From vedaal at hush.com Sun Aug 1 17:01:06 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Mon Aug 2 16:18:03 2004 Subject: 1.2.5 windows binary // throw-keyid option Message-ID: <200408011501.i71F161c001631@mailserver3.hushmail.com> am using 1.2.5 (windows binary) and get error messages when trying to use the 'throw-keyid' option here is the gpg command and output: C:\GnuPG>gpg -r 0xC6F11FC7 -e c:\t1.txt gpg: C:/GnuPG\gpg.conf:14: invalid option this error message is gone once the throw-keyid option is removed from gpg.conf, and re-appears when it is re-introduced here are the gpg.conf options: default-key 0x1ADF5495 keyserver ldap://pgp.surfnet.nl:11370 load-extension c:\gnupg\lib\idea.dll verbose verbose expert show-session-key throw-keyid everything else in gnupg seems to work fine can anyone else confirm a problem with 1.2.5 (windows binary) and the 'throw-keyid' option? tia, vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From stephan42 at chinguarime.net Mon Aug 2 17:37:57 2004 From: stephan42 at chinguarime.net (Stephan Menzel) Date: Mon Aug 2 17:34:18 2004 Subject: kmail and gpgme Message-ID: <200408021738.05836.stephan42@chinguarime.net> G'day list, as I was adviced in de.comp.os.unix.apps.kde I would like to bother you with a question regarding kmail and gpgme. To keep a long and boring story short, I can't get it to work. All I get is a message telling me: "Bibliotheksdatei des Moduls /usr/lib/libgpgme.so.11 konnte nicht geladen werden. (code: /usr/lib/libgpgme.so.11: undefined symbol: initialize)" Well, sorry it's in german. It means like couldn't load shared object because... I tried to get that to work for a very long time now, every now and again trying it whenever new versions of gnupg or kde came out but whatever I do, it always shows this message in a msg box when I start kmail. When I try to display an PGP/MIME signed or encrypted mail, it says in the header 'No suitable plugin found, /usr/lib/libgpgme.so.11: was not initialized' I tried several tutorials, including one I found in the archive of that list and that one at http://kmail.kde.org/kmail-pgpmime-howto.html. My system is Fedora Core 2 on a duron if that matters. KDE is 3.2.3 stable from rpm but I've had the problem for a long time and several kde versions now starting with RedHat9. The rest of the system should be pretty ordinary but I vaguely remember havin experimented with that stuff for a long time now so it might be possible that some relics are interfering in some way. However, I double checked everything I know about that and I don't really think so since I did also run ldd on gpgme and followed all the links and found nothing suspicious. I tried to install all versions of gnupg, the agent, libgcrypt, gpgme and libassuan I could find. From tarball, rpm, src.rpm, all sorts of experiments but I didn't succeed yet and before I eventually give up once more to try it again in a couple of month I would appreciate any suggestions from you guys. BTW, gnupg inline works fine. Stephan From str at strgt.cjb.net Mon Aug 2 19:37:23 2004 From: str at strgt.cjb.net (Stuardo - StR - Rodriguez) Date: Mon Aug 2 19:35:43 2004 Subject: many questions Message-ID: <200408021137.23544.str@strgt.cjb.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there.. i'm new to the list and to GPG and i want to implement it in the office i work.. there are a lot of workes here, so I have many questions 1) Can I create all the keys in a single machine to export them to the other machines? 2) I do not understand the trusting thing.... If I have a key - like a super key and it y sign the other 100 keys (i think it is signing.. i just tell to "trus" the other keys) then... in the other pc... i have trusted the super key.... Do i need to sign the other keys? or when I sign the super key, I trust every single key the super key has signed? 3) How do i set a key server where I can search for public keys? like ... in mozilla-thunderbird... I can asign which is the key server to search for the keys.... I want to add there MY server instead of the ones of the list: random.sks.keyserver.penguin.de, pgp.dtype.org, keyserver.kjsl.com, ldap://certserver.pgp.com 4) for windows mail clients the one I think is the best is thunderbird... I I like the kmail style.... with the green background on a trusted mail... how can get that on windows I think those are the questions for now... thanks - -- Stuardo -StR- Rodr?guez :: str@strgt.cjb.net .-[Just me 'n the world I created]-. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (GNU/Linux) iD8DBQFBDnvT5T8kS/5gJMARApaAAJ41eWSTnpYNtz6wnOftnkIP7Aur4gCfRlkx r3ptPeNmUqvG+3X3eZTLZWA= =rlWS -----END PGP SIGNATURE----- From mail at renelemme.de Mon Aug 2 19:39:44 2004 From: mail at renelemme.de (Rene Lemme) Date: Mon Aug 2 19:36:45 2004 Subject: kmail and gpgme In-Reply-To: <200408021738.05836.stephan42@chinguarime.net> References: <200408021738.05836.stephan42@chinguarime.net> Message-ID: <200408021939.52918.mail@renelemme.de> Hallo, My path on the Krypto-Module panel(KMail - Einstellungen - KMail einrichten) is different: /usr/lib/cryptplug/gpgme-openpgp.so On the OpenPGP panel(KMail - Einstellungen - KMail einrichten) of KMail I selected: GnuPG - GNU Privacy Guard Here it works with auto select aswell. Regards, ..ren? Am Montag, 2. August 2004 17:37 schrieb Stephan Menzel: > G'day list, > > as I was adviced in de.comp.os.unix.apps.kde I would like to bother > you with a question regarding kmail and gpgme. To keep a long and > boring story short, I can't get it to work. All I get is a message > telling me: > > "Bibliotheksdatei des Moduls /usr/lib/libgpgme.so.11 konnte nicht > geladen werden. > (code: /usr/lib/libgpgme.so.11: undefined symbol: initialize)" > > Well, sorry it's in german. It means like couldn't load shared > object because... > > I tried to get that to work for a very long time now, every now and > again trying it whenever new versions of gnupg or kde came out but > whatever I do, it always shows this message in a msg box when I > start kmail. When I try to display an PGP/MIME signed or encrypted > mail, it says in the header 'No suitable plugin found, > /usr/lib/libgpgme.so.11: was not initialized' > > I tried several tutorials, including one I found in the archive of > that list and that one at > http://kmail.kde.org/kmail-pgpmime-howto.html. My system is Fedora > Core 2 on a duron if that matters. KDE is 3.2.3 stable from rpm but > I've had the problem for a long time and several kde versions now > starting with RedHat9. The rest of the system should be pretty > ordinary but I vaguely remember havin experimented with that stuff > for a long time now so it might be possible that some relics are > interfering in some way. However, I double checked everything I > know about that and I don't really think so since I did also run > ldd on gpgme and followed all the links and found nothing > suspicious. > > I tried to install all versions of gnupg, the agent, libgcrypt, > gpgme and libassuan I could find. From tarball, rpm, src.rpm, all > sorts of experiments but I didn't succeed yet and before I > eventually give up once more to try it again in a couple of month I > would appreciate any suggestions from you guys. BTW, gnupg inline > works fine. > > Stephan > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- GnuPG Key-ID: BFCC946E www.renelemme.de -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040802/fc252dc7/attachment.bin From dshaw at jabberwocky.com Mon Aug 2 19:57:28 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Aug 2 19:54:22 2004 Subject: 1.2.5 windows binary // throw-keyid option In-Reply-To: <200408011501.i71F161c001631@mailserver3.hushmail.com> References: <200408011501.i71F161c001631@mailserver3.hushmail.com> Message-ID: <20040802175728.GA26292@jabberwocky.com> On Sun, Aug 01, 2004 at 08:01:06AM -0700, vedaal@hush.com wrote: > am using 1.2.5 (windows binary) > and get error messages when trying to use the 'throw-keyid' option > > here is the gpg command and output: > > C:\GnuPG>gpg -r 0xC6F11FC7 -e c:\t1.txt > gpg: C:/GnuPG\gpg.conf:14: invalid option > > this error message is gone once the throw-keyid option is removed from > gpg.conf, and re-appears when it is re-introduced > > here are the gpg.conf options: > > default-key 0x1ADF5495 > keyserver ldap://pgp.surfnet.nl:11370 > load-extension c:\gnupg\lib\idea.dll > verbose > verbose > expert > show-session-key > throw-keyid > > everything else in gnupg seems to work fine > > can anyone else confirm a problem with 1.2.5 (windows binary) and the > 'throw-keyid' option? Sorry about that. It's a bug, and is fixed for 1.2.6. In the meantime, use "throw-keyids". David From str at strgt.cjb.net Mon Aug 2 20:00:58 2004 From: str at strgt.cjb.net (Stuardo - StR - Rodriguez) Date: Mon Aug 2 19:58:40 2004 Subject: many questions Message-ID: <200408021201.02822.str@strgt.cjb.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there.. i'm new to the list and to GPG and i want to implement it in the office i work.. there are a lot of workes here, so I have many questions 1) Can I create all the keys in a single machine to export them to the other machines? 2) I do not understand the trusting thing.... If I have a key - like a super key and it y sign the other 100 keys (i think it is signing.. i just tell to "trus" the other keys) then... in the other pc... i have trusted the super key.... Do i need to sign the other keys? or when I sign the super key, I trust every single key the super key has signed? 3) How do i set a key server where I can search for public keys? like ... in mozilla-thunderbird... I can asign which is the key server to search for the keys.... I want to add there MY server instead of the ones of the list: random.sks.keyserver.penguin.de, pgp.dtype.org, keyserver.kjsl.com, ldap://certserver.pgp.com 4) for windows mail clients the one I think is the best is thunderbird... I I like the kmail style.... with the green background on a trusted mail... how can get that on windows I think those are the questions for now... thanks - -- Stuardo -StR- Rodr?guez :: str@strgt.cjb.net .-[Just me 'n the world I created]-. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (GNU/Linux) iD8DBQFBDoFe5T8kS/5gJMARAlOlAJ9iSz6M8E9ueubavRlBfhIS6rxq/ACeKC/N baXc4TpYwDCL6FyEYKo1rEY= =lbrf -----END PGP SIGNATURE----- From stephan42 at chinguarime.net Mon Aug 2 20:20:24 2004 From: stephan42 at chinguarime.net (Stephan Menzel) Date: Mon Aug 2 20:16:42 2004 Subject: kmail and gpgme In-Reply-To: <200408021939.52918.mail@renelemme.de> References: <200408021738.05836.stephan42@chinguarime.net> <200408021939.52918.mail@renelemme.de> Message-ID: <200408022020.28525.stephan42@chinguarime.net> On Montag, 2. August 2004 19:39, Rene Lemme wrote: > My path on the Krypto-Module panel(KMail - Einstellungen - KMail > einrichten) is different: > > /usr/lib/cryptplug/gpgme-openpgp.so That doesn't even exist for me. Do you remember were that comes from? Gpgme didn't install it here and I can't see any ./configure option for that either. > On the OpenPGP panel(KMail - Einstellungen - KMail einrichten) of > KMail I selected: GnuPG - GNU Privacy Guard > Here it works with auto select aswell. I tried both many many times without result. However, I thought for PGP/MIME this tab is not really relevant but rather the plugin tab. You use kde3.3 right? Stephan From MagicFab at FabianRodriguez.com Mon Aug 2 20:33:43 2004 From: MagicFab at FabianRodriguez.com (F. Rodriguez) Date: Mon Aug 2 20:30:38 2004 Subject: many questions In-Reply-To: <200408021137.23544.str@strgt.cjb.net> References: <200408021137.23544.str@strgt.cjb.net> Message-ID: <410E8907.8030709@FabianRodriguez.com> Stuardo - StR - Rodriguez wrote: > 1) Can I create all the keys in a single machine to export them to the other > machines? Yes. I would create one keyring with all public keys and separate keyrings for the private keys on each machine. > 2) I do not understand the trusting thing.... > If I have a key - like a super key and it y sign the other 100 keys (i think > it is signing.. i just tell to "trus" the other keys) then... in the other > pc... i have trusted the super key.... Do i need to sign the other keys? or > when I sign the super key, I trust every single key the super key has signed? Basically, yes, if you define your model of trust to be that... But that is *your* decision. More on the Web of trust: http://en.wikipedia.org/wiki/Web_of_trust > 3) How do i set a key server where I can search for public keys? like ... in > mozilla-thunderbird... I can asign which is the key server to search for the > keys.... I want to add there MY server instead of the ones of the list: It seems most development happens (or used to happen) around PKS: http://sourceforge.net/projects/pks/ > 4) for windows mail clients the one I think is the best is thunderbird... I > I like the kmail style.... with the green background on a trusted mail... > how can get that on windows The Enigmail extension for TB could support advanced email header templating. This is currently being discussed in this RFE (Request for Enhancement): http://bugzilla.mozdev.org/show_bug.cgi?id=6427 Feel free to participate in the discussion. Cheers, -- Fabi?n Rodr?guez Montreal, QC, Canada http://www.fabianrodriguez.com/email -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040802/d62cc08d/signature.bin From wk at gnupg.org Mon Aug 2 20:54:39 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 2 20:53:28 2004 Subject: 1.2.5 windows binary // throw-keyid option In-Reply-To: <20040802175728.GA26292@jabberwocky.com> (David Shaw's message of "Mon, 2 Aug 2004 13:57:28 -0400") References: <200408011501.i71F161c001631@mailserver3.hushmail.com> <20040802175728.GA26292@jabberwocky.com> Message-ID: <87pt69bcb4.fsf@wheatstone.g10code.de> On Mon, 2 Aug 2004 13:57:28 -0400, David Shaw said: > Sorry about that. It's a bug, and is fixed for 1.2.6. In the > meantime, use "throw-keyids". Actually one can keep using "throw-keyids". The problem is that in the configuration file abbreviated option don't work and we did not thought about that while change the name of the option. Werner From wk at gnupg.org Mon Aug 2 21:00:38 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 2 21:03:29 2004 Subject: kmail and gpgme In-Reply-To: <200408021738.05836.stephan42@chinguarime.net> (Stephan Menzel's message of "Mon, 2 Aug 2004 17:37:57 +0200") References: <200408021738.05836.stephan42@chinguarime.net> Message-ID: <87llgxbc15.fsf@wheatstone.g10code.de> On Mon, 2 Aug 2004 17:37:57 +0200, Stephan Menzel said: > "Bibliotheksdatei des Moduls /usr/lib/libgpgme.so.11 konnte nicht geladen > werden. > (code: /usr/lib/libgpgme.so.11: undefined symbol: initialize)" > Well, sorry it's in german. It means like couldn't load shared object > because... You need to use libgcrypt 0.3.16 with the cryptplug kmail versions. The libgcrypt.so.11 is too new 90.4.1 or newer). This is a common problem and we can't do much about it. Werner From linux at codehelp.co.uk Mon Aug 2 21:52:12 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Mon Aug 2 21:49:08 2004 Subject: many questions In-Reply-To: <410E8907.8030709@FabianRodriguez.com> References: <200408021137.23544.str@strgt.cjb.net> <410E8907.8030709@FabianRodriguez.com> Message-ID: <200408022052.16635.linux@codehelp.co.uk> On Monday 02 August 2004 7:33, F. Rodriguez wrote: > Stuardo - StR - Rodriguez wrote: > > 1) Can I create all the keys in a single machine to export them to the > > other machines? > > Yes. I would create one keyring with all public keys and separate > keyrings for the private keys on each machine. Generating all the keys yourself is a bad idea - generating them all on one machine (each key generated by the final user) is a practical problem. You shouldn't expect people to trust a key generated by someone else! (Generating a key requires setting the passphrase and it isn't wise to use a key to which someone else has a passphrase. Even if the user changes the passphrase in their private key, what is to say that you haven't kept an old private key with your own passphrase? Multiple copies of private keys with different people should be avoided. > > 2) I do not understand the trusting thing.... That much is plain from your first question. :-) Try reading these: http://www.dclug.org.uk/linux_doc/startgnupg.html http://www.dclug.org.uk/linux_doc/gnupgsign.html > > If I have a key - like a super key and it y sign the other 100 keys (i Yes. Each of those then needs to sign your key and be signed by your key. i.e. two way signatures, A signs B and B signs A. There are keysigning protocols for this: http://www.cryptnet.net/fdp/crypto/gpg-party.html Signatures are not something to be minimised, a keyholder often invests considerable time and effort in collecting as many signatures as possible - every signature strengthens the key and the overall web of trust. > > think it is signing.. i just tell to "trus" the other keys) then... in No, it's signing. Setting the trust comes afterwards - GnuPG will ignore any user trust setting until the key itself is trusted. (In the --edit-key output, trust is shown as two values). > > the other pc... i have trusted the super key.... Do i need to sign the > > other keys? Just sign the 'super' key. However, to make the web of trust stronger, as many users as possible should verify and sign each other's keys. > > or when I sign the super key, I trust every single key the > > super key has signed? Not necessarily, but you can set it that way. (There is no reason why any user MUST trust any key.) > Basically, yes, if you define your model of trust to be that... But that > is *your* decision. More on the Web of trust: > http://en.wikipedia.org/wiki/Web_of_trust > > > 3) How do i set a key server where I can search for public keys? like Why create another one? Public keys are public and there's no harm in using a public keyserver - there is no security issue here, public keyservers are designed for public keys. Dump the windows mindset and embrace the community - share your public key as widely as possible, keep your private key absolutely private. > > ... in mozilla-thunderbird... I can asign which is the key server to > > search for the keys.... I want to add there MY server instead of the ones > > of the list: Why? You'd be surprised how limiting that could become. Someone in the keyring is almost certain to want to use the key to sign/encrypt outside the small group. Once users have their own keys (and passphrases), there's nothing to stop them signing and being signed by other keys. It should be encouraged - it strengthens the web of trust of the entire group. > It seems most development happens (or used to happen) around PKS: > http://sourceforge.net/projects/pks/ I thought it was SKS that was most up to date (subkeys etc.)? -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040802/29cb1b82/attachment-0001.bin From thomas at northernsecurity.net Mon Aug 2 22:09:44 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Mon Aug 2 22:07:14 2004 Subject: many questions In-Reply-To: <410E8907.8030709@FabianRodriguez.com> References: <200408021137.23544.str@strgt.cjb.net> <410E8907.8030709@FabianRodriguez.com> Message-ID: <20040802200944.GA26461@northernsecurity.net> On Mon, Aug 02, 2004 at 02:33:43PM -0400, F. Rodriguez wrote: > It seems most development happens (or used to happen) around PKS: > http://sourceforge.net/projects/pks/ Used to happen. Latest file release was February 5, 2003 and PKS is pretty broken. Use subkeys.pgp.net instead. Maybe add an entry in the website FAQ perhaps? "4.23) Which keyserver should I use? Some keyservers is either isolated or broken. In order to distribute your key efficiently and receive keys with, for example, multiple subkeys correctly please use subkeys.pgp.net or random.sks.keyserver.penguin.de." /Thomas -- == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040802/4bb02047/attachment.bin From stephan42 at chinguarime.net Mon Aug 2 22:57:28 2004 From: stephan42 at chinguarime.net (Stephan Menzel) Date: Mon Aug 2 22:53:44 2004 Subject: kmail and gpgme In-Reply-To: <87llgxbc15.fsf@wheatstone.g10code.de> References: <200408021738.05836.stephan42@chinguarime.net> <87llgxbc15.fsf@wheatstone.g10code.de> Message-ID: <200408022257.29082.stephan42@chinguarime.net> On Montag, 2. August 2004 21:00, Werner Koch wrote: > > (code: /usr/lib/libgpgme.so.11: undefined symbol: initialize)" > > You need to use libgcrypt 0.3.16 with the cryptplug kmail versions. > The libgcrypt.so.11 is too new 90.4.1 or newer). This is a common > problem and we can't do much about it. You haven't got any idea where to get this have you? The only versions of libgcrypt I can find are above 1.1 And do you reckon those problems will be gone with kde3.3? I didn't install the beta2 yet since this is a production system I don't want to mess up with betas. Stephan From atom at suspicious.org Tue Aug 3 04:30:20 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Aug 3 04:27:41 2004 Subject: OT Re: Can't locate public key or pubring.gpg In-Reply-To: <200407301748.TAA00587@vulcan.xs4all.nl> References: <200407301748.TAA00587@vulcan.xs4all.nl> Message-ID: <20040802222603.J45133@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 30 Jul 2004, Johan Wevers wrote: > Atom 'Smasher' wrote: > >> "If someone created a database of all primes, won't he be >> able to use that database to break public-key algorithms? >> Yes, but he can't do it. If you could store one gigabyte >> of information on a drive weighing one gram, then a list >> of just the 512-bit primes would weigh so much that it >> would exceed the Chandrasekhar limit and collapse into a >> black hole... so you couldn't retrieve the data anyway" >> -- Bruce Schneier, Applied Cryptography > > Sorry for being off-topic, but I hope Bruce Schneier knows more about > cryptography than about astrophysics. The Chandrasekhar limit is the > limit after which a white dwarf collapses into a neutron star. The > limit after which a neutron star collapses into a black hole is known > as the Oppenheimer-Volkoff limit. =========================== heh... let him know, maybe he'll add it to his official list of corrections... http://www.schneier.com/book-applied-errata.html i'm *not* math savvy, but i found something that didn't make sense, and with some help confirmed a technical error in the book... i emailed schneier but the correction hasn't yet made the list. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "99 Decision Street, 99 ministers meet To worry, worry, super-scurry Call the troops out in a hurry This is what we've waited for This is it boys, this is war The president is on the line As 99 red balloons go by." -- Nena -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBDvjBAAoJEAx/d+cTpVciebkIAKR6tO8/hCKppJQ/sOtftCBx gYBwflBVEw5Fs9LLAN7CtAUHybpd/Kubp+ITwrebP+3oPFoEjm25KYLwKVoIqMkP Z9pypPhYekgNsK4RlKEcLere4vxFOk4FYeM09AJQj4bfjlGzY+VnIZG7nFHvo528 jwC4IbESAPUpFxR3QL3+GElonG067+vPHBgv9kExhfEh9QLhEm/XZdwDwnZoVhlP gj9WPwrVxYjZIhEdx2CO5IDGJYaSLeMLv64xJ1TVr7mX3lrBv96ozTVOxOal5p22 S38JchdU/r86WysXM6BagUIVVYtU59+pc/7E5PGAPJGwqylFICcEScCBtLgKcC0= =0cy5 -----END PGP SIGNATURE----- From servie_platon at yahoo.com Tue Aug 3 05:53:18 2004 From: servie_platon at yahoo.com (InHisGrip) Date: Tue Aug 3 05:50:40 2004 Subject: Signing or Encrypting to the Full Extent... Is It All About Key Size or What??? In-Reply-To: <200407301806.40589.linux@codehelp.co.uk> Message-ID: <20040803035318.62036.qmail@web41002.mail.yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, Sorry but I am just curious. If you would notice, I have signed this message and it has PGP Signed - Hash:SHA1 only. How do I make this to SHA256 or even greater as with Mr. Atom Smasher's all signed email replies? When I first generated a key, I chose the default DSA & ElGamal 1792 key. If I have generated RSA Sign and Encrypt with key as much as 4096, would you think I would have SHA256 or unless otherwise? In other words, more secure and harder for others to break? Or at least, will take a little bit of time to? Special thanks to Neil Williams, Atom Smasher and Werner Koch and others who have replied to my previous post. Thanks a lot! InHisGrip, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1 iQIVAwUBQQ8L4HpcC4/WDayXAQKzgQ//V+5knBkJWB3TeCgX3eo5E1Wy+vwV6RHG tKxpdVtZoXdvy/HnF7V5zHnBqp2mmKusMgE5Bu0pxNL5lMEaeu1EhZU7i9M1GYml fWUP3KlrPi2w5dy/maXMy/08aFEPMWF5LqhxjsWRssO9TVQ0gmu7JfKczSibzn3E 2X5o0tZbknCGLl6w3WPTSyMdLHA6CGwvDylLhqcfg0J3HMoIU71z69Qm5zZ3/zDq LBTNsX30fFrr2JvZqzd8QbYbtarAWqnZo1a1dGPcVHglusgaCKTYinzz7Ks2Mfeu hwhMEqWDjMIdBQSHat4WVGBckKl3qs97fG7nRuVqt22+BJb8UzkDfAWwzXrt0bKb J632CdrrV8kARiQN35IesobwNZ60EsicJN9zSS5aQdSS9RBoLcsw0yhxzEhqBojB rPeaXY4HkohJFOI0teY6EMUZax9tEc5/oSSU4TIt5Cr9uWec2Pz7SOR6dsOeDO/+ VHgvBvGEi7RdFyiDOS4yUP6w3AVi2a0jJHOEwaqJj3DO5krLUDrLjuzZpNaxSc/c wrDeAFLIM0wj1zvFyKdzf9mPQSahGZLKJayaefsHV6Kdy/yIGLw/ldvlDh34dp9P 0QEyNcAwBxr8MWpJT1la4khvKYA3sJRVSco8xgkHolaMeGgjPfxwMPVlGr74D0Ay 4Ivh4uOYmBc= =/oSO -----END PGP SIGNATURE----- __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail From MagicFab at FabianRodriguez.com Tue Aug 3 06:12:45 2004 From: MagicFab at FabianRodriguez.com (F. Rodriguez) Date: Tue Aug 3 06:09:52 2004 Subject: many questions In-Reply-To: <200408022052.16635.linux@codehelp.co.uk> References: <200408021137.23544.str@strgt.cjb.net> <410E8907.8030709@FabianRodriguez.com> <200408022052.16635.linux@codehelp.co.uk> Message-ID: <410F10BD.7070901@FabianRodriguez.com> Neil Williams a ?crit : > On Monday 02 August 2004 7:33, F. Rodriguez wrote: > >>Stuardo - StR - Rodriguez wrote: >> >>>1) Can I create all the keys in a single machine to export them to the >>>other machines? >> >>Yes. I would create one keyring with all public keys and separate >>keyrings for the private keys on each machine. > > Generating all the keys yourself is a bad idea - generating them all on one > machine (each key generated by the final user) is a practical problem. You > shouldn't expect people to trust a key generated by someone else! (Generating > a key requires setting the passphrase and it isn't wise to use a key to which > someone else has a passphrase. Even if the user changes the passphrase in > their private key, what is to say that you haven't kept an old private key > with your own passphrase? Multiple copies of private keys with different > people should be avoided. That depends if you are the local Chief Security Officer (or "GnuPG guy/girl"). As I said, you can pretty much decide whatever you want to do, or trust. Just keep in mind the implications. Cheers, F. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040803/f282fed5/signature.bin From atom at suspicious.org Tue Aug 3 07:53:25 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Aug 3 07:50:49 2004 Subject: Signing or Encrypting to the Full Extent... Is It All About Key Size or What??? In-Reply-To: <20040803035318.62036.qmail@web41002.mail.yahoo.com> References: <20040803035318.62036.qmail@web41002.mail.yahoo.com> Message-ID: <20040803011211.Q45133@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 2 Aug 2004, InHisGrip wrote: > Sorry but I am just curious. If you would notice, I have signed this > message and it has PGP Signed - Hash:SHA1 only. How do I make this to > SHA256 or even greater as with Mr. Atom Smasher's all signed email > replies? ========================= heh... whatever you do, don't do what i do ;) i have a habit of pushing the limits of pgp. signatures of SHA-256 hashes can not be generated in 1.2.x branch of GnuPG... the development branch is not recommended for general consumption. i noticed that you signed your message with a 4096-RSA key 0xD60DAC97. when 1.3.x development becomes 1.4.x stable, then you'll be able to sign messages with SHA-256 (keep reading for reasons *not* to do that)... most people, however, use DSS primary keys and will be unable to use that with any hash larger than SHA-1 (not that there'd be any point in doing that, since the key is limited to 1024). of course, i would recommend adding 1024-2048 subkeys (to your 4096 key) for signing and encryption. that should be sufficient for the near term future, and you can always revoke a subkey that's too small or compromised, and replace it with a bigger subkey. and if that happens, you can still keep the same primary key and all signatures you collect on it... i suspect that in the not-too-distant future DSS will be abandoned, and with it a lot of signed keys. > When I first generated a key, I chose the default DSA & ElGamal 1792 > key. If I have generated RSA Sign and Encrypt with key as much as 4096, > would you think I would have SHA256 or unless otherwise? In other words, > more secure and harder for others to break? Or at least, will take a > little bit of time to? ==================== i was asking some SHA-256 questions on the development list, not long ago, and one fact that was pointed out to me is that SHA-256 isn't ~necessarily~ stronger than SHA-1... it's not the same thing, only bigger; it's a different algorithm that hasn't been around as long, hasn't been studied as much, etc. history might prove that it's actually weaker than SHA-1... and support for SHA-256 isn't nearly as widespread as support for SHA-1, so if you send a message to someone using PGP-x, they may or may not be able to verify your signature. OTOH, if one assumes that SHA-256 really is stronger than SHA-1, then it would be arguably more secure to sign messages with it... remember, you're not signing _the_message_, you're signing a _hash_ of the message... so, if someone wants to forge a signature they can do it by attacking the hash function... a larger hash (assumed to be more secure) would thus be harder to attack. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "When one tries to rise above Nature one is liable to fall below it." -- Sherlock Holmes (Arthur Conan Doyle) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBDyhhAAoJEAx/d+cTpVci0X8IALLLmWzJgRTu4Wby6NORI5cz uTDnTx78aKLTGHVZeQoud8VtPzV7C0zjJxUqXGCM1FZPsiwp5OfCr2ZN8De7vIMa Tp/U/r7Z3ejJ3PuykBmILxOmKBTqni44KjmY04rVagFDfcUqzr1QQaZdrdRC3OwL MhACe95XMdPo+RPWa9ebJUGkM+GDJII/6RXtaInGt7JozXvxX5omks8K37ey1pUD 1RtmuATGCQ9AUCEBLmyfe9ysZtk9V0TBcz1U/MT2pQoKbQQWUd35QNr3ExdIMBvc 1ZzirLOmLOdJdAqWy/WlsirxGyA6h0Lk2rWdBommp5/cDWKnzpZpT7X3J2h43l8= =Ioxg -----END PGP SIGNATURE----- From g-r-v at ukr.net Tue Aug 3 07:18:27 2004 From: g-r-v at ukr.net (Robert Golovniov) Date: Tue Aug 3 09:50:34 2004 Subject: Character sets Message-ID: <200408030748.i737mntF002954@ns.core> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello gnupg-users, What are the valid character sets for GnuPG preferences - both for Windows and Linux versions? I have received a couple of messages composed under Mutt and encrypted with PGP/MIME. Upon decryption all Cyrillic messages show up as a lot of garbage. So, what is the best charset for Linux fully compatible with Windows and vice versa? Many thanks! - -- -=Robert & Beata Golovniov | Lviv, Ukraine=- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PGP key request: mailto:golovniov@interia.pl?subject=Key&Body=Embedded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Comment: Using PGP/GnuPG for Internet privacy. Comment: Gossamer Spider Web of Trust http://gswot.webhop.info iD8DBQFBDyAcWh2fA2M/bQcRApwgAKD1nZCfE52e2QFL7D9KhebhtNFOPgCdHn0M cKH65TvM2+8G3L4VDONezC8= =jODW -----END PGP SIGNATURE----- From wk at gnupg.org Tue Aug 3 12:09:24 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Aug 3 12:08:30 2004 Subject: Character sets In-Reply-To: <200408030748.i737mntF002954@ns.core> (Robert Golovniov's message of "Tue, 3 Aug 2004 08:18:27 +0300") References: <200408030748.i737mntF002954@ns.core> Message-ID: <87smb4a5yj.fsf@wheatstone.g10code.de> On Tue, 3 Aug 2004 08:18:27 +0300, Robert Golovniov said: > What are the valid character sets for GnuPG preferences - both for > Windows and Linux versions? I have received a couple of messages You mean thinks like notation data and user IDs? By definition this must all be encoded in UTF-8. GnuPG does this and tries to display it correctly on all terminals. Older PGP versions ignored the UTF-8 requirement and stored user IDs as they are entered. The option --charset may be used to force the use of conversion from utf-8 to latin-1, latin-2 or koi-8 or leave it as utf-8. On modern systems this is not required, though. Werner From udjinrg at forenet.by Tue Aug 3 12:54:37 2004 From: udjinrg at forenet.by (Maxim Britov) Date: Tue Aug 3 13:07:47 2004 Subject: Character sets In-Reply-To: <87smb4a5yj.fsf@wheatstone.g10code.de> References: <200408030748.i737mntF002954@ns.core> <87smb4a5yj.fsf@wheatstone.g10code.de> Message-ID: <20040803135437.2156083a@maxim-l.office.modum.by> > > What are the valid character sets for GnuPG preferences - both for > > Windows and Linux versions? I have received a couple of messages > > You mean thinks like notation data and user IDs? By definition this > must all be encoded in UTF-8. GnuPG does this and tries to display it > correctly on all terminals. > > Older PGP versions ignored the UTF-8 requirement and stored user > IDs as they are entered. > > The option --charset may be used to force the use of conversion from > utf-8 to latin-1, latin-2 or koi-8 or leave it as utf-8. On modern > systems this is not required, though. It usefull only for Linux. Russian is: utf-8 and koi8-r win32 uses cp866 and cp1251 for Russian. => Only koi8-r or You have to patch gnupg and add support 866/1251 and use cp1251 under Linux (best for compatibility (afaik)) I think I can send you it. GnuPG doesn't encode content of messages. You shoult look at your mutt (imho) -- Maxim Britov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB JABBER: maxbritov on jabber.org/jabber.ru ICQ 198171258 From wk at gnupg.org Tue Aug 3 14:35:42 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Aug 3 14:38:31 2004 Subject: kmail and gpgme In-Reply-To: <200408022257.29082.stephan42@chinguarime.net> (Stephan Menzel's message of "Mon, 2 Aug 2004 22:57:28 +0200") References: <200408021738.05836.stephan42@chinguarime.net> <87llgxbc15.fsf@wheatstone.g10code.de> <200408022257.29082.stephan42@chinguarime.net> Message-ID: <87oels9z6p.fsf@wheatstone.g10code.de> On Mon, 2 Aug 2004 22:57:28 +0200, Stephan Menzel said: > You haven't got any idea where to get this have you? > The only versions of libgcrypt I can find are above 1.1 oops, I meant gpgme of course. > And do you reckon those problems will be gone with kde3.3? I didn't install > the beta2 yet since this is a production system I don't want to mess up with > betas. Yes. Werner From Kerry_Walker at Mastercard.com Wed Aug 4 19:45:05 2004 From: Kerry_Walker at Mastercard.com (Kerry Walker) Date: Wed Aug 4 19:42:50 2004 Subject: GPG equivalent of PGP's --group option? Message-ID: I use PGP to encrypt data for sending to various end users by encrypting files using their public key they have provided. To make it possible for me to associate their key with a meaningful user_id , I use the PGP --group-add option to create a group name containing a meaninful user_id and then add their public key to the group. Now, I can call --encrypt with the meaningful user_id, instad of having to use the actual key id. I'm looking for a similar "alias" functionality in GPG but I can't find anything that works quite like that. The adduid command requires that I have the private key also that goes with the public key I want to associate with a meaningful user_id. Does anyone know of a solution that is part of the GPG functionality? ----------------------------------------- CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you. From Freedom_Lover at pobox.com Wed Aug 4 20:04:46 2004 From: Freedom_Lover at pobox.com (Todd) Date: Wed Aug 4 20:02:14 2004 Subject: GPG equivalent of PGP's --group option? In-Reply-To: References: Message-ID: <20040804180446.GH24806@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kerry Walker wrote: > Does anyone know of a solution that is part of the GPG > functionality? man gpg has this: - --group name=value1 [value2 value3 ...] Sets up a named group, which is similar to aliases in email programs. Any time the group name is a recipient (-r or --recipient), it will be expanded to the values specified. Multiple groups with the same name are automatically merged into a single group. The values are key IDs or fingerprints, but any key descrip- tion is accepted. Note that a value with spaces in it will be treated as two different values. Note also there is only one level of expansion - you cannot make an group that points to another group. When used from the command line, it may be necessary to quote the argument to this option to prevent the shell from treating it as multiple arguments. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== I used to think the brain was the most advanced part of the body. Then I realized, look what's telling me that. -- Emo Phillips -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQFBESU+uv+09NZUB1oRArNfAKDP3zlL3LMSEEG1BiZbADNaNqyE0wCeJs3R A56ohjOmnmXHDJVdmD8pLwA= =GH9D -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Aug 4 21:17:00 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Aug 4 21:13:55 2004 Subject: GPG equivalent of PGP's --group option? In-Reply-To: References: Message-ID: <20040804191659.GA16639@jabberwocky.com> On Wed, Aug 04, 2004 at 12:45:05PM -0500, Kerry Walker wrote: > > > > > I use PGP to encrypt data for sending to various end users by > encrypting files using their public key they have provided. To make > it possible for me to associate their key with a meaningful user_id > , I use the PGP --group-add option to create a group name containing > a meaninful user_id and then add their public key to the group. > Now, I can call --encrypt with the meaningful user_id, instad of > having to use the actual key id. I'm looking for a similar "alias" > functionality in GPG but I can't find anything that works quite like > that. The adduid command requires that I have the private key also > that goes with the public key I want to associate with a meaningful > user_id. > > Does anyone know of a solution that is part of the GPG > functionality? Yes, there is a --group command. Stick in your gpg.conf file: group name_you_want_to_use = keyid1 keyid2 keyid3 keyid4 David From dshaw at jabberwocky.com Wed Aug 4 21:19:12 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Aug 4 21:16:05 2004 Subject: gpg: malformed CRC In-Reply-To: <8DB48D9E-E236-11D8-AD7D-000393CE2D60@digia.com> References: <8DB48D9E-E236-11D8-AD7D-000393CE2D60@digia.com> Message-ID: <20040804191912.GB16639@jabberwocky.com> On Fri, Jul 30, 2004 at 05:41:34PM +0300, Seppo Laaksonen wrote: > Hi, > Upgraded to gnupg 1.2.5 running on MacOS X 10.3. Now I have problems in > decrypting some of the incoming messages. This could be totally > unrelated with the 1.2.5. The simple decryption error message is "gpg: > malformed CRC". The same message decrypts just fine using commercial > PGP 7.0. Here is what happens. Can you post a short sample message that works with PGP but not GnuPG? Also, what happens if you use the --ignore-crc-error option to gpg? David From vedaal at hush.com Wed Aug 4 22:09:09 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Wed Aug 4 22:06:01 2004 Subject: gpg: malformed CRC Message-ID: <200408042009.i74K9AxJ027296@mailserver3.hushmail.com> On Wed Aug 4 21:19:12 CEST 2004, Daviv Shaw wrote: [...] > Can you post a short sample message that works with PGP but not GnuPG? in general, any armored pgp message that omits the checksum and the footer (both at once) will cause a GnuPG error message of: 'gpg: malformed CRC' and be un-openable in GnuPG, (unless the --ignore-crc-error option is used, in which case, the error message is the same, but GnuPG will decrypt it), but will still be able to be decrypted by PGP, without any error messages. so, it may be an e-mail or copying distortion of the original message. (afaik), there is no 'untampered' type of PGP armored message that causes an error message of 'malformed' crc vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From MagicFab at FabianRodriguez.com Wed Aug 4 23:08:20 2004 From: MagicFab at FabianRodriguez.com (F. Rodriguez) Date: Wed Aug 4 23:05:25 2004 Subject: key server software ? In-Reply-To: <200408022052.16635.linux@codehelp.co.uk> References: <200408021137.23544.str@strgt.cjb.net> <410E8907.8030709@FabianRodriguez.com> <200408022052.16635.linux@codehelp.co.uk> Message-ID: <41115044.8070105@FabianRodriguez.com> Neil Williams wrote : >> <>I thought it was SKS that was most up to date (subkeys etc.)? > Any opinions on this ? Last release seems to be march 30, 2004. -- Fabi?n Rodr?guez Montreal, QC, Canada http://www.fabianrodriguez.com/email -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040804/576b36b2/signature.bin From Kerry_Walker at Mastercard.com Wed Aug 4 18:55:36 2004 From: Kerry_Walker at Mastercard.com (Kerry Walker) Date: Thu Aug 5 14:50:56 2004 Subject: GPG equivalent of PGP's --group option? Message-ID: I use PGP to encrypt data for sending to various end users by encrypting files using their public key they have provided. To make it possible for me to associate their key with a meaningful user_id , I use the PGP --group-add option to create a group name containing a meaninful user_id and then add their public key to the group. Now, I can call --encrypt with the meaningful user_id, instad of having to use the actual key id. I'm looking for a similar "alias" functionality in GPG but I can't find anything that works quite like that. The adduid command requires that I have the private key also that goes with the public key I want to associate with a meaningful user_id. Does anyone know of a solution that is part of the GPG functionality? ----------------------------------------- CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you. From slaakso at nic.fi Thu Aug 5 17:34:51 2004 From: slaakso at nic.fi (Seppo Laaksonen) Date: Thu Aug 5 17:31:42 2004 Subject: gpg: malformed CRC Message-ID: On Wed Aug 4 22:09:09 CEST 2004, vedaal wrote: > in general, > any armored pgp message that omits the checksum and the footer > (both at once) will cause a GnuPG error message of: > 'gpg: malformed CRC' > and be un-openable in GnuPG, > (unless the --ignore-crc-error option is used, > in which case, the error message is the same, but GnuPG will decrypt > it), > but will still be able to be decrypted by PGP, > without any error messages. Vedaal, thank you very much. Using the option helped opening the messages that I have not been able to open before. Just out of the curiosity, what is the additional protection that the checksum and the footer does provide? I'm wondering why I should not use the option by default (or why is it not on by default)? Reading from the man-page (now that I'm aware of the option), it seems that the checksum and the footer are there just to show that message received is exactly the same as the sent one. However, the content is still protected. -- Seppo From dshaw at jabberwocky.com Thu Aug 5 17:47:54 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Aug 5 17:44:55 2004 Subject: gpg: malformed CRC In-Reply-To: <200408042009.i74K9AxJ027296@mailserver3.hushmail.com> References: <200408042009.i74K9AxJ027296@mailserver3.hushmail.com> Message-ID: <20040805154753.GA25635@jabberwocky.com> On Wed, Aug 04, 2004 at 01:09:09PM -0700, vedaal@hush.com wrote: > On Wed Aug 4 21:19:12 CEST 2004, Daviv Shaw wrote: > > [...] > > > Can you post a short sample message that works with PGP but not GnuPG? > > in general, > any armored pgp message that omits the checksum and the footer > (both at once) will cause a GnuPG error message of: > 'gpg: malformed CRC' > and be un-openable in GnuPG, > (unless the --ignore-crc-error option is used, > in which case, the error message is the same, but GnuPG will decrypt > it), > but will still be able to be decrypted by PGP, > without any error messages. I think PGP is correct here. The spec says the checksum is a MAY, so it should be legal to have an armored message with no checksum at all. I keep meaning to change that in 1.3.x. Though, of course, just because the checksum is optional doesn't make it smart to leave it out. There won't be any option to not generate a checksum, but if you chop it off, I think GnuPG should accept the message. David From vedaal at hush.com Thu Aug 5 20:32:53 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Thu Aug 5 20:29:54 2004 Subject: gpg: malformed CRC Message-ID: <200408051832.i75IWu36096626@mailserver3.hushmail.com> >Message: 10 >Date: Thu, 5 Aug 2004 18:34:51 +0300 >From: Seppo Laaksonen >Subject: gpg: malformed CRC >To: gnupg-users@gnupg.org >Message-ID: >Content-Type: text/plain; charset=US-ASCII; format=flowed > >On Wed Aug 4 22:09:09 CEST 2004, vedaal wrote: > >> in general, >> any armored pgp message that omits the checksum and the footer >> (both at once) will cause a GnuPG error message of: >> 'gpg: malformed CRC' >> and be un-openable in GnuPG, >> (unless the --ignore-crc-error option is used, >> in which case, the error message is the same, but GnuPG will decrypt >> it), >> but will still be able to be decrypted by PGP, >> without any error messages. > >Vedaal, >thank you very much. Using the option helped opening the messages >that >I have not been able to open before. > >Just out of the curiosity, what is the additional protection that >the >checksum and the footer does provide? I'm wondering why I should >not >use the option by default (or why is it not on by default)? Reading >> >from the man-page (now that I'm aware of the option), it seems that >the >checksum and the footer are there just to show that message received >is >exactly the same as the sent one. However, the content is still >> >protected. gnupg provides the best solution here, by allowing you to ignore it, and go ahead and decrypt, but still informing you of an alteration, there are some (admittedly far-fetched) spoofs that are prevented by having the checksum intact: for example, let's say that Alice and Bob are corresponding about sensitive issues, that Alice does not want anyone to know about, especially Alice's problem acquaintance, Charlie. it is possible for a middleperson to get Alice upset and Bob in trouble, by intercepting the message, and adding another packet of a session key encrypted to Charlie's public key, causing Alice to think that Bob simultaneously encrypted to Alice and Charlie. neither Bob nor Alice can prove that the packet with the session key encrypted to Charlie's key, isn't the 'real' session key, without being able to decrypt with Charlie's key. this would be prevented by a crc and mdc authentication of the 'real' message, and not allow any extra spoofing packets to be added. using the 'ignore' options allows for the convenience in being able to decrypt messages with simple benign e-mail mangling, while still allowing for an 'alert' that the message was altered, and leaving it up to the user to decide if further investigation is necessary, (and if there are no 'unusual/unexpected' packets, then nothing further is necessary) vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From dshaw at jabberwocky.com Thu Aug 5 21:42:33 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Aug 5 21:39:31 2004 Subject: gpg: malformed CRC In-Reply-To: <200408051832.i75IWu36096626@mailserver3.hushmail.com> References: <200408051832.i75IWu36096626@mailserver3.hushmail.com> Message-ID: <20040805194233.GA27946@jabberwocky.com> On Thu, Aug 05, 2004 at 11:32:53AM -0700, vedaal@hush.com wrote: > gnupg provides the best solution here, by allowing you to ignore it, > > and go ahead and decrypt, but still informing you of an alteration, > > there are some (admittedly far-fetched) spoofs that are prevented by > having the checksum intact: > > for example, > let's say that Alice and Bob are corresponding about sensitive issues, > > that Alice does not want anyone to know about, especially Alice's problem > acquaintance, Charlie. > > it is possible for a middleperson to get Alice upset and Bob in trouble, > > by intercepting the message, > and adding another packet of a session key encrypted to Charlie's public > key, > causing Alice to think that Bob simultaneously encrypted to Alice and > Charlie. > > neither Bob nor Alice can prove that the packet with the session key > encrypted to Charlie's key, isn't the 'real' session key, > without being able to decrypt with Charlie's key. > > this would be prevented by a crc and mdc authentication of the 'real' > message, and not allow any extra spoofing packets to be added. Neither the CRC or MDC protects against packet addition as you describe. The CRC is not secure at all (nor is it intended to be), and an attacker can just make a new CRC after modifying the message. The MDC cannot be trivially replaced, but it protects just payload data, and not the entire OpenPGP collection of packets. The CRC is really just a quick way to see if an armored message got mangled in email or Usenet. It is very easy to create a message that looks like it should be decryptable by three people, but only one of them can really decrypt it. Similar games are possible, like a message that looks like it was encrypted to Alice, but it's actually secretly encrypted to Baker. David From vedaal at hush.com Fri Aug 6 16:12:49 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Fri Aug 6 16:09:42 2004 Subject: gpg: malformed CRC // feature request Message-ID: <200408061412.i76ECnuO054795@mailserver3.hushmail.com> David Shaw dshaw at jabberwocky.com Thu Aug 5 21:42:33 CEST 2004 wrote: [...] >Neither the CRC or MDC protects against packet addition as you >describe. The CRC is not secure at all (nor is it intended to be), >and an attacker can just make a new CRC after modifying the message. >The MDC cannot be trivially replaced, but it protects just payload >data, and not the entire OpenPGP collection of packets. then i would like to request a feature to provide this type of protection ;-) no new packet type need be involved, it could work something like this: [1] once a gnupg command of sign and encrypt is entered, the session key for the encrytion should be generated first, and encrypted to the public keys of all the recipients [2] all the other packets (except for the signed and encrypted message) could then be generated [3] after all the other packets are generated, gnupg could prompt the user with the following: gpg: the following packets are included in your pgp message: (here it would list each type of packet, including the public keys the session key is encrypted to), gpg: would you like a hash of these packets added to the end of the plaintext of your message , y/n? [4] answering 'no', would proceed as gnupg ordinarily proceeds, with no hash done, and nothing different included answering 'yes' would add the hash after the last line of the plaintext, possibly as follows: the following line is a hash of the above listed pgp packets included in this message, in order to verify their integrity after the message has been decrypted (hash listed) [5] the plaintext plus hash is signed, and then encrypted with the session key, added to the other packets, crc and mdc, and sent. [6] the crc and mdc still are there for e-mail-mangling alerts, and, after decryption and verification, the hash can be used to verify the packets and detect any packet 'additions/deletions' no new packet is introduced that would require rfc 2440 changes, and the hash can still be verified by non-gnupg implementations. (it can also allow for an option to include a verbose listing of each of the packets, and effectively solve any surreptitious forwarding issues, and detect separations of signed and encrypted messages into clearsigned messages) (Please, Please ;-) ) Thanks! with Respect, vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From thomas at northernsecurity.net Fri Aug 6 18:10:42 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Mon Aug 9 13:21:01 2004 Subject: key server software ? In-Reply-To: <41115044.8070105@FabianRodriguez.com> References: <200408021137.23544.str@strgt.cjb.net> <410E8907.8030709@FabianRodriguez.com> <200408022052.16635.linux@codehelp.co.uk> <41115044.8070105@FabianRodriguez.com> Message-ID: <20040806161042.GA304@northernsecurity.net> On Wed, Aug 04, 2004 at 05:08:20PM -0400, F. Rodriguez wrote: > Any opinions on this ? Last release seems to be march 30, 2004. True, but a 1.0.8 is under way. The latest patch was added July 18 2004 (http://minsky-primus.homeip.net/archives/2004/sks/sks--mainline/sks--mainline--1.0/). /Thomas -- == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040806/b1c85615/attachment.bin From dshaw at jabberwocky.com Sat Aug 7 04:40:55 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Aug 9 13:21:26 2004 Subject: gpg: malformed CRC // feature request In-Reply-To: <200408061412.i76ECnuO054795@mailserver3.hushmail.com> References: <200408061412.i76ECnuO054795@mailserver3.hushmail.com> Message-ID: <20040807024054.GA8484@jabberwocky.com> On Fri, Aug 06, 2004 at 07:12:49AM -0700, vedaal@hush.com wrote: > David Shaw dshaw at jabberwocky.com > Thu Aug 5 21:42:33 CEST 2004 wrote: > > [...] > > >Neither the CRC or MDC protects against packet addition as you > >describe. The CRC is not secure at all (nor is it intended to be), > >and an attacker can just make a new CRC after modifying the message. > >The MDC cannot be trivially replaced, but it protects just payload > >data, and not the entire OpenPGP collection of packets. > > then i would like to request a feature to provide this type of protection > ;-) > > no new packet type need be involved, > > it could work something like this: > > [1] once a gnupg command of sign and encrypt is entered, > the session key for the encrytion should be generated first, > and encrypted to the public keys of all the recipients > > [2] all the other packets (except for the signed and encrypted message) > could then be generated > > [3] after all the other packets are generated, > gnupg could prompt the user with the following: > > gpg: the following packets are included in your pgp message: > (here it would list each type of packet, including the public keys the > session key is encrypted to), > > gpg: would you like a hash of these packets added to the end of the plaintext > of your message , y/n? > > [4] answering 'no', would proceed as gnupg ordinarily proceeds, with > no hash done, and nothing different included > > answering 'yes' would add the hash after the last line of the plaintext, > > possibly as follows: > > the following line is a hash of the above listed pgp packets included > in this message, in order to verify their integrity after the message > has been decrypted > (hash listed) > > [5] the plaintext plus hash is signed, and then encrypted with the session > key, added to the other packets, crc and mdc, and sent. > > [6] the crc and mdc still are there for e-mail-mangling alerts, > and, after decryption and verification, the hash can be used to verify > the packets and detect any packet 'additions/deletions' > > no new packet is introduced that would require rfc 2440 changes, > and the hash can still be verified by non-gnupg implementations. > > (it can also allow for an option to include a verbose listing of each > of the packets, and effectively solve any surreptitious forwarding issues, > and detect separations of signed and encrypted messages into clearsigned > messages) I think this sort of thing is safely beyond what GnuPG should do itself. Manipulating user-supplied input is a dangerous road to go down. Nothing stops a user from doing this via a front-end or script if they desire, of course. David From hmujtaba at forumsys.com Sun Aug 8 00:11:59 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Mon Aug 9 13:21:51 2004 Subject: Partial body length encoding for Compressed packets Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B38E@bstn-exch1.forumsys.com> Hi everyone, I am working with RFC2440 partial body length (PBL) encoding for my app. I have noticed that even though GPG's Encrypted Data Packets are cut into partial body length (PBL) chunks, the enclosed Compressed Data Packets are encoded using indeterminate lengths, rather than PBLs. Is this the default behavior for GPG and if so for what reasons? If possible, I would like GPG to create both compressed data packets and enclosed literal data packets using PBL encoding. Is there some way to force enable this feature? Thanks, Hasnain. From mroth at nessie.de Sun Aug 8 12:51:50 2004 From: mroth at nessie.de (Michael Roth) Date: Mon Aug 9 13:22:03 2004 Subject: Key Signing Party in Ludwigsburg (Stuttgart, Germany) on Monday 23/Aug/2004 Message-ID: <411605C6.4090305@nessie.de> > Kalle writes: "A PGP Key Signing Party is planned > currently for Monday starting 5pm. To participate, > please send your key ID to keysigning@kdab.net by > August 15. Further instructions will follow." Details at: http://dot.kde.org/1091689084/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 222 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040808/2ddc0dd0/signature-0001.bin From g-r-v at ukr.net Mon Aug 9 11:27:12 2004 From: g-r-v at ukr.net (Robert Golovniov) Date: Mon Aug 9 13:22:31 2004 Subject: GnuPG on Windows working with mailto keyservers? Message-ID: <200408090925.i799PZJc019826@ns.core> On Friday, July 2, 2004, 3:19:53 PM, Werner Koch wrote: >> Can the Windows version of GnuPG be taught to work with the mailto >> keyservers? Are there some guidelines for that? WK> It might be usable if you are able to setup a proper MTA; e.g. using WK> the Cygwin environment. I was able to find the program called Bmail. It is a command line SMTP mail server. What would be the mechanism of this program serving GnuPG to fetch unknown keys? -- -=Robert & Beata Golovniov | Lviv, Ukraine=- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PGP key request: mailto:golovniov@interia.pl?subject=Key&Body=Embedded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 202 bytes Desc: not available Url : /pipermail/attachments/20040809/2dece4df/attachment.bin From wk at gnupg.org Fri Aug 6 18:27:32 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 9 14:16:37 2004 Subject: [Announce] Re: document In-Reply-To: (wk@gnupg.org's message of "Fri, 6 Aug 2004 16:02:56 +0200") References: Message-ID: <87llgs44gb.fsf@wheatstone.g10code.de> Hi! Sorry, that this spam slipped through to the announce list. Please do not send any more comments like "what document". It should be pretty clear that this is spam with a faked address of mine: Received: from localhost ([127.0.0.1] helo=trithemius.gnupg.org) by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian)) id 1Bt5HZ-0005SW-00; Fri, 06 Aug 2004 16:01:17 +0200 That's Mailman sending the message to the local MTA Received: from kerckhoffs.g10code.com ([217.69.77.222]) by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian)) id 1Bt5HR-0005SL-00 for ; Fri, 06 Aug 2004 16:01:09 +0200 Here the local MTA has received it from the MX host to be forwarded to Mailman. Received: from ppp-62-10-15-147.dialup.tiscali.it ([62.10.15.147] helo=gnupg.org) by kerckhoffs.g10code.com with esmtp (Exim 3.35 #1 (Debian)) id 1Bt5HD-0008SE-00 for ; Fri, 06 Aug 2004 16:01:00 +0200 and that is the original spam post from some dialup network to the MX host. From: wk@gnupg.org Well, my address is pretty well known and as such a good faked address. Do not answer to spam or virii mail, this is more evil than the spam itself because it is harder to filter out. Thanks, Werner _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From lporter at hdsmith.com Mon Aug 9 13:54:34 2004 From: lporter at hdsmith.com (lporter@hdsmith.com) Date: Mon Aug 9 14:18:08 2004 Subject: Auto Reply to your message ... Message-ID: <4110165400004770@HDSPRIME.hdsmith.com> ----- The following text is an automated response to your message ----- I'm off Friday August 6th and Monday the 9th. See you Tuesday. From atom at suspicious.org Mon Aug 9 23:04:16 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Aug 9 23:01:41 2004 Subject: gpg: malformed CRC // feature request In-Reply-To: <20040807024054.GA8484@jabberwocky.com> References: <200408061412.i76ECnuO054795@mailserver3.hushmail.com> <20040807024054.GA8484@jabberwocky.com> Message-ID: <20040809101642.Q79076@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > On Fri, Aug 06, 2004 at 07:12:49AM -0700, vedaal@hush.com wrote: >> David Shaw dshaw at jabberwocky.com >> Thu Aug 5 21:42:33 CEST 2004 wrote: >> >> [...] >> >>> Neither the CRC or MDC protects against packet addition as you >>> describe. The CRC is not secure at all (nor is it intended to be), >>> and an attacker can just make a new CRC after modifying the message. >>> The MDC cannot be trivially replaced, but it protects just payload >>> data, and not the entire OpenPGP collection of packets. >> >> then i would like to request a feature to provide this type of protection >> ;-) >> >> no new packet type need be involved, >> >> it could work something like this: >> >> [1] once a gnupg command of sign and encrypt is entered, >> the session key for the encrytion should be generated first, >> and encrypted to the public keys of all the recipients >> >> [2] all the other packets (except for the signed and encrypted message) >> could then be generated >> >> [3] after all the other packets are generated, >> gnupg could prompt the user with the following: >> >> gpg: the following packets are included in your pgp message: >> (here it would list each type of packet, including the public keys the >> session key is encrypted to), >> >> gpg: would you like a hash of these packets added to the end of the plaintext >> of your message , y/n? >> >> [4] answering 'no', would proceed as gnupg ordinarily proceeds, with >> no hash done, and nothing different included >> >> answering 'yes' would add the hash after the last line of the plaintext, >> >> possibly as follows: >> >> the following line is a hash of the above listed pgp packets included >> in this message, in order to verify their integrity after the message >> has been decrypted >> (hash listed) >> >> [5] the plaintext plus hash is signed, and then encrypted with the session >> key, added to the other packets, crc and mdc, and sent. >> >> [6] the crc and mdc still are there for e-mail-mangling alerts, >> and, after decryption and verification, the hash can be used to verify >> the packets and detect any packet 'additions/deletions' >> >> no new packet is introduced that would require rfc 2440 changes, >> and the hash can still be verified by non-gnupg implementations. >> >> (it can also allow for an option to include a verbose listing of each >> of the packets, and effectively solve any surreptitious forwarding issues, >> and detect separations of signed and encrypted messages into clearsigned >> messages) ====================== i'm not sure what you're trying to protect against... but this should work: gpg [encrypt] | gpg [sign] which can be decrypted using: gpg [verify] | gpg [decrypt] ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth." -- Sherlock Holmes (Arthur Conan Doyle) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBF+bXAAoJEAx/d+cTpVcidw4IAJzhnjDnD16yYrk5EZbIyBGJ pqBsNBxzT+mOo6erT2YQpstrRGUSEYWfCFxeEYWVvi3WtoRnyczUVWk2YTOPGL/M WufZdok4Rph4w0yu5UvcMvdg0h6r0/pCArCC98NopzxWa6N4zzvRR1gddPfAjlIE +GMQRLpliZh6lZ4Yo1XOaqngtGDOspJkU+9NK892nJUWUyBmZvogpyjMcHsEa/aK d0uF8AmssWLXBp1xqPgEWf0u+g5p9McoXld0FKXnh+V5r4sR0NpvN65rmCvO19Dr i2LTtVri+uXZmgy7znj8IDyxXfcq5gAZUCbH+6h7Asb6Q/hnmBA6FV1kd81APV8= =B6BM -----END PGP SIGNATURE----- From iam-est-hora-surgere at despammed.com Tue Aug 10 00:11:14 2004 From: iam-est-hora-surgere at despammed.com (Marcus Frings) Date: Tue Aug 10 00:08:07 2004 Subject: Key Signing Party in Ludwigsburg (Stuttgart, Germany) on Monday 23/Aug/2004 References: <411605C6.4090305@nessie.de> Message-ID: * Michael Roth wrote: >> Kalle writes: "A PGP Key Signing Party is planned >> currently for Monday starting 5pm. To participate, >> please send your key ID to keysigning@kdab.net by >> August 15. Further instructions will follow." > Details at: http://dot.kde.org/1091689084/ A good place for any key signing related announcements is (if not already mentioned there). Regards, Marcus -- I walk the line between good and evil While others have been thinking about it - I've been there and back From greg at turnstep.com Tue Aug 10 01:12:06 2004 From: greg at turnstep.com (Greg Sabino Mullane) Date: Tue Aug 10 01:09:23 2004 Subject: [Announce] Re: document In-Reply-To: <87llgs44gb.fsf@wheatstone.g10code.de> Message-ID: <0212ab4b69438e341954b59e9d54d56b@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Sorry, that this spam slipped through to the announce list. Please > do not send any more comments like "what document". It should be > pretty clear that this is spam with a faked address of mine: > ... > From: wk@gnupg.org > > Well, my address is pretty well known and as such a good faked address. Looks to me like yet another good reason to PGP-sign your emails. :) - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200408091907 -----BEGIN PGP SIGNATURE----- iD8DBQFBGARTvJuQZxSWSsgRAuRyAKCfsxkcM8wGi3jwu2CkSur1ThM7NwCfXyLP uy0yJmZkJdCCcUdXbOAyvCc= =q7z1 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Aug 10 02:25:07 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Aug 10 02:22:26 2004 Subject: Partial body length encoding for Compressed packets In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B38E@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B38E@bstn-exch1.forumsys.com> Message-ID: <20040810002507.GB19739@jabberwocky.com> On Sat, Aug 07, 2004 at 06:11:59PM -0400, Hasnain Mujtaba wrote: > Hi everyone, > > I am working with RFC2440 partial body length (PBL) encoding for my app. > I have noticed that even though GPG's Encrypted Data Packets are cut > into partial body length (PBL) chunks, the enclosed Compressed Data > Packets are encoded using indeterminate lengths, rather than PBLs. Is > this the default behavior for GPG and if so for what reasons? > > If possible, I would like GPG to create both compressed data packets and > enclosed literal data packets using PBL encoding. Is there some way to > force enable this feature? For PGP 2 compatibility reasons, GnuPG uses indeterminate lengths for compressed packets. There is no way to change this, but if you are willing to compile a special GnuPG to test with, you can do something like setting "new_ctb" to 1 in build_packet() when generating a compressed data packet. David From jharris at widomaker.com Tue Aug 10 05:49:42 2004 From: jharris at widomaker.com (Jason Harris) Date: Tue Aug 10 05:46:49 2004 Subject: new (2004-08-08) keyanalyze results (+sigcheck) Message-ID: <20040810034942.GY3286@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-08-08/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: b25c3206cd6316f770475fd9ef1a065e751c1aab 10217592 preprocess.keys 396fcb05087f2d5deb0874a4a6e131febabe15ce 6765931 othersets.txt 1817873d2883b8e713cd9ba9e21aff86271c6e6f 2654618 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html 81de06cdddf657fa2acb959ff4a81e5601fa17f4 2289 keyring_stats 8d17f29f27d4030c598286e9b18fa4a199e8d730 1043946 msd-sorted.txt.bz2 7f5f9333612e2584007f93482fac9aed193cff8f 26 other.txt 93abb04591d43ac700d0acee2e1f4ad33bba8514 1444100 othersets.txt.bz2 b340f85362f0e3eae235cd54a2544bcd9b8c6508 4147688 preprocess.keys.bz2 84730dd311dc0b9f7da83446ce648df1ecd110ad 9928 status.txt 3662199c63e28e7fac62f98aced0d9287b3d8675 211764 top1000table.html 2fd18f8088148c18b2add5d880f8f96c36871e2a 30642 top1000table.html.gz db271e8d94da699e01b14b029286747cba5aad6c 11029 top50table.html 344f24d3b7541814e0c63aba4b62e70d0e671a9f 2579 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040809/1a7d8d30/attachment.bin From wk at gnupg.org Wed Aug 11 10:04:15 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 11 10:03:38 2004 Subject: [Announce] Re: document In-Reply-To: <0212ab4b69438e341954b59e9d54d56b@biglumber.com> (Greg Sabino Mullane's message of "Mon, 9 Aug 2004 23:12:06 -0000") References: <0212ab4b69438e341954b59e9d54d56b@biglumber.com> Message-ID: <87vffqm77k.fsf@wheatstone.g10code.de> On Mon, 9 Aug 2004 23:12:06 -0000, Greg Sabino Mullane said: > Looks to me like yet another good reason to PGP-sign your emails. :) Mailman seems to garble signatures anyway and as long as Mailman is not able to identify a permitted poster by means of a signature, it won't help at all. Werner From patrick.marquetecken at pandora.be Wed Aug 11 11:29:20 2004 From: patrick.marquetecken at pandora.be (Patrick Maquetecken) Date: Wed Aug 11 11:26:10 2004 Subject: Switching from Linux to Windows Message-ID: <20040811112920.000053b8@intrepid> Hi, At my new job i must use windows. Where can i find some good howto's for using gnupg with outlook ? TIA Patrick -- "The needs of the many outweigh the needs of the few." -- Captain Spock in Star Trek II: The Wrath of Khan Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B ICQ# 316932703 Registered Linux User #44550 http://counter.li.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040811/b19f29b9/attachment.bin From linux at codehelp.co.uk Wed Aug 11 12:23:36 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Aug 11 12:20:19 2004 Subject: Switching from Linux to Windows In-Reply-To: <20040811112920.000053b8@intrepid> References: <20040811112920.000053b8@intrepid> Message-ID: <200408111123.38171.linux@codehelp.co.uk> On Wednesday 11 August 2004 10:29, Patrick Maquetecken wrote: > At my new job i must use windows. Where can i find some good howto's for > using gnupg with outlook ? http://www.gnupg.org/(en)/related_software/frontends.html#win Mozilla Thunderbird? Just because you are being forced to use windows, couldn't you slip Thunderbird on your workstation? Tell them you want to use clients at work that are compatible with the ones at home! :-) (Pretend you want to take your work home) -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040811/51bcb28e/attachment.bin From patrick.marquetecken at pandora.be Wed Aug 11 13:04:25 2004 From: patrick.marquetecken at pandora.be (Patrick Maquetecken) Date: Wed Aug 11 13:01:19 2004 Subject: Switching from Linux to Windows In-Reply-To: <200408111123.38171.linux@codehelp.co.uk> References: <20040811112920.000053b8@intrepid> <200408111123.38171.linux@codehelp.co.uk> Message-ID: <20040811130425.00000243@intrepid> On Wed, 11 Aug 2004 11:23:36 +0100 Neil Williams wrote: > On Wednesday 11 August 2004 10:29, Patrick Maquetecken wrote: > > At my new job i must use windows. Where can i find some good howto's for > > using gnupg with outlook ? > > http://www.gnupg.org/(en)/related_software/frontends.html#win > > Mozilla Thunderbird? > > Just because you are being forced to use windows, couldn't you slip > Thunderbird on your workstation? Tell them you want to use clients at work > that are compatible with the ones at home! > :-) > (Pretend you want to take your work home) > I'm afraid not, outlook is the compagny policy :-( But where going to try to change it. Patrick -- "The needs of the many outweigh the needs of the few." -- Captain Spock in Star Trek II: The Wrath of Khan Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B ICQ# 316932703 Registered Linux User #44550 http://counter.li.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040811/8de5d05d/attachment.bin From twoaday at freakmail.de Wed Aug 11 13:12:00 2004 From: twoaday at freakmail.de (twoaday@freakmail.de) Date: Wed Aug 11 13:09:00 2004 Subject: Your letter Message-ID: Your file is attached. -------------- next part -------------- A non-text attachment was scrubbed... Name: your_letter.pif Type: application/octet-stream Size: 17424 bytes Desc: not available Url : /pipermail/attachments/20040811/2e980381/your_letter-0001.exe From atom at suspicious.org Fri Aug 6 05:44:36 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Aug 11 13:50:36 2004 Subject: key info Message-ID: <20040805233951.L79076@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 a nifty little thing i did, making it easy to find info about keys... http://atom.smasher.org/pgp_stuff/ thanks to jason harris for maintaining the info this links to. this is beta, lemme know if anything needs to be changed or added. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we" -- George "dubya" Bush, 5 Aug 2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBEv6oAAoJEAx/d+cTpVci6WYH/iQh6rimX6DmFVTNQfHjQ4mx iV3tUIpCYOrR2Of+SuN3LaHcFe/kYMUKjnfUBphvMbugzhatcaMqvi8l6yxvuZA0 B+nD5ZvKYSms6abnkNLvQlTN9scugmFJ9oympGnR5exLa82q5n6/WkUCZKh6g4Jo VdDxv1AT22tnksHQhop8h7C+OQAqVcG6ZkWY8Gyx+eNx6CgqO5C7rpANJhBqKfNX NTBBiOs7Q38a6sfrdYpTNwUDzdYrPo3/2G5nxBpYzvt7DuAb1Ht39MLCiG+XfypA n9HiBHcsIRIbUifc1bNZre4aj4nzt4YS+1AntRY5LuwWaQiBik5+mRDhTodGSk0= =w6RS -----END PGP SIGNATURE----- From cwsiv at keepandbeararms.com Thu Aug 12 06:28:47 2004 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Thu Aug 12 06:22:09 2004 Subject: problem with newbies key attached sig Message-ID: <1092266043.4077.43.camel@linux.site> pg: using secondary key 8D794F7D instead of primary key 33A3AB45 gpg: 8D794F7D: There is no indication that this key really belongs to the owner gpg: [stdin]: encryption failed: unusable public key he is using pgp653 under winME. I am using gnupg124 under gnome next it will be kgpg and inline sig attempt -- o _______________________________ o _____ | CWSIV@KeepAndBearArms.com | .][__n_n_|DD[ ====_____ | M A R K L I N T R A I N S | > (________|__|_[_________]_|___________________________| _/oo OOOOO oo` ooo ooo 'o!o!o o!o!o` From cwsiv at keepandbeararms.com Thu Aug 12 06:28:57 2004 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Thu Aug 12 06:22:21 2004 Subject: GPG equivalent of PGP's --group option? In-Reply-To: <20040804191659.GA16639@jabberwocky.com> References: <20040804191659.GA16639@jabberwocky.com> Message-ID: <1092267538.4077.50.camel@linux.site> On Wed, 2004-08-04 at 12:17, David Shaw wrote: > On Wed, Aug 04, 2004 at 12:45:05PM -0500, Kerry Walker wrote: > > > > > > I use PGP to encrypt data for sending to various end users by > > encrypting files using their public key they have provided. To make > > it possible for me to associate their key with a meaningful user_id > > , I use the PGP --group-add option to create a group name containing > Yes, there is a --group command. Stick in your gpg.conf file: > > group name_you_want_to_use = keyid1 keyid2 keyid3 keyid4 > Is there a limit as to how people to whom a message can be encrypted. In the old days of pgp2.6.x the limit was three. -- o _______________________________ o _____ | CWSIV@KeepAndBearArms.com | .][__n_n_|DD[ ====_____ | M A R K L I N T R A I N S | > (________|__|_[_________]_|___________________________| _/oo OOOOO oo` ooo ooo 'o!o!o o!o!o` From cwsiv at keepandbeararms.com Thu Aug 12 06:29:01 2004 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Thu Aug 12 06:22:32 2004 Subject: Switching from Linux to Windows In-Reply-To: <20040811112920.000053b8@intrepid> References: <20040811112920.000053b8@intrepid> Message-ID: <1092280126.4077.254.camel@linux.site> On Wed, 2004-08-11 at 02:29, Patrick Maquetecken wrote: > Hi, > > At my new job i must use windows. Where can i find some good howto's for using gnupg with outlook ? > please get them to switch to eudora or you will be cleaning viruses every day. goto the gnupg.org site and check the front ends. It will be much easier for the windows people to use. If its just for yourself then knoppix privacy edition bootable linux cd will handle it nicely. -- o _______________________________ o _____ | CWSIV@KeepAndBearArms.com | .][__n_n_|DD[ ====_____ | M A R K L I N T R A I N S | > (________|__|_[_________]_|___________________________| _/oo OOOOO oo` ooo ooo 'o!o!o o!o!o` From koala at dg21.com Thu Aug 12 06:52:53 2004 From: koala at dg21.com (Shu Hung (Koala)) Date: Thu Aug 12 06:49:42 2004 Subject: hush mail Message-ID: <411AF7A5.4020109@dg21.com> How can I download the public-key of a hushmail account? I can find no key server for it... and I can find no hushmail keys in other servers, too. From stage1 at azimut.net Thu Aug 12 09:05:04 2004 From: stage1 at azimut.net (stage) Date: Thu Aug 12 11:12:21 2004 Subject: delete key from batch mode problem Message-ID: <411B16A0.3000407@azimut.net> I would like to delete key from batch mode. But when --batch option is present it gpg answer : gpg: can't do that in batchmode gpg: (unless you specifiy the key by fingerprint) I don't find in documentation how to specify a key by fingerprint. So, My question is : How to specify a key by fingerprint or where can i find doc on this ? Hope for your help... From howardjp at vocito.com Thu Aug 12 14:45:27 2004 From: howardjp at vocito.com (James P. Howard, II) Date: Thu Aug 12 14:42:08 2004 Subject: Question about multiple secret keys Message-ID: <20040812124527.GA22499@foxxy.triohost.com> I have multiple encryption keys tied to one uid. I have exported the secret keys and disabled the master signing key so that I can use what appears to be one master key/uid combination across mutliple systems. However, when I sign something, I receive errors these errors: $ head /dev/zero | gpg --clearsign gpg: no secret subkey for public subkey F2F27436 - ignoring gpg: no secret subkey for public subkey 6A55BA00 - ignoring gpg: no secret subkey for public subkey 5A697E12 - ignoring gpg: no secret subkey for public subkey E89583AE - ignoring You need a passphrase to unlock the secret key for This, in turn, causes mutt to display the error message. Is there any mechanism for disabling this announcement? Thank you, James -- James P. Howard, II -- howardjp@vocito.com http://www.jameshoward.us/ -- 202-390-4933 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040812/4d2a4beb/attachment.bin From wk at gnupg.org Thu Aug 12 15:24:19 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 12 15:23:30 2004 Subject: Question about multiple secret keys In-Reply-To: <20040812124527.GA22499@foxxy.triohost.com> (James P. Howard, II's message of "Thu, 12 Aug 2004 08:45:27 -0400") References: <20040812124527.GA22499@foxxy.triohost.com> Message-ID: <877js4xzek.fsf@wheatstone.g10code.de> On Thu, 12 Aug 2004 08:45:27 -0400, James P Howard, said: > This, in turn, causes mutt to display the error message. Is there > any mechanism for disabling this announcement? Do not use --verbose/-v Werner From howardjp at vocito.com Thu Aug 12 15:36:10 2004 From: howardjp at vocito.com (James P. Howard, II) Date: Thu Aug 12 15:32:53 2004 Subject: [GnuPG] Re: Question about multiple secret keys In-Reply-To: <877js4xzek.fsf@wheatstone.g10code.de> References: <20040812124527.GA22499@foxxy.triohost.com> <877js4xzek.fsf@wheatstone.g10code.de> Message-ID: <20040812133610.GA25874@foxxy.triohost.com> On Thu, Aug 12, 2004 at 03:24:19PM +0200, Werner Koch wrote: > On Thu, 12 Aug 2004 08:45:27 -0400, James P Howard, said: > > > This, in turn, causes mutt to display the error message. Is there > > any mechanism for disabling this announcement? > > Do not use --verbose/-v I am not. Further, setting --no-verbose has not improved the situation: $ head /dev/zero | gpg --no-verbose --clearsign gpg: no secret subkey for public subkey F2F27436 - ignoring gpg: no secret subkey for public subkey 6A55BA00 - ignoring gpg: no secret subkey for public subkey 5A697E12 - ignoring gpg: no secret subkey for public subkey E89583AE - ignoring You need a passphrase to unlock the secret key for James -- James P. Howard, II -- howardjp@vocito.com http://www.jameshoward.us/ -- 202-390-4933 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040812/41e79e01/attachment.bin From wk at gnupg.org Thu Aug 12 16:20:37 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 12 16:23:30 2004 Subject: [GnuPG] Re: Question about multiple secret keys In-Reply-To: <20040812133610.GA25874@foxxy.triohost.com> (James P. Howard, II's message of "Thu, 12 Aug 2004 09:36:10 -0400") References: <20040812124527.GA22499@foxxy.triohost.com> <877js4xzek.fsf@wheatstone.g10code.de> <20040812133610.GA25874@foxxy.triohost.com> Message-ID: <873c2sxwsq.fsf@wheatstone.g10code.de> On Thu, 12 Aug 2004 09:36:10 -0400, James P Howard, said: > I am not. Further, setting --no-verbose has not improved the > situation: See: if (opt.verbose) log_info ( _("no secret subkey " "for public subkey %08lX - ignoring\n"), (ulong)keyid_from_pk (pk,NULL) ); 2003-04-29 Werner Koch * sig-check.c (check_key_signature2): Made "no subkey for subkey binding packet" a verbose item instead of a !quiet one. There are too many garbled keys out in the wild. * getkey.c (premerge_public_with_secret): Made "no secret subkey for" warning a verbose item and translatable. Thus I conclude your version is older than 1.2.2 - please update to the latest one. Werner From kyle at toehold.com Thu Aug 12 17:02:27 2004 From: kyle at toehold.com (Kyle Hasselbacher) Date: Thu Aug 12 17:08:58 2004 Subject: delete key from batch mode problem In-Reply-To: <411B16A0.3000407@azimut.net> References: <411B16A0.3000407@azimut.net> Message-ID: <411B8683.4090009@toehold.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 stage wrote: | I don't find in documentation how to specify a key by fingerprint. So, | My question is : | How to specify a key by fingerprint or where can i find doc on this ? http://www.gnupg.org/(en)/documentation/manpage.en.html Under "How to specify a user ID". Basically, you take the key fingerprint: 2909 A7B5 0EB4 734C 2898 8D63 D74B 287E 2A94 C484 ...and give it without any spaces: 2909A7B50EB4734C28988D63D74B287E2A94C484 ...so you get a command line like this: gpg --list-key 2909A7B50EB4734C28988D63D74B287E2A94C484 Hope this helps. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBG4aDg98YFIfEFWMRArh+AKD8x9yXEiUSc85ohM3rYGCK3z3MQACeMoBW VxHUUfmTHW1ooodQSqhIy14= =0T9v -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Aug 12 17:23:17 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Aug 12 17:20:35 2004 Subject: GPG equivalent of PGP's --group option? In-Reply-To: <1092267538.4077.50.camel@linux.site> References: <20040804191659.GA16639@jabberwocky.com> <1092267538.4077.50.camel@linux.site> Message-ID: <20040812152316.GG23553@jabberwocky.com> On Wed, Aug 11, 2004 at 09:28:57PM -0700, Carl William Spitzer IV wrote: > On Wed, 2004-08-04 at 12:17, David Shaw wrote: > > On Wed, Aug 04, 2004 at 12:45:05PM -0500, Kerry Walker wrote: > > > > > > > > > I use PGP to encrypt data for sending to various end users by > > > encrypting files using their public key they have provided. To make > > > it possible for me to associate their key with a meaningful user_id > > > , I use the PGP --group-add option to create a group name containing > > > Yes, there is a --group command. Stick in your gpg.conf file: > > > > group name_you_want_to_use = keyid1 keyid2 keyid3 keyid4 > > > > Is there a limit as to how people to whom a message can be encrypted. > In the old days of pgp2.6.x the limit was three. There is no set limit, but you may eventually run out of space on the command line. David From MagicFab at FabianRodriguez.com Thu Aug 12 19:31:17 2004 From: MagicFab at FabianRodriguez.com (F. Rodriguez) Date: Thu Aug 12 19:28:17 2004 Subject: hush mail In-Reply-To: <411AF7A5.4020109@dg21.com> References: <411AF7A5.4020109@dg21.com> Message-ID: <411BA965.2030400@FabianRodriguez.com> Shu Hung (Koala) a ?crit : > How can I download the public-key of a hushmail account? > > I can find no key server for it... > and I can find no hushmail keys in other servers, too. 1) Go to www.hushtools.com 2) Click "Key management" in the top menu 3) Click "Retrieve a public key" in the left menu -- Fabi?n Rodr?guez Montreal, QC, Canada http://www.fabianrodriguez.com/email -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040812/569d3f62/signature.bin From linux at codehelp.co.uk Thu Aug 12 20:09:45 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Thu Aug 12 20:07:02 2004 Subject: OT Re: hush mail In-Reply-To: <411AF7A5.4020109@dg21.com> References: <411AF7A5.4020109@dg21.com> Message-ID: <200408121910.01993.linux@codehelp.co.uk> On Thursday 12 August 2004 5:52, Shu Hung (Koala) wrote: > How can I download the public-key of a hushmail account? Try hushmail.com and read. Then write to the user and ask for his/her public key. There is a hushmail keyserver - follow the links from hushmail.com. It uses sessions so I can't post a URL. > I can find no key server for it... > and I can find no hushmail keys in other servers, too. This set of tools allows Hush users to sign in and encrypt, decrypt, sign, and verify text and files. It also allows users of Open PGP systems to upload and download public keys, providing an easy means of secure communication between Hush users and all other Open PGP users. i.e. hushmail keys are not separate from GnuPG/PGP keys and won't show up as special. If the user has an existing GnuPG/PGP key , it is likely that it is already on keyservers. If not and hushmail produces one for them, it is up to the sender to make his/her public key known. Write to the user and complain. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040812/bae3ca72/attachment.bin From linux at codehelp.co.uk Thu Aug 12 20:21:21 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Thu Aug 12 20:18:18 2004 Subject: problem with newbies key attached sig In-Reply-To: <1092266043.4077.43.camel@linux.site> References: <1092266043.4077.43.camel@linux.site> Message-ID: <200408121921.28294.linux@codehelp.co.uk> On Thursday 12 August 2004 5:28, Carl William Spitzer IV wrote: > pg: using secondary key 8D794F7D instead of primary key 33A3AB45 > gpg: 8D794F7D: There is no indication that this key really belongs to so gpg is doing as pgp. However, you haven't set this key as trustworthy so it is unusable for encryption. > the owner You need to verify and sign the key. Also check that your own key is set as ultimate trust and that you've done a gpg --update-trustdb. If you want to force it without trust (NOT wise) or if you have a secondary method of trust, use --trust-model always. > gpg: [stdin]: encryption failed: unusable public key -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040812/e2631ea9/attachment.bin From torduninja at netcourrier.com Thu Aug 12 21:53:52 2004 From: torduninja at netcourrier.com (Maxine Brandt) Date: Thu Aug 12 21:52:42 2004 Subject: Switching from Linux to Windows Message-ID: <411BCAD0.2030905@netcourrier.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 2004-08-11 at 02:29, Patrick Maquetecken wrote: >> >> At my new job i must use windows. Where can i find some good howto's for using gnupg with outlook ? >> It's pretty simple if you get a good Windows front-end for GPG. With GPGshell, for example, just use current window or clipboard functions to encrypt/decrypt etc. I don't use WinPT but I believe it has the same capability in this respect. Salut Maxine - -- PGP/GPG keys: http://www.torduninja.tk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFBG8rNKBY/R6nbCcARAipAAJ9JuT5PpcnKSgTrSmbFyeTJmJxaiACeK1j1 wG75aZrVeX5qNyDh1WmaVh8= =knVi -----END PGP SIGNATURE----- From hmujtaba at forumsys.com Fri Aug 13 00:40:57 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Fri Aug 13 00:38:21 2004 Subject: Partial body length encoding for Compressed packets Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B391@bstn-exch1.forumsys.com> Hi David, If the encrypted data packet has an MDC packet at the end, then how is the decrypting software to figure out where the indeterminate length compressed data packet ends and the MDC begins? In this situation, perhaps it would help if the enclosed literal data packet is not built using indeterminate length. But what if even the literal is built using indeterminate length? How does GPG handle such cases? RFC2440 is not too clear about such issues. Thanks much, Hasnain. -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of David Shaw Sent: Monday, August 09, 2004 8:25 PM To: gnupg-users@gnupg.org Subject: Re: Partial body length encoding for Compressed packets On Sat, Aug 07, 2004 at 06:11:59PM -0400, Hasnain Mujtaba wrote: > Hi everyone, > > I am working with RFC2440 partial body length (PBL) encoding for my app. > I have noticed that even though GPG's Encrypted Data Packets are cut > into partial body length (PBL) chunks, the enclosed Compressed Data > Packets are encoded using indeterminate lengths, rather than PBLs. Is > this the default behavior for GPG and if so for what reasons? > > If possible, I would like GPG to create both compressed data packets and > enclosed literal data packets using PBL encoding. Is there some way to > force enable this feature? For PGP 2 compatibility reasons, GnuPG uses indeterminate lengths for compressed packets. There is no way to change this, but if you are willing to compile a special GnuPG to test with, you can do something like setting "new_ctb" to 1 in build_packet() when generating a compressed data packet. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From vedaal at hush.com Fri Aug 13 01:45:25 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Fri Aug 13 01:42:12 2004 Subject: hush mail Message-ID: <200408122345.i7CNjQrP078560@mailserver3.hushmail.com> >Message: 5 >Date: Thu, 12 Aug 2004 12:52:53 +0800 >From: "Shu Hung (Koala)" >Subject: hush mail >To: gnupg-users@gnupg.org >Message-ID: <411AF7A5.4020109@dg21.com> >Content-Type: text/plain; charset=us-ascii > >How can I download the public-key of a hushmail account? > >I can find no key server for it... >and I can find no hushmail keys in other servers, too. it's only on hushmail's keyserver, unless a hushmail user uploads it to a regular keyserver first, it is necessary to maake a hushmail account (free for 2mb) http://www.hush.com once you have an account, log on, and go to 'hushtools' and click on 'key management' and you can get any hush public key, or even non-hush public key, if a user has uploaded his/her 'other' public keys (useful in that hush automatically verifies signed messages if it has the signer's public key, somewhat annoying, in that there is no arrangement to upload an entire public keyring, but must be done key by key, pasting the public key block into the interface window) fwiw, even despite what the add-on advertisement says, i *really* am happy with them ;-) in that their e-mail is pretty 'untraceable' by looking at the e-mail headers, (other nice options too, but i'll stop before it looks like a spam ad ;-) (would sign, but hushmail mangles clearsigned messages) vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 From wk at gnupg.org Fri Aug 13 18:11:59 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Aug 13 18:13:40 2004 Subject: Partial body length encoding for Compressed packets In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B391@bstn-exch1.forumsys.com> (Hasnain Mujtaba's message of "Thu, 12 Aug 2004 18:40:57 -0400") References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B391@bstn-exch1.forumsys.com> Message-ID: <874qn7t3u8.fsf@wheatstone.g10code.de> On Thu, 12 Aug 2004 18:40:57 -0400, Hasnain Mujtaba said: > If the encrypted data packet has an MDC packet at the end, then how is > the decrypting software to figure out where the indeterminate length > compressed data packet ends and the MDC begins? In this situation, You need to do a read-ahead anyway. For the rationale why we use this scheme you need to look at the discussion in the OpenPGP WG back in 1999/2000. It basically boils down to a compromise that the MDC packet is both, a valid OpenPGP packet and also a fixed string appended right before encryption. > How does GPG handle such cases? RFC2440 is not too clear about such gpg does not care about this. When reading a byte from the input the length handling has already been done and an EOF state is issued correctly. That means that the code consuming the messages does not known about the actual encoding (partial of fixed length). Werner From wk at gnupg.org Fri Aug 13 20:03:16 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Aug 13 20:03:40 2004 Subject: [Announce] Release candidate for 1.2.6 Message-ID: <87vffmsyor.fsf@wheatstone.g10code.de> Hi, we just created a quick release candidate to be sure that 1.2.6 won't cause serious problems. ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.6rc1.tar.gz ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.6rc1.tar.gz.sig The NEWS reads as follows: * Updated the included gettext. This also fixes the installation problem from 1.2.5 * Fixed a race condition leading to deleted keys. config.{sub,guess} are also updated. If you had problems with 1.2.5 - except for the installation problem - we would appreciate if you can check this one out and report problems to gnupg-devel@gnupg.org or gnupg-users@gnupg.org. Thanks, Werner (for the GnuPG hackers) From cwsiv at keepandbeararms.com Sat Aug 14 05:47:59 2004 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Sat Aug 14 05:43:19 2004 Subject: gpg --fingerprint Message-ID: <1092435880.4977.3.camel@linux.site> Interesting output it seems some fingerprints display differently. Why is this are these pgp26x keys? > gpg --fingerprint /home//.gnupg/pubring.gpg ------------------------------ pub 1024D/6D347FFF 2000-05-22 Dan Stromberg Key fingerprint = 159D C918 98D6 6BAC DDAD 138A A347 DE56 6D34 7FFF sub 1024g/7D432915 2000-05-22 pub 512R/941BD48D 1995-10-15 Irony Games Key fingerprint = 23 43 71 CD EC E6 69 24 84 41 03 FB 64 96 44 31 pub 1024R/EF68F535 2000-02-01 privacy.at Anonymous Remailer Key fingerprint = 7E F4 EE 72 8F 98 10 87 68 DC A1 60 87 0C BE 4B pub 1024D/7150A879 2000-02-01 privacy.at Anonymous Remailer Key fingerprint = BFEC 2E74 882F 8751 D23A 7E4C 66D9 927F 7150 A879 sub 1024g/CF7B923E 2000-02-01 -- o _______________________________ o _____ | CWSIV@KeepAndBearArms.com | .][__n_n_|DD[ ====_____ | M A R K L I N T R A I N S | > (________|__|_[_________]_|___________________________| _/oo OOOOO oo` ooo ooo 'o!o!o o!o!o` From cwsiv at keepandbeararms.com Sat Aug 14 05:53:27 2004 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Sat Aug 14 05:47:16 2004 Subject: gpg --fingerprint Message-ID: <1092435880.4977.3.camel@linux.site> Interesting output it seems some fingerprints display differently. Why is this are these pgp26x keys? > gpg --fingerprint /home//.gnupg/pubring.gpg ------------------------------ pub 1024D/6D347FFF 2000-05-22 Dan Stromberg Key fingerprint = 159D C918 98D6 6BAC DDAD 138A A347 DE56 6D34 7FFF sub 1024g/7D432915 2000-05-22 pub 512R/941BD48D 1995-10-15 Irony Games Key fingerprint = 23 43 71 CD EC E6 69 24 84 41 03 FB 64 96 44 31 pub 1024R/EF68F535 2000-02-01 privacy.at Anonymous Remailer Key fingerprint = 7E F4 EE 72 8F 98 10 87 68 DC A1 60 87 0C BE 4B pub 1024D/7150A879 2000-02-01 privacy.at Anonymous Remailer Key fingerprint = BFEC 2E74 882F 8751 D23A 7E4C 66D9 927F 7150 A879 sub 1024g/CF7B923E 2000-02-01 -- o _______________________________ o _____ | CWSIV@KeepAndBearArms.com | .][__n_n_|DD[ ====_____ | M A R K L I N T R A I N S | > (________|__|_[_________]_|___________________________| _/oo OOOOO oo` ooo ooo 'o!o!o o!o!o` From atom at suspicious.org Sat Aug 14 05:54:57 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Sat Aug 14 05:52:34 2004 Subject: gpg --fingerprint In-Reply-To: <1092435880.4977.3.camel@linux.site> References: <1092435880.4977.3.camel@linux.site> Message-ID: <20040813235215.T75372@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, 13 Aug 2004, Carl William Spitzer IV wrote: > Interesting output it seems some fingerprints display differently. Why > is this are these pgp26x keys? ===================== this format: 1234 5678 90AB ... is used for 160 bit (40 character) v4 fingerprints of v4 keys. this format: 12 34 56 78 ... is used for 128 bit (32 character) v3 fingerprints of v3 keys. >> gpg --fingerprint > > /home//.gnupg/pubring.gpg > ------------------------------ > pub 1024D/6D347FFF 2000-05-22 Dan Stromberg > Key fingerprint = 159D C918 98D6 6BAC DDAD 138A A347 DE56 6D34 > 7FFF > sub 1024g/7D432915 2000-05-22 > > > pub 512R/941BD48D 1995-10-15 Irony Games > Key fingerprint = 23 43 71 CD EC E6 69 24 84 41 03 FB 64 96 44 31 > > pub 1024R/EF68F535 2000-02-01 privacy.at Anonymous Remailer > > Key fingerprint = 7E F4 EE 72 8F 98 10 87 68 DC A1 60 87 0C BE 4B > > pub 1024D/7150A879 2000-02-01 privacy.at Anonymous Remailer > > Key fingerprint = BFEC 2E74 882F 8751 D23A 7E4C 66D9 927F 7150 > A879 > sub 1024g/CF7B923E 2000-02-01 ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "When the government fears the people, you have liberty. When the people fear the government, you have tyranny." --Thomas Jefferson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBHY0WAAoJEAx/d+cTpVciolUIAL0m8xXDeSAJTXi9EXN6L1+O 5razJ4JB8WiPPL+CIIWRU8gOT5sLObTO1S4cyFe7dAieUOgUuf/FJTtz6pTsPQXe JrUdCuODxiVMpSS4pLdD9XENvqMld9mgOF9LCebn1tzQbY11rfZDNKEEYeKtRBBW oWT/UxCKR3scyoapbs9gH6ye5Gqt0glacvvzLIjei2EthzCZPuSBzDUDT7bDois1 hYKNAo6hn9CPlyaBYFIBAaM7ycDfFQ60YGSo7O8dH5U2LVadf6UTak0CGelBtq3v nmnkv7mOuaG1H1uQtF773OOdd9mH9Aqd93e92x7NtFqE2VI6t7SVXTdZ3Q/lGXc= =1iFV -----END PGP SIGNATURE----- From shavital at mac.com Sat Aug 14 17:16:14 2004 From: shavital at mac.com (Charly Avital) Date: Sat Aug 14 17:13:32 2004 Subject: [Announce] Release candidate for 1.2.6 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, configured and compiled for Mac OS X 10.3.5 Darwin 7.5.0. No problems detected. Thank you, and your team, for your work. Charly At 8:03 PM +0200 8/13/04, Werner Koch wrote: > Hi, > > we just created a quick release candidate to be sure that 1.2.6 won't > cause serious problems. > > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.6rc1.tar.gz > ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.6rc1.tar.gz.sig > > > The NEWS reads as follows: > > * Updated the included gettext. This also fixes the installation > problem from 1.2.5 > > * Fixed a race condition leading to deleted keys. > > > config.{sub,guess} are also updated. If you had problems with 1.2.5 - > except for the installation problem - we would appreciate if you can > check this one out and report problems to gnupg-devel@gnupg.org or > gnupg-users@gnupg.org. > > > Thanks, > > Werner (for the GnuPG hackers) > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6rc1 (Darwin) Comment: GnuPG for Privacy iD8DBQFBHizM8SG5rMkbCF4RAiQKAJ0Ru9y3n2/K8P51LGrYtM64Of3ZGQCdEzK6 cvFxkuTt7N5WvlefdAeVQaU= =xONP -----END PGP SIGNATURE----- From vishalrao at gmail.com Sat Aug 14 20:31:09 2004 From: vishalrao at gmail.com (Vishal Rao) Date: Sat Aug 14 20:27:56 2004 Subject: Passphrase not asked when exporting private key (via GPGShell) Message-ID: Hi, Why does GNUPG not ask for the passphrase when I export a private key? In this case I'm using GPGShell (Win frontend) but surely that is not the issue. I deleted the key from the ring and then imported the exported keypair and yes GPG asks for the passphrase when signing/decrypting so it is preserved in the exported key (I hope) and not stored in the TrustDB? Please CC your replies to me as I am not subscribed to this list. Thanks, Vishal -- "Thou shalt not follow the NULL pointer for at its end madness and chaos lie." From JPClizbe at comcast.net Sat Aug 14 21:54:43 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Sat Aug 14 21:52:04 2004 Subject: [Announce] Release candidate for 1.2.6 In-Reply-To: <87vffmsyor.fsf@wheatstone.g10code.de> References: <87vffmsyor.fsf@wheatstone.g10code.de> Message-ID: <411E6E03.4070607@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werner Koch wrote: > Hi, > > we just created a quick release candidate to be sure that 1.2.6 won't > cause serious problems. Configured and compiled mostly fine on Win 2000 (MinGW/Msys). The po/Makefile problem that was fixed in 1.2.5 is back in this release. "Borrowing" the Makefile from 1.2.5 made it go away. Now to put it into use for a bit. Thanks for the continuing work. - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." - Dumbya explaining his administration 5-Aug-2004 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Windows 2000 SP4) Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG Comment: Annoy John Asscraft -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBHm4CHQSsSmCNKhARAt3LAJ48rFRzwjLMJk9M26fiXbcqFiPPZgCfdgwi xDQBebqaO+ryI0N1xu2kGqQ= =vif7 -----END PGP SIGNATURE----- From sam at rfc1149.net Sat Aug 14 21:55:38 2004 From: sam at rfc1149.net (Samuel Tardieu) Date: Sat Aug 14 22:07:43 2004 Subject: Passphrase not asked when exporting private key (via GPGShell) References: Message-ID: <878ychv6it.fsf@beeblebrox.rfc1149.net> >>>>> "Vishal" == Vishal Rao writes: Vishal> Why does GNUPG not ask for the passphrase when I export a Vishal> private key? What for? The passphrase is exported encrypted already, protected by your passphrase. Given the fact that you can already get the secring.gpg on the disk, this would add no security at all. Sam -- Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/sam From johanw at vulcan.xs4all.nl Sun Aug 15 10:05:46 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sun Aug 15 10:09:35 2004 Subject: [Announce] Release candidate for 1.2.6 In-Reply-To: <87vffmsyor.fsf@wheatstone.g10code.de> from Werner Koch at "Aug 13, 2004 08:03:16 pm" Message-ID: <200408150805.KAA17174@vulcan.xs4all.nl> Werner Koch wrote: >we just created a quick release candidate to be sure that 1.2.6 won't >cause serious problems. OK, it installs and runs OK. It passes all tests and also my own tests (dealing with pgp 2 compatibility). -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From jan-peter.ruehmann at debitel.net Sun Aug 15 18:18:38 2004 From: jan-peter.ruehmann at debitel.net (=?ISO-8859-1?Q?Jan-Peter_R=FChmann?=) Date: Sun Aug 15 18:16:04 2004 Subject: Problems with HTTP_PROXY Message-ID: <411F8CDE.7000301@debitel.net> Hello, I?ve written about my Proxy Problems some weeks ago, but don?t get any answers. As long as all available docs and other help (mozilla and enigmail newsgroups) can?t help (all settings seem to be right). I still can?t connect via the PROXY. Is there anything special about the Ports? Thank you, Jan-Peter Protection By The Ya-Right Network Virus Protection Team. Last Updated: Thu, Oct 17 9:42:03 PM EST 2002 -500 (GMT) Scanning for, 107,753 viruses, trojans and many variants. From vishalrao at gmail.com Sat Aug 14 20:16:31 2004 From: vishalrao at gmail.com (Vishal Rao) Date: Mon Aug 16 10:29:33 2004 Subject: passphrase not asked when exporting secret key (via gpgshell) Message-ID: Hi, Why does GNUPG not ask for the passphrase when I export a private key? In this case I'm using GPGShell (Win frontend) but surely that is not the issue. I deleted the key from the ring and then imported the exported keypair and yes GPG asks for the passphrase when signing/decrypting so it is preserved in the exported key (I hope) and not stored in the TrustDB? Please CC your replies to me as I am not subscribed to this list. Thanks, Vishal -- "Thou shalt not follow the NULL pointer for at its end madness and chaos lie." From rodrigopadula at sagraluzzatto.com.br Mon Aug 16 23:59:35 2004 From: rodrigopadula at sagraluzzatto.com.br (Rodrigo Padula) Date: Mon Aug 16 23:57:18 2004 Subject: IMPORT AND EXPORT KEYS Message-ID: <41212E47.3020305@sagraluzzatto.com.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ol? Pessoal! Eu gerei um par de chaves em meu Gnupg..... depois eu as exportei com gpg -a --export-secret-keys 3a1386c7 >secretkey.asc e em outro Comnputador gpg --import secretkey.asc por?m o Gnupg n?o lista as minhas chaves quando digito o comando ~ gpg --list-keys Eu estou fazendo corretamente ?? Estou usando isso no windows! - -- +================================================+ ~ RODRIGO PADULA DE OLIVEIRA ~ (o- BACHARELANDO EM SISTEMAS DE INFORMA??O ~ //\ FACULDADE METODISTA GRANBERY - FMG ~ V_/_ ~ PostgreSQL - PHP - Linux - Java +================================================+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBIS5H8arYxsJpZ0URAj1/AJ9otjPRsES3o90sINfQgkM7w2rt+wCggoVf Qtg+tmzTBUJReRtwTcKf8Hc= =6qLT -----END PGP SIGNATURE----- From bernhard.walle at gmx.de Tue Aug 17 15:04:46 2004 From: bernhard.walle at gmx.de (Bernhard Walle) Date: Tue Aug 17 15:01:33 2004 Subject: Unrevoke revoked uid Message-ID: <20040817130446.GA13638@mail1.bwalle.de> Hello, is it possible to revert a revocation of a UID without simply adding the same UID again? Regards, Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040817/a6f564fe/attachment-0001.bin From linux at codehelp.co.uk Tue Aug 17 20:49:53 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Aug 17 20:46:35 2004 Subject: Unrevoke revoked uid In-Reply-To: <20040817130446.GA13638@mail1.bwalle.de> References: <20040817130446.GA13638@mail1.bwalle.de> Message-ID: <200408171950.00900.linux@codehelp.co.uk> On Tuesday 17 August 2004 2:04, Bernhard Walle wrote: > is it possible to revert a revocation of a UID without simply adding > the same UID again? Why would anyone trust such a UID? You can't remove the revoked UID from keyservers so it'll always show up. Adding exactly the same UID is only going to cause confusion - at least put something in the comment to explain why the revoked UID is now trustworthy again. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040817/7aa8f3af/attachment.bin From linux at codehelp.co.uk Tue Aug 17 20:51:01 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Aug 17 20:47:49 2004 Subject: IMPORT AND EXPORT KEYS In-Reply-To: <41212E47.3020305@sagraluzzatto.com.br> References: <41212E47.3020305@sagraluzzatto.com.br> Message-ID: <200408171951.02033.linux@codehelp.co.uk> On Monday 16 August 2004 10:59, Rodrigo Padula wrote: > Ol? Pessoal! You'll get more replies if you can post in English. > gpg -a --export-secret-keys 3a1386c7 >secretkey.asc > gpg --import secretkey.asc > ~ gpg --list-keys At a guess: gpg --list-secret-keys -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040817/fd79a947/attachment.bin From dshaw at jabberwocky.com Tue Aug 17 21:25:38 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Aug 17 21:23:00 2004 Subject: Unrevoke revoked uid In-Reply-To: <20040817130446.GA13638@mail1.bwalle.de> References: <20040817130446.GA13638@mail1.bwalle.de> Message-ID: <20040817192538.GA13604@jabberwocky.com> On Tue, Aug 17, 2004 at 03:04:46PM +0200, Bernhard Walle wrote: > Hello, > > is it possible to revert a revocation of a UID without simply adding > the same UID again? It depends. If you sent the key with the revoked UID to people or keyservers, then it is harder - you need to re-sign the user ID. If you never sent the key with the revoked UID to anyone, just use delsig to delete the revocation and you're done. David From Bernhard.Walle at gmx.de Tue Aug 17 21:32:44 2004 From: Bernhard.Walle at gmx.de (Bernhard Walle) Date: Tue Aug 17 21:29:29 2004 Subject: Unrevoke revoked uid In-Reply-To: <20040817192538.GA13604@jabberwocky.com> References: <20040817130446.GA13638@mail1.bwalle.de> <20040817192538.GA13604@jabberwocky.com> Message-ID: <20040817193244.GA22937@mail1.bwalle.de> Hello, * David Shaw [2004-08-17 21:25]: > On Tue, Aug 17, 2004 at 03:04:46PM +0200, Bernhard Walle wrote: > > > > is it possible to revert a revocation of a UID without simply adding > > the same UID again? > > It depends. If you sent the key with the revoked UID to people or > keyservers, then it is harder - you need to re-sign the user ID. > If you never sent the key with the revoked UID to anyone, just use > delsig to delete the revocation and you're done. I sent the key to keyservers. Resigning is just what I thought because revoking a UID only means revoking the signature of the UID. But how can I perform resigning? Just selecting a UID and the "sign" command didn't work. Regards, Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040817/d835aad0/attachment.bin From rodrigopadula at sagraluzzatto.com.br Tue Aug 17 21:55:42 2004 From: rodrigopadula at sagraluzzatto.com.br (Rodrigo Padula) Date: Tue Aug 17 21:50:33 2004 Subject: TEST OF C Message-ID: <412262BE.2020809@sagraluzzatto.com.br> -----BEGIN PGP MESSAGE----- Charset: ISO-8859-1 Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org hQIOAzItyrKjZtcbEAf/bEUBJD+aWZ4cZT1JZ7TsnhYH5syRcbpjzIGdlw07DkGt dR4FtBiu2gf3g7Ts2A7yAg025GrrgF8CzyfFeuC6fp4EeoUGmxpk1nHVwYNzr0WW iPG6towdFi8r7rWGyqObtUI25EiJ1n/clK43Ni9YPEfFXGn2vYiY9TeW0XrXwblC EenTneZmaU0oskXabQECYiunzOubvybvycR9zxaoXyfufQr3J4gYQ7D6Eqxynvaw OyjwN1tCB9CTMUNAq9WIOhknykemYgNYECs32XXkZdMGFI9c2MtWQNy/qPZPPfGz PgURckwSwPM4uhVVDuRAMj9BvZijvj45+5pmFci14Af/VEV0UcKUzL1KV9WSIwIG WdqZaraqVHUblWC9CYOxiNTXY6gQQsocpZLT5I6B0hL98e5htN46JnLealIDIcQa BObzBbzeM9nCObAJYEaa8R+LU2I2P8kDcgBQ7aJS1cC84hfOEwjQI1IufG6yFvUL j+ZEzyWSIR1lUlKd9udjd7U3cYZV6C7X/vpOMxAYkxUwaH4I4NmBo/p0Prd49f/5 CGEudMM9J4mPb4Ag91pMbE6l6AGNtCLdSaTWs4cTMCBz+3leErN728iJze+OdQU1 M8oxPIKmQ47fJHrnZT3k3KVtYHuE1aVzhWy9TXvmcSbpCSVGhR9Wtg81rFBepWi/ NtLApAGle4A7NAO1TEEGsIT6D938UqYhGr2JEHMH4wMtcfYkKa9wZXkQP+Kuo0iq 6RPC2dE2fgsRgFwrKh+/DF12tM54fhW6CHQyj5QZfXVwaBD2kXbiKhzL1OARTytp dLAQWrhBnMYZBjC4/OWyTwXoJ7JNQDak+op/pFFGQkMdDmDLMMLgyURl730+dEYe GOoihGfDihwP1L3A9MhafNtLonuSVlO55OSyvC67m9aV2hpz5TMbBLSg63EnFG5P 1HId7qy507Slx/mOszdGzPD7pseiByFFEk1WEJsNET06cX31C4+678PAirOvEYKU 54PUT4GZqf/WesGNvgGlmjBvWVK1KGlFw9Eko66TQfrox0/a4vc7/r8HYUzIh9LX NlRU5IS8tETWgIVudCsEC4rJqPbxa3Wcd+MQEp5zgpbZTCNJxEh8I/FceM2eJjxE U0r4VsLDxKu9Y8A679maYpVe9myFbObh =qnqF -----END PGP MESSAGE----- From dshaw at jabberwocky.com Tue Aug 17 22:41:12 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Aug 17 22:38:40 2004 Subject: Unrevoke revoked uid In-Reply-To: <20040817193244.GA22937@mail1.bwalle.de> References: <20040817130446.GA13638@mail1.bwalle.de> <20040817192538.GA13604@jabberwocky.com> <20040817193244.GA22937@mail1.bwalle.de> Message-ID: <20040817204111.GB13604@jabberwocky.com> On Tue, Aug 17, 2004 at 09:32:44PM +0200, Bernhard Walle wrote: > Hello, > > * David Shaw [2004-08-17 21:25]: > > On Tue, Aug 17, 2004 at 03:04:46PM +0200, Bernhard Walle wrote: > > > > > > is it possible to revert a revocation of a UID without simply adding > > > the same UID again? > > > > It depends. If you sent the key with the revoked UID to people or > > keyservers, then it is harder - you need to re-sign the user ID. > > If you never sent the key with the revoked UID to anyone, just use > > delsig to delete the revocation and you're done. > > I sent the key to keyservers. Resigning is just what I thought because > revoking a UID only means revoking the signature of the UID. > > But how can I perform resigning? Just selecting a UID and the "sign" > command didn't work. Add "--expert". David From minnesotan at runbox.com Tue Aug 17 23:02:26 2004 From: minnesotan at runbox.com (Randy Burns) Date: Tue Aug 17 22:59:40 2004 Subject: hush mail In-Reply-To: <200408122345.i7CNjQrP078560@mailserver3.hushmail.com> Message-ID: <20040817210226.51214.qmail@web50904.mail.yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --- vedaal@hush.com wrote: [snip] > fwiw, > > even despite what the add-on advertisement says, i *really* am happy > with them ;-) in that their e-mail is pretty 'untraceable' by > looking at the e-mail headers, (other nice options too, but i'll > stop before it looks like a spam ad ;-) > > (would sign, but hushmail mangles clearsigned messages) vedaal > Oddly enough, sometimes hushmail mangles clearsigning, and sometimes it doesn't. I was testing hushmail clearsigning one day--everything got mangled. The next day, everything I clearsigned with hushmail verified just fine. Their clearsign bug apparently takes vacations. Maybe we can get it's vacation schedule. :-) Randy -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 Comment: Public Key - http://www.geocities.com/burns98 iQCVAwUBQSJxfUktiSpS/8iMAQKEWAP/dCcfWPxB79hNa6Xml2OGfuvMAXS6cIXg KH0TfFe9sbICwo/bg+E2mF/5+RW4TXXJEEUAtGrYcptp+VOAhtANMsefEfsgYnKh H15+1iH8LJTeU7m7qO0/+NZe7mJM2Er7Z5qBAh9ZtkBeY9h+NuLUzG9wQ1ZHKUM7 tYtTTPn7174= =LNZx -----END PGP SIGNATURE----- From shavital at mac.com Wed Aug 18 06:02:56 2004 From: shavital at mac.com (Charly Avital) Date: Wed Aug 18 06:00:06 2004 Subject: TEST OF C In-Reply-To: <412262BE.2020809@sagraluzzatto.com.br> References: <412262BE.2020809@sagraluzzatto.com.br> Message-ID: <7CBB346A-F0CB-11D8-AA8F-000393C2DC84@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sua mensagem foi cifrada com chave de ELG-E, ID 0x322DCAB2A366D71B. Aquele ? seu pr?prio chave p?blico "Rodrigo Padula de Oliveira (Webmaster). Somente voc? pode descifrar essa mensagem. Voc? n?o pode mensagem cifrada emitida a uma lista. Voc? pode cifrar uma mensagem usando a chave p?blica da pessoa a quem voc? quer emitir uma mensagem cifrada. Charly The above is a computer originated translation of the following message: Your message has been encrypted with ELG-E key, ID 0x322DCAB2A366D71B. That is your own public key "Rodrigo Padula de Oliveira (Webmaster). Only you can decrypt that message. You cannot sent encrypted message to a list. You can encrypt a message using the public key of the person to whom you want to send an encrypted message. Charly On Aug 17, 2004, at 3:55 PM, Rodrigo Padula wrote: > -----BEGIN PGP MESSAGE----- > Charset: ISO-8859-1 > Version: GnuPG v1.2.5 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > hQIOAzItyrKjZtcbEAf/bEUBJD+aWZ4cZT1JZ7TsnhYH5syRcbpjzIGdlw07DkGt > [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD4DBQFBItT+8SG5rMkbCF4RAnUqAJ9J4eNqmNvpHj6qSSVaJSjLELDMUgCY5dGk 6iZG3c/9pHXneGyxxg2x5w== =m4xT -----END PGP SIGNATURE----- From jos at xos.nl Wed Aug 18 19:01:08 2004 From: jos at xos.nl (Jos Vos) Date: Wed Aug 18 18:58:21 2004 Subject: gpg --verify exit status Message-ID: <200408181701.i7IH18V09284@xos037.xos.nl> Hi, In my experience, both gpg --verify as --verify-files exit 0 for files that are not signed. The only difference is that they then do not print the success message. Is this correct? In general: how do I enforce a signature check on a given file (without having to parse the output messages -- if possble)? Thanks, -- -- Jos Vos -- X/OS Experts in Open Systems BV | Phone: +31 20 6938364 -- Amsterdam, The Netherlands | Fax: +31 20 6948204 From wk at gnupg.org Thu Aug 19 09:44:44 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 19 09:43:36 2004 Subject: gpg --verify exit status In-Reply-To: <200408181701.i7IH18V09284@xos037.xos.nl> (Jos Vos's message of "Wed, 18 Aug 2004 19:01:08 +0200") References: <200408181701.i7IH18V09284@xos037.xos.nl> Message-ID: <87smajh8r7.fsf@wheatstone.g10code.de> On Wed, 18 Aug 2004 19:01:08 +0200, Jos Vos said: > In my experience, both gpg --verify as --verify-files exit 0 for > files that are not signed. The only difference is that they > then do not print the success message. Is this correct? Yes. It is usually not sufficient to look at the exit code because in an unattended setting you won't make use of the Web of Trust (or well only in rare cases). Thus to make sure the signature has been done by a trusted key you also need to compare the fingerprint of the key too. Something like "gpg --verify --status-fd 1" and then grepping for [GNUPG:] VALIDSIG 6BD9050FD8FC941B43412DCC68B7AB8957548DCD and compare the 3rd field against a list of trusted keys. > In general: how do I enforce a signature check on a given file > (without having to parse the output messages -- if possble)? Because this is a common problem, gpgv exists. gpgv retruns a proper exit code and you known that the signature is good and the key trusted. The trick here is that gpgv uses only keys from a different keyring (default ist ~/.gnupg/trustedkeys.gpg, change using --keyring option) and this keyring is you list of trusted keys. Hth, Werner From greg at turnstep.com Fri Aug 20 04:32:12 2004 From: greg at turnstep.com (Greg Sabino Mullane) Date: Fri Aug 20 04:29:29 2004 Subject: [Announce] Re: document In-Reply-To: <87vffqm77k.fsf@wheatstone.g10code.de> Message-ID: <0d33cf356938686009e5a6cd72906564@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> Looks to me like yet another good reason to PGP-sign your emails. :) > Mailman seems to garble signatures anyway and as long as Mailman is > not able to identify a permitted poster by means of a signature, it > won't help at all. It helps as far as establishing a pattern of signing your emails, so that a non-signed email is immediately suspect even before viewing the content. It also provides protection against more personalized, non-worm, email forgeries. FWIW, I've heard rumors of a Mailman patch to verify sigs, but I don't think any list is truly ready for such a thing yet. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200408192231 -----BEGIN PGP SIGNATURE----- iD8DBQFBJWL1vJuQZxSWSsgRAiGVAKCd4Frp3m/9RwApObEe275AcRhJyQCfXVtn N5RSxEAOPTLEKbbPm4xAi9k= =cX45 -----END PGP SIGNATURE----- From servie_platon at yahoo.com Sat Aug 21 21:53:08 2004 From: servie_platon at yahoo.com (InHisGrip) Date: Sat Aug 21 21:50:22 2004 Subject: ALL ABOUT CA'S, DIGITAL ID'S & DIGITAL SIGNATURES Message-ID: <20040821195308.59453.qmail@web41005.mail.yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, We are considering of setting up digital id's, signatures and encrypted emails for our small organization consisting of users no more than 10. We are thinking of purchasing and registering with verisign.com, a CA authority but before we do that, let me ask some questions from this group. Most of the computers are windows and almost all users use outlook as MTA and one using netscape 7.1. We would like to send all outgoing email messages as digitally signed by the user in our organization. Now, to do this it's either we signup with verisign or any other CA? And configure outlook to have the digital id among other things. My question is, can we do the same with gnupg? All I see from the site are frontends for windows such as winpt and other tools for outlook whose site is unavailable. Is there a way in gnupg that we could create a public/private key in windows and enable digital id's and signature in outlook or in Netscape? Thanks and hope to hear from anyone soon. Sincerely, Servie P.S. If you would notice that I have used WinPT for this to sign. Is there a way for us to use outlook to send all digitally signed email messages automatically for our domain without going through the hassles of winpt? Thanks. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1 iQIVAwUBQSenQnpcC4/WDayXAQK+4Q//QPnIAgLi6Q64pjF5B/1jGfDyCDslwipS qWKB4lVQQkR7iFSFW9ejFztuA1AaFwxqZAchb4UI0VlrYwiO754npjr3xXgJhDmI d+noiRp6kAbup6NyC/4lZk2YOF651Lfi242WFpF2nZXPfcQ+k2qe+LvX/EA5AFaZ iiPU0DxQ7bGkYgGc1ax6pp/w3SjvWc6kE9EGmBHLMdfJIwNaIUoErK8P3J3uylRa 4muNooU/N2meeKeqv8FsFNIWWPQHkrydLcaN9el2I3Rm1v/IAF4+SstUeOkn9m4o qnVRqD0bKkV7XOKQyD/0avYMKPxW1cmnib/QgvSHEBQzknYJJAedzww21oAvmcps keOs/eKzelDcRf5mBmHjANcpryBwzck3FDmhuuRu7BtoUuUJQNP1ztMRXzbLi9aI RtMIIy3s/szwv+mqqiGbJEf/mQUgddZYzk59FHlB62Q+IFn0EToHJlNzmS6Eny7L uFOdZiRXXlpasdYBGbkB7Wtag5vXlbdWWQjgSdQXuU7cLod2hjuhgfSfxdH5YqHx MzfSmJAKG6jvcOfh9v7zDhlhj7c9CfwxD3dctqAqiTjr/fWQtQvMAIG+A6jT6Vab s0hgZFMS83d5xix3Mv8rfJ0zeuOKJNEtmEkW4OhwK0MvzueSJ+yYv2L2niue2pL+ KethT8M/tWU= =wkWT -----END PGP SIGNATURE----- _______________________________ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush From torduninja at netcourrier.com Sat Aug 21 22:53:06 2004 From: torduninja at netcourrier.com (Maxine Brandt) Date: Sat Aug 21 22:51:16 2004 Subject: exec-path question Message-ID: <4127B632.3080802@netcourrier.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, The notes on the "exec-path" option refer to "keyserver helpers". I assume that the gpgkeys_ldap binary in the Windows distribution is one of these helpers. Is this correct? Salut Maxine - -- PGP/GPG keys: http://www.torduninja.tk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFBJ7YrKBY/R6nbCcARApfVAJwMdtya2qRunzOj5ghMoMkB1nAhAgCeKsUg dxu9tQyyBqaL1PJqW9deBHU= =8efD -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Aug 21 23:11:05 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Aug 21 23:08:33 2004 Subject: exec-path question In-Reply-To: <4127B632.3080802@netcourrier.com> References: <4127B632.3080802@netcourrier.com> Message-ID: <20040821211104.GB13213@jabberwocky.com> On Sat, Aug 21, 2004 at 10:53:06AM -1000, Maxine Brandt wrote: > Hi all, > > The notes on the "exec-path" option refer to "keyserver helpers". I > assume that the gpgkeys_ldap binary in the Windows distribution is > one of these helpers. Is this correct? Yes. David From torduninja at netcourrier.com Sun Aug 22 00:35:34 2004 From: torduninja at netcourrier.com (Maxine Brandt) Date: Sun Aug 22 00:32:57 2004 Subject: exec-path question Message-ID: <4127CE36.2070404@netcourrier.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw wrote: > > > > The notes on the "exec-path" option refer to "keyserver helpers". I > > assume that the gpgkeys_ldap binary in the Windows distribution is > > one of these helpers. Is this correct? > > Yes. > Thanks, David. Just one more precision if you would be so kind. I've just noticed that the 1.3.6 Windows release has a binary (gpgkeys_hkp) which isn't present in the 1.2.x releases. Is hkp keyserver support compiled into the gpg binary in 1.2.x? If not, will 1.2.5 use the 1.3.6 binary? Salut Maxine -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFBJ84yKBY/R6nbCcARAqHzAJsFChVeqC06n1fl6DepnMHs5rDwsQCdGCTA nPBQ/rQlGrnJlOIF++jB/18= =bpit -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sun Aug 22 00:57:17 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Aug 22 00:54:44 2004 Subject: exec-path question In-Reply-To: <4127CE36.2070404@netcourrier.com> References: <4127CE36.2070404@netcourrier.com> Message-ID: <20040821225717.GB13826@jabberwocky.com> On Sat, Aug 21, 2004 at 12:35:34PM -1000, Maxine Brandt wrote: > David Shaw wrote: > > > > > > The notes on the "exec-path" option refer to "keyserver helpers". I > > > assume that the gpgkeys_ldap binary in the Windows distribution is > > > one of these helpers. Is this correct? > > > > Yes. > > > Thanks, David. Just one more precision if you would be so kind. I've just > noticed that the 1.3.6 Windows release has a binary (gpgkeys_hkp) which isn't > present in the 1.2.x releases. Is hkp keyserver support compiled into the gpg > binary in 1.2.x? If not, will 1.2.5 use the 1.3.6 binary? The 1.3.x branch does not have HKP support compiled into the main gpg binary. All keyserver access is done externally. 1.2.5 cannot use the 1.3.x keyserver programs since the protocol has changed. David From ivanvrao at yandex.ru Sun Aug 22 19:18:02 2004 From: ivanvrao at yandex.ru (Ivan Vrao) Date: Sun Aug 22 19:15:23 2004 Subject: Please suggest password manager Message-ID: <4128D54A.00001E.19979@pantene.yandex.ru> I am looking for freeware password manager which uses OpenPGP. Any suggestions? From saulinux at safe-mail.net Mon Aug 23 12:29:28 2004 From: saulinux at safe-mail.net (simon) Date: Mon Aug 23 12:23:11 2004 Subject: Encrypting Cron job email output. Message-ID: <200408231129.37612.saulinux@safe-mail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, ?the following is the command for a Cron job to ?run chkrootkit and email me the report. Any ideas how I could get GPG to encrypt this output before it is mailed ? /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit output"saulinux@safe-mail.net Thanks, Simon. - -- Registered Linux user number 359744. My PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE94E2292 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBKccQYreSoOlOIpIRAj0bAKDjnw+A3KCaHoaViwI2gMnSPOrqMgCgzk3m 1dQtDhM+66IXkGgqwF7FSsE= =JeER -----END PGP SIGNATURE----- From wk at gnupg.org Mon Aug 23 14:37:47 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 23 14:38:40 2004 Subject: Encrypting Cron job email output. In-Reply-To: <200408231129.37612.saulinux@safe-mail.net> (saulinux@safe-mail.net's message of "Mon, 23 Aug 2004 11:29:28 +0100") References: <200408231129.37612.saulinux@safe-mail.net> Message-ID: <871xhy2fok.fsf@wheatstone.g10code.de> On Mon, 23 Aug 2004 11:29:28 +0100, simon said: > /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit > output"saulinux@safe-mail.net insert "gpg -ear somekey --always-trust" into the pipeline. Werner From bob at coldsource.net Mon Aug 23 17:09:41 2004 From: bob at coldsource.net (Bob) Date: Mon Aug 23 17:03:54 2004 Subject: gpg subkeys Message-ID: <412A08B5.5000609@coldsource.net> I can't understand how subkeys works and what they are useful for. I have read the handbook but they only explain how to generate subkeys... Could someone explain me ? Tks From jharris at widomaker.com Mon Aug 23 20:21:45 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Aug 23 20:18:57 2004 Subject: new (2004-08-22) keyanalyze results (+sigcheck) Message-ID: <20040823182145.GG3286@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-08-22/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 5e00f57ba434f430fd024531ba311ece0c9b0b9b 10276758 preprocess.keys 9adf161ae8ba47a539f972608eecd10f13c377bd 6785454 othersets.txt 9d9ae48e271bf75b26fb34b8cdb70820f1329e66 2663560 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html 99cfe53e6e1c8df6e4ea2d136570c7ce58cd758a 2289 keyring_stats 89091be87ce3a4be5243e1b093a439df98ae6840 1046871 msd-sorted.txt.bz2 c478312e254a02f4d30ea41557093883c08a28a9 26 other.txt 9859afbab382995d746851f733581c77f9d568e7 1448983 othersets.txt.bz2 a15be331e5efc55a5c898cec00a09427e7a115a9 4174095 preprocess.keys.bz2 cdf959c190b615ccdd773205f557bb287756bfac 10142 status.txt 4b3d375e562947c84d3950ec4a993c69e4e04282 211483 top1000table.html 101712556e4aa13f3f30cfbee2b406b3fcbe1c45 30460 top1000table.html.gz 17ff05ba4d23f2e77cc6f9e3f87d2f7964448ba1 11029 top50table.html a958c6406f7581cdb297a443db52ab38ce45d22b 2579 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040823/b5070956/attachment.bin From saulinux at safe-mail.net Mon Aug 23 22:15:47 2004 From: saulinux at safe-mail.net (simon) Date: Mon Aug 23 22:09:32 2004 Subject: Encrypting Cron job email output. In-Reply-To: <871xhy2fok.fsf@wheatstone.g10code.de> References: <200408231129.37612.saulinux@safe-mail.net> <871xhy2fok.fsf@wheatstone.g10code.de> Message-ID: <200408232116.01743.saulinux@safe-mail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 23 Aug 2004 13:37, Werner Koch wrote: > gpg -ear somekey --always-trust Thanks Werner, I will try that and see if I can get it to work. Regards, Simon. - -- Registered Linux user number 359744. My PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE94E2292 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBKlCAYreSoOlOIpIRAmXyAJ4u1mbrvdCzRcrc9Nv3TbLd7MyNlACgukAA egdhpMiPRy1TdHk/lrToh+4= =vNmT -----END PGP SIGNATURE----- From atom at suspicious.org Mon Aug 23 23:15:51 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Aug 23 23:12:54 2004 Subject: Encrypting Cron job email output. In-Reply-To: <871xhy2fok.fsf@wheatstone.g10code.de> References: <200408231129.37612.saulinux@safe-mail.net> <871xhy2fok.fsf@wheatstone.g10code.de> Message-ID: <20040823170720.W78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 23 Aug 2004, Werner Koch wrote: >> /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit >> output"saulinux@safe-mail.net > > insert "gpg -ear somekey --always-trust" into the pipeline. ================== that will only encrypt stdout, leaving stderr (if there is any) unencrypted. solve that by running: cron-job-command 2>&1 | gpg --trust-model always -ear somekey ("--trust-always" is deprecated, use "--trust-model always") (also, as a matter of habit, options before commands (mostly)) your subject line will be visible to anyone who may intercept the message... if that's a problem, write a tiny shell script that runs the command and pipes the output through gpg-encrypt... run that script from cron and then the subject line will just read "Cron /path/to/shell/script", which may reveal less useful information to an attacker. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. This is not a way of life at all in any true sense. Under the clouds of war, it is humanity hanging on a cross of iron." -- Dwight Eisenhower, April 16, 1953 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBKl6MAAoJEAx/d+cTpVcirXcIALG5+Qwk8sRyY8PWutSYmBk0 vL2K+xhXLn17Mdi9W/CLoXvsiFBcfJu4cDN1BzSJPH//c7CzABwYnXFrW3zcfjmj bY4DKWb53vl7kDrBvl/PZGZeFhSIHXj999iO6GWVKjJDWjv/mndQDY/tqp5API0e jvXW3T19fDtr/sP5/Xql967knI5di4Ph2T5Ht4M0scg5UF6itsrxUEQl8tUcXJ52 OUBL9XXoLI9n9Z0eh8RCg77n6z7ZO500GIcWEzXaMeLsFVmUvMlgwgOnLccjefkz Ysqy89mjbX3hQr2m+rkjHi5Ri6njTPQFUcvfPlp2NDUxnluN20+NHgSp3VXtMGc= =CXnn -----END PGP SIGNATURE----- From adamlau at yahoo.com Tue Aug 24 07:12:07 2004 From: adamlau at yahoo.com (Adam Lau) Date: Tue Aug 24 07:08:54 2004 Subject: (no subject) Message-ID: <412ACE27.7040209@yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Adam Lau @ Yahoo! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEARECAAYFAkEqzicACgkQAZ94haZ93oCNAACfUjjpJWpCKr+ZaLhGOvM9pKTe 5TMAn33jfwUjjze3zOnZsCBLfOi2wU4h =TMon -----END PGP SIGNATURE----- From adamlau at yahoo.com Tue Aug 24 07:33:28 2004 From: adamlau at yahoo.com (Adam Lau) Date: Tue Aug 24 07:30:16 2004 Subject: GnuPG 1.2.5 + EudoraGPG 2.0/Enigmail 0.85.0 Broken? Message-ID: <412AD328.6060307@yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 My gpg.conf file is as follows: armor cipher-algo TWOFISH comment DC39 FB90 71FF F1F4 F235 8482 E65C E36B BE90 8723 default-key BA907EB4 default-recipient foo@bar.com digest-algo RIPEMD160 force-mdc keyring gnupg-ring:A:\Rings\Default\pubring.gpg lock-once no-default-keyring no-greeting no-random-seed-file no-sig-cache no-tty no-verbose openpgp quiet rfc2440 secret-keyring gnupg-ring:A:\Rings\Default\secring.gpg s2k-cipher-algo TWOFISH throw-keyid The conf file works *fine* w/ (GnuPG 1.2.4 + EudoraGPG 2.0 + Eudora 6.1.2) *and* (GnuPG 1.2.4 + Enigmail 0.85.0 + Thunderbird 0.7+). The use of GnuPG 1.2.5, however kicks back unsupported options errors with both of the previously mentioned plugin/client combos. Registry were updated accordingly (gpgProgram="C:\1.2.4" and gpgProgram="C:\1.2.5"). Is 1.2.5 broken? Or have the options listed in my gpg.conf file been deprecated? - -- Adam Lau @ Yahoo! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iEYEAREDAAYFAkEq0ycACgkQAZ94haZ93oCBYgCbBIDP3vNo9Wjls1hQCTBADUkF PE0AoIvpA9t11eCslOYJ09re9mkwk264 =XyPY -----END PGP SIGNATURE----- From wk at gnupg.org Tue Aug 24 10:31:43 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Aug 24 10:33:40 2004 Subject: GnuPG 1.2.5 + EudoraGPG 2.0/Enigmail 0.85.0 Broken? In-Reply-To: <412AD328.6060307@yahoo.com> (Adam Lau's message of "Mon, 23 Aug 2004 22:33:28 -0700") References: <412AD328.6060307@yahoo.com> Message-ID: <87y8k5vswg.fsf@wheatstone.g10code.de> On Mon, 23 Aug 2004 22:33:28 -0700, Adam Lau said: > throw-keyid Use throw-keyids we accidently changed that not realizing that the abbreviation mode does not work for the option file. 1.2.6 will allow both "thow-keyid" as well as "throw-keyids". Werner From adamlau at yahoo.com Tue Aug 24 12:03:53 2004 From: adamlau at yahoo.com (Adam Lau) Date: Tue Aug 24 12:00:37 2004 Subject: GnuPG 1.2.5 + EudoraGPG 2.0/Enigmail 0.85.0 Broken? In-Reply-To: <87y8k5vswg.fsf@wheatstone.g10code.de> References: <412AD328.6060307@yahoo.com> <87y8k5vswg.fsf@wheatstone.g10code.de> Message-ID: <412B1289.6070709@yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Resolved....Thanks, WK! Werner Koch wrote: | On Mon, 23 Aug 2004 22:33:28 -0700, Adam Lau said: | | |>throw-keyid | | | Use | | throw-keyids | | we accidently changed that not realizing that the abbreviation mode | does not work for the option file. 1.2.6 will allow both | "thow-keyid" as well as "throw-keyids". | | Werner | | | | | | - -- Adam Lau @ Yahoo! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: pgp.mit.edu:11371/pks/lookup?op=get&search=0xA67DDE80 iEYEAREDAAYFAkErEogACgkQAZ94haZ93oAQ5gCgnwBEisBt+1cVzr7IVBJJzJDD rFAAn1px3Iw2jB2v3y/196kQGdCiaerd =tf2I -----END PGP SIGNATURE----- From edkay at f2s.com Tue Aug 24 12:19:25 2004 From: edkay at f2s.com (edkay@f2s.com) Date: Tue Aug 24 12:16:15 2004 Subject: Preventing unwanted output Message-ID: <1093342765.412b162dcdaf4@webmail.freedom2surf.net> Hi, I am using GPG to decrypt some data as part of an automated process. To do this, I issue the following command: cat DATA_FILE | /usr/bin/gpg --homedir ~/.gnupg --no-verbose --quiet --batch --no-secmem-warning --passphrase-fd 3 3< FILE_WITH_PASSPHRASE --recipient RECIPIENT --decrypt On my dev server (running GPG 1.2.1), this works fine and the decrypted text is output to stdout (and captured by a script). On our production server (running GPG 1.0.6 - which I can't change) the same command outputs the following two lines before the decrypted data: gpg: encrypted with 1024-bit ELG-E key, ID 6860BBD6, created 2004-08-23 "USERNAME (COMMENT) " (obviously the capitalised words are replaced with sensible values). These extra two lines are very frustrating since they add extra characters to the decrypted data. Whilst I could get my script to ignore the first two lines, this is not a very 'clean' solution and could cause unexpected problems later if GPG was upgraded to a more recent version. I searched the man pages for suitable options but haven't found any that suppress these extra lines. Any suggestions would be most gratefully received. Best regards, Edward PS: There is no ~/.gnupg/options file on either server. ------------------------------------------------- Everyone should have http://www.freedom2surf.net/ From wk at gnupg.org Tue Aug 24 14:10:18 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Aug 24 14:13:40 2004 Subject: Preventing unwanted output In-Reply-To: <1093342765.412b162dcdaf4@webmail.freedom2surf.net> (edkay@f2s.com's message of "Tue, 24 Aug 2004 11:19:25 +0100") References: <1093342765.412b162dcdaf4@webmail.freedom2surf.net> Message-ID: <87u0usvis5.fsf@wheatstone.g10code.de> On Tue, 24 Aug 2004 11:19:25 +0100, edkay said: > gpg: encrypted with 1024-bit ELG-E key, ID 6860BBD6, created 2004-08-23 > "USERNAME (COMMENT) " This goes to stderr and a mere 2>/dev/null make them unvisible. To parse the other status messages also sent to stderr by default, you may use --status-fd 4 to direct them to a different file descriptor. > (obviously the capitalised words are replaced with sensible values). > These extra two lines are very frustrating since they add extra characters to > the decrypted data. Whilst I could get my script to ignore the first two lines, > this is not a very 'clean' solution and could cause unexpected problems later > if GPG was upgraded to a more recent version. > I searched the man pages for suitable options but haven't found any that > suppress these extra lines. Any suggestions would be most gratefully received. > Best regards, > Edward > PS: There is no ~/.gnupg/options file on either server. > ------------------------------------------------- > Everyone should have http://www.freedom2surf.net/ > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From saulinux at safe-mail.net Tue Aug 24 15:45:58 2004 From: saulinux at safe-mail.net (simon) Date: Tue Aug 24 15:39:38 2004 Subject: Encrypting Cron job email output. In-Reply-To: <20040823170720.W78529@willy_wonka> References: <200408231129.37612.saulinux@safe-mail.net> <871xhy2fok.fsf@wheatstone.g10code.de> <20040823170720.W78529@willy_wonka> Message-ID: <200408241446.10362.saulinux@safe-mail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 23 Aug 2004 22:15, Atom 'Smasher' wrote: > On Mon, 23 Aug 2004, Werner Koch wrote: > >> /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit > >> output"saulinux@safe-mail.net > > > > insert "gpg -ear somekey --always-trust" into the pipeline. > > ================== > > that will only encrypt stdout, leaving stderr (if there is any) > unencrypted. solve that by running: > cron-job-command 2>&1 | gpg --trust-model always -ear somekey > > ("--trust-always" is deprecated, use "--trust-model always") > (also, as a matter of habit, options before commands (mostly)) here is the command and output from a shell ; [root@localhost simon]# /usr/sbin/chkrootkit 2>&1 | gpg - --trust-model always -ear F679C9E6223DC22B | mail -s "chkrootkit output" saulinux@safe-mail.net gpg: F679C9E6223DC22B: skipped: public key not found gpg: [stdin]: encryption failed: public key not found Where am I going wrong? Is the command OK? My public key is valid and on my keyring, why isn't it being seen? Simon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBK0agYreSoOlOIpIRAnEfAKCJMyF1GP2msr8s+LuM+ncMEjFu0QCg6XcJ 2MoK9Tr3+S+3nSd0bv8eNkg= =BF3A -----END PGP SIGNATURE----- From gnupg at dossen.dk Tue Aug 24 16:01:02 2004 From: gnupg at dossen.dk (Mads Laursen) Date: Tue Aug 24 15:57:45 2004 Subject: Encrypting Cron job email output. In-Reply-To: <200408241446.10362.saulinux@safe-mail.net> References: <200408231129.37612.saulinux@safe-mail.net> <871xhy2fok.fsf@wheatstone.g10code.de> <20040823170720.W78529@willy_wonka> <200408241446.10362.saulinux@safe-mail.net> Message-ID: <20040824140102.GA20925@horse06.daimi.au.dk> On 24/08/04 14.45, simon wrote: > On Monday 23 Aug 2004 22:15, Atom 'Smasher' wrote: > > On Mon, 23 Aug 2004, Werner Koch wrote: > > >> /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit > > >> output"saulinux@safe-mail.net > > > > > > insert "gpg -ear somekey --always-trust" into the pipeline. > > > > ================== > > > > that will only encrypt stdout, leaving stderr (if there is any) > > unencrypted. solve that by running: > > cron-job-command 2>&1 | gpg --trust-model always -ear somekey > > > > ("--trust-always" is deprecated, use "--trust-model always") > > (also, as a matter of habit, options before commands (mostly)) > here is the command and output from a shell ; > [root@localhost simon]# /usr/sbin/chkrootkit 2>&1 | gpg > output" saulinux@safe-mail.net > gpg: F679C9E6223DC22B: skipped: public key not found > gpg: [stdin]: encryption failed: public key not found > Where am I going wrong? Is the command OK? My public key is valid > and on my keyring, why isn't it being seen? Try gpg --keyring /path/to/your/key --trust-model always -ear somekey I find that, when using cron, it pays to be explicit. /dossen -- Common sense is the collection of prejudices acquired by age eighteen. -- Albert Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040824/2333f661/attachment.bin From atom at suspicious.org Tue Aug 24 16:18:27 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Aug 24 16:15:35 2004 Subject: Encrypting Cron job email output. In-Reply-To: <200408241446.10362.saulinux@safe-mail.net> References: <200408231129.37612.saulinux@safe-mail.net> <871xhy2fok.fsf@wheatstone.g10code.de> <20040823170720.W78529@willy_wonka> <200408241446.10362.saulinux@safe-mail.net> Message-ID: <20040824101529.U78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 24 Aug 2004, simon wrote: > here is the command and output from a shell ; > [root@localhost simon]# /usr/sbin/chkrootkit 2>&1 | gpg > --trust-model always -ear F679C9E6223DC22B | mail -s "chkrootkit > output" saulinux@safe-mail.net > gpg: F679C9E6223DC22B: skipped: public key not found > gpg: [stdin]: encryption failed: public key not found > Where am I going wrong? Is the command OK? My public key is valid > and on my keyring, why isn't it being seen? > Simon. =============== the cron job is run by root? is your key in the keyring at "~root/.gnupg/"? if you use a login other than root, DON'T tell root to use your keyring... root should have your key in root's keyring. you can also make your key trusted in root's keyring. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The incidence of disease has increased in proportion to the progress of science." -- Akbarali Jetha -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBK045AAoJEAx/d+cTpVcifVUIAK76xP1rnc0IB0nALv5lzrDb zk4uTUi8wJo+m73yv6FQNT6GixVMaX51wP4GdjsH90//4IjNmM5tEtsdgwD4L0mJ b9QjipCj6YxVSuJ8GTH8Zp8o5jep7KysdygkRPSDLxGXI22+mQORREV5S1DoCtCS ZAw8wxHm72hQXthG5KfjAKfQv7G/DsuIVapUeHjtoz38maO7MwF6C09Z9lTQYQ5w CGjOKLfccYI1eDAUYnPhj8CQGTzdSLw6aWcBhaholPiV6TUaR45JqAZEEi2QZP6e v4ocYRagLPGKwbOgAz8+ITVkK4GLJN1kC2rPE3lftu+FR+2PdCpLMbV2IIqg8Wo= =7DIU -----END PGP SIGNATURE----- From atom at suspicious.org Tue Aug 24 16:33:24 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Aug 24 16:30:15 2004 Subject: Encrypting Cron job email output. In-Reply-To: <20040824101529.U78529@willy_wonka> References: <200408231129.37612.saulinux@safe-mail.net> <871xhy2fok.fsf@wheatstone.g10code.de> <20040823170720.W78529@willy_wonka> <200408241446.10362.saulinux@safe-mail.net> <20040824101529.U78529@willy_wonka> Message-ID: <20040824102207.L78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 another way to do this, *possibly* without the need for gpg, is doing this from a cron job on another machine, preferably a locked-down desktop: ssh root@myserver '/usr/sbin/chkrootkit' of course, this requires public-key authentication in ssh (that's a good thing, if used properly), and you can still encrypt the output, similar to described earlier. you can even generate an ssh key-pair that can ONLY be used to run a specified command, so if someone gets a hold of your unencrypted private key (~/.ssh/chkrootkit_id_rsa) , all they can do with it is check for rootkits... and maybe you specified that the output's encrypted... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "I am somehow less interested in the weight and convolutions of Einstein's brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops." -- Stephen Jay Gould -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBK1G5AAoJEAx/d+cTpVcisxYH/1H+vneW0Zib0sqWoHSN7EdO guxNMIUbQUIuYhNbXQq/pEzhu04IG+R796HzF4V1T34rrGRWeQUW480jjrwVpMNJ rWDCARNxCBKoxXdqvEX9uRgxuhgYkJrBcE1Ftng89lNrb3UC19SDpbUcPYImiOlM LDhQY6tKVpAHExYzLwHs7Ddr7CyFZTPwD2J5XVN12KoNa6DRGHrD+8AlYpolqT8K uovtS3PoAqoR6biOa+ZUBzSWBmDW75Qg6FHkxJWqzB4F4qVaQx0y8AUO7vKHMb5N DujQP7FFsjOGUTWvwq2i5Uh2xHV5tvx7rz9rGuN+sSEoVJTFMQRRlJooCRz0m0g= =b05+ -----END PGP SIGNATURE----- From saulinux at safe-mail.net Tue Aug 24 16:57:29 2004 From: saulinux at safe-mail.net (simon) Date: Tue Aug 24 16:51:07 2004 Subject: Encrypting Cron job email output. In-Reply-To: <20040824101529.U78529@willy_wonka> References: <200408231129.37612.saulinux@safe-mail.net> <200408241446.10362.saulinux@safe-mail.net> <20040824101529.U78529@willy_wonka> Message-ID: <200408241557.39682.saulinux@safe-mail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 24 Aug 2004 15:18, Atom 'Smasher' wrote: > On Tue, 24 Aug 2004, simon wrote: > > here is the command and output from a shell ; > > [root@localhost simon]# /usr/sbin/chkrootkit 2>&1 | gpg > > --trust-model always -ear F679C9E6223DC22B | mail -s > > "chkrootkit output" saulinux@safe-mail.net > > gpg: F679C9E6223DC22B: skipped: public key not found > > gpg: [stdin]: encryption failed: public key not found > > Where am I going wrong? Is the command OK? My public key is > > valid and on my keyring, why isn't it being seen? > > Simon. > > =============== > > the cron job is run by root? > > is your key in the keyring at "~root/.gnupg/"? > This is the latest version of the command; /usr/sbin/chkrootkit 2>&1 | gpg - --keyring /home/simon/.gnupg/pubring.gpg --trust-model always -ear 0xE94E2292 | mail -s "chkrootkit output" saulinux@safe-mail.net This produces exactly what I want when run as root on a terminal. However, the same command run as a cron job by root falls down; "Output from command /usr/sbin/chkrootkit 2>&1 | gpg - --keyring /home/simon/.gnupg/pubring.gpg --trust-model always -ear 0xE94E2292 | mail -s "chkrootkit output" saulinux@safe-mail.net .. gpg: fatal: ~/.gnupg: can't create directory: No such file or directory secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 Null message body; hope that's ok" Any ideas? Simon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBK1dhYreSoOlOIpIRAm3FAJ9OkgesVsc0UosFxY5x27BQ+bw2ZQCeORgL kV83/fd2+TWA9ByaG+mw64k= =bwau -----END PGP SIGNATURE----- From wk at gnupg.org Wed Aug 25 09:29:29 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 25 09:28:41 2004 Subject: Encrypting Cron job email output. In-Reply-To: <200408241557.39682.saulinux@safe-mail.net> (saulinux@safe-mail.net's message of "Tue, 24 Aug 2004 15:57:29 +0100") References: <200408231129.37612.saulinux@safe-mail.net> <200408241446.10362.saulinux@safe-mail.net> <20040824101529.U78529@willy_wonka> <200408241557.39682.saulinux@safe-mail.net> Message-ID: <87d61fekva.fsf@wheatstone.g10code.de> On Tue, 24 Aug 2004 15:57:29 +0100, simon said: > gpg: fatal: ~/.gnupg: can't create directory: No such file or $HOME is not set in the cron environment. gpg --homedir /home/simon/.gnupg --trust-model always -ear 0xE94E2292 is probably the easiest way to solve this. Werner From atom at suspicious.org Wed Aug 25 09:52:35 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Aug 25 09:49:30 2004 Subject: gpgv - making it silent Message-ID: <20040825035126.C78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 is there a way to make gpgv silent? it seems to send output to tty, but doesn't have a --no-tty option. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The real truth of the matter is, as you and I know, that a financial element in the large centers has owned the government of the U.S. since the days of Andrew Jackson." -- Franklin Delano Roosevelt, November 21st, l933 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBLEVJAAoJEAx/d+cTpVciq9AH+wXt8SVpAz/0ZrU9EafWX0+4 1tiky8MCG9hBEQw0FFWCNEQ4WG75eyF80FDpGYLpAc+AHNcg+Yr0gQmJaXNrpyeg VskSlKyLQmvQSqfG0mG7Kh4YPspnpgWEvEpuccpBh1V4mf3RqBJKUXIcBlz5bW8x OEwsWSjs/cNmHNfcrYIavbQIJ7WMHB2rOdfVLXruARHpzIkGVN6tj8ro5A2SbAGR 2mUiXactBi2j1wRldtWfGyH6HpooYobv3Ta6BUNHzhrqN7ETxX0GPeY7xKCQUXbF eENKKyFIeOypJ07sn8ljej/B6t3b0pSLod8Ajo1KfTKYGf9LiAqB7xiK1stimpM= =9HKs -----END PGP SIGNATURE----- From saulinux at safe-mail.net Wed Aug 25 10:34:27 2004 From: saulinux at safe-mail.net (simon) Date: Wed Aug 25 10:28:02 2004 Subject: Encrypting Cron job email output. In-Reply-To: <87d61fekva.fsf@wheatstone.g10code.de> References: <200408231129.37612.saulinux@safe-mail.net> <200408241557.39682.saulinux@safe-mail.net> <87d61fekva.fsf@wheatstone.g10code.de> Message-ID: <200408250934.37427.saulinux@safe-mail.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 25 Aug 2004 08:29, Werner Koch wrote: > On Tue, 24 Aug 2004 15:57:29 +0100, simon said: > > gpg: fatal: ~/.gnupg: can't create directory: No such file or > > $HOME is not set in the cron environment. > > gpg --homedir /home/simon/.gnupg --trust-model always -ear > 0xE94E2292 > > is probably the easiest way to solve this. > > Werner Thanks Werner, that works fine. When I run the Cron job it gives the following message after it has done its job, gpg: WARNING: unsafe ownership on homedir "/home/simon/.gnupg/" Is that a problem?? Simon. - -- Registered Linux user number 359744. My PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE94E2292 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBLE8bYreSoOlOIpIRAiY0AKC2yI+KDKoFAiMuyVHNyMwuQVafaQCgpagT GHfq2X8QGm+D07NYL9XRW6Q= =Npt5 -----END PGP SIGNATURE----- From wk at gnupg.org Wed Aug 25 10:34:41 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Aug 25 10:33:41 2004 Subject: gpgv - making it silent In-Reply-To: <20040825035126.C78529@willy_wonka> (atom@suspicious.org's message of "Wed, 25 Aug 2004 03:52:35 -0400 (EDT)") References: <20040825035126.C78529@willy_wonka> Message-ID: <874qmrehum.fsf@wheatstone.g10code.de> On Wed, 25 Aug 2004 03:52:35 -0400 (EDT), Atom 'Smasher' said: > is there a way to make gpgv silent? > it seems to send output to tty, but doesn't have a --no-tty option. I can't see that and a quick check with strace does not show any pen call to a tty. Werner From atom at suspicious.org Wed Aug 25 10:42:41 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Aug 25 10:39:34 2004 Subject: gpgv - making it silent In-Reply-To: <874qmrehum.fsf@wheatstone.g10code.de> References: <20040825035126.C78529@willy_wonka> <874qmrehum.fsf@wheatstone.g10code.de> Message-ID: <20040825043932.B78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, 25 Aug 2004, Werner Koch wrote: > I can't see that and a quick check with strace does not show any pen > call to a tty. ================== user error... time to go to bed... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. This is not a way of life at all in any true sense. Under the clouds of war, it is humanity hanging on a cross of iron." -- Dwight Eisenhower, April 16, 1953 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBLFEGAAoJEAx/d+cTpVcieW8H/Rv+8uVcEuk+zugavMLslyKh wS9stAqcaIiQ/cu6gJzbB82U6v5wbIPqPK3RRo4NfuWr8cextcOFjYWIBvT6t924 bahttKSVSixJFcdzk5Y54FXXr2in+rLQ8nBwEkUfLNVoj/7DMm/kvob9tzu6xcgN JIGZnyCPFpmugNd3hKJqMyctE87w8X0yB30GE3Ssj66AhykIeqtirai5CZks8w9o 8TD9oOD0zvdjVlCYxTRvPnb740N0sxlKPF8yXUoAw9yIGQKDabNrmRJpFM1hKnuM ipLFSgNBZRDp2o4LnGKkzW2eAicXF96tMD4aJHYsJsQLyDfEaErMh901i2KkJ+w= =/JUV -----END PGP SIGNATURE----- From atom at suspicious.org Wed Aug 25 10:51:08 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Aug 25 10:48:10 2004 Subject: Encrypting Cron job email output. In-Reply-To: <200408250934.37427.saulinux@safe-mail.net> References: <200408231129.37612.saulinux@safe-mail.net> <200408241557.39682.saulinux@safe-mail.net> <87d61fekva.fsf@wheatstone.g10code.de> <200408250934.37427.saulinux@safe-mail.net> Message-ID: <20040825044324.S78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, 25 Aug 2004, simon wrote: > Thanks Werner, that works fine. When I run the Cron job it gives the > following message after it has done its job, > > gpg: WARNING: unsafe ownership on homedir "/home/simon/.gnupg/" > > Is that a problem?? ====================== what user owns the cron job? what user owns the keyring? if they're not the same, you could create problems. assuming that the cron job is being run by "root" and the keyring is owned by "simon"... root's gpg process will see that the keyring is owned by another user. the solution is to import the public keys you need into root's keyring, and then you may (or may not) need to specify "--homedir ~root/.gnupg/". ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Our job is to give people not what they want, but what we decide they ought to have." -- Richard Salant - Former President of CBS News -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBLFMDAAoJEAx/d+cTpVciMCIH/39puHAot8GXLhO5hPxs3O89 D1z/Kkot6xOpUsh4jgg+5R1EnlN9hzN/K34+qB4pcn9OfXvYwstLndN4JlZlDcZ9 GWVAfb2CCR2uPfF9HMiQ5yAvbHWhwz4O9TFBpH8RhlbT5EkDlVwzDuvcG+QT1stg 6pJUhfuxYu49QL86eAZ+vWO63kFCTN9K7VJnC8BK0WGl4xoJ9yRjIrFP6BKH7E+A HUdvmzFzkY39WPUjItKRaCBXcNU0Ojxbg0TUMLTKff4Rnqr3inlBR7Z+rwTlVGP0 fs+LruMOiO7j7NUx6rWLD8SJi1qIV/vmcm7Nd6sf2PjibClM/5l/+Wn9fwW75v4= =OLnK -----END PGP SIGNATURE----- From linux at codehelp.co.uk Wed Aug 25 11:15:38 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Aug 25 11:12:11 2004 Subject: Encrypting Cron job email output. In-Reply-To: <200408250934.37427.saulinux@safe-mail.net> References: <200408231129.37612.saulinux@safe-mail.net> <87d61fekva.fsf@wheatstone.g10code.de> <200408250934.37427.saulinux@safe-mail.net> Message-ID: <200408251015.43826.linux@codehelp.co.uk> On Wednesday 25 August 2004 9:34, simon wrote: > When I run the Cron job it gives the > following message after it has done its job, > > gpg: WARNING: unsafe ownership on homedir "/home/simon/.gnupg/" Normally you'd use chmod 700 /home/simon/.gnupg/ If you are still running the cron job as root (is it possible to run it as a user and use SUID?), use --no-permission-warning from man gpg > Is that a problem?? Only that the cron daemon will generate email to you if any task generates output like that. > Simon. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040825/6ba9a3d7/attachment.bin From mandreiana at rdslink.ro Wed Aug 25 14:30:21 2004 From: mandreiana at rdslink.ro (Marius Andreiana) Date: Wed Aug 25 14:18:33 2004 Subject: encrypted string always the same Message-ID: <1093437021.2646.8.camel@marte.biciclete.ro> Hi I saw everytime a text is encrypted with the same public key, the result is different. I'm trying to store gpg-encrypted values in a database, but would like to be able to tell if a user-entered value matches the encrypted one in database (by crypting it with the same public key). Is it possible? Any options I could pass to gpg so it always encrypts with the same result? I realize this makes it vulnerable to brute-force attack (I encrypt short 4-digit strings and other short stuff). Thanks! -- Marius Andreiana Galuna - Solutii Linux in Romania http://www.galuna.ro From linux at codehelp.co.uk Wed Aug 25 14:56:32 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Aug 25 14:53:02 2004 Subject: encrypted string always the same In-Reply-To: <1093437021.2646.8.camel@marte.biciclete.ro> References: <1093437021.2646.8.camel@marte.biciclete.ro> Message-ID: <200408251356.35610.linux@codehelp.co.uk> On Wednesday 25 August 2004 1:30, Marius Andreiana wrote: > I saw everytime a text is encrypted with the same public key, the result > is different. Try encrypting using a symmetric cipher. from man gpg: -c, --symmetric Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the --cipher-algo option. > I'm trying to store gpg-encrypted values in a database, but would like > to be able to tell if a user-entered value matches the encrypted one in > database (by crypting it with the same public key). Wouldn't 'crypt' do the same thing? SQL already handles this using the password() function. It's a one-way encryption that just compares the encrypted hash, as stored in a suitable varchar field. select credit_card from subscribers where password = password(user_value); :-) > I realize this makes it vulnerable to brute-force attack (I encrypt > short 4-digit strings and other short stuff). In the same way as 'crypt' isn't invulnerable. You obviously have to guard against someone obtaining the cipher text itself - which would normally be public with gpg defaults - as this could be used to sidestep your security. select credit_card from subscribers where password = user_value limit 1; -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040825/ac0518e9/attachment.bin From atom at suspicious.org Wed Aug 25 18:42:21 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Aug 25 18:39:33 2004 Subject: encrypted string always the same In-Reply-To: <200408251356.35610.linux@codehelp.co.uk> References: <1093437021.2646.8.camel@marte.biciclete.ro> <200408251356.35610.linux@codehelp.co.uk> Message-ID: <20040825114017.R78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, 25 Aug 2004, Neil Williams wrote: > On Wednesday 25 August 2004 1:30, Marius Andreiana wrote: >> I saw everytime a text is encrypted with the same public key, the result >> is different. > > Try encrypting using a symmetric cipher. > from man gpg: > -c, --symmetric > Encrypt with a symmetric cipher using a passphrase. The > default symmetric cipher used is CAST5, but > may be chosen with the --cipher-algo option. ================= that will still produce different output using the same input, because the user supplied passphrase is salted... try this a few times with the same passphrase, and you'll see different output: echo test | gpg -ac >> I'm trying to store gpg-encrypted values in a database, but would like >> to be able to tell if a user-entered value matches the encrypted one in >> database (by crypting it with the same public key). > > Wouldn't 'crypt' do the same thing? SQL already handles this using the > password() function. It's a one-way encryption that just compares the > encrypted hash, as stored in a suitable varchar field. ================== that's also salted, but you can use it for password verification by specifying the salt. understanding that this is insecure for several reasons (mostly the use of a 4 digit PIN), the easiest way to do this without making it *instantly* obvious (but it would be obvious within minutes) to an attacker, is to add a row to the database and store: md5($pin) an attacker can't use "81dc9bdb52d04dc20036dbd8313ed055" as a PIN, but you can use that to verify that a user's PIN is "1234". of course, any system you use to hash a four digit pin can't be any stronger than searching the key-space of a four digit PIN... which is about a 13 bit key-space (will you advertise that this application uses 13 bit security?). it's impractical to think you're safe from a dictionary attack, if the hashed passwords are lost or stolen... how long would it take to run: for n in {0000..9999} do md5 -s $n done (that syntax works for zsh/freebsd; bash/linux will be slightly different) on my modest desktop, it takes under a minute to search the entire keyspace... even if you could encrypt PINs with a public key, without a salt, the 13 bit key-space makes it trivial to find a collision... one would have to assume that an attacker has the public key. if making it more complicated doesn't make it more secure, then keep it simple. using a crypt() function in the database, instead of the md5 method described above, forces an attacker to spend 30 seconds on each PIN, instead of finding all PINs within 30 seconds... i'm not sure if that's a real advantage... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your species. I realized that you're not actually mammals. Every mammal on this planet instinctively develops a natural equilibrium with the surrounding environment, but you humans do not. You move to an area, and you multiply, and multiply, until every natural resource is consumed. The only way you can survive is to spread to another area. There is another organism on this planet that follows the same pattern. A virus. Human beings are a disease, a cancer of this planet, you are a plague, and we are the cure." -- Agent Smith, The Matrix -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBLMFzAAoJEAx/d+cTpVciviQH/A8jz1n+reNRQxD3xHB3sNaT oVeCgUEmTk6lfn4IT94iu9J6aemiSI14niUF6vK9FdsJSD6xC4a8MLg/gJbsUPvd 9um6OeXTAxknz71tCrmRISwCcsGNZwtmeEW62tykNFVGzUq7lJJxx0wCAD9QYoVB xFQaukbZS/nz6y3wFnzmTNNcB/M+IOD64rRLW59vyfiNbEUVfOA4sKvKoKB2G9sD UZtwBdMhiCDNEdDNXSbXFo7QE+pHiff73YzKNj+2QCx2+q2yn0adJ+vcskhKX0nA up5taZl4EHCLE1ydF763lUleWwI52fP61SwH427wTIP9d6XCnQbjOqY9UlNymuU= =1KuP -----END PGP SIGNATURE----- From wk at gnupg.org Thu Aug 26 09:54:42 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 26 09:53:41 2004 Subject: encrypted string always the same In-Reply-To: <20040825114017.R78529@willy_wonka> (atom@suspicious.org's message of "Wed, 25 Aug 2004 12:42:21 -0400 (EDT)") References: <1093437021.2646.8.camel@marte.biciclete.ro> <200408251356.35610.linux@codehelp.co.uk> <20040825114017.R78529@willy_wonka> Message-ID: <877jrmbagt.fsf@wheatstone.g10code.de> On Wed, 25 Aug 2004 12:42:21 -0400 (EDT), Atom 'Smasher' said: > about a 13 bit key-space (will you advertise that this application > uses 13 bit security?). it's impractical to think you're safe from a > dictionary attack, if the hashed passwords are lost or stolen... how Unless the account is disabled after, say, 3 false tries. However this is a perfect DoS and thus only useful in some domains; for sure not when connections are expected from a prublic network. Werner From og at pre-secure.de Thu Aug 26 10:25:42 2004 From: og at pre-secure.de (Olaf Gellert) Date: Thu Aug 26 10:37:07 2004 Subject: Automatic Encryption Message-ID: <412D9E86.9080907@pre-secure.de> Hi all, I am trying to use GPG for automatic encryption of files, called by a script. My first attempt would be something like gpg --batch -a --yes -notty -r 0x799241C1 --encrypt file What I do get is: gpg: 799241C1: There is no indication that this key really belongs to the owner gpg: todo: encryption failed: unusable public key Ok, seems that GPG has a look into the trustdb. But on this system I do not want to maintain a trustdb, so I would like to tell GPG "yes, sure, do as I said" on the command line. Any ideas? Cheers, Olaf P.S.: Sometimes I wonder what the options "--batch" and "-notty" and "--yes" are good for if they are not always evaluated by GPG. If I call GPG with gpg --yes -notty -r 0x799241C1 --encrypt todo I am asked if gpg should really use this key. Well, why does GPG assume I did not mean "YES" and "NOTTY"? -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE og@pre-secure.de A daily view on Internet Attacks https://www.ecsirt.net/sensornet From mandreiana at rdslink.ro Thu Aug 26 07:53:13 2004 From: mandreiana at rdslink.ro (Marius Andreiana) Date: Thu Aug 26 10:41:53 2004 Subject: encrypted string always the same In-Reply-To: <20040825114017.R78529@willy_wonka> References: <1093437021.2646.8.camel@marte.biciclete.ro> <200408251356.35610.linux@codehelp.co.uk> <20040825114017.R78529@willy_wonka> Message-ID: <1093499593.2646.8.camel@marte.biciclete.ro> Hi Atom, thank you for the very helpful reply. For security, we'll give up search on those items and store it encrypted with gnupg. -- Marius Andreiana Galuna - Solutii Linux in Romania http://www.galuna.ro From atom at suspicious.org Thu Aug 26 11:06:54 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Thu Aug 26 11:04:22 2004 Subject: Automatic Encryption In-Reply-To: <412D9E86.9080907@pre-secure.de> References: <412D9E86.9080907@pre-secure.de> Message-ID: <20040826050547.R78529@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 26 Aug 2004, Olaf Gellert wrote: > Ok, seems that GPG has a look into the trustdb. > But on this system I do not want to maintain a trustdb, > so I would like to tell GPG "yes, sure, do as I said" > on the command line. > > Any ideas? ================ - --trust-model always ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Have you any idea how successful censorship is on TV? Don't know the answer? Hmm. Successful. Isn't it?" -- Max Headroom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBLag0AAoJEAx/d+cTpVcicHUIAI41hwbPIB5HvBesw2Py4khx bO1/iqrZAfR/0ydq+pfpPQZSrmjVcoRoe2m+MeYwpO+lN0QGkFvv5CbXAM3EZOqB TfnkubU2w2/5/80tz+dHbjTmd3MDDai/uiQuirhQCL0wQsmxRSqEeBAfiT7xq5BP tjed/iF2RTYs1ZjWoXevdWtXebcxx17SwGvwMWds6bsrB2L2/u2imkpZObrmbFns D8c+6WIHaXf4aHDsufY+/RmIlFF1lMpXdC0PD7qGD/sC39iUw8BVG3FBswRbMl0B YStOwbew786o3np/hyTVINROZGsPuYV4EHbcTucvhGMk1TZiR44BkZ88dlYYb9I= =QgLO -----END PGP SIGNATURE----- From wk at gnupg.org Thu Aug 26 12:07:34 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 26 12:35:42 2004 Subject: [Announce] GnuPG 1.2.6 released Message-ID: <87hdqq9pqx.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.6 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. This is mainly a bug fix release. In particular it fixes the installation problem of 1.2.5; for details see the "What's New" section below. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.2.6 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.2.6.tar.bz2 (2490k) gnupg-1.2.6.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.2.6.tar.gz (3608k) gnupg-1.2.6.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.2.5-1.2.6.diff.gz (305k) A patch file to upgrade a 1.2.5 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. Note that there is no binary version for Windows because the fixed bugs are not relevant on Windows. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.2.6.tar.bz2 you would use this command: gpg --verify gnupg-1.2.6.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. I recently prolonged the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! * If you are not able to use an old version of GnuPG, you have to verify the MD5 checksum. Assuming you downloaded the file gnupg-1.2.6.tar.bz2, you would run the md5sum command like this: md5sum gnupg-1.2.6.tar.bz2 and check that the output matches the first line from the following list: b1890f5dfacd2ba7ab15448c5ff08a4e gnupg-1.2.6.tar.bz2 56b10a6f444fff2565f4d960a11b2206 gnupg-1.2.6.tar.gz 3d5199fd729e2cf254a267c6935eeeaf gnupg-1.2.5-1.2.6.diff.gz Upgrade Information =================== If you are upgrading from a version prior to 1.0.7, you should run the script tools/convert-from-106 once. Please note also that due to a bug in versions prior to 1.0.6 it may not be possible to downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . If you have any problems, please see the FAQ and the mailing list archive at http://lists.gnupg.org. Please direct questions to the gnupg-users@gnupg.org mailing list. What's New =========== Here is a list of major user visible changes since 1.2.6: * Updated the included gettext. This also fixes the installation problem from 1.2.5 * Fixed a race condition possibly leading to deleted keys. Internationalization ==================== GnuPG comes with support for 28 languages: American English Indonesian (id) Bela-Russian (be)[*] Italian (it) Catalan (ca) Japanese (ja)[*] Czech (cs) Polish (pl) Danish (da)[*] Brazilian Portuguese (pt_BR)[*] Dutch (nl) Portuguese (pt)[*] Esperanto (eo)[*] Romanian (ro) Estonian (et) Russian (ru) Finnish (fi) Slovak (sk) French (fr) Spanish (es) Galician (gl)[*] Swedish (sv)[*] German (de) Traditional Chinese (zh_TW)[*] Greek (el) Simplified Chinese (zh_CN) Hungarian (hu) Turkish (tr) Languages marked with [*] were not updated for this release and you may notice untranslated messages. Many thanks to the translators for their ongoing support of GnuPG. Future Directions ================= GnuPG 1.2.x is the current stable branch and won't undergo any serious changes. We will just fix bugs and add compatibility fixes as required. GnuPG 1.3.x is the version were we do most new stuff and it will lead to the next stable version 1.4 not too far away. GnuPG 1.9.x is next generation GnuPG. This version merged the code >From the Aegypten project and thus it includes the gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we may not support all ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. 1.9 is based on an somewhat older 1.3 code and will peacefully coexist with other GnuPG versions. Happy Hacking, The GnuPG Team (David, Stefan, Timo and Werner) -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From wk at gnupg.org Thu Aug 26 13:57:02 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 26 13:58:42 2004 Subject: Automatic Encryption In-Reply-To: <412D9E86.9080907@pre-secure.de> (Olaf Gellert's message of "Thu, 26 Aug 2004 10:25:42 +0200") References: <412D9E86.9080907@pre-secure.de> Message-ID: <87acwi9koh.fsf@wheatstone.g10code.de> On Thu, 26 Aug 2004 10:25:42 +0200, Olaf Gellert said: > P.S.: Sometimes I wonder what the options "--batch" and > "-notty" and "--yes" are good for if they are not --batch is used for unattended use and it should never ask the user. --no-tty is hack to avoid the opening /dev/tty; I am not sure whether it is still useful. --yes Assume yes on some interactive prompts. In some cases it does not get used becuase yes might not be the right answer on the question, although is is used with other questions. As Atom wrote, you want to use the options --batch --trust-model always Werner p.s. Atom, as you see, I have meanwhile learned that the very old option --always-trust (orginally implemnted for Mutt) has been replaced by a more flexible one ;-) From shavital at mac.com Thu Aug 26 16:06:24 2004 From: shavital at mac.com (Charly Avital) Date: Thu Aug 26 16:03:55 2004 Subject: [Announce] GnuPG 1.2.6 released In-Reply-To: <87hdqq9pqx.fsf@wheatstone.g10code.de> References: <87hdqq9pqx.fsf@wheatstone.g10code.de> Message-ID: <1D631EEC-F769-11D8-BCA9-00039307843A@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 26, 2004, at 1:07 PM, Werner Koch wrote: > Hello! > > We are pleased to announce the availability of a new stable GnuPG > release: Version 1.2.6 > [...] Compiled and installed under Mac OS X 10.3.5, Darwin 7.5.0. Included idea, and enabled sha512- No installation problems. Runs fine. > Future Directions > ================= > [...] > GnuPG 1.3.x is the version were we do most new stuff and it will lead > to the next stable version 1.4 not too far away. Running 1.3.6 on a different computer. Fine. > > GnuPG 1.9.x is next generation GnuPG. This version merged the code > From the Aegypten project and thus it includes the gpg-agent, a > smartcard daemon and gpg's S/MIME cousin gpgsm. The design is > different to the previous versions and we may not support all ancient > systems - thus POSIX compatibility will be an absolute requirement for > supported platforms. 1.9 is based on an somewhat older 1.3 code and > will peacefully coexist with other GnuPG versions. I hope it will support Mac OS X, and thank you for it in advance. > > > Happy Hacking, > > > The GnuPG Team (David, Stefan, Timo and Werner) > > [...] Many thanks to the Team, for all your work. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: GnuPG for Privacy iD8DBQFBLe598SG5rMkbCF4RAu/NAKDAhZ6IezSOPAWtX8iq8ypDSy1nHACg0FFM Zq1gCVL/Q23fd0WZDW/JXcY= =jkwq -----END PGP SIGNATURE----- From wk at gnupg.org Thu Aug 26 17:12:09 2004 From: wk at gnupg.org (Werner Koch) Date: Thu Aug 26 17:13:43 2004 Subject: [Announce] GnuPG 1.2.6 released In-Reply-To: <1D631EEC-F769-11D8-BCA9-00039307843A@mac.com> (Charly Avital's message of "Thu, 26 Aug 2004 17:06:24 +0300") References: <87hdqq9pqx.fsf@wheatstone.g10code.de> <1D631EEC-F769-11D8-BCA9-00039307843A@mac.com> Message-ID: <873c2a7x2u.fsf@wheatstone.g10code.de> On Thu, 26 Aug 2004 17:06:24 +0300, Charly Avital said: > I hope it will support Mac OS X, and thank you for it in advance. Not yet I think but we are working towards it. Thanks, Werner From mroth at nessie.de Thu Aug 26 18:51:52 2004 From: mroth at nessie.de (Michael Roth) Date: Thu Aug 26 18:48:39 2004 Subject: Key Signing Party in =?iso-8859-1?q?Z=FCrich=2C_on_Friday_3=2E_Se?= =?iso-8859-1?q?ptember?= Message-ID: <412E1528.9040305@nessie.de> Hello list, There will be a key singing event in Z?rich on Friday, 3. September. Your key must have been added to the keyring till 2. September. You don't need to register on the conference and pay a fee if you would like to only participate on the key singing session. Details at: http://www.suug.ch/sucon/04/social.html Michael Roth -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 222 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040826/79243f11/signature.bin From commercial at acamedia.org Thu Aug 26 19:30:09 2004 From: commercial at acamedia.org (Jens) Date: Thu Aug 26 19:29:43 2004 Subject: 8-bit message encrypted by gnupg appears as 7-bit after decryption? Message-ID: <200408262030.09527.commercial@acamedia.org> this might be a silly question but my curiosity has not been satisfied after three days of continuous web searching so i hope somebody will humour me. kmail encodes some of my utf-8 emails as base64. this happens when i dont allow 8bit and when i type arabic. my question is this: after an outgoing message is encrypted with gnupg the body of the message appears as 7bit. meaning that when it arrives as the recipient he/she will have no way of knowing the original encoding after decryption. does this never cause problems? how can the mua know whether the original email was 7bit, 8bit or base64? i should also say that i have not had any problems but then again you rarely do when emailing yourself. i would just really like to know how the recipient knows what type of body he is dealing with. thanks From johanw at vulcan.xs4all.nl Thu Aug 26 23:48:32 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Aug 26 23:46:42 2004 Subject: [Announce] GnuPG 1.2.6 released In-Reply-To: <87hdqq9pqx.fsf@wheatstone.g10code.de> from Werner Koch at "Aug 26, 2004 12:07:34 pm" Message-ID: <200408262148.XAA00406@vulcan.xs4all.nl> Werner Koch wrote: >We are pleased to announce the availability of a new stable GnuPG >release: Version 1.2.6 Compiles and works fine here, also on the old systems. BTW, no windows executable this time? Does the fixed race condition never occur under win32? -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From tyketto at sbcglobal.net Fri Aug 27 00:22:33 2004 From: tyketto at sbcglobal.net (A Guy Called Tyketto) Date: Fri Aug 27 00:19:22 2004 Subject: [Announce] GnuPG 1.2.6 released In-Reply-To: <87hdqq9pqx.fsf@wheatstone.g10code.de> References: <87hdqq9pqx.fsf@wheatstone.g10code.de> Message-ID: <20040826222233.GA15614@sbcglobal.net> On Thu, Aug 26, 2004 at 12:07:34PM +0200, Werner Koch wrote: > Hello! > > We are pleased to announce the availability of a new stable GnuPG > release: Version 1.2.6 > Unfortunately, this fails to build on Solaris 2.8. Here's what I get: if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I/usr/include -g -O2 -Wall -MT mpih-mul3.o -MD -MP -MF ".deps/mpih-mul3.Tpo" \ -c -o mpih-mul3.o `test -f 'mpih-mul3.c' || echo './'`mpih-mul3.c; \ then mv -f ".deps/mpih-mul3.Tpo" ".deps/mpih-mul3.Po"; \ else rm -f ".deps/mpih-mul3.Tpo"; exit 1; \ fi gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-add1.S | grep -v '^#' > _mpih-add1.s gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I/usr/include -g -O2 -Wall -c _mpih-add1.s /usr/ccs/bin/as: "_mpih-add1.s", line 23: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 26: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 37: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 41: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 43: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 45: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 47: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 49: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 51: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 53: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 55: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 57: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 59: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 61: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 63: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 77: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 79: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 81: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 90: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 91: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 100: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 101: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 132: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 135: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 144: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 146: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 146: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 147: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 148: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 148: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 149: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 150: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 152: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 152: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 153: error: detect global register use not covered .register pseudo-op . . . . /usr/ccs/bin/as: "_mpih-add1.s", line 197: error: detect global register use not covered .register pseudo-op /usr/ccs/bin/as: "_mpih-add1.s", line 198: error: detect global register use not covered .register pseudo-op gmake[2]: *** [mpih-add1.o] Error 1 gmake[2]: Leaving directory `/tmp/.tyketto/gnupg-1.2.6/mpi' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/tmp/.tyketto/gnupg-1.2.6' gmake: *** [all] Error 2 Same error repeats until line 198. I avoided 1.2.5 on Solaris due to the install issue, but I just tried this, and the same happened. 1.2.4 compiled cleanly. BL. -- Brad Littlejohn | Email: tyketto@sbcglobal.net Unix Systems Administrator, | tyketto@ozemail.com.au Web + NewsMaster, BOFH.. Smeghead! :) | http://www.sbcglobal.net/~tyketto PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569 F620 C819 199A E319 F0BF -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040826/4379ccff/attachment.bin From Matthew.van.Eerde at hbinc.com Fri Aug 27 01:06:23 2004 From: Matthew.van.Eerde at hbinc.com (Matthew.van.Eerde@hbinc.com) Date: Fri Aug 27 01:03:16 2004 Subject: 8-bit message encrypted by gnupg appears as 7-bit after decryption? Message-ID: <61192FA29C719B469A2B13E57DEDF75B0300F179@mail.hbinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jens wrote: > this might be a silly question but my curiosity has not been > satisfied after three days of continuous web searching so i hope > somebody will humour me. > > kmail encodes some of my utf-8 emails as base64. this happens when i > dont allow 8bit and when i type arabic. base64 use 7-bit safe characters. > my question is this: after an outgoing message is encrypted with > gnupg the body of the message appears as 7bit. meaning that when it > arrives as the recipient he/she will have no way of knowing the > original encoding after decryption. gnupg uses 7-bit safe characters. Is the base64 encoding being encrypted, or the original 8bit data? I'd guess the original 8bit data. > does this never cause problems? how can the mua know whether the > original email was 7bit, 8bit or base64? It doesn't know or care. It gets the 7bit encrypted data and passes it on to gnupg. gnupg decrypts the original contents - probably the 8bit data. > i should also say that i have not had any problems but then again you > rarely do when emailing yourself. i would just really like to know > how the recipient knows what type of body he is dealing with. > > thanks Test by getting a free webmail account and emailing something there? Matthew.van.Eerde@hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," -----BEGIN PGP SIGNATURE----- Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc iD8DBQFBLmzrUQQr0VWaglwRAkzrAJ0dW7SqCAydi5v78I1RSH6mWxSCtACdF3Lc ju6tm4zj0lfDKe9BsyYq3/o= =wEHo -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Aug 27 01:06:38 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Aug 27 01:04:01 2004 Subject: [Announce] GnuPG 1.2.6 released In-Reply-To: <20040826222233.GA15614@sbcglobal.net> References: <87hdqq9pqx.fsf@wheatstone.g10code.de> <20040826222233.GA15614@sbcglobal.net> Message-ID: <20040826230637.GA4164@jabberwocky.com> On Thu, Aug 26, 2004 at 03:22:33PM -0700, A Guy Called Tyketto wrote: > On Thu, Aug 26, 2004 at 12:07:34PM +0200, Werner Koch wrote: > > Hello! > > > > We are pleased to announce the availability of a new stable GnuPG > > release: Version 1.2.6 > > > > > Unfortunately, this fails to build on Solaris 2.8. Here's what I get: > > if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I/usr/include -g -O2 > -Wall -MT mpih-mul3.o -MD -MP -MF ".deps/mpih-mul3.Tpo" \ > -c -o mpih-mul3.o `test -f 'mpih-mul3.c' || echo './'`mpih-mul3.c; \ > then mv -f ".deps/mpih-mul3.Tpo" ".deps/mpih-mul3.Po"; \ > else rm -f ".deps/mpih-mul3.Tpo"; exit 1; \ > fi > gcc -E -I.. -I../include -DHAVE_CONFIG_H mpih-add1.S | grep -v '^#' > > _mpih-add1.s > gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I/usr/include -g -O2 > -Wall -c _mpih-add1.s > /usr/ccs/bin/as: "_mpih-add1.s", line 23: error: detect global register use > not covered .register pseudo-op [etc] What processor do you have? Offhand, I don't see any changes in the MPI code that would do this. There were barely any changes at all in the MPI code between 1.2.4 and 1.2.6, and the few were for OpenBSD and HPUX. What does 'head -2 mpi/asm-syntax.h' return? David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 251 bytes Desc: not available Url : /pipermail/attachments/20040826/536f1de4/attachment-0001.bin From tyketto at sbcglobal.net Fri Aug 27 01:39:05 2004 From: tyketto at sbcglobal.net (A Guy Called Tyketto) Date: Fri Aug 27 01:35:50 2004 Subject: [Announce] GnuPG 1.2.6 released In-Reply-To: <20040826230637.GA4164@jabberwocky.com> References: <87hdqq9pqx.fsf@wheatstone.g10code.de> <20040826222233.GA15614@sbcglobal.net> <20040826230637.GA4164@jabberwocky.com> Message-ID: <20040826233905.GA22576@sbcglobal.net> On Thu, Aug 26, 2004 at 07:06:38PM -0400, David Shaw wrote: > On Thu, Aug 26, 2004 at 03:22:33PM -0700, A Guy Called Tyketto wrote: > > On Thu, Aug 26, 2004 at 12:07:34PM +0200, Werner Koch wrote: > > > Hello! > > > > > > We are pleased to announce the availability of a new stable GnuPG > > > release: Version 1.2.6 > > > > > > > > > Unfortunately, this fails to build on Solaris 2.8. Here's what I get: > > > > [etc] > > What processor do you have? Offhand, I don't see any changes in the > MPI code that would do this. There were barely any changes at all in > the MPI code between 1.2.4 and 1.2.6, and the few were for OpenBSD and > HPUX. My mistake here. apparently one of my other admins upgraded the box. We're on Solaris 2.9 now. Here's what I get from fpversion(1): pioneer% fpversion A SPARC-based CPU is available. Kernel says CPU's clock rate is 500.0 MHz. Kernel says main memory's clock rate is 100.0 MHz. Sun-4 floating-point controller version 0 found. An UltraSPARC chip is available. Use "-xtarget=ultra2e -xcache=16/32/1:256/64/1" code-generation option. Hostid = 0x830BBF73. pioneer% uname -a SunOS bugsy 5.9 Generic_117171-02 sun4u sparc SUNW,UltraAX-i2 > What does 'head -2 mpi/asm-syntax.h' return? For 1.2.5 after ./configure: /* created by config.links - do not edit */ /* Target: sparc-sun-solaris2.9 */ For 1.2.6 after ./configure: /* created by config.links - do not edit */ /* Target: sparc-sun-solaris2.9 */ options passed each time were --prefix=$HOME --enable-static-rnd=linux --disable-nls --with-zlib=/usr --with-bzip2=/usr BL. -- Brad Littlejohn | Email: tyketto@sbcglobal.net Unix Systems Administrator, | tyketto@ozemail.com.au Web + NewsMaster, BOFH.. Smeghead! :) | http://www.sbcglobal.net/~tyketto PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569 F620 C819 199A E319 F0BF From dshaw at jabberwocky.com Fri Aug 27 02:14:18 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Aug 27 02:11:49 2004 Subject: Solaris 2.9 and 1.2.6 (was Re: GnuPG 1.2.6 released) In-Reply-To: <20040826233905.GA22576@sbcglobal.net> References: <87hdqq9pqx.fsf@wheatstone.g10code.de> <20040826222233.GA15614@sbcglobal.net> <20040826230637.GA4164@jabberwocky.com> <20040826233905.GA22576@sbcglobal.net> Message-ID: <20040827001418.GB4164@jabberwocky.com> On Thu, Aug 26, 2004 at 04:39:05PM -0700, A Guy Called Tyketto wrote: > On Thu, Aug 26, 2004 at 07:06:38PM -0400, David Shaw wrote: > > On Thu, Aug 26, 2004 at 03:22:33PM -0700, A Guy Called Tyketto wrote: > > > On Thu, Aug 26, 2004 at 12:07:34PM +0200, Werner Koch wrote: > > > > Hello! > > > > > > > > We are pleased to announce the availability of a new stable GnuPG > > > > release: Version 1.2.6 > > > > > > > > > > > > > Unfortunately, this fails to build on Solaris 2.8. Here's what I get: > > > > > > > [etc] > > > > What processor do you have? Offhand, I don't see any changes in the > > MPI code that would do this. There were barely any changes at all in > > the MPI code between 1.2.4 and 1.2.6, and the few were for OpenBSD and > > HPUX. > > My mistake here. apparently one of my other admins upgraded the box. > We're on Solaris 2.9 now. Here's what I get from fpversion(1): > > pioneer% fpversion > A SPARC-based CPU is available. > Kernel says CPU's clock rate is 500.0 MHz. > Kernel says main memory's clock rate is 100.0 MHz. > > Sun-4 floating-point controller version 0 found. > An UltraSPARC chip is available. > > Use "-xtarget=ultra2e -xcache=16/32/1:256/64/1" code-generation option. > > Hostid = 0x830BBF73. > pioneer% uname -a > SunOS bugsy 5.9 Generic_117171-02 sun4u sparc SUNW,UltraAX-i2 > > > > What does 'head -2 mpi/asm-syntax.h' return? > > For 1.2.5 after ./configure: > > /* created by config.links - do not edit */ > /* Target: sparc-sun-solaris2.9 */ > > For 1.2.6 after ./configure: > > /* created by config.links - do not edit */ > /* Target: sparc-sun-solaris2.9 */ > > > options passed each time were --prefix=$HOME --enable-static-rnd=linux > --disable-nls --with-zlib=/usr --with-bzip2=/usr Hmm. Does 1.2.4 build cleanly on that box after the upgrade? David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 251 bytes Desc: not available Url : /pipermail/attachments/20040826/13e27c3c/attachment.bin From tyketto at sbcglobal.net Fri Aug 27 02:53:17 2004 From: tyketto at sbcglobal.net (A Guy Called Tyketto) Date: Fri Aug 27 02:50:02 2004 Subject: Solaris 2.9 and 1.2.6 (was Re: GnuPG 1.2.6 released) In-Reply-To: <20040827001418.GB4164@jabberwocky.com> References: <87hdqq9pqx.fsf@wheatstone.g10code.de> <20040826222233.GA15614@sbcglobal.net> <20040826230637.GA4164@jabberwocky.com> <20040826233905.GA22576@sbcglobal.net> <20040827001418.GB4164@jabberwocky.com> Message-ID: <20040827005317.GA23922@sbcglobal.net> On Thu, Aug 26, 2004 at 08:14:18PM -0400, David Shaw wrote: > > > > options passed each time were --prefix=$HOME --enable-static-rnd=linux > > --disable-nls --with-zlib=/usr --with-bzip2=/usr > > Hmm. Does 1.2.4 build cleanly on that box after the upgrade? > > David That, it doesn't. I just gave it a build and got the same error. The version of GnuPG I'm using on there is 1.2.4, but was compiled on Solaris 2.8 before the box was upgraded. This isn't my primary box, so it isn't much of a showstopper for me. But I thought I'd just bring it to everyone's attention. But for anyone using GnuPG on Solaris 2.9, they might need this. BL. -- Brad Littlejohn | Email: tyketto@sbcglobal.net Unix Systems Administrator, | tyketto@ozemail.com.au Web + NewsMaster, BOFH.. Smeghead! :) | http://www.sbcglobal.net/~tyketto PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569 F620 C819 199A E319 F0BF From nouak at zeitform.de Fri Aug 27 11:06:06 2004 From: nouak at zeitform.de (Alexander Nouak) Date: Fri Aug 27 11:02:55 2004 Subject: Error on initial call under Darwin Message-ID: <5483C374-F808-11D8-BB64-000A959B30CC@zeitform.de> Hi, I'm running Mac OS X 10.3.5 (Darwin 7.5.0) and compiled with tiger, new-tiger and sha512. This worked like a charm. However, if I invoke gpg as a user for the very first time these error messages would appear: gpg: failed to create temporary file `/Users//.gnupg/.#lk0x5003f0...1882': Permission denied gpg: keyblock resource `/Users//.gnupg/secring.gpg': Allgemeiner Fehler gpg: failed to create temporary file `/Users//.gnupg/.#lk0x5003f0...1882': Permission denied gpg: keyblock resource `/Users//.gnupg/pubring.gpg': Allgemeiner Fehler "Allgemeiner Fehler" should be translated as "common error" which doesn't mean very much, does it? This happend on two different machines with various users not having a ~/.gnupg directory already. Does anybody know what I possibly could have done wrong? I aim to provide binaries for Mac OS X users so I should be able to compile a version which does not provoke those errors. I appreciate your help. Servus Alexander http://macgpgp.sf.net -- Alexander Nouak zeitform Internet Dienste OHG Fraunhoferstr. 5 64283 Darmstadt, Germany http://www.zeitform.de Tel: +49 (0)6151 155-637 mailto:nouak@zeitform.de Fax: +49 (0)6151 155-634 GnuPG/PGP Key: http://nouak.zeitform.de/GnuPG/ -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 241 bytes Desc: Signierter Teil der Nachricht Url : /pipermail/attachments/20040827/6d9a22d7/PGP.bin From wk at gnupg.org Fri Aug 27 12:24:27 2004 From: wk at gnupg.org (Werner Koch) Date: Fri Aug 27 12:23:47 2004 Subject: Error on initial call under Darwin In-Reply-To: <5483C374-F808-11D8-BB64-000A959B30CC@zeitform.de> (Alexander Nouak's message of "Fri, 27 Aug 2004 11:06:06 +0200") References: <5483C374-F808-11D8-BB64-000A959B30CC@zeitform.de> Message-ID: <87acwg515w.fsf@wheatstone.g10code.de> On Fri, 27 Aug 2004 11:06:06 +0200, Alexander Nouak said: > gpg: failed to create temporary file > `/Users//.gnupg/.#lk0x5003f0...1882': > Permission denied > gpg: keyblock resource `/Users//.gnupg/secring.gpg': Allgemeiner > Fehler Check the permissions on the .gnupg directory. Are you able to do a touch /Users//.gnupg/dummy-file ? From nouak at zeitform.de Fri Aug 27 12:48:49 2004 From: nouak at zeitform.de (Alexander Nouak) Date: Fri Aug 27 12:45:37 2004 Subject: Error on initial call under Darwin In-Reply-To: <87acwg515w.fsf@wheatstone.g10code.de> References: <5483C374-F808-11D8-BB64-000A959B30CC@zeitform.de> <87acwg515w.fsf@wheatstone.g10code.de> Message-ID: Hi Werner, Am 27.08.2004 um 12:24 Uhr schrieb Werner Koch: > On Fri, 27 Aug 2004 11:06:06 +0200, Alexander Nouak said: > >> gpg: failed to create temporary file >> `/Users//.gnupg/.#lk0x5003f0...1882': >> Permission denied >> gpg: keyblock resource `/Users//.gnupg/secring.gpg': Allgemeiner >> Fehler > > Check the permissions on the .gnupg directory. Are you able to do a > > touch /Users//.gnupg/dummy-file > > ? Thanks for your reply. The point is: I get this error message as a new user who doesn't have any .gnupg dir yet. Unlike previous versions gnupg 1.2.6 needs a present .gnupg dir to create some of the necessary files to run gnupg properly. If you create the .gnupg dir yourself and invoke gpg then, pubring.gpg and secring.gpg are created but the gpg.conf is missing :-(((( This behaviour is not limited to Darwin but happens under Linux as well. So it seems to be another bug introduced with 1.2.6. For the Mac installer this is not very serious since we are working on a script which creates the files if not already present for all existing users. Furthermore we also add .gnupg with its files inside the user template. However, this seems to be a nasty bug for all users new to gnupg creating their keyfiles for the very first time. Servus Alexander http://macgpg.sf.net -- Alexander Nouak zeitform Internet Dienste OHG Fraunhoferstr. 5 64283 Darmstadt, Germany http://www.zeitform.de Tel: +49 (0)6151 155-637 mailto:nouak@zeitform.de Fax: +49 (0)6151 155-634 GnuPG/PGP Key: http://nouak.zeitform.de/GnuPG/ -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 241 bytes Desc: Signierter Teil der Nachricht Url : /pipermail/attachments/20040827/f2e9fb09/PGP.bin From karlandtanya at earthlink.net Sat Aug 28 01:27:03 2004 From: karlandtanya at earthlink.net (Karl and Tanya Pizzolatto) Date: Mon Aug 30 16:41:16 2004 Subject: kmail doesn't recognize s/mime support in gpg Message-ID: <200408271927.03421.karlandtanya@earthlink.net> I have read the mailing lists and readmes in the gnupg packages. I have successfully built the following gnupg packages and installed them: pth-2.0.1 libksba-0.9.8 libgpg_error-0.7 libgcrypt-1.2.0 libassuan-0.6.6 gnupg-1.9.10 gpgme-0.3.16 cryptplug-0.3.16 I am using kde-3.3. kmail insists that gpgme was built without s/mime support. gnupg-1.9.10 seems to have gpgsm built: here's the line from the package listing: usr/bin/gpgsm gpgme seems to recognize this (here's the end of ./configure): GPGME v0.3.16 has been configured as follows: GnuPG version: min. 1.2.0 GnuPG path: /usr/bin/gpg GpgSM version: min. 0.9.2 GpgSM path: /usr/bin/gpgsm And cryptplug seems to have gpg-smime, also (here's the package) usr/lib/ usr/lib/cryptplug/ usr/lib/cryptplug/gpgme-openpgp.so usr/lib/cryptplug/gpgme-openpgp.la usr/lib/cryptplug/gpgme-openpgp.a usr/lib/cryptplug/gpgme-smime.so usr/lib/cryptplug/gpgme-smime.la usr/lib/cryptplug/gpgme-smime.a Is there something else I must install in order for gnupg to have s/mime support? What must I do to convince kmail that gnupg s/mime support is installed? Thanks for your assistance! From wk at gnupg.org Mon Aug 30 19:28:15 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 30 19:28:44 2004 Subject: Error on initial call under Darwin In-Reply-To: (Alexander Nouak's message of "Fri, 27 Aug 2004 12:48:49 +0200") References: <5483C374-F808-11D8-BB64-000A959B30CC@zeitform.de> <87acwg515w.fsf@wheatstone.g10code.de> Message-ID: <873c241qog.fsf@wheatstone.g10code.de> On Fri, 27 Aug 2004 12:48:49 +0200, Alexander Nouak said: > any .gnupg dir yet. Unlike previous versions gnupg 1.2.6 needs a > present .gnupg dir to create some of the necessary files to run gnupg > properly. Right, that does not work anymore. Pretty obvious. Workaround is also obvious. Werner From wk at gnupg.org Mon Aug 30 19:42:38 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Aug 30 19:43:46 2004 Subject: kmail doesn't recognize s/mime support in gpg In-Reply-To: <200408271927.03421.karlandtanya@earthlink.net> (Karl and Tanya Pizzolatto's message of "Fri, 27 Aug 2004 19:27:03 -0400") References: <200408271927.03421.karlandtanya@earthlink.net> Message-ID: <87oekszfn5.fsf@wheatstone.g10code.de> On Fri, 27 Aug 2004 19:27:03 -0400, Karl and Tanya Pizzolatto said: > gpgme-0.3.16 > cryptplug-0.3.16 > I am using kde-3.3. Cryptplug is only used with old kmails; the latest kmail requires an up-to-date gpgme (i.e. 0.9.0). Don't know whey kmail does not check for this. Werner From maddler at cryptorebels.net Mon Aug 30 20:22:10 2004 From: maddler at cryptorebels.net (william maddler) Date: Mon Aug 30 20:23:10 2004 Subject: kmail doesn't recognize s/mime support in gpg In-Reply-To: <87oekszfn5.fsf@wheatstone.g10code.de> References: <200408271927.03421.karlandtanya@earthlink.net> <87oekszfn5.fsf@wheatstone.g10code.de> Message-ID: <200408302022.11323.maddler@cryptorebels.net> On Monday 30 August 2004 19:42, Werner Koch wrote: > On Fri, 27 Aug 2004 19:27:03 -0400, Karl and Tanya Pizzolatto said: > > gpgme-0.3.16 > > cryptplug-0.3.16 > > > > I am using kde-3.3. > > Cryptplug is only used with old kmails; the latest kmail requires an > up-to-date gpgme (i.e. 0.9.0). Don't know whey kmail does not check > for this. I'm having the same problem... I recompiled gpgme 0.9.0 but kmail still says it hasnt S/MIME support... any clue? thx -- There are only 10 types of people in the world: Those who understand binary, and those who don't ================================================= || William Maddler http://www.cryptorebels.net || || http://www.maddler.net || || http://cialtronauti.net || gpg --keyserver pgp.mit.edu --recv-key 639C63EF -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: not available Url : /pipermail/attachments/20040830/fd8fe9b5/attachment.bin From hmujtaba at forumsys.com Tue Aug 31 00:23:50 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Tue Aug 31 00:21:07 2004 Subject: How to generate old-style signatures? Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D1903D4@bstn-exch1.forumsys.com> Hi all, How can I use GPG to create old-style signatures, ie. [SignaturePacket, LiteralData]. I would like to turn off the default generation of OnePassSignatures. Regards, Hasnain. From dshaw at jabberwocky.com Tue Aug 31 02:02:16 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Aug 31 01:59:46 2004 Subject: How to generate old-style signatures? In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D1903D4@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D1903D4@bstn-exch1.forumsys.com> Message-ID: <20040831000215.GA27357@jabberwocky.com> On Mon, Aug 30, 2004 at 06:23:50PM -0400, Hasnain Mujtaba wrote: > Hi all, > > How can I use GPG to create old-style signatures, ie. [SignaturePacket, > LiteralData]. I would like to turn off the default generation of > OnePassSignatures. You can't. GnuPG will understand old-style signatures but will not generate them. If you really must generate old signatures, there is a trick using detached signatures and gpgsplit to assemble such a message by hand at http://www.gnupg.org/gph/en/pgp2x.html. See "Signing and encrypting a document for a PGP 2.x user". David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 251 bytes Desc: not available Url : /pipermail/attachments/20040830/3416db65/attachment.bin From atom at suspicious.org Tue Aug 31 05:45:28 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Aug 31 05:42:48 2004 Subject: How to generate old-style signatures? In-Reply-To: <20040831000215.GA27357@jabberwocky.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D1903D4@bstn-exch1.forumsys.com> <20040831000215.GA27357@jabberwocky.com> Message-ID: <20040830234243.G1491@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 30 Aug 2004, David Shaw wrote: > If you really must generate old signatures, there is a trick using > detached signatures and gpgsplit to assemble such a message by hand at > http://www.gnupg.org/gph/en/pgp2x.html. See "Signing and encrypting a > document for a PGP 2.x user". ============= "GnuPG does not have native support for both signing a document with an RSA key and encrypting it to an RSA key." is that correct? or does it really mean v3 keys, instead of RSA keys? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJBM/RpAAoJEAx/d+cTpVciZSYH/A7VDc3if2Ge/4EQjPaTdyIt RV9N8cQL/faKG25vQWcIbqdtVe3+2fIyLgyYqgl8FUIMfBB6IUSHNjLNK4768wnJ pzT+ciIMqpXskuAB+KCswPfTXwLYzulx9LRAfskx4Pkhbc5Y/4JzU8nF8nE9ujwn 0H1yDUZAiFRtPL4pzxzK1z7bwEVM1HgFVs6+MhAD3eyIV9Li6RSn+GryelqFKj9f S13frpnRRuTLb4j3oznLv6sxh9j2adBtLabfPCWvHTL+QEtTmPFAwEOfmfcoUo0M vh7bnjWmTnBi2fOnPKUiYJ2NHYZ5Vhnc0ChEa4O0h+9Kly5geRP1J85VJylvXU8= =RzYz -----END PGP SIGNATURE----- From grnbrg at gmail.com Tue Aug 31 16:51:31 2004 From: grnbrg at gmail.com (Brian Greenberg) Date: Tue Aug 31 16:48:15 2004 Subject: Patch: Correct creation of ~/.gnupg (Was: Error on initial call under Darwin) Message-ID: <2f30f34504083107511e081d4a@mail.gmail.com> On Mon Aug 30 19:28:15 CEST 2004 Werner Koch (wk at gnupg.org) said: > On Fri, 27 Aug 2004 12:48:49 +0200, Alexander Nouak said: > >> any .gnupg dir yet. Unlike previous versions gnupg 1.2.6 needs a >> present .gnupg dir to create some of the necessary files to run gnupg >> properly. > > Right, that does not work anymore. Pretty obvious. Workaround is also obvious. > > Werner I noticed this behavior a few days ago, and have fixed it. Changes were made to g10/keydb.c that implemented file locking for the creation of the keyring files. The new code checks for a readable keyfile, and if it cannot find one, tries to create a lockfile so that it can continue with the creation of this file. If it cannot create the lock file it aborts. The issue is that there is no check for the existence of the parent directory before attempting to create the lockfile. If the parent does not exist, lock creation will always fail. The attached patch moves the homedir creation logic ahead of the file locking logic. Basically, if a readable keyring does not exist, a check is made if it's parent exists. If not, a lockfile is used for the parent directory, and try_make_homedir() is called. If this succeeds, then creation of the keyring lockfile (and subsequently the keyring) is allowed to continue. Brian. -- Brian Greenberg grnbrg@gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: keydb.diff Type: application/octet-stream Size: 2651 bytes Desc: not available Url : /pipermail/attachments/20040831/3c0c2cd7/keydb.exe From dshaw at jabberwocky.com Tue Aug 31 23:27:25 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Aug 31 23:24:51 2004 Subject: How to generate old-style signatures? In-Reply-To: <20040830234243.G1491@willy_wonka> References: <4DCE15B9C4E66F4CA967EBF64C53D64D1903D4@bstn-exch1.forumsys.com> <20040831000215.GA27357@jabberwocky.com> <20040830234243.G1491@willy_wonka> Message-ID: <20040831212724.GA4192@jabberwocky.com> On Mon, Aug 30, 2004 at 11:45:28PM -0400, Atom 'Smasher' wrote: > On Mon, 30 Aug 2004, David Shaw wrote: > > > If you really must generate old signatures, there is a trick using > > detached signatures and gpgsplit to assemble such a message by hand at > > http://www.gnupg.org/gph/en/pgp2x.html. See "Signing and encrypting a > > document for a PGP 2.x user". > ============= > > "GnuPG does not have native support for both signing a document > with an RSA key and encrypting it to an RSA key." > > is that correct? or does it really mean v3 keys, instead of RSA keys? Neither is exactly right. I think that document was written quite a while ago - back then, GnuPG did not have RSA at all. Even today, it's not a v3 or RSA thing, but an RFC-1991 (PGP 2.x) thing. The line should read something like "GnuPG does not have native support for both signing and encrypting a document in such a way that it can be read by a PGP 2.x user". David From karlandtanya at earthlink.net Tue Aug 31 14:01:21 2004 From: karlandtanya at earthlink.net (Karl Pizzolatto) Date: Thu Sep 2 13:22:33 2004 Subject: kmail doesn't recognize s/mime support in gpg Message-ID: <18866010.1093953682173.JavaMail.root@beaker.psp.pas.earthlink.net> -----Original Message----- From: Werner Koch Sent: Aug 30, 2004 1:42 PM To: Karl and Tanya Pizzolatto Cc: gnupg-users@gnupg.org Subject: Re: kmail doesn't recognize s/mime support in gpg On Fri, 27 Aug 2004 19:27:03 -0400, Karl and Tanya Pizzolatto said: > gpgme-0.3.16 > cryptplug-0.3.16 > I am using kde-3.3. Cryptplug is only used with old kmails; the latest kmail requires an up-to-date gpgme (i.e. 0.9.0). Don't know whey kmail does not check for this. Werner ************************ Ah. I begin to see. Your August 2 post recommending gpgme 0.3.16 only applies to kmail versions using cryptplug. Do I correctly understand that kmail packaged with kde-3.3 does not require cryptplug? I will remove cryptplug and build the latest gpgme, then report back to the list. Thank you for the suggestion.