu Jan 30 16:52:28 2003 From: eocnex@hnyoregn.pn (Rob Park) Date: Thu Jan 30 16:52:28 2003 Subject: Getting rid of old uids from my key... Message-ID: <20030128191456.GA1134@ualberta.ca> Hello, My key has a lot of old email addresses attached to it, addresses that I no longer have access to. I know that I can edit the key and delete them, but if I update the key from the keyservers, all the deleted uids come back, even if I send the trimmed key to the keyservers first (so the keyservers are consolidating all the UIDs). Is it possible to remove these extra uids permanently? Or do I just have to create a new key? Thanks. -- Rob Park http://www.ualberta.ca/~rbpark -- He was so narrow-minded he could see through a keyhole with both eyes.