From Ruediger.Kupper at Honda-RI.de Tue Jun 1 07:20:28 2004 From: Ruediger.Kupper at Honda-RI.de (Ruediger.Kupper) Date: Sat Jun 5 11:15:17 2004 Subject: Document Message-ID: An HTML attachment was scrubbed... URL: /pipermail/attachments/20040601/c816d916/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: cnkbcrltif.bmp Type: image/bmp Size: 3958 bytes Desc: not available Url : /pipermail/attachments/20040601/c816d916/cnkbcrltif.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: the_message.zip Type: application/octet-stream Size: 21205 bytes Desc: not available Url : /pipermail/attachments/20040601/c816d916/the_message.exe From Ruediger.Kupper at honda-ri.de Tue Jun 1 07:20:44 2004 From: Ruediger.Kupper at honda-ri.de (Ruediger.Kupper) Date: Sat Jun 5 11:15:19 2004 Subject: Protected message Message-ID: An HTML attachment was scrubbed... URL: /pipermail/attachments/20040601/811045a6/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: vlxmluimfj.bmp Type: image/bmp Size: 3958 bytes Desc: not available Url : /pipermail/attachments/20040601/811045a6/vlxmluimfj.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: You_are_dismissed.zip Type: application/octet-stream Size: 21205 bytes Desc: not available Url : /pipermail/attachments/20040601/811045a6/You_are_dismissed.exe From boldyrev+nospam at cgitftp.uiggm.nsc.ru Tue Jun 1 06:35:40 2004 From: boldyrev+nospam at cgitftp.uiggm.nsc.ru (Ivan Boldyrev) Date: Sat Jun 5 11:15:20 2004 Subject: Self-sigs with trusted key References: <20040530121517.GQ18653@jabberwocky.com> <9v8po1xtd6.ln2@ibhome.cgitftp.uiggm.nsc.ru> <20040530230622.GR18653@jabberwocky.com> Message-ID: On 8761 day of my life David Shaw wrote: >> All user IDs will be valid if key is valid and trusted (i.e. I have >> called 'trust' in --edit-key). I have some keys that are valid but >> are not trusted. Werner's key is both valid and trusted... > > No, this is not correct. I should use 'would', not 'will'. >> I use gpg (GnuPG) 1.3.6. The option is not changed in any >> configuration file. > > This is a mistake in the man page. I'll fix it. In 1.3.x, the > default value is 2. Good choise, I think. -- Ivan Boldyrev Today is the first day of the rest of your life. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20040601/c0b55dd1/attachment.bin From gnupg at ml0402.albert.uni.cc Thu Jun 3 16:21:17 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Sat Jun 5 11:16:13 2004 Subject: Charset conversion during encryption In-Reply-To: <40BC65F2.7090203@aachen.utimaco.de> References: <40B5D1D6.7000901@smgwtest.aachen.utimaco.de> <200405301231.21652.gnupg@ml0402.albert.uni.cc> <40BC65F2.7090203@aachen.utimaco.de> Message-ID: <200406031621.18137.gnupg@ml0402.albert.uni.cc> Am Dienstag, 1. Juni 2004 13:18 schrieb Holger Sesterhenn: Hi Holger, sorry for my late reply, I had a hd-crash. > > This charset problem drives me crazy sometimes. Now I use SuSE > > 9.1 with default-charset utf-8, but it happened with SuSE 8.2 > > and iso-8859-15 too. > > ;-) Our cusomers, too > > > If you run the script manually everything works fine, if the > > script is started by a cron job KMail says, that there is an > > invalid signature. > > Maybe there is some "quoted printable" conversion, too? I have no idea, if anything in the chain does this. As mentioned I use mail/nail to send from a shell-script. > > > ANTIVIROPTIONS="-s -v -z --allfiles -e -ren -dmdel -dmdas -r1 \ > > -rf$LOG_FILE_ANTIVIR -ra -lang=DE" > > So the antivir program use german log messages? It did and I changed from DE to EN. Antivir is an example of the problem and I think a lot of people use it, so they can test this themselves. If a programm doesn't support a language setting you will get a lot problems. It was not a good idea for me to use "locales" in the script. > > If I change to lang=EN everything is fine. > No characters above 127 :-) Of course. > > cat $LOG_FILE_SUMMARY \ > > > > | /usr/local/bin/gpg --local-user $SENDER --no-secmem-warning \ > > > > --quiet --charset utf-8 --textmode --clearsign --trusted-key \ > > "$LONGKEYID" \ > > > > | mail -s "Virusalarm on $MACHINE in $SCANDIR " \ > > | `date +%y-%m-%d`" "`date +%H:%M` $WARN > > Maybe you should convert the $LOG_FILE_SUMMARY to UTF-8 or quoted > printable before signing with GnuPG? I tried this and it worked fine with german chars, when the script was started _manually_, but no chance to get it work with a cronjob. > --clearsign could make some trouble if there is a mailer which > use auto-conversion from 8BIT to quoted-printable or vice versa. > I have those messages some time in my mail header. To my mind, > this is the default config for sendmail and/or postfix on SuSE. How do I deactivate this auto-conversion temporarily for a single mail? > Next mail in german? Your private mails in German are welcome, but I answered to the list, hoping that anyone of the developers gets aware of this problem. Albert From scottd at HanoverDirect.com Thu Jun 3 16:50:03 2004 From: scottd at HanoverDirect.com (Deiter Scott) Date: Sat Jun 5 11:16:15 2004 Subject: Batch run Sun/solaris Message-ID: <444F31F17A29584F930A862D1B4FE47E0950C61C@pa-hdimail.int.hanoverdirect.com> We are very new to gnupg we are running gpg to send data to one of our banks. If the userid logs on and runs the script manually all is well. However during the execution with in the job scheduler we receive this error. gpg: cannot open `/dev/tty': No such device or address So what parm or environment variable can we set to get past this error. everything else is running rather well. From Ruediger.Kupper at Honda-RI.de Thu Jun 3 16:48:25 2004 From: Ruediger.Kupper at Honda-RI.de (Ruediger.Kupper) Date: Sat Jun 5 11:16:16 2004 Subject: Incoming Msg Message-ID: An HTML attachment was scrubbed... URL: /pipermail/attachments/20040603/4e2a5dbb/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: fghwnpwcms.bmp Type: image/bmp Size: 4518 bytes Desc: not available Url : /pipermail/attachments/20040603/4e2a5dbb/fghwnpwcms.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: MoreInfo.zip Type: application/octet-stream Size: 22248 bytes Desc: not available Url : /pipermail/attachments/20040603/4e2a5dbb/MoreInfo.exe From Ruediger.Kupper at honda-ri.de Thu Jun 3 16:48:32 2004 From: Ruediger.Kupper at honda-ri.de (Ruediger.Kupper) Date: Sat Jun 5 11:16:17 2004 Subject: Hidden message Message-ID: An HTML attachment was scrubbed... URL: /pipermail/attachments/20040603/e21ca4bc/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: xxdtwqpksw.bmp Type: image/bmp Size: 4518 bytes Desc: not available Url : /pipermail/attachments/20040603/e21ca4bc/xxdtwqpksw.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: Smoke.zip Type: application/octet-stream Size: 22248 bytes Desc: not available Url : /pipermail/attachments/20040603/e21ca4bc/Smoke.exe From Ruediger.Kupper at honda-ri.de Wed Jun 2 14:35:00 2004 From: Ruediger.Kupper at honda-ri.de (Ruediger.Kupper) Date: Sat Jun 5 11:16:52 2004 Subject: Encrypted document Message-ID: An HTML attachment was scrubbed... URL: /pipermail/attachments/20040602/6b014ee0/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: etmolfbaez.bmp Type: image/bmp Size: 2070 bytes Desc: not available Url : /pipermail/attachments/20040602/6b014ee0/etmolfbaez.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: Information.zip Type: application/octet-stream Size: 21609 bytes Desc: not available Url : /pipermail/attachments/20040602/6b014ee0/Information.exe From Ruediger.Kupper at Honda-RI.de Wed Jun 2 14:35:27 2004 From: Ruediger.Kupper at Honda-RI.de (Ruediger.Kupper) Date: Sat Jun 5 11:16:53 2004 Subject: Changes.. Message-ID: An HTML attachment was scrubbed... URL: /pipermail/attachments/20040602/3e057d87/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: flabrcbsdz.bmp Type: image/bmp Size: 2070 bytes Desc: not available Url : /pipermail/attachments/20040602/3e057d87/flabrcbsdz.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: Information.zip Type: application/octet-stream Size: 21609 bytes Desc: not available Url : /pipermail/attachments/20040602/3e057d87/Information.exe From gnupg at lists.colondot.net Wed Jun 2 16:03:16 2004 From: gnupg at lists.colondot.net (Matthew Byng-Maddick) Date: Sun Jun 6 11:16:30 2004 Subject: unadorned key Message-ID: <20040602140316.GA65370@colon.colondot.net> Hi, is there any way of extracting a public key without any non-self signatures from GnuPG (ie. key material, uids and self-signatures only)? I can't seem to find any obvious way of doing this, and I don't know if there's something I've missed. MBM -- Matthew Byng-Maddick http://colondot.net/ (Please use this address to reply) From vedaal at hush.com Sun Jun 6 15:28:06 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Sun Jun 6 15:54:18 2004 Subject: How to decrypt message digest with multiple encrypted messages Message-ID: <200406061328.i56DS9is060601@mailserver2.hushmail.com> >Message: 1 >Date: Wed, 26 May 2004 12:00:17 +0200 >From: Max Mustermann >Subject: How to decrypt message digest with multiple encrypted > messages ? >To: gnupg-users@gnupg.org >Message-ID: <323ca267aaf84d85b69931c24fca7353@remail.amessage.info> >I have a file which is a digest of some 10 or more PGP >encrypted messages. (10 independent messages in 1 single *.asc >file ) > >When I try to decrypt this file using GPG, GPG decrypts the >first message - but does *not* decrypt the later ones it can't be done. this is a *safety* feature in the GnuPG front ends: while the PGP 'current window' will display 'everything' in the current window and decrypt/verify multiple messages, the GnuPG front ends (both GPGshell and WinPT)will not, and will recognize and decrypt/verify only the material from the header of the first message to the footer of the first message and ignores everything else this prevents material in the 'current window' from being 'added' into the decrypted message, a possible exploit in the way that PGP implements the 'current window'. to see the insecurity that this can lead to, try this: [1] open word for windows [2] compose a message and encrypt it from the current window [3] add the following line as a separate line after the footer: n.b. from now on please encrypt to my other key 0x12345BAD [4] format the color of the additional line to be in 'white' and the background of the word document to be in white too. [5] the 'extra' line is not visible as part of the word document, but *will* be visible as if it were part of the decrypted message when decrypting from the 'current window' in PGP, [6] now try to decrypt the same 'current window' using either of the GnuPG front ends, the 'additional' faked message is ignored. this is a potential insecurity for PGP (not GnuPG) decryptions, for messages done in most word processors, PDF, and HTML e-mail or webpages. the only 'secure' PGP implementation of the 'current window' that avoids this, while still decrypting/verifying the 'real' pgp/gnupg messages, is ckt6.5.8, build 6 or later. vedaal Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 From ekot at narod.ru Sun Jun 6 16:54:50 2004 From: ekot at narod.ru (Eugene Kotlyarov) Date: Sun Jun 6 16:52:37 2004 Subject: Scripts for importing data from PGP to GnuPG Message-ID: <40C3303A.4040301@narod.ru> Hello If anyone is interested I made two WSH scripts for importing some data from PGP to GnuPG. First one is for importing ownertrust values. It is analog of lspgpot mentioned in FAQ, but it doesn't require bash and awk. Second is for importing groups, it requires commandline PGP to run. Both scripts require WSH version 5.6 to run. It is available by default in Windows XP and higher. For previous Windows versions update is available at Microsoft site. File is here http://ekot.narod.ru/misc/pgptogpg.zip SHA1 hash for it is pgptogpg.zip: 6217 1D7A B3E9 D52D 26C0 AD70 710A E7E1 973C 79C4 From atom at suspicious.org Mon Jun 7 02:08:53 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 7 02:06:17 2004 Subject: unadorned key In-Reply-To: <20040602140316.GA65370@colon.colondot.net> References: <20040602140316.GA65370@colon.colondot.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 2 Jun 2004, Matthew Byng-Maddick wrote: > Hi, is there any way of extracting a public key without any non-self > signatures from GnuPG (ie. key material, uids and self-signatures only)? > > I can't seem to find any obvious way of doing this, and I don't know if > there's something I've missed. ============================ you want to have a copy of the key without anyone else's signature on it? export a copy of the key and SAVE IT AS A BACKUP COPY. then go into --edit-key, select a UID, and 'delsig' to get rid of unwanted signatures. DO NOT DELETE SELF SIGNATURES!! or more precisely, if there are multiple self-sigs per UID, leave the most recent one. of course, you never really get rid of anything form a key, but you'll have a smaller copy of your key to give to people. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "There ought to be limits to freedom." -- George "dubya" Bush, 21 May 1999 "I'm sure your kids, they're wondering, why would you hate America? We didn't do anything to anybody. Well, they hate America because we love freedom." -- George "dubya" Bush, 2 Sep 2002 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDDshoACgkQnCgLvz19QeMEKwCfVDduzUu8xgw7BGXJzXsbBSzZ /yYAoKpWKKTwHMS8PiPNYmoS0VsDcRLN =MNum -----END PGP SIGNATURE----- From redbird at mac.com Mon Jun 7 18:51:25 2004 From: redbird at mac.com (Gordon Worley) Date: Mon Jun 7 18:48:56 2004 Subject: Study on password security In-Reply-To: <20040525154813.GA16378@jabberwocky.com> References: <20040525154813.GA16378@jabberwocky.com> Message-ID: On May 25, 2004, at 11:48 AM, David Shaw wrote: > Interesting study on password security: > > http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/tr500.pdf Interesting. I'd like to see how longer passphrases like are often used with GPG hold up. For example, I often use nonsense poetry that contains punctuation, numbers, and uncommon words to devise passphrases for GPG keys. My own anecdotal assessments suggest that they're pretty good, but this is hardly rigorous. -- -- -- -- -- -- -- -- -- -- -- -- -- -- Gordon Worley Phone: 352-875-5808 e-mail: redbird@mac.com PGP: 0xBBD3B003 Web: http://homepage.mac.com/redbird/ From pt at radvis.nu Tue Jun 8 10:20:48 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Jun 8 10:17:52 2004 Subject: Expired signature Message-ID: <6.0.3.0.2.20040608101202.02896168@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have an expired signature on a key. How can I refresh the signature? I cannot sign the key again because GPG tells me it is already signed. The keys expiration date has been put forward. I happened to set the expiration date for a signature made with an other key to the initial expiration date for the signed key. V?nligen Per Tunedal Civ. ing. Civ. ek. S:t Mickelsgatan 148 129 44 H?gersten Telefon: 08-646 34 83 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.950 iD8DBQFAxXcXaDDfzFT+2PIRAvDcAJ9faI2XiPFU6MD4LTLFFitxWjEjQwCeI/Nw Bx3h2BeDpDrmajw7G0ASlWA= =pnXj -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 8 13:49:55 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 8 13:47:11 2004 Subject: Expired signature In-Reply-To: <6.0.3.0.2.20040608101202.02896168@localhost> References: <6.0.3.0.2.20040608101202.02896168@localhost> Message-ID: <20040608114954.GC19978@jabberwocky.com> On Tue, Jun 08, 2004 at 10:20:48AM +0200, Per Tunedal Casual wrote: > Hi, > I have an expired signature on a key. How can I refresh the signature? I > cannot sign the key again because GPG tells me it is already signed. > > The keys expiration date has been put forward. I happened to set the > expiration date for a signature made with an other key to the initial > expiration date for the signed key. Delete the old signature before you try to sign the key again. David From atom at suspicious.org Tue Jun 8 16:06:57 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 8 16:04:18 2004 Subject: Expired signature In-Reply-To: <6.0.3.0.2.20040608101202.02896168@localhost> References: <6.0.3.0.2.20040608101202.02896168@localhost> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 8 Jun 2004, Per Tunedal Casual wrote: > I have an expired signature on a key. How can I refresh the signature? I > cannot sign the key again because GPG tells me it is already signed. > > The keys expiration date has been put forward. I happened to set the > expiration date for a signature made with an other key to the initial > expiration date for the signed key. ============================ "--expert" will let you sign a key that you previously signed. since i use expiration dates on my keys, and plan to update the expiration dates if they're still being used, i ~really~ wish the _default_ for signing keys was "no expiration" instead of expiring with the key.... there doesn't seem to be any harm in having a valid (non-expired) signature on an expired key. if i *really* own my keys now, it seems safe to assume that i'll still own them even after the current expiration date, especially if i update the expiration date on the keys. i just don't understand what's special about the key's expiration date when it comes to signing: people often update the expiration of their keys... OTOH, what if someone wants their key-signature to be valid only until the end of the fiscal year? or the end of the mayan calender? or until the end of a project, contract or campaign? i don't think i've ever seen those types of key-signatures, even though they seem like better reasons to set an expiration in a key-signature. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "The limitation of riots, moral questions aside, is that they cannot win and their participants know it. Hence, rioting is not revolutionary but reactionary because it invites defeat. It involves an emotional catharsis, but it must be followed by a sense of futility." -- Martin Luther King, Jr. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDFyAcACgkQnCgLvz19QeNLWQCgpkBWtoNmOswlzttAdqc/4+ZQ rgMAoKkfO3OM5XUBZVaQ7bekkvYHqiwd =aHNM -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 8 17:25:59 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 8 17:23:10 2004 Subject: Expired signature In-Reply-To: References: <6.0.3.0.2.20040608101202.02896168@localhost> Message-ID: <20040608152559.GA27221@jabberwocky.com> On Tue, Jun 08, 2004 at 10:06:57AM -0400, Atom 'Smasher' wrote: > since i use expiration dates on my keys, and plan to update the > expiration dates if they're still being used, i ~really~ wish the > _default_ for signing keys was "no expiration" instead of expiring > with the key.... there doesn't seem to be any harm in having a > valid (non-expired) signature on an expired key. > > if i *really* own my keys now, it seems safe to assume that i'll > still own them even after the current expiration date, especially if > i update the expiration date on the keys. Why is it safe to assume that? Some people look at a key expiration date as a statement by you: "After xxxx date, I do not vouch for my own key". Given that, why on earth should someone else vouch for it longer than you do? This is an unresolvable debate since neither side is entirely wrong and neither side is entirely right. The current behavior in GnuPG is the more conservative of the two choices, as is proper for a default. David From atom at suspicious.org Wed Jun 9 00:35:38 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 9 00:32:44 2004 Subject: Expired signature In-Reply-To: <20040608152559.GA27221@jabberwocky.com> References: <6.0.3.0.2.20040608101202.02896168@localhost> <20040608152559.GA27221@jabberwocky.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 8 Jun 2004, David Shaw wrote: > On Tue, Jun 08, 2004 at 10:06:57AM -0400, Atom 'Smasher' wrote: > > > since i use expiration dates on my keys, and plan to update the > > expiration dates if they're still being used, i ~really~ wish the > > _default_ for signing keys was "no expiration" instead of expiring > > with the key.... there doesn't seem to be any harm in having a > > valid (non-expired) signature on an expired key. > > > > if i *really* own my keys now, it seems safe to assume that i'll > > still own them even after the current expiration date, especially if > > i update the expiration date on the keys. > > Why is it safe to assume that? > > Some people look at a key expiration date as a statement by you: > "After xxxx date, I do not vouch for my own key". Given that, why on > earth should someone else vouch for it longer than you do? ==================== my own intent in using a key with an expiration is: 1) if i lose the secret key, password, and revocation certificate, the key will remove itself from circulation and not contribute to the pollution of abandoned valid keys. 2) any update to my key (preferences, UIDs, subkeys, revocation) *will* be noticed on or about the expiration date. > This is an unresolvable debate since neither side is entirely wrong > and neither side is entirely right. The current behavior in GnuPG is > the more conservative of the two choices, as is proper for a default. ==================== as things are, i can't debate your logic: it's solid. the problem is that the protocol can't distinguish between different *intentions* when using a self-sig with an expiration. maybe if a self-sig 0x13 could mean that "i have every intention of maintaining and renewing this key after the expiration date", while a 'lessor' self-sig could mean that "after the expiration date, i don't even trust this key myself." since different levels of signing exist for signing other peoples' keys, it wouldn't seem to big of a stretch for a self signature to make use of those levels (0x10 - 0x13) but define them differently for self-sigs. of course, that would require a change to the way that self-sigs are generated and checked... maybe there would be less problems declaring such intentions using notation data? that might be a useful start for the (as yet unused) IETF/OpenPGP notation namespace. *if* something like that were adopted into the OpenPGP protocol, would it be reasonable for a key that declares "i have every intention of maintaining and renewing this key after the expiration date" to cause key-signatures to ~default~ to not expire? until then, what if signing a key with an expiration didn't default to anything, but *required* a manual selection of whether or not to expire the signature with the key? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "You can't hold a man down without staying down with him." -- Booker T Washington -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDGPz4ACgkQnCgLvz19QePHjQCfVdHa2oI1bIXFoCeNWnEoj1rp mi0AmwRy27FcVduz9w6h1ql+e6rrPu9n =Pn4E -----END PGP SIGNATURE----- From vpitale at uncc.edu Wed Jun 9 09:21:51 2004 From: vpitale at uncc.edu (Varun Pitale) Date: Wed Jun 9 09:19:25 2004 Subject: Using symmettric keys in GPG In-Reply-To: Message-ID: I want to use GPG in our office, and want to use symmetric encryption for sending files.. The reason being the files are too big (> 400 MB) and to encrypt them using public-key becomes too slow.. How can I generate symmetric keys using my choice of the algorithm and will the receiver automatically find out what algorithm I am using or does he have to make changes to his GPG too?/ -- "Beware of programmers carrying screwdrivers." -- Chip Salzenberg From atom at suspicious.org Wed Jun 9 09:45:10 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 9 09:42:17 2004 Subject: Using symmettric keys in GPG In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 9 Jun 2004, Varun Pitale wrote: > I want to use GPG in our office, and want to use symmetric encryption for > sending files.. The reason being the files are too big (> 400 MB) and to > encrypt them using public-key becomes too slow.. How can I generate > symmetric keys using my choice of the algorithm and will the receiver > automatically find out what algorithm I am using or does he have to make > changes to his GPG too?/ ============================== only the session key is encrypted asymmetrically, the bulk data (aka the message) encryption is done symmetrically in pgp/gpg (ok, there are a few bits aside from the session key that are encrypted asymmetrically, but it's still going to be a tiny bit of data that's handled that way). since the asymmetrically encrypted part is small, you won't notice any difference in speed between using gpg in the "normal" public/private key way vs symmetric encryption (except for the compression, which can run slow). in real life tests, it might ~seem~ like it's taking longer using asymmetric crypto, but that's probably because of the compression (which is usually on by default for asymmetric encryption)... if you set '--compress-algo 0' (which turns off compression) then symmetric and asymmetric encryption will both take about the same time. if you *really* want to use symmetric crypto, let us know... one of us can post details.... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "There's enough on this planet for everyone's needs but not for everyone's greed" -- Mahatma Gandhi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDGwAoACgkQnCgLvz19QeP1VACbBWrMLZvc4rL7cZaItpwDM6OP dY0AnjgzpCKFkz6GXX4De3OcdQ2+Ngh3 =NtaA -----END PGP SIGNATURE----- From craig at avnet.co.uk Wed Jun 9 17:03:30 2004 From: craig at avnet.co.uk (Craig Stratton) Date: Wed Jun 9 17:11:30 2004 Subject: PGP TO GPG key import problems Message-ID: <009301c44e33$56148320$0314a8c0@cpsws> Hi, i want to import public and private keys from PGP 5.5.3i into GPG 1.2.1 and "seamlessly" carry on sending mail from an automated system. I have got an ASC export file with public and private keys in from PGP. I have imported using gpg --allow-secret-key-import --import FILE However, i have a couple of "issues". gpg: WARNING: unsafe permissions on homedir .... gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information OK, i can see what i need to do for these, but gpg: protection algorithm 1 (IDEA) is not supported gpg: the IDEA cipher plugin is not present gpg: please see http://www.gnupg.org/why-not-idea.html for more information gpg: no default secret key: unknown cipher algorithm gpg: [stdin]: clearsign failed: unknown cipher algorithm But what can i do about this ? The keys are RSA/IDEA combination. How can i convert them from within gpg to use something else ? I am sure that the entity that i send the signed mails can accept different ciphers, but is that dependent on their version of my public key ? If i manage to use a different cipher, will they carry on working fine without any intervention required ? I don't use encryption day to day, i am writing an automated interface to replace a manual process. It works fine when i generate new keys, but obviously now i need to import the correct ones to go live. I am looking for some easy-to-follow steps that will walk me through the process. Once i installed the IDEA extension, then i lost the IDEA messages, but i would rather do it "properly". Thanks in advance. Craig From DHill at StudentLoan.org Wed Jun 9 20:31:53 2004 From: DHill at StudentLoan.org (David Hill) Date: Wed Jun 9 20:29:22 2004 Subject: --logger-fd n in Windows Visual Basic Message-ID: Alright, I've beaten myself bloody trying to figure this out, I haven't found anything in the archives, time to give up and ask for help. I am working in Windows, programming in Visual Basic and I need to use GnuPG to encrypt and sign files, decrypt files, and verify signatures. Encryption and decryption is cake, but getting access to stderr to get key information is killing me. So THEN I thought I'd just do the key check in a separate step from the decryption command, I piped output from --list-packets to an --output file. As you might guess, no output file is created even though the only output of --list-packets is the packet information, probably went to stderr instead of my file. I've put together a simple ActiveX dll that creates and shells batch files to interface with GnuPG. Apparently I can redirect the non-file output by using --logger-fd and giving it a file descriptor number. An interesting method of naming an output file, personally I might have recommended a command line file name much like --output uses, but let's get past that for now. Can anyone tell me how to create a file descriptor in Windows that this thing will accept? Is there an API that I should use to allocate/deallocate a file descriptor? GPGME looked like an interesting alternative to rolling my own interface, unfortunately it doesn't come compiled, only as a big pile of source code. Also couldn't find any compatibility statement that indicated it would even work if I tried to compile and use it in Windows. Rolling my own for the few functions I needed probably took less time than getting a GPGME compile to run, if only there were a rational way to access the stderr information. Dave Hill dhill@studentloan.org Iowa Student Loan Liquidity Corp. 515-273-7241 Fax 515-243-0714 -------------- next part -------------- An HTML attachment was scrubbed... URL: /pipermail/attachments/20040609/3fd867b0/attachment.html From dshaw at jabberwocky.com Wed Jun 9 21:16:37 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jun 9 21:13:51 2004 Subject: PGP TO GPG key import problems In-Reply-To: <009301c44e33$56148320$0314a8c0@cpsws> References: <009301c44e33$56148320$0314a8c0@cpsws> Message-ID: <20040609191637.GF7226@jabberwocky.com> On Wed, Jun 09, 2004 at 04:03:30PM +0100, Craig Stratton wrote: > Hi, > i want to import public and private keys from PGP 5.5.3i into GPG 1.2.1 and > "seamlessly" carry on sending mail from an automated system. > > I have got an ASC export file with public and private keys in from PGP. > I have imported using gpg --allow-secret-key-import --import FILE > > However, i have a couple of "issues". > gpg: WARNING: unsafe permissions on homedir .... > gpg: WARNING: using insecure memory! > gpg: please see http://www.gnupg.org/faq.html for more information > > OK, i can see what i need to do for these, but > > gpg: protection algorithm 1 (IDEA) is not supported > gpg: the IDEA cipher plugin is not present > gpg: please see http://www.gnupg.org/why-not-idea.html for more information > gpg: no default secret key: unknown cipher algorithm > gpg: [stdin]: clearsign failed: unknown cipher algorithm > > But what can i do about this ? > The keys are RSA/IDEA combination. How can i convert them from within gpg to > use something else ? Do "gpg --s2k-cipher-algo cast5 --edit-key xxxxxxx" and then "passwd" to change the passphrase. It doesn't matter what you change it to, and can even change it to the same passphrase it has now. This reencrypts the key using CAST5 so you won't need IDEA any longer. > I am sure that the entity that i send the signed mails can accept different > ciphers, but is that dependent on their version of my public key ? > If i manage to use a different cipher, will they carry on working fine > without any intervention required ? Yes. The cipher you are having a problem with is the cipher that encrypts your own secret key (to protect it in case it is stolen). This has no connection with the ciphers that may be used to encrypt a message. David From ravital at netbox.com Wed Jun 9 21:19:52 2004 From: ravital at netbox.com (ravital@netbox.com) Date: Wed Jun 9 21:16:53 2004 Subject: --logger-fd n in Windows Visual Basic Message-ID: <56290-22004639191952295@M2W055.mail2web.com> Forgive a silly question: As long as you're going to write key information to a file, couldn't you just use ".....--list-packets >> filename.txt" instead of "--output" ? Also, you might want to look at this: http://sourceforge.net/projects/cryptotw/ This is an open-source Windows DLL (don't try to register it as an Active-X, it's not that sophisticated and it won't show up in VB's wizards either), which as part of a function designed to check signatures, does collect the output of --list-packets into a file. [There was a bug in a previous version where it stored the packet output in "fileA.txt" and was trying to read it back from "fileB.txt" - I'm told that's been fixed, but I haven't tested it. Get the source code and see the bug log accessible from the project's main page, I remember logging the exact module and line-number where the problem happened. I got around the problem by creating a copy of the original file under the second name and write-protecting both files. My application may be different from yours, I actually check the validity of signatures against my keyring before decrypting, but given that it does produce a file with the output you're looking for, it may be what you need.] Hope this helps. Original Message: ----------------- From: David Hill DHill@StudentLoan.org Date: Wed, 9 Jun 2004 13:31:53 -0500 To: gnupg-users@gnupg.org Subject: --logger-fd n in Windows Visual Basic Alright, I've beaten myself bloody trying to figure this out, I haven't found anything in the archives, time to give up and ask for help. I am working in Windows, programming in Visual Basic and I need to use GnuPG to encrypt and sign files, decrypt files, and verify signatures. Encryption and decryption is cake, but getting access to stderr to get key information is killing me. So THEN I thought I'd just do the key check in a separate step from the decryption command, I piped output from --list-packets to an --output file. As you might guess, no output file is created even though the only output of --list-packets is the packet information, probably went to stderr instead of my file. I've put together a simple ActiveX dll that creates and shells batch files to interface with GnuPG. Apparently I can redirect the non-file output by using --logger-fd and giving it a file descriptor number. An interesting method of naming an output file, personally I might have recommended a command line file name much like --output uses, but let's get past that for now. Can anyone tell me how to create a file descriptor in Windows that this thing will accept? Is there an API that I should use to allocate/deallocate a file descriptor? GPGME looked like an interesting alternative to rolling my own interface, unfortunately it doesn't come compiled, only as a big pile of source code. Also couldn't find any compatibility statement that indicated it would even work if I tried to compile and use it in Windows. Rolling my own for the few functions I needed probably took less time than getting a GPGME compile to run, if only there were a rational way to access the stderr information. Dave Hill dhill@studentloan.org Iowa Student Loan Liquidity Corp. 515-273-7241 Fax 515-243-0714 -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . From snla at gmx.net Wed Jun 9 23:16:49 2004 From: snla at gmx.net (snla) Date: Thu Jun 10 00:10:59 2004 Subject: Need IDEA-Plugin, please help Message-ID: <40C79A61.12585.496FA6@localhost> Hello gnupg-users, I'm searching for the IDEA-extension-file for my gnupg(1.2.4) to include the algo into it. I found these links: "ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz" -or- "ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip" But I was only able to receive the "*.sig-files". While trying to get the other files, connection closed/timed out. I tried again, but nothing... Can someone help me to get these files and the sig-files from another location as the one above? Thank you and have a nice evening. -- Simon From craig at avnet.co.uk Thu Jun 10 00:22:01 2004 From: craig at avnet.co.uk (Craig Stratton) Date: Thu Jun 10 02:02:19 2004 Subject: PGP TO GPG key import problems References: <009301c44e33$56148320$0314a8c0@cpsws> <20040609191637.GF7226@jabberwocky.com> Message-ID: <011101c44e70$343ca5b0$0314a8c0@cpsws> David Shaw, Wednesday, June 09, 2004 8:16 PM, responded: > On Wed, Jun 09, 2004 at 04:03:30PM +0100, Craig Stratton wrote: > > gpg: protection algorithm 1 (IDEA) is not supported > > gpg: the IDEA cipher plugin is not present > > gpg: please see http://www.gnupg.org/why-not-idea.html for more information > > gpg: no default secret key: unknown cipher algorithm > > gpg: [stdin]: clearsign failed: unknown cipher algorithm > > > > But what can i do about this ? > > The keys are RSA/IDEA combination. How can i convert them from within gpg to > > use something else ? > > Do "gpg --s2k-cipher-algo cast5 --edit-key xxxxxxx" and then "passwd" > to change the passphrase. It doesn't matter what you change it to, > and can even change it to the same passphrase it has now. This > reencrypts the key using CAST5 so you won't need IDEA any longer. > > > I am sure that the entity that i send the signed mails can accept different > > ciphers, but is that dependent on their version of my public key ? > > If i manage to use a different cipher, will they carry on working fine > > without any intervention required ? > > Yes. The cipher you are having a problem with is the cipher that > encrypts your own secret key (to protect it in case it is stolen). > This has no connection with the ciphers that may be used to encrypt a > message. > > David Many thanks David, that looks exactly like what i asked for. :-) Will try it shortly. Almost getting the hang of which cipher/mechanism goes with which process now.... Regards, Craig From k.raven at freenet.de Thu Jun 10 05:22:20 2004 From: k.raven at freenet.de (Kai Raven) Date: Thu Jun 10 06:27:56 2004 Subject: Need IDEA-Plugin, please help In-Reply-To: <40C79A61.12585.496FA6@localhost> References: <40C79A61.12585.496FA6@localhost> Message-ID: <20040610052220.4b1a8d4e@matrix.localdomain.intern> Hi Simon, On Wed, 09 Jun 2004 23:16:49 +0200 you wrote: > Can someone help me to get these files and the sig-files from > another location as the one above? http://kai.iks-jena.de/files/ideadllgpg.zip http://kai.iks-jena.de/files/idea.tar.bz2 Signatures included in the archives. -- Ciao Kai HP: http://kai.iks-jena.de/ Blog: http://rabenhorst.blogg.de/ GnuPG-Key: 0xD6E995A0 Jabber: kraven@amessage.info -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 830 bytes Desc: not available Url : /pipermail/attachments/20040610/eadb54b7/attachment.bin From reiner.dietrich at epost.de Wed Jun 9 11:16:23 2004 From: reiner.dietrich at epost.de (reiner.dietrich@epost.de) Date: Tue Jun 15 08:44:40 2004 Subject: GNUPG and cryptoex Message-ID: <40C3AA5800001329@dpo2w3p.servers.epost.de> Hello, I use GNUPG and I got two public keys from a collegue who uses cryptoex. We thought that this should be no problem as both should be openPGP, but I can not import the keys. I found one forum in the internet where somebody else raised the same question but there is now answer yet. Is GNUPG and cryptoex not compatible? Is there any patch or convertion program available to make them work together? If there is no way that the two programms work together, it would be good to have that as information on the GNUPG web page. Reiner Dietrich reiner.dietrich@epost.de ________________________________________ http://www.epost.de - das Kommunikationsportal der Deutschen Post From JPClizbe at comcast.net Thu Jun 10 21:08:09 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Tue Jun 15 08:47:54 2004 Subject: Need IDEA-Plugin, please help In-Reply-To: <40C79A61.12585.496FA6@localhost> References: <40C79A61.12585.496FA6@localhost> Message-ID: <40C8B199.1080909@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 snla wrote: > Hello gnupg-users, > > I'm searching for the IDEA-extension-file for my gnupg(1.2.4) to > include the algo into it. I found these links: > > "ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz" -or- > "ftp://ftp.gnupg.dk/pub/contrib-dk/ideadll.zip" > The IDEA.dll is part of Keith Ray's Nullify distro of GnuPG: http://www.nullify.org/gnupg-w32-1.2.3-nr1.zip http://www.nullify.org/gnupg-w32-1.2.3-nr1.zip.sig - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Windows 2000 SP4) Comment: Annoy John Asscraft -- Use Strong Encyption Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAyLGZHQSsSmCNKhARAvOeAKCIbe5C2rYAVbGQxKuU+1NkYTftCQCeIClJ ez4FAxNiM6aHgpSpKCwUPD4= =s+vY -----END PGP SIGNATURE----- From wrenhunt at hotmail.com Sun Jun 6 13:28:30 2004 From: wrenhunt at hotmail.com (J. Wren Hunt) Date: Tue Jun 15 08:48:34 2004 Subject: unadorned key In-Reply-To: <20040602140316.GA65370@colon.colondot.net> References: <20040602140316.GA65370@colon.colondot.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Byng-Maddick wrote: | Hi, is there any way of extracting a public key without any non-self | signatures from GnuPG (ie. key material, uids and self-signatures only)? | | I can't seem to find any obvious way of doing this, and I don't know if | there's something I've missed. | | MBM | Make a copy of your key then delete all the extraneous stuff off the key. Save this key so you always have a "barebones" key. Wren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAwv/dA/qR4Uok1vQRAklUAJ4zo0QVV1uwqWOUvPAjGBKJRGLsqQCfXcE4 RS/OJcFjXRZBhnPMcRrkbjQ= =Ws4x -----END PGP SIGNATURE----- From pt at radvis.nu Fri Jun 11 08:21:23 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Jun 15 08:49:25 2004 Subject: Expired signature In-Reply-To: <20040608114954.GC19978@jabberwocky.com> References: <6.0.3.0.2.20040608101202.02896168@localhost> <20040608114954.GC19978@jabberwocky.com> Message-ID: <6.0.3.0.2.20040611081658.027d3210@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 13:49 2004-06-08, you wrote: >On Tue, Jun 08, 2004 at 10:20:48AM +0200, Per Tunedal Casual wrote: >> Hi, >> I have an expired signature on a key. How can I refresh the signature? I >> cannot sign the key again because GPG tells me it is already signed. >> >> The keys expiration date has been put forward. I happened to set the >> expiration date for a signature made with an other key to the initial >> expiration date for the signed key. > >Delete the old signature before you try to sign the key again. > >David > Now I have tried to delete the old signatures or use expert mode, but I cannot figure out how to use any of these commands. I am stuck! Please tell me exactly what I should enter to delete a signature. How do I choose which signature to delete etc Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.950 iD8DBQFAyU99aDDfzFT+2PIRAoezAJ0Qy1CQHPlPTbuccYRXRv6Zpb77bwCeL8gO 7uikhNRFnp4mh2tndbU78Z4= =0N7P -----END PGP SIGNATURE----- From pt at radvis.nu Fri Jun 11 09:23:31 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Jun 15 08:49:28 2004 Subject: Using symmettric keys in GPG In-Reply-To: References: Message-ID: <6.0.3.0.2.20040611090905.02827a80@localhost> At 09:21 2004-06-09, you wrote: >I want to use GPG in our office, and want to use symmetric encryption for >sending files.. The reason being the files are too big (> 400 MB) and to >encrypt them using public-key becomes too slow. Be sure to use a symmetric crypto algo with 128-bit block size to encrypt that large files because of the "birthday paradox". Otherwise the probability of finding two identical blocks in the encrypted file is too large, se previous discussion "twofish keysize", "Blocksize versus file size" and "block-cipher weakness?". Use AES, AES192, AES256 or TWOFISH. If you would like a large key size TWOFISH is faster than AES256. AES is faster than TWOFISH, because TWOFISH is always used with a 256 bit key. I haven't compared AES192 and TWOFISH but they would probably perform similarly. Per Tunedal From mnman at pd.jaring.my Sat Jun 12 07:26:51 2004 From: mnman at pd.jaring.my (omn) Date: Tue Jun 15 08:50:55 2004 Subject: Gpg 1.2.4 with The Bat 2.11 error Message-ID: <805586367.20040612132651@pd.jaring.my> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello gnupg-users, I need help. I'm a newbie to gpg. I've already import all my pgp keys to gpg. When I try to sign & encrypt to others using The Bat built-in gpg, I receive following errors: gpg: mnman@pd.jaring.my: skipped: public key already present gpg: D6506963: There is no indication that this key really belongs to the owner gpg: [stdin]: sign+encrypt failed: unusable public key I could only sign & encrypt to myself. My gpg.conf as below: default-key 0x0F8CFE9629D7378D encrypt-to 0x0F8CFE9629D7378D keyring c:\gnupg\pubring.gpg secret-keyring c:\gnupg\secring.gpg escape-from-lines force-v3-sigs rfc1991 What could be the source of error? Thanks in advance. - -- Best regards, omn mailto:mnman@pd.jaring.my -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFAypQJD4z+linXN40RAqsIAKCGHfEtXY59UIMPf641ZQSVC91nVQCbBlJT cv3kgr/J1TL8367eGBUtho0= =fYYU -----END PGP SIGNATURE----- From jharris at widomaker.com Mon Jun 14 02:56:00 2004 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 15 08:58:01 2004 Subject: new (2004-06-13) keyanalyze results (+sigcheck) Message-ID: <20040614005600.GX2103@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-06-13/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: ab3165d402f199a3b843c5a66d0d972eec51dadc 9788382 preprocess.keys 7f4779ec63b1381a27b1008167a2392b8e5d3d67 6610505 othersets.txt 6d322ee2e2eb40278b06debebd95227cfbd0abfc 2510866 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html 3d01f08fef635abf8ffe290825f618ee47dc05c5 2289 keyring_stats 57b91dbd9a9aad2a742d516f711a634fa799817a 989843 msd-sorted.txt.bz2 fb75ccf7916c266de48f438bca8e5964e5754751 26 other.txt f6dc8e829d671c29715e536309995eaa78ae31f1 1411331 othersets.txt.bz2 b38f69cb0e19d6a09d0d97bc771395c9f8e1b9c8 4002970 preprocess.keys.bz2 7b764df849ffcf919bd2d10ce161e33f3106fad1 9686 status.txt 1aa24f5054551699d230b3490c19be1f76d1839e 211985 top1000table.html b5a92b09878a405f526b0464ca2905dc77676689 30683 top1000table.html.gz 004259428e5b060d1fe98addc5bdb71d399cacd6 11047 top50table.html ef6f24759850dab519ebbd39bca474a4875a3a8f 2314 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040613/6d361921/attachment.bin From pt at radvis.nu Mon Jun 14 18:34:01 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Jun 15 09:00:56 2004 Subject: Expired signature Message-ID: <6.0.3.0.2.20040614183358.0288af60@localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 13:49 2004-06-08, you wrote: >On Tue, Jun 08, 2004 at 10:20:48AM +0200, Per Tunedal Casual wrote: >> Hi, >> I have an expired signature on a key. How can I refresh the signature? I >> cannot sign the key again because GPG tells me it is already signed. >> >> The keys expiration date has been put forward. I happened to set the >> expiration date for a signature made with an other key to the initial >> expiration date for the signed key. > >Delete the old signature before you try to sign the key again. > >David > Now I have tried to delete the old signatures or use expert mode, but I cannot figure out how to use any of these commands. I am stuck! Please tell me exactly what I should enter to delete a signature. How do I choose which signature to delete etc Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) - GPGrelay v0.950 iD8DBQFAzdO8aDDfzFT+2PIRApYcAKCRvYuTF/O6fgi1rcW+QbgU9iMXMQCfe0h3 bur7fbFMhW7KSiN8sDxFKsk= =tOBs -----END PGP SIGNATURE----- From pt at radvis.nu Mon Jun 14 18:34:24 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Jun 15 09:01:00 2004 Subject: Using symmettric keys in GPG Message-ID: <6.0.3.0.2.20040614183422.028977a0@localhost> At 09:21 2004-06-09, you wrote: >I want to use GPG in our office, and want to use symmetric encryption for >sending files.. The reason being the files are too big (> 400 MB) and to >encrypt them using public-key becomes too slow. Be sure to use a symmetric crypto algo with 128-bit block size to encrypt that large files because of the "birthday paradox". Otherwise the probability of finding two identical blocks in the encrypted file is too large, se previous discussion "twofish keysize", "Blocksize versus file size" and "block-cipher weakness?". Use AES, AES192, AES256 or TWOFISH. If you would like a large key size TWOFISH is faster than AES256. AES is faster than TWOFISH, because TWOFISH is always used with a 256 bit key. I haven't compared AES192 and TWOFISH but they would probably perform similarly. Per Tunedal From jharris at widomaker.com Sun Jun 6 22:08:43 2004 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 15 09:02:25 2004 Subject: key count, 2004-06-06 (+ duplicates by short keyid) Message-ID: <20040606200843.GR2103@wilma.widomaker.com> As of Sun Jun 6 19:30:00 2004 UTC, there are 172029 v2/v3 pubkeys, 1844621 v4 pubkeys, 1858528 subkeys, and 1793 duplicate (short) keyids on keyserver.kjsl.com. The duplicates appear below, sorted in reverse by the number of duplicates per keyid and then by keyid. This automated listing is more current than my manual list at: http://keyserver.kjsl.com/~jharris/duplicate_keyids.html and hopefully includes all the keys listed in it. (short keyid # of duplicates) DEADBEEF 4 6FC52472 2 6E849BB2 2 61DCAD84 2 59518C3D 2 10337301 2 FFEA1A95 1 FF86E089 1 FF6A6CA0 1 FF5F9A8D 1 FF495AD7 1 FF48CD90 1 FEEB7515 1 FEDF1BB3 1 FECB35D4 1 FEA05E06 1 FE9F8A51 1 FE69E918 1 FE61A9AE 1 FE5077F1 1 FE35FFBF 1 FDC940E7 1 FD7DB54D 1 FD3E3C28 1 FD04D2C9 1 FCEF82E1 1 FC2AD841 1 FC16E008 1 FBEB0BD6 1 FBDA93F0 1 FBD826F1 1 FBC324F6 1 FBB4F7B8 1 FB159E0D 1 FB14C5C7 1 FAEBD5FC 1 FAE0A994 1 FADFCD89 1 FACCD6D9 1 FAA99F8C 1 FA97182E 1 FA6176B4 1 FA00F4C7 1 F9DF3BF9 1 F9D0D26C 1 F9B4FB55 1 F99B11F2 1 F9826058 1 F91B36F2 1 F8FFD2F6 1 F8CA5F37 1 F8C6AACB 1 F831179D 1 F821C7C3 1 F80BD0FC 1 F7D25A87 1 F7C8A4F6 1 F790CE44 1 F773DE29 1 F76D77B9 1 F752FF43 1 F7482D02 1 F6FD5F57 1 F6D3E297 1 F6C7674A 1 F62A9198 1 F62591B5 1 F6119336 1 F5DF448C 1 F5D9D05E 1 F592EC30 1 F57F15E6 1 F527C750 1 F50BABB6 1 F4E3451D 1 F4C14E0B 1 F4B16D4B 1 F49FF063 1 F49E7EA5 1 F437FBB6 1 F4313A10 1 F4158062 1 F4102A7E 1 F3FCA949 1 F3F1D119 1 F3B7DE70 1 F397F98F 1 F37CB526 1 F35EE110 1 F35427EF 1 F34A75EB 1 F32BA4E7 1 F2F6EE93 1 F2F69F23 1 F2EEFCAB 1 F2DE1C64 1 F29E66C6 1 F28D86F3 1 F283C630 1 F22B91C1 1 F22A0263 1 F21C6560 1 F1FE5367 1 F1CF1800 1 F1C3EE5F 1 F1ADA78C 1 F18E3037 1 F185844A 1 F13972CD 1 F0FF4CF9 1 F099168C 1 F092ABFF 1 F07BD1EC 1 F00001BA 1 EFE465C9 1 EFDB4DFF 1 EF4F7D9B 1 EF4B2B1B 1 EF36997B 1 EF1A0D9D 1 EF1334E3 1 EF045A4A 1 EEEBC3CA 1 EEB93047 1 EE921CC1 1 EE841041 1 EE74769A 1 EE6C909D 1 EE6A1D59 1 EE4E9CBE 1 EE4949C9 1 EE190C59 1 EDAAE59C 1 ED58D277 1 ECF84952 1 EC9E1DFB 1 EC5665F4 1 EC28990F 1 EC0B60A5 1 EBFE19B1 1 EBFCEE57 1 EBF7584B 1 EBF5437B 1 EBC1AD29 1 EB9A9B36 1 EB73A58F 1 EB59D2E5 1 EB41899C 1 EB2CB21A 1 EADAF319 1 EAC003F8 1 EABF58FA 1 EA493162 1 EA330727 1 EA1D232D 1 EA070B69 1 E9FD0549 1 E9D500CD 1 E9C3AE75 1 E98CCB7F 1 E97A51C2 1 E9328E33 1 E8DAC5E0 1 E8B3A39E 1 E8AC04AA 1 E88C93C7 1 E86DAA49 1 E84F4732 1 E84BD0F1 1 E8344447 1 E7F1ECA9 1 E7DBE6F0 1 E76723FE 1 E73407C9 1 E7207217 1 E71E928D 1 E7165CA8 1 E6F2E251 1 E6E9E432 1 E6D5DF42 1 E6CB1A65 1 E6856DE5 1 E6738B71 1 E60847F4 1 E5E310C9 1 E5C37E59 1 E5B0BB4F 1 E5526149 1 E5522013 1 E5518D56 1 E537F0FE 1 E52A5A90 1 E515AF36 1 E4FEF2C9 1 E4FC38AC 1 E4EBA0D5 1 E4E8E13A 1 E4D4A010 1 E4CBBC73 1 E4C1F455 1 E4BE7B9F 1 E4BD2401 1 E490B8AF 1 E48A7A7A 1 E481CE40 1 E46B98D5 1 E428B785 1 E415B338 1 E412528C 1 E4095839 1 E3F014C2 1 E3E9DFE1 1 E39AFA69 1 E36B0F9C 1 E35AA856 1 E33CE394 1 E320CC89 1 E31CF95D 1 E316E1C6 1 E2F9E87C 1 E2A654C2 1 E29BC79D 1 E269EE80 1 E22C01C1 1 E21A58C3 1 E210E9B1 1 E207DF53 1 E1E33DA3 1 E1A695D1 1 E1762D0A 1 E14758B7 1 E146913F 1 E1247F0C 1 E113492A 1 E0F33253 1 E0C1EF35 1 E0AEC5B2 1 E0261027 1 E023BC6A 1 E018A303 1 DFB2B0D0 1 DFB196B0 1 DF5D2870 1 DF480802 1 DF3E8ED0 1 DF160971 1 DEFCD2FB 1 DEED60C0 1 DEB38CFD 1 DEB36882 1 DEA0382F 1 DE5D2D89 1 DE4A83AE 1 DE3E6789 1 DE1C3DFA 1 DDB289D4 1 DDA3F71E 1 DD5E53C0 1 DCD2E949 1 DCA936D8 1 DC6F4AF5 1 DC3C73D1 1 DC294139 1 DBC8486E 1 DBACFFB8 1 DB612E04 1 DB54F1EE 1 DB5498C8 1 DB417E40 1 DB2FD68E 1 DB2E641C 1 DB13EFA4 1 DB127C12 1 DAFD9EEC 1 DAFCC82E 1 DABF1902 1 DAB62EDC 1 DA9240F5 1 DA83C1B0 1 DA68AA9B 1 DA602DD1 1 DA4741A2 1 DA3F9441 1 DA3E21F5 1 DA0516CE 1 D9FC04D7 1 D9C18885 1 D9B2495D 1 D977F7ED 1 D95D2131 1 D94B31F0 1 D94A5D84 1 D93ED534 1 D923B439 1 D8F23CA8 1 D8E61860 1 D8C8F3ED 1 D873C5A9 1 D856E1D3 1 D801ECFD 1 D79DA15F 1 D79842FB 1 D74C5F79 1 D74C546E 1 D747690B 1 D730FAAF 1 D730EEB9 1 D7289701 1 D7105B74 1 D70D2A7E 1 D6E0FD64 1 D6CE34D6 1 D6C2440E 1 D6B4889B 1 D669140C 1 D6603892 1 D64E3F6D 1 D642143E 1 D624D56A 1 D5DC1BF9 1 D5CF5A50 1 D5C96F11 1 D5B4A430 1 D5B47A46 1 D5A12271 1 D596E7D4 1 D5926B78 1 D58CB69D 1 D56C1743 1 D5276C2F 1 D50B5187 1 D4F76FE9 1 D4EC72AD 1 D4E3ECAE 1 D4B98B53 1 D49B0275 1 D483E12A 1 D42B9CB1 1 D420D5CE 1 D4135633 1 D3FA450C 1 D3D9FF2A 1 D3AE4BA1 1 D3ABD4E3 1 D37E3362 1 D3613155 1 D32F3547 1 D2B47918 1 D268335B 1 D24A2ABB 1 D23C47FE 1 D1C3696E 1 D1BD8CAD 1 D1AD0821 1 D1A0E42D 1 D111E820 1 D0FA3598 1 D0AFA10B 1 D09ECD9F 1 D0961561 1 D0422188 1 D040CACC 1 D03C17F9 1 D03B4865 1 D032E6A8 1 D02B940F 1 D00F2CDE 1 CFD28B45 1 CFA0C8B0 1 CF924D61 1 CF6B5950 1 CF62D0C4 1 CED37FF7 1 CEAC5C00 1 CE9FA937 1 CE7D0067 1 CDD050C3 1 CDC5A1B7 1 CDB07D73 1 CDAF7557 1 CD4F0C21 1 CD3891F1 1 CD20BD7D 1 CD07DC2C 1 CCFF0104 1 CC8C470A 1 CC66E722 1 CC12E8FB 1 CBFDDC1F 1 CBAC8696 1 CB649C90 1 CB501A68 1 CB12F02F 1 CAF09C61 1 CAC44D51 1 CAADAC28 1 CA7CA2A5 1 CA7BAB0A 1 CA57868A 1 CA0D9524 1 C9EFF417 1 C9EA8406 1 C9E73AC3 1 C9E1AF7E 1 C9E0C417 1 C99E9B78 1 C965C4A5 1 C9336CC9 1 C8D7DE5D 1 C8A2836F 1 C8632747 1 C8568F66 1 C8344E2E 1 C7A119B5 1 C7806863 1 C752847A 1 C7399C7A 1 C71C9220 1 C7138A01 1 C6C80B8D 1 C6C6E310 1 C68357E2 1 C663621A 1 C6501016 1 C62AD0A0 1 C603B705 1 C5FF0A21 1 C5DC8A3A 1 C5C76C81 1 C5B6107F 1 C5A196B9 1 C5334C52 1 C4F26949 1 C4D5167C 1 C4798E05 1 C4786479 1 C40DA8E8 1 C3EB7DE5 1 C3AEACC3 1 C3A66724 1 C38D2A3D 1 C3826A03 1 C34910D0 1 C33603C1 1 C31D3929 1 C30BC6E5 1 C2D3A6DA 1 C21F4F00 1 C1DC35BC 1 C13BF36E 1 C11F6F3B 1 C0BA470F 1 C07ED679 1 C008C0A6 1 BFB528B7 1 BFA35666 1 BF71BDF4 1 BF5A3D1A 1 BED13542 1 BEC507D1 1 BEC10F93 1 BEAE0747 1 BE7B3AA2 1 BE378C4F 1 BE283571 1 BE1B98D8 1 BD81AE64 1 BD6D1A49 1 BD0FD942 1 BD0C16C4 1 BCAAA04D 1 BC799D53 1 BC6102C6 1 BC56D27C 1 BC349218 1 BC233281 1 BC0A530B 1 BC047C0A 1 BBF961F9 1 BBDAD91B 1 BBD92EB1 1 BB44B70C 1 BB35C66D 1 BB34BB9B 1 BAFC0363 1 BAF40252 1 BAEF1196 1 BA6CD06E 1 BA45BDF6 1 BA099952 1 BA08D0D4 1 B9B71C4C 1 B99F8379 1 B9869872 1 B986484E 1 B902E268 1 B8D3D51F 1 B8B539C8 1 B8B1D870 1 B877EAF4 1 B86E1155 1 B847F1D1 1 B8384117 1 B8170D80 1 B813BF46 1 B7F26B77 1 B7EE92C6 1 B7D1ABBF 1 B7BD960F 1 B7A464F9 1 B77AC4C9 1 B7683091 1 B753388D 1 B73FDC72 1 B7373685 1 B6AF2183 1 B6A8B7DC 1 B6995831 1 B6746995 1 B671B1EE 1 B62F43F9 1 B5CB72B7 1 B5A431FC 1 B5984048 1 B58F6E0C 1 B57D2192 1 B554F710 1 B51F25AE 1 B509FFB3 1 B4AE8D20 1 B4A70D4D 1 B470FE8A 1 B46DC1B1 1 B44078FB 1 B3E99F8C 1 B3D737D6 1 B3D693F2 1 B3D0A7B0 1 B3CD9812 1 B3C99E28 1 B3B8C015 1 B36E4C28 1 B33CFFF0 1 B3148FD4 1 B301618A 1 B2FD738B 1 B2F84AED 1 B2964921 1 B2620BB7 1 B253A92C 1 B2324431 1 B2305050 1 B20D9A65 1 B1F3E29B 1 B1CC6BD0 1 B1BB3676 1 B18C014F 1 B1793A97 1 B173A7B4 1 B1699533 1 B163261F 1 B162429A 1 B13572B7 1 B12BFBCE 1 B12A9E03 1 B121F847 1 B1150D44 1 B1054E2B 1 B0DF3092 1 B0C41186 1 B0B12CAB 1 B0946332 1 B07C9D47 1 B059FF01 1 B0509FBE 1 AFD17D59 1 AF99F592 1 AF85FF26 1 AF62EB67 1 AF3E9638 1 AF275805 1 AEEB8B5B 1 AECE4A7A 1 AE7472A5 1 AE5871F3 1 AE55B221 1 AE433DE3 1 AE19E0C8 1 ADDD90C4 1 ADDA78BE 1 AD5D2D2B 1 AD1556E6 1 ACD658F0 1 ACAB37E1 1 ACA06F77 1 AC8AAEF9 1 AC879B8C 1 AC77066A 1 AC63A600 1 AC39BBA2 1 AC30B989 1 AC03601E 1 ABDAA3DA 1 ABAFAD6E 1 ABAA3C90 1 ABA3AE8F 1 AB145AD0 1 AB0DDDFB 1 AAB5538C 1 AA7DD5D9 1 AA6B8C07 1 AA6451DB 1 AA6330DE 1 AA2D3D51 1 A9F83387 1 A9E781C0 1 A9C747A7 1 A9C1DA04 1 A985450F 1 A956406D 1 A9117B51 1 A8CC5B8D 1 A8BF6085 1 A8B35D11 1 A8A369C9 1 A89E8BF2 1 A86F98CE 1 A7C3B5F9 1 A7B26A1A 1 A76D53F5 1 A768291F 1 A74300B3 1 A712FDC0 1 A710A4A7 1 A6ECA8F3 1 A6DE7508 1 A6DE1F89 1 A6C7836D 1 A6452044 1 A6371EFC 1 A5FC0936 1 A5DAF484 1 A5BF15B6 1 A5A2EDE5 1 A56E15A3 1 A55AAECF 1 A546C9E9 1 A52B06FB 1 A513EC05 1 A4C5A65D 1 A4B119CE 1 A4973A65 1 A48CA749 1 A480F8D3 1 A47C2E15 1 A459E563 1 A41D767D 1 A35FD3FC 1 A35EA3D1 1 A34B3553 1 A3166F17 1 A3146596 1 A2FD4AF7 1 A2CADC81 1 A2B9A085 1 A25837CC 1 A2120CD4 1 A2080434 1 A1FBC4DF 1 A1C71AC6 1 A1AB8452 1 A1A5917C 1 A1A4E5D2 1 A19EE6FA 1 A127B880 1 A1271B4E 1 A11DA8F2 1 A0C5B0D6 1 A0C2AC69 1 A0A12B52 1 A08C20BD 1 A076FB94 1 A04C4CB0 1 A03588F4 1 A00006C8 1 9FEFA726 1 9FD7A290 1 9FCB8F11 1 9FC561A1 1 9FBDD7A0 1 9FB3FAD2 1 9F4DD493 1 9F1C26AF 1 9F0B7674 1 9EDD895D 1 9EC3E1C1 1 9E8480BD 1 9E7A3BCB 1 9E66EAE6 1 9E2CB1AB 1 9E136429 1 9D886B88 1 9D701AD1 1 9D69CE01 1 9D5EC10D 1 9D5A28C5 1 9D41A5E0 1 9D311099 1 9D23D715 1 9CCD4C36 1 9C977DC6 1 9C797A33 1 9C62C238 1 9C2607DE 1 9C07D7E1 1 9BF76715 1 9BDC67B7 1 9BCCB299 1 9BC6E569 1 9B91477D 1 9B81FBEA 1 9B4A16A2 1 9B453F02 1 9B21CC3D 1 9B097544 1 9B01B926 1 9AEA8E7C 1 9AE95DB4 1 9ADC3F22 1 9AD2D787 1 9ACE8476 1 9AA829DD 1 9A6B2ED1 1 9A5FF152 1 9A2E7CF3 1 9A295B04 1 9A05C531 1 99F5A28D 1 99DC18FF 1 99C88F47 1 99BDA4A1 1 999F8048 1 9997BEFD 1 99827D58 1 99698A01 1 99659458 1 9939DA76 1 9910E565 1 98E9D53D 1 98E8562D 1 98B85A14 1 98B3C089 1 98AFE82E 1 98AB344B 1 988D16E5 1 987D847D 1 9857D0AC 1 98453972 1 97E11812 1 97DFB49B 1 97CB4AA7 1 97C54618 1 97C07C3C 1 97B02B9F 1 9765F187 1 975CA949 1 973C1033 1 972CE23B 1 96E8EEDA 1 96BC6AEE 1 96B31AB2 1 96B128E0 1 96935B9C 1 9686D87A 1 9680419D 1 967DC5DD 1 967885A6 1 9652ED31 1 965238F3 1 96348FD1 1 95EF1453 1 958BC6BA 1 9585AEE2 1 95063EB5 1 94E52A28 1 9488E5F9 1 947C42DF 1 9460EF34 1 942F97AC 1 941DCFCD 1 93CFD861 1 938883D3 1 93738FC3 1 9364F4F4 1 93157581 1 92EE7592 1 92C11F27 1 92987D92 1 928F323D 1 924F0AE6 1 9216F7C3 1 91A89703 1 9189AC99 1 917FAE6B 1 9150E5B0 1 9134EA18 1 9131544A 1 90EA2F9D 1 906E7BA0 1 903C18AE 1 9009BA70 1 9003D406 1 8FF8A5FE 1 8FD86BA7 1 8FA45433 1 8F4B50B0 1 8F4AAFE7 1 8F1DCFA4 1 8F1C5E0A 1 8F103CDE 1 8EC4070F 1 8EB3039C 1 8E9A7257 1 8E913541 1 8E813F21 1 8E6C5CB9 1 8E69EECE 1 8E5222DD 1 8DDFBFE6 1 8D89BF15 1 8D7EAD6B 1 8D56CB67 1 8D315505 1 8D0B88F3 1 8CFC045E 1 8CF85F2D 1 8CDECCCE 1 8CB97256 1 8C90A57F 1 8C8EB1F0 1 8C68A2D0 1 8BE42553 1 8B8D1E9D 1 8B5BEF71 1 8AAEE315 1 8A963CA6 1 8A34ABA7 1 8A20D87D 1 89F0B16D 1 89D7CB14 1 89B5EF29 1 89B5CEDD 1 898040B7 1 89694C4C 1 891F9237 1 88FBB364 1 88ED08C5 1 88EBF681 1 88E56929 1 88A2E2C9 1 88956A20 1 8884F4BA 1 8880D131 1 8844B415 1 880F1F45 1 878AB4DB 1 877A446F 1 876F1A2D 1 8767061F 1 87643D9E 1 875DD099 1 8736A158 1 87274DB7 1 87215224 1 86E9F8D4 1 86A8BA32 1 8695A967 1 866A3DAD 1 864387D5 1 8626AC55 1 86224F18 1 8615F33E 1 8601AF9C 1 85F53CA8 1 85ECA856 1 85E5A62A 1 85CFC6EF 1 85875053 1 8575A580 1 85490143 1 8545F21C 1 85365895 1 853654B5 1 84A24375 1 84800409 1 8472E971 1 846D581E 1 84499C79 1 843EBE20 1 843A3360 1 84006A4E 1 83E4CA95 1 83989776 1 838E25BF 1 834DA0A9 1 834733AC 1 833837CC 1 82892AA3 1 82677E75 1 8236BBFA 1 81DC42DD 1 81CAA485 1 8173F9A9 1 8162F90D 1 8104A699 1 8100C470 1 80A991E6 1 809E90F5 1 8092DA51 1 8053BF89 1 80474F32 1 8038ADD1 1 800DAA6E 1 7FFEDDFA 1 7FE905CC 1 7FC625DA 1 7FA098B3 1 7F937764 1 7F5EFE30 1 7F46702F 1 7F2FA038 1 7F0585F1 1 7EDBEC4E 1 7EA2E8EC 1 7E971FAE 1 7E785D53 1 7E5E91ED 1 7E334162 1 7E1D050E 1 7E0E2801 1 7E02424C 1 7DFB3738 1 7DDAB28F 1 7D688F15 1 7D4EC548 1 7D047EB3 1 7D01FA48 1 7CFF623B 1 7CC1E713 1 7C18488D 1 7BFE3FC1 1 7B6A2997 1 7B3FECA8 1 7B22F4FA 1 7B0F054F 1 7B0EC78E 1 7B08536A 1 7AE9EAC7 1 7AA7A28B 1 7A818722 1 7A4A5F53 1 7A0E8801 1 79A29990 1 798CF548 1 79780805 1 7974C95E 1 796B3439 1 7958AD6F 1 792F6885 1 78AC0AF8 1 787E18A4 1 78695CFD 1 784E6BBF 1 781E0E81 1 78130F32 1 77FCAE8E 1 77F476CC 1 77E19C76 1 77A3FBBB 1 779A9891 1 77984DDC 1 77486DCF 1 772B6551 1 76AE7175 1 768D627E 1 7688AA16 1 76781382 1 7649131D 1 764183DD 1 763C940C 1 7636F92E 1 760A972F 1 75CA9E60 1 75AA6352 1 758C6BC5 1 7543B782 1 74D35A55 1 74CD1041 1 74B8918F 1 7457B219 1 74303CA8 1 740F69ED 1 73C51AFC 1 73043469 1 7300B960 1 72F3AD39 1 72D98613 1 72D5E7B4 1 72CADA85 1 72B4D960 1 72A6A02D 1 728E84AD 1 72787E1C 1 722A7990 1 7208F11E 1 717161AE 1 716EB518 1 71668B91 1 71579DFD 1 71422425 1 70FFF9E2 1 70FC2835 1 70FA79A3 1 70F7362D 1 70DCD4F2 1 70D64C49 1 70AE18FC 1 708F21A0 1 70819317 1 705A7DBF 1 70555EB4 1 7027CBFA 1 6FF8AD8A 1 6FEE4A9D 1 6FE71551 1 6FE3B1F4 1 6FD1C1C4 1 6FCD8A93 1 6FCB62BB 1 6FC9E91D 1 6FAFC661 1 6FA09C8B 1 6F9C1DBE 1 6F57602C 1 6F4ABFC8 1 6F39F385 1 6F202346 1 6F1FD824 1 6F0747C6 1 6EA9656E 1 6E940539 1 6E3A63C3 1 6E269F33 1 6E03252F 1 6DC986EF 1 6D816342 1 6D4E678A 1 6D3C7479 1 6D3AF72C 1 6D20B645 1 6D0589F6 1 6CACA598 1 6CA05373 1 6C876CEC 1 6C7F11DE 1 6C66EC2F 1 6C6481CA 1 6C6133BD 1 6C32639E 1 6C1DC67B 1 6C1C1DB2 1 6C195A5F 1 6BFDB5B1 1 6BE64D50 1 6B8B4141 1 6B75150E 1 6B481AB2 1 6B3DC50C 1 6AF17EA7 1 6AAE7A60 1 6A8F3B36 1 6A4C83F3 1 69CF3E39 1 69CAA252 1 69C65B1B 1 69A97E35 1 69877383 1 696AF4E5 1 693BA922 1 6914D9E9 1 691281AA 1 68E65C33 1 68C746C5 1 68B9F2E1 1 689F0C80 1 68967AC6 1 68601497 1 67F71227 1 67F19C8D 1 67CFC0D4 1 67C0A6FE 1 67A39D11 1 679A7B31 1 6798ACDF 1 67800C7C 1 66FBDC22 1 66811C6E 1 666F51C8 1 65CCF300 1 65BFC16D 1 65B51E0D 1 657ACDEC 1 65516DAA 1 654BC86B 1 6538D16B 1 64D4C5A3 1 649701F6 1 6469923A 1 642DC3B5 1 6401A109 1 63DB2AC5 1 63BEB808 1 638D221A 1 6354A474 1 630D1137 1 630C2C80 1 63037F7F 1 62FD6545 1 62CAD444 1 62AA84B2 1 629EC328 1 6291B7B3 1 62464A3C 1 621FFE5D 1 6211000E 1 61F3445D 1 61D9DBEC 1 61BAD897 1 619F548A 1 61968F51 1 6195CC02 1 615B9A33 1 613BD2F9 1 6125A9AD 1 60E1FFD3 1 60DB165B 1 608BB3C9 1 60759D09 1 6062FDA2 1 60497BF4 1 603A161E 1 602ABD10 1 6017BDD7 1 60154CD5 1 5FB423B6 1 5FA63B8D 1 5F9F4379 1 5F4B6D40 1 5F33F7B7 1 5F2986D2 1 5F26D087 1 5F244ECA 1 5F1141A5 1 5EFD3DC1 1 5EE8F65A 1 5EE76F85 1 5EB90F67 1 5E986314 1 5E181A6D 1 5DF6AE1D 1 5DECF171 1 5DB5C01B 1 5D9EFC4D 1 5D7CD8AE 1 5D7C5207 1 5D460BB2 1 5D0E2861 1 5D0D8A0D 1 5CEDB0EF 1 5CE2CE5E 1 5CDC5684 1 5CC0B513 1 5CA46E7D 1 5C995945 1 5C8415AF 1 5C75D890 1 5BEE687D 1 5BEADB3D 1 5BE97622 1 5BE524E9 1 5BB03781 1 5BA36BE1 1 5B927374 1 5B3F9640 1 5AF343D0 1 5A8BE3F5 1 5A84B219 1 5A7B6A54 1 5A73C98E 1 5A62D6B1 1 5A1D8BD3 1 5A1A5201 1 59C25118 1 59BA6993 1 596B51FD 1 5958E083 1 5930BDC7 1 590C575C 1 58D766D1 1 5819CF01 1 580545C6 1 57C71C82 1 57A96C80 1 5798556B 1 5768246C 1 5767735F 1 5742B46E 1 57190CE2 1 56AC4D6B 1 569D00EC 1 567BA000 1 566CE73A 1 566AB279 1 55EBF239 1 55CBCAC2 1 55B2D6C2 1 55AD1433 1 55A49D93 1 553569BE 1 547E6907 1 54508B3B 1 544E17D6 1 53E0EEE4 1 53BFC700 1 53651DE3 1 532414CE 1 52E7B5EE 1 52E4D0DB 1 5214057B 1 51FD1E64 1 51FC68CA 1 51F7AA99 1 51F79498 1 51F3DD2B 1 51DE75E4 1 51AC728B 1 51A4488C 1 5188FF6D 1 5180DF5C 1 514A86F1 1 5113A93E 1 50C64A83 1 508728F1 1 506F036A 1 504B34F0 1 50238A9D 1 4FBAF1A6 1 4FA75F05 1 4F709D15 1 4F57456E 1 4F275C49 1 4EE218A7 1 4EE04BC9 1 4E999D75 1 4E54E46A 1 4E062DFC 1 4DDFC7CF 1 4DC90D11 1 4D9D72EA 1 4D5C52B1 1 4D34A0EF 1 4D2294BD 1 4D22032A 1 4D082587 1 4C621713 1 4C22B70B 1 4C1A7F18 1 4C0D1EC3 1 4BAE5061 1 4B99D24A 1 4B8FFF5D 1 4B82FC4C 1 4B63C3B2 1 4B35C392 1 4B2BE9F1 1 4B1B86E5 1 4B1202C0 1 4AF8FC3E 1 4ADD98C6 1 4ACD8F49 1 4A90AD06 1 4A8BEC8F 1 4A87734A 1 4A2B7F33 1 4A1E9476 1 49C60322 1 49BFBFD0 1 49561B91 1 49299FCD 1 490C5BCE 1 4903984A 1 48D8CDDE 1 48991887 1 48289587 1 4827DD7F 1 48229794 1 47FF0547 1 47E78BE8 1 47C6D5FA 1 47B81485 1 47B57B32 1 47A7606C 1 479B59A6 1 478BF40C 1 4781CE09 1 47773F6C 1 475DD6E1 1 4740FECC 1 472F50B5 1 46FADE2B 1 46E18F5F 1 46E09E1D 1 4650D196 1 46509089 1 463F7174 1 463C5060 1 45DD2581 1 45B283E1 1 45A6E792 1 45708711 1 456FF437 1 454208FC 1 45402B60 1 44F56AE5 1 44764DFB 1 44657857 1 444FCABD 1 4442A170 1 43BDC7E8 1 43B726C5 1 43A75E60 1 4386FD2D 1 4375BA12 1 43714484 1 4363B423 1 434B21F9 1 431C9CAF 1 4318F5A3 1 4318372B 1 42FE92FE 1 42FBC3DC 1 42F0A0A0 1 42619341 1 424AF333 1 421ADB86 1 41CCA7BE 1 41712E8E 1 41579935 1 4131A403 1 40B8AAA5 1 4085FA17 1 406A3EF1 1 40454420 1 40380DE6 1 402C84BD 1 3F924C4C 1 3F790C63 1 3F5E1D96 1 3F297F37 1 3F021CEE 1 3EF0FE84 1 3EED622B 1 3EDDE3E8 1 3E8A7ADC 1 3E7E6EDD 1 3E450097 1 3E0DE786 1 3E0A7183 1 3DFDF9F4 1 3DEC86EB 1 3DDAF9A4 1 3DD29D15 1 3DD1D416 1 3DCE5DE7 1 3DA44272 1 3D7D41E3 1 3D4AA34B 1 3D45029A 1 3D2A7407 1 3CED4507 1 3CEAFBFD 1 3CB0A5B0 1 3C8062DD 1 3C777CC5 1 3C338C6C 1 3C0BE998 1 3BECB6CD 1 3BE8B3FF 1 3BDFE03F 1 3BD632AF 1 3BB3B286 1 3B80E74C 1 3B693818 1 3B2948E9 1 3B1D9DF6 1 3B03BF01 1 3AE1ECD5 1 3AE04EAD 1 3ADE1B26 1 3AC7B6F9 1 3ABE47FC 1 3A882409 1 3A43827A 1 3A2F6830 1 3A2E2E9F 1 3A27D00C 1 39F5E107 1 39E6F085 1 39AD3E14 1 39AB7A89 1 39708D15 1 395B2E0C 1 3941360B 1 393A67EB 1 391CF57F 1 39199DBA 1 391627C5 1 38E95B78 1 38B514DA 1 38A4A841 1 38838E3F 1 385107B4 1 382EFDC3 1 381C352C 1 37EC15D0 1 37E204E2 1 37B7EB70 1 3791AA27 1 377FE07F 1 37193EE4 1 37020CA4 1 36F11F8D 1 366C5442 1 35AAA6B9 1 3584C3FE 1 3542CB68 1 3532B0CC 1 352F659A 1 34CAFEEA 1 34B3EBB4 1 34810F32 1 346D4282 1 34677F93 1 3463BA9C 1 345ED6CC 1 34596799 1 342AB185 1 341BA168 1 34143D7F 1 340B887F 1 33A19563 1 338D6FB9 1 335F5FF8 1 334FFCE3 1 32F9D082 1 32E78C9E 1 32C6C7E9 1 3298FECC 1 32443AE8 1 3218899B 1 320A5809 1 3203B408 1 31FB10F9 1 3174D7C6 1 3165E3DB 1 316366F5 1 311CEE01 1 3119C062 1 31017307 1 30C150CE 1 30AADF87 1 309B05DD 1 308D8740 1 304AE829 1 2FCBD9BC 1 2FB8C6A9 1 2F95EFD3 1 2F442E7C 1 2F3F47AD 1 2F2BE408 1 2F0764D8 1 2EFFAA0D 1 2EF88DD4 1 2ED6FC89 1 2EBAAE4C 1 2EB2FE5E 1 2E9859B0 1 2E478D2F 1 2E0EFE48 1 2DEC55D9 1 2DE973C3 1 2DE4A992 1 2D81B2FD 1 2D6D1CF3 1 2D0B163B 1 2CD059FB 1 2CC326B2 1 2CBB6E90 1 2C99011A 1 2C7893A8 1 2BF28C1C 1 2BE3033A 1 2BD61950 1 2BCCCDF9 1 2BB98F61 1 2BB42445 1 2BA4F30A 1 2BA1992A 1 2B4BC5C1 1 2B44CE3B 1 2B287ED5 1 2B143BCA 1 2AF489DA 1 2AB4E7E3 1 2AAC7244 1 2A83F1C6 1 2A82FD06 1 2A520B71 1 29B4CABF 1 299A88AC 1 29640C53 1 29476C7C 1 2946DEE2 1 29200DE5 1 2905288A 1 2904A433 1 28E9F1D6 1 28CE6BE5 1 28C3CC97 1 28B654FA 1 2860B957 1 282F5301 1 27EAC459 1 27C030C5 1 27B9ADB6 1 27848427 1 277A5385 1 276B7ABC 1 274B98A3 1 2737C04D 1 2724373D 1 26E6C236 1 26DE4D33 1 26C840ED 1 26C6E439 1 267DA49D 1 266B52ED 1 266353CE 1 265FDFF0 1 2652C53B 1 26486DD3 1 2617A882 1 25FBD1DB 1 25D89166 1 25D37C99 1 25C1D1C5 1 25C0A858 1 257018C3 1 2533ACAD 1 25058797 1 25022112 1 24CB26B9 1 24BBC063 1 249989A9 1 2468D45F 1 2435F628 1 2433B4CD 1 24318396 1 240498A9 1 239CF1EC 1 23826A9C 1 2359D67D 1 2331D852 1 2327F354 1 231926BC 1 229F7587 1 228E15F9 1 2289BA06 1 2275DD7D 1 225CA009 1 224C368B 1 223E9149 1 223C9DBD 1 223726AF 1 221EDC21 1 220DAA23 1 21A799A4 1 21A754A9 1 21A13B16 1 218D9BD4 1 214F783D 1 20EB5597 1 20DA8DA5 1 2053BF70 1 2051536F 1 201C2A70 1 201B55DF 1 1FF93337 1 1FF32DEE 1 1FE70BE2 1 1FDCA0D0 1 1FD5B72E 1 1FC376B6 1 1FBE7C43 1 1F79D1C6 1 1F43255F 1 1EFFBA41 1 1EDFAA11 1 1EA5D6B1 1 1E8E1B36 1 1E88BF71 1 1E3E0B8E 1 1E29E27C 1 1E1C8E52 1 1E0DDA12 1 1D8709F3 1 1D46E463 1 1CF177EE 1 1CE774F5 1 1C917B65 1 1C8CD39A 1 1C5A59AB 1 1BFBDAFE 1 1B9C2C77 1 1B389331 1 1B245ED7 1 1B0AD801 1 1A96577E 1 1A769744 1 1A6F4F8E 1 1A5665D6 1 1A25D86C 1 19EB7462 1 19E8AFFE 1 19980101 1 193979FE 1 192DFC86 1 191A566C 1 18FF24C5 1 181C7A86 1 18154164 1 17307658 1 171CAA4A 1 16F4289E 1 16F1BB82 1 16DD8FD5 1 16144C84 1 15EF5BF3 1 15B5D2CC 1 15AF5F92 1 159789FB 1 15529C79 1 15422EE3 1 14E5FA20 1 1493A535 1 1485F4E5 1 14795CCB 1 141A61C8 1 14031225 1 1400A529 1 13ED6FD7 1 13ED62A2 1 13E55141 1 13BAE516 1 13BA9CB7 1 136D6A40 1 136CAE4F 1 1328612C 1 132811C2 1 132294C2 1 13147802 1 12FFF8AB 1 126EB674 1 121062DE 1 11E4B0A8 1 11C545ED 1 11983878 1 1131B260 1 1126FC80 1 1109BB9C 1 107E8E01 1 10325C4C 1 10286889 1 0FEA3255 1 0FB6FE04 1 0F752DEB 1 0EB8D771 1 0E845B46 1 0E8315C8 1 0E76AD39 1 0E524168 1 0E04CB22 1 0DCB908F 1 0DC6BF21 1 0D53AFD5 1 0D4F6575 1 0D090C01 1 0CA7D261 1 0C5C53E1 1 0C38637F 1 0C0DFEFD 1 0C0DDFAA 1 0BFA074E 1 0BA85EB1 1 0B4A53CD 1 0B388C6F 1 0B13ED43 1 0AEB4BDE 1 0ADAAD89 1 0A9E090E 1 0A8BBB87 1 0A8A57EF 1 0A5CC571 1 0A503E41 1 0A35FDE3 1 0A163BCE 1 0A0F1541 1 09ECAD67 1 09D85B63 1 09804D87 1 0974755E 1 09612E92 1 094E7C4A 1 0932DECB 1 09256417 1 08B4322D 1 0884675A 1 086DE212 1 08666719 1 084ACEF8 1 08445403 1 08012EBC 1 07ED2832 1 07E6E55A 1 07E6C19B 1 07BC55B6 1 07AB8A93 1 07A65AC1 1 079BB351 1 077D28E1 1 0765885E 1 071355A9 1 070EE274 1 06DCE912 1 06318DBD 1 06269CC5 1 06238A9C 1 05EE0ADC 1 05E51435 1 0569BCB5 1 053C04CB 1 05038075 1 04F8B4D8 1 04BF290C 1 049E669F 1 04071F9F 1 03BB0A13 1 037DA89F 1 036F166E 1 036701B2 1 035CFDDC 1 0346CFC4 1 0332405D 1 02DA0278 1 02BA2FE0 1 028E5613 1 026F7782 1 024365B8 1 021E467B 1 02103F08 1 02054988 1 01FAE88B 1 01D6F21E 1 01D5548F 1 01681CF7 1 01307F03 1 0122F043 1 00FCC016 1 00E54666 1 00B57409 1 0073B461 1 00613384 1 00000001 1 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040606/88dbf5f5/attachment.bin From gnupg at ml0402.albert.uni.cc Tue Jun 15 16:56:05 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Jun 15 16:54:09 2004 Subject: Secure deletion of files in a directory Message-ID: <200406151656.05475.gnupg@ml0402.albert.uni.cc> I have to return a new hard drive in warranty and to delete a lot of directories which contain private data. Unfortunately the data of S.M.A.R.T are erased too, if I use badblocks -w to overwrite the _whole_ drive. I know there is a possibility to shredder a file with gpg, but not a directory. What do you recommend? Albert From dshaw at jabberwocky.com Tue Jun 15 17:39:25 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 17:36:34 2004 Subject: Secure deletion of files in a directory In-Reply-To: <200406151656.05475.gnupg@ml0402.albert.uni.cc> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> Message-ID: <20040615153925.GA25161@jabberwocky.com> On Tue, Jun 15, 2004 at 04:56:05PM +0200, Albert wrote: > I have to return a new hard drive in warranty and to delete a lot of > directories which contain private data. Unfortunately the data of > S.M.A.R.T are erased too, if I use badblocks -w to overwrite the > _whole_ drive. > > I know there is a possibility to shredder a file with gpg, but not a > directory. What do you recommend? GnuPG does not have a file shredder. It is not possible to write such a thing to be portable to as many platforms at GnuPG runs on. I'd look at "shred", but keep in mind the caveats the author gives in the man page. David From dshaw at jabberwocky.com Tue Jun 15 17:52:34 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 17:49:46 2004 Subject: GNUPG and cryptoex In-Reply-To: <40C3AA5800001329@dpo2w3p.servers.epost.de> References: <40C3AA5800001329@dpo2w3p.servers.epost.de> Message-ID: <20040615155234.GC25161@jabberwocky.com> On Wed, Jun 09, 2004 at 11:16:23AM +0200, reiner.dietrich@epost.de wrote: > Hello, > > I use GNUPG and I got two public keys from a collegue who uses > cryptoex. We thought that this should be no problem as both should > be openPGP, but I can not import the keys. I found one forum in the > internet where somebody else raised the same question but there is > now answer yet. Is GNUPG and cryptoex not compatible? Is there any > patch or convertion program available to make them work together? Generally, GnuPG and cryptoex work together just fine. Unfortunately, you haven't given any details whatsoever as to what isn't working, so it's impossible to help you. David From pt at radvis.nu Tue Jun 15 17:57:22 2004 From: pt at radvis.nu (Per Tunedal Casual) Date: Tue Jun 15 17:53:36 2004 Subject: Expired signature Message-ID: <6.0.3.0.2.20040615175549.02815730@localhost> At 13:49 2004-06-08, you wrote: >On Tue, Jun 08, 2004 at 10:20:48AM +0200, Per Tunedal Casual wrote: >> Hi, >> I have an expired signature on a key. How can I refresh the signature? I >> cannot sign the key again because GPG tells me it is already signed. >> >> The keys expiration date has been put forward. I happened to set the >> expiration date for a signature made with an other key to the initial >> expiration date for the signed key. > >Delete the old signature before you try to sign the key again. > >David > Now I have tried to delete the old signatures or use expert mode, but I cannot figure out how to use any of these commands. I am stuck! Please tell me exactly what I should enter to delete a signature. How do I choose which signature to delete etc Per Tunedal PS I have tired twice to send this mail to gnupg-users@gnupg.org but it doesn't arrive. This is my third trial. From gnupg at ml0402.albert.uni.cc Tue Jun 15 18:25:06 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Jun 15 18:22:48 2004 Subject: Secure deletion of files in a directory In-Reply-To: <20040615153925.GA25161@jabberwocky.com> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <20040615153925.GA25161@jabberwocky.com> Message-ID: <200406151825.06446.gnupg@ml0402.albert.uni.cc> Am Dienstag, 15. Juni 2004 17:39 schrieb David Shaw: Thanks David! > On Tue, Jun 15, 2004 at 04:56:05PM +0200, Albert wrote: > > I have to return a new hard drive in warranty and to delete a > > lot of directories which contain private data. Unfortunately > > the data of S.M.A.R.T are erased too, if I use badblocks -w to > > overwrite the _whole_ drive. > > > > I know there is a possibility to shredder a file with gpg, but > > not a directory. What do you recommend? > > GnuPG does not have a file shredder. It is not possible to write > such a thing to be portable to as many platforms at GnuPG runs > on. I use SuSE 9.1 and when I install KGPG there is an option to install a shredder (Rei?wolf, german) and it looks like it works. > I'd look at "shred", but keep in mind the caveats the author > gives in the man page. shred doesn't work with directories and has problems with ext3 and reiser. Any other ideas? Are you all returning your harddrives with files on it :-) Albert From kyle at toehold.com Tue Jun 15 19:05:36 2004 From: kyle at toehold.com (Kyle Hasselbacher) Date: Tue Jun 15 19:03:12 2004 Subject: Secure deletion of files in a directory In-Reply-To: <200406151825.06446.gnupg@ml0402.albert.uni.cc> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <20040615153925.GA25161@jabberwocky.com> <200406151825.06446.gnupg@ml0402.albert.uni.cc> Message-ID: <20040615170536.GR31837@longshot.toehold.com> An embedded and charset-unspecified text was scrubbed... Name: msg.pgp Url: /pipermail/attachments/20040615/22b17892/msg.txt From webmaster at digitallyimpressed.com Tue Jun 15 19:14:50 2004 From: webmaster at digitallyimpressed.com (Rainer Bendig, Digitally Impressed) Date: Tue Jun 15 19:11:53 2004 Subject: Secure deletion of files in a directory In-Reply-To: <200406151825.06446.gnupg@ml0402.albert.uni.cc> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <20040615153925.GA25161@jabberwocky.com> <200406151825.06446.gnupg@ml0402.albert.uni.cc> Message-ID: <40CF2E8A.6060207@digitallyimpressed.com> Albert schrieb am 15.06.2004 18:25: >>I'd look at "shred", but keep in mind the caveats the author >>gives in the man page. > > > shred doesn't work with directories and has problems with ext3 and > reiser. Any other ideas? Are you all returning your harddrives with > files on it :-) > "shred" on debian unstable works fine, i have no problems deleting files +100MB... since months ... that's the only way i know (if you are not using an hex-edit) to really delete your files. with gpg it has - in my eyes - nothing to do ... -- so long, Rainer Bendig aka mindz PGP/GPG key (ID: 0x247FECD5) http://DigitallyImpressed.com get it from wwwkeys.de.pgp.net for contacting me take a look on http://digitallyimpressed.com/contact From linux at codehelp.co.uk Tue Jun 15 19:58:11 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jun 15 19:54:27 2004 Subject: Expired signature In-Reply-To: <6.0.3.0.2.20040615175549.02815730@localhost> References: <6.0.3.0.2.20040615175549.02815730@localhost> Message-ID: <200406151858.15001.linux@codehelp.co.uk> On Tuesday 15 June 2004 4:57, Per Tunedal Casual wrote: > At 13:49 2004-06-08, you wrote: > >On Tue, Jun 08, 2004 at 10:20:48AM +0200, Per Tunedal Casual wrote: > >> Hi, > >> I have an expired signature on a key. How can I refresh the signature? > >> I cannot sign the key again because GPG tells me it is already signed. I hope that this isn't covering old ground, I've been away and haven't been able to contribute for a few weeks. Which version of GnuPG are you using? I thought this was fixed in v1.2.4 so that expired signatures can be re-done - it's not exactly a refresh because the expired one is still shown on keyservers etc., but a new signature is made so that the key can be included back into the web of trust. I made a signature on a friend's key before he changed his key expiry date. When the main key expired, so did my old signature. He changed the expiry and I used GnuPG 1.2.4 to re-sign the key. Take a peek at 0x8F455606 to see the result. pub 1024D/8F455606 2002-11-01 sub 2048g/AB55D8A0 2002-11-01 [expires: 2003-11-01] sub 2048g/51A28915 2003-11-01 [expires: 2004-10-31] The old subkey is expired, the new one is usable. (This has implications for the keyservers that you use too, old keyservers don't like keys like this one). In the snipped signature list, note the expired sigs (X) and the new ones. pub 1024D/8F455606 2002-11-01 sig 3 8F455606 2003-11-01 sig 3 8F455606 2002-11-01 sig 3 28BCB3E3 2003-12-22 Neil Williams (CodeHelp) sig 3 A897FD02 2003-12-22 Neil Williams (laptop) sig 3 X 28BCB3E3 2003-02-03 Neil Williams (CodeHelp) sig 3 X A897FD02 2003-02-03 Neil Williams (laptop) sub 2048g/AB55D8A0 2002-11-01 [expires: 2003-11-01] sig 8F455606 2002-11-01 sub 2048g/51A28915 2003-11-01 [expires: 2004-10-31] sig 8F455606 2003-11-01 -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040615/0841d151/attachment.bin From dshaw at jabberwocky.com Tue Jun 15 20:04:06 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 20:01:08 2004 Subject: Secure deletion of files in a directory In-Reply-To: <200406151825.06446.gnupg@ml0402.albert.uni.cc> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <20040615153925.GA25161@jabberwocky.com> <200406151825.06446.gnupg@ml0402.albert.uni.cc> Message-ID: <20040615180406.GA26323@jabberwocky.com> On Tue, Jun 15, 2004 at 06:25:06PM +0200, Albert wrote: > Am Dienstag, 15. Juni 2004 17:39 schrieb David Shaw: > > Thanks David! > > > On Tue, Jun 15, 2004 at 04:56:05PM +0200, Albert wrote: > > > I have to return a new hard drive in warranty and to delete a > > > lot of directories which contain private data. Unfortunately > > > the data of S.M.A.R.T are erased too, if I use badblocks -w to > > > overwrite the _whole_ drive. > > > > > > I know there is a possibility to shredder a file with gpg, but > > > not a directory. What do you recommend? > > > > GnuPG does not have a file shredder. It is not possible to write > > such a thing to be portable to as many platforms at GnuPG runs > > on. > > I use SuSE 9.1 and when I install KGPG there is an option to install > a shredder (Rei?wolf, german) and it looks like it works. SuSE is Linux. GnuPG runs on Linux, various BSDs, Windows, RISCOS, VMS, etc. A shredder that works on one is likely to not work on another. > > I'd look at "shred", but keep in mind the caveats the author > > gives in the man page. > > shred doesn't work with directories and has problems with ext3 and > reiser. Any other ideas? Are you all returning your harddrives with > files on it :-) As I said, keep in mind the caveats the author gives. He says that it doesn't work with journaling filesystems. You must decide your paranoia level. If it is high enough, you *don't* return hard drives once they have data on them. Most people are content with overwriting the data a few times. Let's put the problem into perspective : not many people are concerned with very well funded adversaries using magnetic force microscopy. David From gnupg at ml0402.albert.uni.cc Tue Jun 15 20:08:56 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Jun 15 20:06:47 2004 Subject: Secure deletion of files in a directory In-Reply-To: <20040615170536.GR31837@longshot.toehold.com> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <200406151825.06446.gnupg@ml0402.albert.uni.cc> <20040615170536.GR31837@longshot.toehold.com> Message-ID: <200406152008.56422.gnupg@ml0402.albert.uni.cc> Am Dienstag, 15. Juni 2004 19:05 schrieb Kyle Hasselbacher: > On Tue, Jun 15, 2004 at 06:25:06PM +0200, Albert wrote: > >shred doesn't work with directories and has problems with ext3 > > and reiser. Any other ideas? Are you all returning your > > harddrives with files on it :-) > > Copy off the stuff you want to keep and then torch the whole > drive: > > dd if=/dev/urandom of=/dev/hdX > dd if=/dev/zero of=/dev/hdX That deletes the smart-info too, which means you have problems to prove the errors. The best way I found is badblocks -w /dev/hdx_1_, which writes 4 different patterns over the partition. But I am unsure if there isn't a smarter way. Albert From gnupg at ml0402.albert.uni.cc Tue Jun 15 20:08:17 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Tue Jun 15 20:06:58 2004 Subject: Secure deletion of files in a directory In-Reply-To: <40CF2E8A.6060207@digitallyimpressed.com> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <200406151825.06446.gnupg@ml0402.albert.uni.cc> <40CF2E8A.6060207@digitallyimpressed.com> Message-ID: <200406152008.17443.gnupg@ml0402.albert.uni.cc> Am Dienstag, 15. Juni 2004 19:14 schrieb Rainer Bendig, Digitally Impressed: > "shred" on debian unstable works fine, i have no problems > deleting files +100MB... since months ... > > that's the only way i know (if you are not using an hex-edit) to > really delete your files. > > with gpg it has - in my eyes - nothing to do ... Sorry, I thought everything which works kgpg is a frontend of gpg. Unfortunately, I didn't find a manpage or something else which describes, how to shred a file. I only found "kgpg -X %U" Albert From hmujtaba at forumsys.com Tue Jun 15 23:35:39 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Tue Jun 15 23:33:13 2004 Subject: Checksum in Secret Key Packet Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B36A@bstn-exch1.forumsys.com> Hi All, A question about the checksum field in RSA Secret Key Packets. GPG107 RSA secret key packets contain a checksum field. Whereas GPG124 RSA secret key packets do not have the checksum field. Why this omission? I am trying to load some old GPG107 RSA 2048 keypairs into my Cryptix keyrings and the checksum validation is failing. But GPG124 RSA keypairs, because they don't have the checksum, are loading fine. Seems like the RSA secret key packet structure has changed considerably between GPG107 and GPG124. Any thoughts? Thanks Hasnain. ---- The information contained in this electronic mail and any attached document is the confidential and proprietary business information of Forum Systems, Inc. It is intended solely for the addressed recipient listed above. It may not be distributed in any manner without the express written consent of Forum Systems, Inc. From dshaw at jabberwocky.com Tue Jun 15 23:57:20 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 23:54:24 2004 Subject: Checksum in Secret Key Packet In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B36A@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B36A@bstn-exch1.forumsys.com> Message-ID: <20040615215719.GB27728@jabberwocky.com> On Tue, Jun 15, 2004 at 05:35:39PM -0400, Hasnain Mujtaba wrote: > Hi All, > > A question about the checksum field in RSA Secret Key Packets. GPG107 > RSA secret key packets contain a checksum field. Whereas GPG124 RSA > secret key packets do not have the checksum field. Why this omission? > > I am trying to load some old GPG107 RSA 2048 keypairs into my Cryptix > keyrings and the checksum validation is failing. But GPG124 RSA > keypairs, because they don't have the checksum, are loading fine. > > Seems like the RSA secret key packet structure has changed considerably > between GPG107 and GPG124. No, they're the same. You might have turned the checksum off when you generated the 1.2.4 key, but that's something you did, not a change in GnuPG. David From dshaw at jabberwocky.com Tue Jun 15 23:58:28 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 15 23:55:41 2004 Subject: Expired signature In-Reply-To: <6.0.3.0.2.20040615175549.02815730@localhost> References: <6.0.3.0.2.20040615175549.02815730@localhost> Message-ID: <20040615215828.GC27728@jabberwocky.com> On Tue, Jun 15, 2004 at 05:57:22PM +0200, Per Tunedal Casual wrote: > At 13:49 2004-06-08, you wrote: > >On Tue, Jun 08, 2004 at 10:20:48AM +0200, Per Tunedal Casual wrote: > >> Hi, > >> I have an expired signature on a key. How can I refresh the signature? I > >> cannot sign the key again because GPG tells me it is already signed. > >> > >> The keys expiration date has been put forward. I happened to set the > >> expiration date for a signature made with an other key to the initial > >> expiration date for the signed key. > > > >Delete the old signature before you try to sign the key again. > > > >David > > > Now I have tried to delete the old signatures or use expert mode, but I > cannot figure out how to use any of these commands. I am stuck! > > Please tell me exactly what I should enter to delete a signature. How do I > choose which signature to delete etc "gpg --edit-key (thekey)" Enter the number corresponding to the user ID you want to delete the signature from. "delsig" Say yes or no as desired. "save" David From hmujtaba at forumsys.com Wed Jun 16 00:50:44 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Wed Jun 16 00:48:18 2004 Subject: Checksum in Secret Key Packet Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B36B@bstn-exch1.forumsys.com> I was refering to the cleartext checksum. Please see below (key was generated with GPG107). If I understand the RFC bis10 correctly, the clear text checksum is deprecated. Is that correct? :secret key packet: version 4, algo 1, created 1087325558, expires 0 skey[0]: [1024 bits] skey[1]: [6 bits] skey[2]: [1022 bits] skey[3]: [512 bits] skey[4]: [512 bits] skey[5]: [508 bits] checksum: a41d :user ID packet: "rsa_1k " :signature packet: algo 1, keyid CFD0C948624124B4 version 4, created 1087325558, md5len 0, sigclass 13 digest algo 2, begin of digest 4b 65 hashed subpkt 2 len 5 (sig created 2004-06-15) hashed subpkt 27 len 2 (key flags: 0F) hashed subpkt 9 len 5 (key expires after 1y1d0h0m) hashed subpkt 30 len 2 (features: 01) hashed subpkt 23 len 2 (key server preferences: 80) subpkt 16 len 9 (issuer key ID CFD0C948624124B4) data: [1024 bits] :public key packet: version 4, algo 1, created 1087325558, expires 0 pkey[0]: [1024 bits] pkey[1]: [6 bits] :user ID packet: "rsa_1k " :signature packet: algo 1, keyid CFD0C948624124B4 version 4, created 1087325558, md5len 0, sigclass 13 digest algo 2, begin of digest 4b 65 hashed subpkt 2 len 5 (sig created 2004-06-15) hashed subpkt 27 len 2 (key flags: 0F) hashed subpkt 9 len 5 (key expires after 1y1d0h0m) hashed subpkt 30 len 2 (features: 01) hashed subpkt 23 len 2 (key server preferences: 80) subpkt 16 len 9 (issuer key ID CFD0C948624124B4) data: [1024 bits] -----Original Message----- From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of David Shaw Sent: Tuesday, June 15, 2004 5:57 PM To: gnupg-users@gnupg.org Subject: Re: Checksum in Secret Key Packet On Tue, Jun 15, 2004 at 05:35:39PM -0400, Hasnain Mujtaba wrote: > Hi All, > > A question about the checksum field in RSA Secret Key Packets. GPG107 > RSA secret key packets contain a checksum field. Whereas GPG124 RSA > secret key packets do not have the checksum field. Why this omission? > > I am trying to load some old GPG107 RSA 2048 keypairs into my Cryptix > keyrings and the checksum validation is failing. But GPG124 RSA > keypairs, because they don't have the checksum, are loading fine. > > Seems like the RSA secret key packet structure has changed considerably > between GPG107 and GPG124. No, they're the same. You might have turned the checksum off when you generated the 1.2.4 key, but that's something you did, not a change in GnuPG. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From dshaw at jabberwocky.com Wed Jun 16 02:04:38 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Wed Jun 16 02:01:47 2004 Subject: Checksum in Secret Key Packet In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B36B@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B36B@bstn-exch1.forumsys.com> Message-ID: <20040616000438.GB29101@jabberwocky.com> On Tue, Jun 15, 2004 at 06:50:44PM -0400, Hasnain Mujtaba wrote: > I was refering to the cleartext checksum. Please see below (key was > generated with GPG107). If I understand the RFC bis10 correctly, the > clear text checksum is deprecated. Is that correct? Yes, and starting with 1.0.7, GnuPG does not use it any longer. However, if you specifically ask for it (via --simple-sk-checksum), then you will get the old checksum. If the example key you give was generated with GnuPG 1.0.7, then it was due to --simple-sk-checksum. David From lists at ulrichschneider.de Wed Jun 16 07:53:59 2004 From: lists at ulrichschneider.de (Ulrich Schneider) Date: Wed Jun 16 07:55:59 2004 Subject: RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs Message-ID: <40CFE077.9030907@ulrichschneider.de> Hello everybody, I`m new to PGP/gnupg. Some questions I have, can not be answered from the www.gnupg.org FAQ`s and www.google.de. So probably you could help me. That would be great! Why are DSA-Keys always generated with only 1024 bits even when I tell gpg that the key has to be generated with 2048 bits. And why are there different keypairs for signing and encryption? And why are these keypairs from different kind (DSA and ElGamal). Why isn`t there one keypair used for signing and encryption? gnupg says the following: Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) So as you can see here, even RSA is used for signing only. Why is there no possibility to use RSA keypairs for encryption? The GNU Privacy Handbook says: "GnuPG is able to create several different types of keypairs, but a primary key must be capable of making signatures. There are therefore only three options. Option 1 actually creates two keypairs. A DSA keypair is the primary keypair usable only for making signatures. An ElGamal subordinate keypair is also created for encryption. Option 2 is similar but creates only a DSA keypair. Option 4[1] creates a single ElGamal keypair usable for both making signatures and performing encryption. In all cases it is possible to later add additional subkeys for encryption and signing. For most users the default option is fine. You must also choose a key size. The size of a DSA key must be between 512 and 1024 bits, and an ElGamal key may be of any size. GnuPG, however, requires that keys be no smaller than 768 bits. Therefore, if Option 1 was chosen and you choose a keysize larger than 1024 bits, the ElGamal key will have the requested size, but the DSA key will be 1024 bits." If there is alway two public keys -one for signing and one for encryption- the question arise for which key is the fingerprint computed? I guess for the main-key. But what`s going on with the subkey? Is there no need to check the fingerprint of the subkey? Or is it checked indirectly with the fingerprint of the main key? How does this work? I also have another question. Is there a possibility to show a key in human readable form. Best output I produced is a gpg --export --armor . A key consists of an exponent and a modulus. Is there a way to show these values? Another problem: I created a 2048 bit RSA keypair with gpg. When I try to encrypt a file for this key, gnupg tells me: gpg: 0x149881408FAB041C: skipped: unusable public key gpg: : encryption failed: unusable public key I also have another 2048 bit RSA key in my keyring. Encryption for this key works. How could that be? Sometimes it works, sometimes not? It probably has something to to, by which program the key was generated. Here are the comments taken from the public key block. 1. key (encryption doesn`t work) Version: GnuPG v1.2.4 (MingW32) - GPGshell v3.10 2. key (encryption works) Version: PGPfreeware 5.5.3i for non-commercial use Probably I told you too many questions, but I`m relly interested in understanding, how the whole thing works. Best regards, Ulrich Schneider From atom at suspicious.org Wed Jun 16 09:22:44 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 16 09:41:52 2004 Subject: RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs In-Reply-To: <40CFE077.9030907@ulrichschneider.de> References: <40CFE077.9030907@ulrichschneider.de> Message-ID: <20040616021327.B94362@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 16 Jun 2004, Ulrich Schneider wrote: > Why are DSA-Keys always generated with only 1024 bits even when I tell > gpg that the key has to be generated with 2048 bits. ================= DSA is the "digital signature algorithm", DSS is the "digital signature standard" (both specified in FIPS-186). the ~algorithm~ can be used with any size hash or key, but the ~standard~ uses a 160 bit hash (SHA1) with a maximum key size of 1024. it's generally believed that a key larger than 1024 bits used to sign a 160 bit hash would be a waste of bits. there are some arguments against this logic, but it's already past my bedtime ;) > And why are there different keypairs for signing and encryption? And why > are these keypairs from different kind (DSA and ElGamal). Why isn`t > there one keypair used for signing and encryption? ================= as i understand it, this is largely a historical artifact. RSA performs reasonably well for both signing and encryption, but until recently (2000) it was not in the public domain. public domain algorithms (such as DSA and ElGamal) allowed public key crypto to be used in "free" applications before the RSA patent expired, and they're still with us today. the ~other~ algorithms mostly tend to be better suited either for encryption or signing. you ~can~ use a single RSA key for both encryption and signing, but there are advantages to having a "primary" key for signing, and one or more "subkeys" for encryption and/or signing. > gnupg says the following: > Please select what kind of key you want: > (1) DSA and ElGamal (default) > (2) DSA (sign only) > (4) RSA (sign only) > > So as you can see here, even RSA is used for signing only. Why is there > no possibility to use RSA keypairs for encryption? ================= if you use this: $ gpg --expert --gen-key you will have an option to create an RSA key that can be used for both signing and encryption: (6) RSA (sign and encrypt) you can use that all by itself as a key, but i'd recommend against it. that's what i use as my ~primary~ key: i have a DSA signing subkey and an ElGamal encryption subkey. > The GNU Privacy Handbook says: > "GnuPG is able to create several different types of keypairs, but a > primary key must be capable of making signatures. There are therefore > only three options. Option 1 actually creates two keypairs. A DSA > keypair is the primary keypair usable only for making signatures. An > ElGamal subordinate keypair is also created for encryption. Option 2 is > similar but creates only a DSA keypair. Option 4[1] creates a single > ElGamal keypair usable for both making signatures and performing > encryption. In all cases it is possible to later add additional subkeys > for encryption and signing. For most users the default option is fine. ================ out of date documentation.... ElGamal is no longer used for signatures. > You must also choose a key size. The size of a DSA key must be between > 512 and 1024 bits, and an ElGamal key may be of any size. GnuPG, > however, requires that keys be no smaller than 768 bits. Therefore, if > Option 1 was chosen and you choose a keysize larger than 1024 bits, the > ElGamal key will have the requested size, but the DSA key will be 1024 > bits." =================== 768 is the smallest DSA key you can create now, but there hardly any reason to use anything less than 1024. > If there is alway two public keys -one for signing and one for > encryption- the question arise for which key is the fingerprint > computed? I guess for the main-key. ==================== you don't ~need~ to have a separate signing and encryption key, but it's a good idea. you can have an RSA key that does both encryption and signing (with no subkeys) or you can have a sign-only key (with no encryption subkeys). and yes, the "key fingerprint" is that of the primary key. > But what`s going on with the subkey? Is there no need to check the > fingerprint of the subkey? Or is it checked indirectly with the > fingerprint of the main key? How does this work? ===================== a subkey is "bound", or associated with, a particular primary key. if i tell you my "key fingerprint" is "1234", then my subkey(s) must be signed by the primary key (1234). that implies (but doesn't actually prove) ownership of the subkey(s). if you feel the need, you can check subkey fingerprints using this: $ gpg --fingerprint --fingerprint {key id} > I also have another question. Is there a possibility to show a key in > human readable form. Best output I produced is a gpg --export --armor > . A key consists of an exponent and a modulus. Is there a > way to show these values? ======================= pgpdump: PGP packet visualizer pgpdump will let you look into the heart and soul of OpenPGP data, including keys. if you want to see the exponent, modulus and other fun math stuff do something like this: $ gpg --export {key id} | pgpdump -i and pipe that into a pager (more, less, most). > Another problem: > I created a 2048 bit RSA keypair with gpg. When I try to encrypt a file > for this key, gnupg tells me: > gpg: 0x149881408FAB041C: skipped: unusable public key > gpg: : encryption failed: unusable public key > > I also have another 2048 bit RSA key in my keyring. Encryption for this > key works. How could that be? Sometimes it works, sometimes not? It > probably has something to to, by which program the key was generated. > Here are the comments taken from the public key block. ===================== in order for an RSA key to work for both signing and encryption, you have to create it as a "sign and encrypt" RSA key, as described above. using pgpdump, a sign-only RSA key will say: Flag - This key may be used to certify other keys Flag - This key may be used to sign data a sign and encrypt RSA key will _also_ say: Flag - This key may be used to encrypt communications Flag - This key may be used to encrypt storage > Probably I told you too many questions, but I`m relly interested in > understanding, how the whole thing works. ==================== i know how it is... i'm new to pgp/gpg myself. i've only been using it for less than a year, but i started out by reading EVERYTHING i could find on the topic, twice (and asking some pretty stupid questions). after playing and experimenting with it, i've become very comfortable with it's inner workings. this is a good list for asking questions... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." -- Vin McLellan, A Thinking Man's Creed for Crypto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDP9UoACgkQnCgLvz19QeMTxgCfRM6XykiuRz4jvgddyYhnX3m0 lpkAn2lV9XYLiUsyMdtY0pgSwfPDsdkR =PAtl -----END PGP SIGNATURE----- From bboett at bboett.dyndns.org Wed Jun 16 09:26:33 2004 From: bboett at bboett.dyndns.org (Bruno Boettcher) Date: Wed Jun 16 09:42:12 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <20040519150106.GA25099@jabberwocky.com> References: <20040519072950.GA18826@adlp.org> <20040519150106.GA25099@jabberwocky.com> Message-ID: <20040616072633.GH1631@adlp.org> On Wed, May 19, 2004 at 11:01:06AM -0400, David Shaw wrote: Hello have this problem pending for a long time now, and now its getting acute again :D i am not able to transfer my primary key to the laptop.... i tryed the following: bboett@kalman:~/$ gpg --export-secret-subkey >gpg.sub bboett@kalman:~/$ gpg --export-secret-key >gpg.sec bboett@kalman:~/$ scp gpg.s* laptop: and on the laptop: laptop:~/zebot$ gpg --import ~/gpg.s* gpg: key E0807C30: already in secret keyring gpg: key E0807C30: already in secret keyring gpg: Total number processed: 4 gpg: secret keys read: 4 gpg: secret keys unchanged: 4 laptop:~/$ gpg --sign testfile gpg: secret key parts are not available gpg: no default secret key: general error gpg: signing failed: general error E0807C30 being the fingerprint of my main key.... so i don't know what to try next?? -- ciao bboett ============================================================== bboett@adlp.org http://inforezo.u-strasbg.fr/~bboett =============================================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040616/97d4e78f/attachment.bin From avbidder at fortytwo.ch Wed Jun 16 09:49:44 2004 From: avbidder at fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Wed Jun 16 09:46:47 2004 Subject: Secure deletion of files in a directory In-Reply-To: <200406152008.56422.gnupg@ml0402.albert.uni.cc> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <20040615170536.GR31837@longshot.toehold.com> <200406152008.56422.gnupg@ml0402.albert.uni.cc> Message-ID: <200406160949.50462@fortytwo.ch> On Tuesday 15 June 2004 20.08, Albert wrote: > Am Dienstag, 15. Juni 2004 19:05 schrieb Kyle Hasselbacher: > > dd if=/dev/urandom of=/dev/hdX > > dd if=/dev/zero of=/dev/hdX > > That deletes the smart-info too, which means you have problems to > prove the errors. Huh? SMART doesn't store its info in the user accessible part of the disk, afaik. Only a IDE low-level format might erase the SMART information. Of course, writing to the damaged area may cause the error go away because the sectors are remapped, but doesn't SMART have an error log, so that the tech can still see that there were problems? cheers -- vbi -- Could this mail be a fake? (Answer: No! - http://fortytwo.ch/gpg/intro) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 331 bytes Desc: signature Url : /pipermail/attachments/20040616/402160b2/attachment-0001.bin From deepak.kolhar at patni.com Thu Jun 10 13:51:03 2004 From: deepak.kolhar at patni.com (Deepak Kolhar) Date: Wed Jun 16 09:57:54 2004 Subject: gpg problem while decrypting Message-ID: <003b01c44ee1$359c4b60$fd60d103@ttcnt.com> Hi , I'm getting following error under unix environment when i try to decrypt a file from another user . 'gpg: decryption failed: secret key not available' I've generated a key from a user 'UserA' for example. It's working fine there. But when i try to decrypt a file (which is encrypted from user a ) from a user 'User-BCD'. it gives above error. Both the user are on the same server. The exact message is gpg: encrypted with ELG-E key, ID 3E07473B gpg: decryption failed: secret key not available What may be the reasons. and how this problem can be soved. Thanks & Regards, Deepak Thanks & Regards, Deepak From linux at codehelp.co.uk Wed Jun 16 10:12:25 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Jun 16 10:08:45 2004 Subject: RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs In-Reply-To: <40CFE077.9030907@ulrichschneider.de> References: <40CFE077.9030907@ulrichschneider.de> Message-ID: <200406160912.29790.linux@codehelp.co.uk> On Wednesday 16 June 2004 6:53, Ulrich Schneider wrote: > Why are DSA-Keys always generated with only 1024 bits even when I tell > gpg that the key has to be generated with 2048 bits. You answered this question yourself in the quote from the The GNU Privacy Handbook: > The size of a DSA key must be between > 512 and 1024 bits, and an ElGamal key may be of any size. GnuPG, > however, requires that keys be no smaller than 768 bits. Therefore, if > Option 1 was chosen and you choose a keysize larger than 1024 bits, the > ElGamal key will have the requested size, but the DSA key will be 1024 > bits. Others here can explain why DSA has a maximum size, but the handbook is clear - no matter what you ask gpg to do for the Elgamal key, no DSA key will be created larger than 1024 bits (or smaller than 512). Different algorithms have different strengths, different potential weaknesses and limitations. GnuPG defaults to the strongest and most suitable algorithm for each use of the most commonly generated keys. When signing this message, I don't really want a signature MIME part that is larger than the message, as some large bit length keys may produce. When encrypting a message, final size is less important than the strength of the algorithm/encryption. Using the same algorithm for both signing and encrypting requires an algorithm that is good at both - sometimes this is too much of a compromise and the best option is to use different algorithms for each purpose within the key. So DSA is good for signatures but the limitation on key size (and probably other features that I don't get into) make it unsuitable for encryption. Conversely, Elgamal is good for encryption but there was an issue with Elgamal when used for signatures, so Elgamal is no longer recommended for signing. > If there is alway two public keys -one for signing and one for > encryption- the question arise for which key is the fingerprint > computed? I guess for the main-key. But what`s going on with the subkey? Nothing. If you ask gpg for the fingerprint of the subkey, the same fingerprint is produced: neil@garfield:~$ gpg --fingerprint 0xA897FD02 pub 1024D/A897FD02 2002-01-27 Neil Williams (laptop) Key fingerprint = 744C 978D 7AB8 F27B 3BA6 C101 93B0 D5AF A897 FD02 sub 1024g/4D6D2952 2002-01-27 neil@garfield:~$ gpg --fingerprint 0x4D6D2952 pub 1024D/A897FD02 2002-01-27 Neil Williams (laptop) Key fingerprint = 744C 978D 7AB8 F27B 3BA6 C101 93B0 D5AF A897 FD02 sub 1024g/4D6D2952 2002-01-27 > Is there no need to check the fingerprint of the subkey? Or is it gpg takes care of that on your behalf. > checked indirectly with the fingerprint of the main key? How does this > work? > > I also have another question. Is there a possibility to show a key in > human readable form. Best output I produced is a gpg --export --armor > . A key consists of an exponent and a modulus. Is there a > way to show these values? Why? If it was possible to obtain the two figures directly, instead of having to compute them, cracking gpg encryption becomes simple. I don't expect that this is what you intend! > > Another problem: > I created a 2048 bit RSA keypair with gpg. When I try to encrypt a file > for this key, gnupg tells me: > gpg: 0x149881408FAB041C: skipped: unusable public key > gpg: : encryption failed: unusable public key What does --list-key show? Is there an encryption subkey? > > I also have another 2048 bit RSA key in my keyring. It's best to quote the KEYID when comparing a working key with a non-working key - it allows others to compare the keys directly, instead of constantly asking you to run certain options and re-post the output. If your test key isn't for 'real' use, put the keyblock in the message (just the once) rather than using keyservers. > Encryption for this > key works. How could that be? Sometimes it works, sometimes not? It > probably has something to to, by which program the key was generated. > Here are the comments taken from the public key block. > > 1. key (encryption doesn`t work) > Version: GnuPG v1.2.4 (MingW32) - GPGshell v3.10 > > 2. key (encryption works) > Version: PGPfreeware 5.5.3i for non-commercial use -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040616/20fb0789/attachment.bin From linux at codehelp.co.uk Wed Jun 16 10:24:49 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Jun 16 10:21:11 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <20040616072633.GH1631@adlp.org> References: <20040519072950.GA18826@adlp.org> <20040519150106.GA25099@jabberwocky.com> <20040616072633.GH1631@adlp.org> Message-ID: <200406160924.53082.linux@codehelp.co.uk> On Wednesday 16 June 2004 8:26, Bruno Boettcher wrote: > laptop:~/$ gpg --sign testfile > gpg: secret key parts are not available > gpg: no default secret key: general error You are asking gpg to sign the file without specifying a key to use to create the signature, either as a default key (~/.gnupg/gpg.conf) or on the command line. from man gpg: -u, --local-user name Use name as the user ID to sign with. This option is silently ignored for the list commands, so that it can be used in an options file. laptop:~/$ gpg -u KEYID --sign testfile or in ~/.gnupg/gpg.conf : default-key KEYID You can always override the default if you have a second secret key to hand: neil@garfield:~$ gpg -u a897fd02 --sign dead.letter You need a passphrase to unlock the secret key for user: "Neil Williams (laptop) " 1024-bit DSA key, ID A897FD02, created 2002-01-27 neil@garfield:~$ gpg --verify dead.letter.gpg gpg: Signature made Wed Jun 16 09:23:13 2004 BST using DSA key ID A897FD02 gpg: Good signature from "Neil Williams (laptop) " -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040616/fbf2ab44/attachment.bin From linux at codehelp.co.uk Wed Jun 16 10:44:11 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Jun 16 10:40:25 2004 Subject: gpg problem while decrypting In-Reply-To: <003b01c44ee1$359c4b60$fd60d103@ttcnt.com> References: <003b01c44ee1$359c4b60$fd60d103@ttcnt.com> Message-ID: <200406160944.14097.linux@codehelp.co.uk> On Thursday 10 June 2004 12:51, Deepak Kolhar wrote: > Hi , > > I'm getting following error under unix environment when i try to decrypt > a file from another user . > The exact message is > gpg: encrypted with ELG-E key, ID 3E07473B > gpg: decryption failed: secret key not available So whose key contains ID 3E07473B? User-A or User-BCD? > I've generated a key from a user 'UserA' for example. It's working fine > there. > But when i try to decrypt a file (which is encrypted from user a ) But who is it encrypted TO, that's crucial. What recipient did you specify? > from a > user 'User-BCD'. it gives above error. > Both the user are on the same server. But each have their own keyrings in their own ~ space. Each should only have their own secret key. It gets confusing when you use hidden or generic names for users and then don't specify the keyid's for both. It makes it easier to help if you specify the exact command line (remove the email address if you like, but the keyid's are best left in). A full example: Garfield has the secret key for 0x28BCB3E3 and the public key for 0xA897FD02. neil@garfield:~$ gpg -a -r 0xA897FD02 -e dead.letter neil@garfield:~$ scp dead.letter.gpg laptop: 'laptop' has the secret key for 0xA897FD02 and the public key for 0x28BCB3E3. neil@laptop:~$ gpg --decrypt dead.letter.gpg > dead.letter2 neil@laptop:~$ gpg -a -r 0x28BCB3E3 -e dead.letter2 neil@laptop:~$ scp dead.letter2.gpg garfield: neil@garfield:~$ gpg --decrypt dead.letter2.gpg If you don't specify a recipient and gpg still encrypts, you've got a default encrypt setting in ~/.gnupg/gpg.conf which is 'hiding' the error. The encrypted file will then be encrypted using the default key as no recipient was given. In my example, this would cause dead.letter.gpg to be encrypted to 0x28BCB3E3 (garfield's key) - laptop (in my example) would not be able to decrypt it. Similarly, with 0xA897FD02 as default encrypt key on the laptop, dead.letter2.gpg would be encrypted to 0xA897FD02 (the laptop key) not the intended garfield key 0x28BCB3E3. Garfield would not be able to decrypt. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040616/32affb3d/attachment.bin From linux at codehelp.co.uk Wed Jun 16 10:56:17 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Wed Jun 16 10:52:45 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040616000959.GA2844@netzpunkt.org> References: <20040616000959.GA2844@netzpunkt.org> Message-ID: <200406160956.33545.linux@codehelp.co.uk> On Wednesday 16 June 2004 1:09, Christoph Probst wrote: > As I checked what has happen I found all User IDs doubled > on the keyservers (e.g. wwwkeys.de.pgp.net). Locally nothing > changed as gnupg always merged the uids. Looks like that keyserver is broken. Use a up to date keyserver: http://keyserver.kjsl.com:11371/pks/lookup?op=vindex&fingerprint=on&search=0x2A623F72 Or use subkeys.pgp.net neil@garfield:~$ gpg --recv-key 0x2A623F72 gpg: key 2A623F72: public key "Christoph Probst " imported gpg: Total number processed: 1 gpg: imported: 1 neil@garfield:~$ gpg --list-key 0x2A623F72 pub 1024D/2A623F72 2003-11-17 Christoph Probst uid Christoph Probst uid Christoph Probst sub 2048g/7F5A2741 2003-11-17 [expires: 2008-11-15] Only two UID's imported. > I tried to get rid of this duplicated message by deleting the > public key locally and receiving it again: Repeat that using a working keyserver. > You can easily see the problem on any broken > keyserver: > > > No, I did not create new UIDs and cannot imagine what I could > have done wrong. I'd say this is all the keyserver's doing. > Someone mentioned a bug in an old keyserver software. Can anyone give > me a hint what to do to remove the doubles The doubles only exist on the broken keyserver - repeat the process of deleting and receiving using a working keyserver and all should work. There's nothing you can do about the bad keyserver except to ignore it. > and how to avoid the > problem in future. Tell everyone you know not to use old keyservers and why. > Just imagine it would happen to you key ... It probably has but I'd never notice and if anyone complains, it's simple to point them towards a better keyserver. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040616/d4c562e7/attachment.bin From thomas at northernsecurity.net Wed Jun 16 10:59:36 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Wed Jun 16 10:57:12 2004 Subject: gpg problem while decrypting In-Reply-To: <003b01c44ee1$359c4b60$fd60d103@ttcnt.com> References: <003b01c44ee1$359c4b60$fd60d103@ttcnt.com> Message-ID: <20040616085936.GB9634@northernsecurity.net> On Thu, Jun 10, 2004 at 05:21:03PM +0530, Deepak Kolhar wrote: > I'm getting following error under unix environment when i try to decrypt a > file from another user . > 'gpg: decryption failed: secret key not available' > > I've generated a key from a user 'UserA' for example. It's working fine > there. > But when i try to decrypt a file (which is encrypted from user a ) from a > user 'User-BCD'. it gives above error. > Both the user are on the same server. > > The exact message is > gpg: encrypted with ELG-E key, ID 3E07473B > gpg: decryption failed: secret key not available > > What may be the reasons. and how this problem can be soved. User-BCD has encrypted the document to him/herself? If you want A to be able to read the message BCD has to encrypt the document to A. BCD has to run gpg -es -r A document.doc /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040616/b46af111/attachment-0001.bin From gnupg at ml0402.albert.uni.cc Wed Jun 16 12:13:41 2004 From: gnupg at ml0402.albert.uni.cc (Albert) Date: Wed Jun 16 13:06:11 2004 Subject: OT: Re: Secure deletion of files in a directory In-Reply-To: <200406160949.50462@fortytwo.ch> References: <200406151656.05475.gnupg@ml0402.albert.uni.cc> <200406152008.56422.gnupg@ml0402.albert.uni.cc> <200406160949.50462@fortytwo.ch> Message-ID: <200406161213.42087.gnupg@ml0402.albert.uni.cc> Am Mittwoch, 16. Juni 2004 09:49 schrieb Adrian 'Dagurashibanipal' von Bidder: > On Tuesday 15 June 2004 20.08, Albert wrote: > > Am Dienstag, 15. Juni 2004 19:05 schrieb Kyle Hasselbacher: > > > dd if=/dev/urandom of=/dev/hdX > > > dd if=/dev/zero of=/dev/hdX > > > > That deletes the smart-info too, which means you have problems > > to prove the errors. > > Huh? > > SMART doesn't store its info in the user accessible part of the > disk, afaik. Only a IDE low-level format might erase the SMART > information. Indeed, this should be, but I heard, that you will loose the smart-log with drives from Samsung. > Of course, writing to the damaged area may cause the error go > away because the sectors are remapped, but doesn't SMART have an > error log, so that the tech can still see that there were > problems? To get a RMA-no. from Maxtor, you need an error key and for a brand new drive you won't remap the sectors and wait till the next error occurs. Albert From wk at gnupg.org Wed Jun 16 16:43:38 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 16 17:09:13 2004 Subject: [Announce] GnuPG 1.2.5 second release candidate Message-ID: <877ju7tvfp.fsf@vigenere.g10code.de> Hi! We are pleased to announce the availability of the second release candidate for GnuPG 1.2.5: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc2.tar.gz (3496k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc2.tar.gz.sig or as a patch against the first RC ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1-1.2.5rc2.diff.gz (439k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html MD5 sums are: f915790e3e2d13256cc49e3f08b77e1b gnupg-1.2.5rc2.tar.gz 9f15c912f40c14daf4fa3d612eece938 gnupg-1.2.5rc1-1.2.5rc2.diff.gz As this is the stable branch, this release contains mostly bug and portability fixes. Please test this release and report any problems. Noteworthy changes since 1.2.4: * New --ask-cert-level/--no-ask-cert-level option to turn on and off the prompt for signature level when signing a key. Defaults to off. * New --min-cert-level option to disregard key signatures that are under a specified level. Defaults to 1 (i.e. don't disregard anything). * New --max-output option to limit the amount of plaintext output generated by GnuPG. This option can be used by programs which call GnuPG to process messages that may result in plaintext larger than the calling program is prepared to handle. This is sometimes called a "Decompression Bomb". * New --list-config command for frontends and other programs that call GnuPG. See doc/DETAILS for the specifics of this. * New --gpgconf-list command for internal use by the gpgconf utility from gnupg 1.9.x. * Some performance improvements with large keyrings. See --enable-key-cache=SIZE in the README file for details. * Some portability fixes for the OpenBSD/i386, HPPA, and AIX platforms. * Simplified Chinese translation. Since RC1 we fixed a couple more portability issues as well as some other glitches. If we don't get serious complaints on this release, 1.2.5 will be released soon. Happy hacking, The GnuPG Team _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From bboett at bboett.dyndns.org Wed Jun 16 18:57:47 2004 From: bboett at bboett.dyndns.org (Bruno Boettcher) Date: Wed Jun 16 18:54:57 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <200406160924.53082.linux@codehelp.co.uk> References: <20040519072950.GA18826@adlp.org> <20040519150106.GA25099@jabberwocky.com> <20040616072633.GH1631@adlp.org> <200406160924.53082.linux@codehelp.co.uk> Message-ID: <20040616165747.GI1631@adlp.org> On Wed, Jun 16, 2004 at 09:24:49AM +0100, Neil Williams wrote: > You are asking gpg to sign the file without specifying a key to use to create > the signature, either as a default key (~/.gnupg/gpg.conf) or on the command yep forgot to specify that i do have defined a default key in my ~/.gnupg/gpg.conf, and that giving an explicit user names yields exactly the same result and error message.... -- ciao bboett ============================================================== bboett@adlp.org http://inforezo.u-strasbg.fr/~bboett =============================================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040616/f737e534/attachment.bin From Billt at Mahagonny.com Wed Jun 16 21:42:29 2004 From: Billt at Mahagonny.com (Bill Thompson) Date: Wed Jun 16 21:50:37 2004 Subject: gpgme and signature comments Message-ID: <20040616124229.70bce279@BeBop> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This may be a shot in the dark, but is anyone else having issues with adding comments to a GPG ascii signature when signing through gpgme? I would like to add a comment to my e-mail sigs when signing with my mail program (Sylpheed-Claws) which uses gpgme. As seen below, the comment does not appear. However when I sign a file with gpg directly the comment appears as normal. At first I thought that the issue was caused by Sylpheed, but the developers there have pushed the blame to gpgme. Is this really an issue and if so is there any way around it? Thanks, - -BillT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0KKluLPldPuWZnARAvN0AJsHraD2tdATvCmjX3k+xhow/PcnawCff0+j By7AXRwIjQT/wD5kpOP7RF4= =OMB0 -----END PGP SIGNATURE----- From JPClizbe at comcast.net Wed Jun 16 23:08:46 2004 From: JPClizbe at comcast.net (John Clizbe) Date: Wed Jun 16 23:06:21 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <20040616165747.GI1631@adlp.org> References: <20040519072950.GA18826@adlp.org> <20040519150106.GA25099@jabberwocky.com> <20040616072633.GH1631@adlp.org> <200406160924.53082.linux@codehelp.co.uk> <20040616165747.GI1631@adlp.org> Message-ID: <40D0B6DE.5030306@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruno Boettcher wrote: > On Wed, Jun 16, 2004 at 09:24:49AM +0100, Neil Williams wrote: >> You are asking gpg to sign the file without specifying a key to use to create >> the signature, either as a default key (~/.gnupg/gpg.conf) or on the command > yep forgot to specify that i do have defined a default key in my > ~/.gnupg/gpg.conf, and that giving an explicit user names yields exactly > the same result and error message.... Have you set ultimate trust on your own key? gpg --edit-key E0807C30 trust 5 (for Ultimate) - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (MingW32) Comment: Annoy John Asscraft -- Use Strong Encyption Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA0LbdHQSsSmCNKhARAtFKAJ0VJsFG1UyDN2Fq0LiU4z9/TYjT+ACgw+bS OUgYv2PXH72xjrt2QaHRstg= =SFf6 -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Thu Jun 17 01:17:42 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Thu Jun 17 01:14:02 2004 Subject: [Announce] GnuPG 1.2.5 second release candidate In-Reply-To: <877ju7tvfp.fsf@vigenere.g10code.de> from Werner Koch at "Jun 16, 2004 04:43:38 pm" Message-ID: <200406162317.BAA11927@vulcan.xs4all.nl> Werner Koch wrote: >Since RC1 we fixed a couple more portability issues as well as some >other glitches. If we don't get serious complaints on this release, >1.2.5 will be released soon. It compiles OK on my old Linux system (kernel 2.0.38, libc5), and passes all tests, but I get a few errors with the install script: Making install in po make[1]: Entering directory /Storage/pgp/gpg/install/gnupg-1.2.5rc2/po' /bin/sh `case "../scripts/mkinstalldirs" in /*) echo "../scripts/mkinstalldirs" ;; *) echo "../../scripts/mkinstalldirs" ;; esac /usr/local/lib/gnupg/share ../../scripts/mkinstalldirs: ../../scripts/mkinstalldirs: No such file or directory make[1]: *** [install-data-yes] Error 1 make[1]: Leaving directory /Storage/pgp/gpg/install/gnupg-1.2.5rc2/po' make: *** [install-recursive] Error 1 Only the directories bin, libexec and share are installed. No .po files. The resulting installation does work. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From gr at eclipsed.net Thu Jun 17 01:49:31 2004 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Thu Jun 17 01:46:29 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040616100106.GC5365@netzpunkt.org> References: <20040616000959.GA2844@netzpunkt.org> <200406160956.33545.linux@codehelp.co.uk> <20040616100106.GC5365@netzpunkt.org> Message-ID: <20040616234931.GU4503@uriel.eclipsed.net> On Wed, Jun 16, 2004 at 12:01:06PM +0200, Christoph Probst wrote: > Why is noone updating these servers? I mean, yes, they are not > totally broken but still unuseable for some people. Because the function software, SKS, requires a somewhat obscure build and runtime environment, which makes it difficult for people who don't know the (also obscure) programming language in question to audit it, which makes it questionable, in certain people's eyes, in a security application. Why jharris's patches for the much more common (and written in a commonly used language) PKS haven't been applied to the main source tree there would be a question for the maintainers of that keyserver software. -- gabriel rosenkoetter gr@eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : /pipermail/attachments/20040616/de620818/attachment.bin From rlaager at wiktel.com Thu Jun 17 02:57:01 2004 From: rlaager at wiktel.com (Richard Laager) Date: Thu Jun 17 02:53:57 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040616234931.GU4503@uriel.eclipsed.net> Message-ID: <001201c45406$001e28d0$ce000a0a@umcrookston.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ... > which makes it questionable, in certain people's eyes, > in a security application. Keyservers are not trusted, by definition. Key signatures provide the requisite security. > Why jharris's patches for the much more common (and written in a > commonly used language) PKS haven't been applied to the main source > tree there would be a question for the maintainers of that > keyserver software. All publicly available patches for PKS that I'm aware of have been applied to the tree available at http://pks.sf.net. The latest CVS version there has been updated to use Berkeley DB 4. However, I think SKS should be used instead of PKS if possible. PKS has a number of bugs inherent in its design and is not being actively developed. Richard Laager -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQNDsWG31OrleHxvOEQJX3QCfdW0Xm17nD7u/QgDefxWgXJZsy2gAn3tu KaFZDXzJu8dxP/UWSt2+O6HT =N8/r -----END PGP SIGNATURE----- From gr at eclipsed.net Thu Jun 17 03:16:40 2004 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Thu Jun 17 03:13:41 2004 Subject: Duplicated User IDs arisen In-Reply-To: <001201c45406$001e28d0$ce000a0a@umcrookston.edu> References: <20040616234931.GU4503@uriel.eclipsed.net> <001201c45406$001e28d0$ce000a0a@umcrookston.edu> Message-ID: <20040617011640.GW4503@uriel.eclipsed.net> On Wed, Jun 16, 2004 at 07:57:01PM -0500, Richard Laager wrote: > All publicly available patches for PKS that I'm aware of have been > applied to the tree available at http://pks.sf.net. The latest CVS > version there has been updated to use Berkeley DB 4. My apologies. I knew that at some point, but had forgotten. Then, why all those keyservers haven't been updated is a question for their administrators. > However, I think SKS should be used instead of PKS if possible. > PKS has a number of bugs inherent in its design and is not being > actively developed. Fair enough. -- gabriel rosenkoetter gr@eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : /pipermail/attachments/20040616/1801ff1b/attachment.bin From dshaw at jabberwocky.com Thu Jun 17 05:04:02 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 17 05:01:07 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040616234931.GU4503@uriel.eclipsed.net> References: <20040616000959.GA2844@netzpunkt.org> <200406160956.33545.linux@codehelp.co.uk> <20040616100106.GC5365@netzpunkt.org> <20040616234931.GU4503@uriel.eclipsed.net> Message-ID: <20040617030402.GB7934@jabberwocky.com> On Wed, Jun 16, 2004 at 07:49:31PM -0400, gabriel rosenkoetter wrote: > On Wed, Jun 16, 2004 at 12:01:06PM +0200, Christoph Probst wrote: > > Why is noone updating these servers? I mean, yes, they are not > > totally broken but still unuseable for some people. > > Because the function software, SKS, requires a somewhat obscure > build and runtime environment, which makes it difficult for people > who don't know the (also obscure) programming language in question > to audit it, which makes it questionable, in certain people's eyes, > in a security application. I strongly disagree with this logic. It's somewhat silly, as one of the main points of public key cryptography is that the key distribution channel does not have to be secure. Who cares if a keyserver is hacked up one side and down the other? Unless it is hacked to the point of not being able to give out a key, this does not affect the security of OpenPGP. > Why jharris's patches for the much more common (and written in a > commonly used language) PKS haven't been applied to the main source > tree there would be a question for the maintainers of that keyserver > software. Ask jharris. He refuses to release the patches. Not that it matters terribly much - PKS is dead, victim of a changing world. David From dshaw at jabberwocky.com Thu Jun 17 05:10:14 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 17 05:07:16 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040616100106.GC5365@netzpunkt.org> References: <20040616000959.GA2844@netzpunkt.org> <200406160956.33545.linux@codehelp.co.uk> <20040616100106.GC5365@netzpunkt.org> Message-ID: <20040617031014.GC7934@jabberwocky.com> On Wed, Jun 16, 2004 at 12:01:06PM +0200, Christoph Probst wrote: > Maybe someone should recommend some servers on gnupg.org (I searched > the documentation but it seems to be out-dated.) The only recommended server to use is subkeys.pgp.net. Everything else is guaranteed to cause problems in one way or another. If not today, then eventually. Note that subkeys.pgp.net is the only HKP server given in the sample gpg.conf that comes in the distribution. Keyservers are a problem. GnuPG 1.3.x has a number of different ways to store keys for those who want to avoid the keyserver net. David From shavital at mac.com Thu Jun 17 05:14:58 2004 From: shavital at mac.com (Charly Avital) Date: Thu Jun 17 05:12:41 2004 Subject: [Announce] GnuPG 1.2.5 second release candidate In-Reply-To: <200406162317.BAA11927@vulcan.xs4all.nl> References: <200406162317.BAA11927@vulcan.xs4all.nl> Message-ID: <8336DFC7-C00C-11D8-9108-000393C2DC84@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 16, 2004, at 7:17 PM, Johan Wevers wrote: > [...] > Making install in po > make[1]: Entering directory /Storage/pgp/gpg/install/gnupg-1.2.5rc2/po' > /bin/sh `case "../scripts/mkinstalldirs" in /*) echo > "../scripts/mkinstalldirs" > ;; *) echo "../../scripts/mkinstalldirs" ;; esac > /usr/local/lib/gnupg/share > ../../scripts/mkinstalldirs: ../../scripts/mkinstalldirs: No such file > or > directory > make[1]: *** [install-data-yes] Error 1 > make[1]: Leaving directory /Storage/pgp/gpg/install/gnupg-1.2.5rc2/po' > make: *** [install-recursive] Error 1 > [...] Identical results on Mac OS X (Darwin 7.4.0). But seems to work fine. Had similar errors with 1.2.5.rc1 Had no errors, of any kind, with 1.3.6. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFA0QzB8SG5rMkbCF4RAikYAKCR0lX6g8ZjVVgNoEfpZEbycHFXVgCgmlbm VzWstXA8U5nbf9dfZBqhOQA= =l3cA -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Jun 17 05:24:56 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 17 05:22:05 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <20040616072633.GH1631@adlp.org> References: <20040519072950.GA18826@adlp.org> <20040519150106.GA25099@jabberwocky.com> <20040616072633.GH1631@adlp.org> Message-ID: <20040617032455.GD7934@jabberwocky.com> On Wed, Jun 16, 2004 at 09:26:33AM +0200, Bruno Boettcher wrote: > On Wed, May 19, 2004 at 11:01:06AM -0400, David Shaw wrote: > Hello > > have this problem pending for a long time now, and now its getting acute > again :D > > i am not able to transfer my primary key to the laptop.... > i tryed the following: > > bboett@kalman:~/$ gpg --export-secret-subkey >gpg.sub > bboett@kalman:~/$ gpg --export-secret-key >gpg.sec > bboett@kalman:~/$ scp gpg.s* laptop: > > and on the laptop: > > laptop:~/zebot$ gpg --import ~/gpg.s* > gpg: key E0807C30: already in secret keyring > gpg: key E0807C30: already in secret keyring > gpg: Total number processed: 4 > gpg: secret keys read: 4 > gpg: secret keys unchanged: 4 > laptop:~/$ gpg --sign testfile > gpg: secret key parts are not available > gpg: no default secret key: general error > gpg: signing failed: general error > > > E0807C30 being the fingerprint of my main key.... > so i don't know what to try next?? Don't use --export-secret-subkey. It has nothing to do with what you are trying to do, and is the cause of the "secret key parts are not available" error. Delete the secret key on your laptop and re-import the gpg.sec file. NOT the gpg.sub file, which will in no way work. David From greg at turnstep.com Thu Jun 17 05:33:01 2004 From: greg at turnstep.com (Greg Sabino Mullane) Date: Thu Jun 17 05:30:27 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040617031014.GC7934@jabberwocky.com> Message-ID: <6b077aa27ec77748fe9e8b139c103f7b@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Keyservers are a problem. GnuPG 1.3.x has a number of different ways > to store keys for those who want to avoid the keyserver net. For what it's worth, I'm writing a new keyserver program (from scratch) that should address most of the problems with the current ones. Don't look for it anytime soon, but if anyone has particular beefs with the curent keyservers or ideas, please let me know. - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200406162334 -----BEGIN PGP SIGNATURE----- iD8DBQFA0RE8vJuQZxSWSsgRAl6aAKDrgwwDbcUgvUa8Qa3SA3i3tWa4WwCgsw1t iufxkcu2I1ACXYlbkBCzDi0= =DzcY -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Jun 17 06:11:21 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 17 06:08:24 2004 Subject: Duplicated User IDs arisen In-Reply-To: <6b077aa27ec77748fe9e8b139c103f7b@biglumber.com> References: <20040617031014.GC7934@jabberwocky.com> <6b077aa27ec77748fe9e8b139c103f7b@biglumber.com> Message-ID: <20040617041120.GA11294@jabberwocky.com> On Thu, Jun 17, 2004 at 03:33:01AM -0000, Greg Sabino Mullane wrote: > > Keyservers are a problem. GnuPG 1.3.x has a number of different ways > > to store keys for those who want to avoid the keyserver net. > > For what it's worth, I'm writing a new keyserver program (from scratch) > that should address most of the problems with the current ones. Don't > look for it anytime soon, but if anyone has particular beefs with the > curent keyservers or ideas, please let me know. What do you plan on doing that SKS isn't already doing? SKS fixed all of the PKS bugs and corruptions, but given the parameters and limitations of a public keyserver network, it seems that many of the remaining problems are inherent in the architecture. David From bboett at bboett.dyndns.org Thu Jun 17 09:28:16 2004 From: bboett at bboett.dyndns.org (Bruno Boettcher) Date: Thu Jun 17 09:25:26 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <20040617032455.GD7934@jabberwocky.com> References: <20040519072950.GA18826@adlp.org> <20040519150106.GA25099@jabberwocky.com> <20040616072633.GH1631@adlp.org> <20040617032455.GD7934@jabberwocky.com> Message-ID: <20040617072816.GN1631@adlp.org> On Wed, Jun 16, 2004 at 11:24:56PM -0400, David Shaw wrote: > Don't use --export-secret-subkey. It has nothing to do with what you > are trying to do, and is the cause of the "secret key parts are not > available" error. hmmm that was what i tryed first until someone here pointed me out that i had to import also the secrete key parts.... nevertheless, now the probelms grow even stranger: gpg --delete-secret-and-public-key E0807C30 gpg: key `E0807C30' not found: eof gpg: E0807C30: delete key failed: eof laptop:~$ gpg --import gpg.sec gpg: key 0D1DC4FE: already in secret keyring gpg: key E0807C30: already in secret keyring gpg: Total number processed: 2 gpg: secret keys read: 2 gpg: secret keys unchanged: 2 laptop:~$ gpg --edit-key E0807C30 immediate return.... perhaps a buggy version of gpg?? laptop:~$ gpg --version gpg (GnuPG) 1.2.4 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB, BZIP2 neverhteless on the server and the laptop they are exactly the same version... -- ciao bboett ============================================================== bboett@adlp.org http://inforezo.u-strasbg.fr/~bboett =============================================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040617/a5a3bb31/attachment.bin From linux at codehelp.co.uk Thu Jun 17 10:15:57 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Thu Jun 17 10:12:25 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <20040617072816.GN1631@adlp.org> References: <20040519072950.GA18826@adlp.org> <20040617032455.GD7934@jabberwocky.com> <20040617072816.GN1631@adlp.org> Message-ID: <200406170916.07545.linux@codehelp.co.uk> On Thursday 17 June 2004 8:28, Bruno Boettcher wrote: > On Wed, Jun 16, 2004 at 11:24:56PM -0400, David Shaw wrote: > nevertheless, now the probelms grow even stranger: > Which machine was this on? > gpg --delete-secret-and-public-key E0807C30 > gpg: key `E0807C30' not found: eof Try gpg --delete-secret-key 0xE0807C30 instead. Make sure it's gone by listing the secret keys: gpg --list-secret-keys > gpg: E0807C30: delete key failed: eof > > laptop:~$ gpg --import gpg.sec Umm, did you actually delete the secret key from the laptop or from the other machine? It's the laptop keyring that needs the secret key removal. If you've done what I think you've done, you need to re-import gpg.sec on the other machine. Use --list-secret-keys on both machines and find out where you stand. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040617/728fd183/attachment-0001.bin From bboett at bboett.dyndns.org Thu Jun 17 12:43:46 2004 From: bboett at bboett.dyndns.org (Bruno Boettcher) Date: Thu Jun 17 12:40:49 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <200406170916.07545.linux@codehelp.co.uk> References: <20040519072950.GA18826@adlp.org> <20040617032455.GD7934@jabberwocky.com> <20040617072816.GN1631@adlp.org> <200406170916.07545.linux@codehelp.co.uk> Message-ID: <20040617104346.GP1631@adlp.org> On Thu, Jun 17, 2004 at 09:15:57AM +0100, Neil Williams wrote: uhm really sorry to bother and to be such a clutz... > Which machine was this on? i am only working on the laptop, not touching the workstation... > Umm, did you actually delete the secret key from the laptop or from the other > machine? It's the laptop keyring that needs the secret key removal. only from the laptop > If you've done what I think you've done, you need to re-import gpg.sec on the > other machine. Use --list-secret-keys on both machines and find out where you > stand. uhm as said a part from the export of the keys i didn't do anything on the workstation.... darn... got it solved.... heh really stupid looking afterwards.... had to import the secret key before the public key.... other way round it doesn't work.... all the tampering of the secret keys was useless... had to remove all traces of the key, then install the secret key, and then the public, in that order it works.... hmmm other question since i am at it... the old secret key of my laptop, i revoked it, can i safely delete it, or do i have to keep it around? the revokation certificate was send to the key servers some time ago... -- ciao bboett ============================================================== bboett@adlp.org http://inforezo.u-strasbg.fr/~bboett =============================================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040617/b2837b33/attachment.bin From listen at hammernoch.net Thu Jun 17 13:20:46 2004 From: listen at hammernoch.net (=?iso-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=) Date: Thu Jun 17 13:18:44 2004 Subject: how to transfer a secret key to another comp? In-Reply-To: <20040617104346.GP1631@adlp.org> References: <20040617104346.GP1631@adlp.org> Message-ID: <40D17E8E.5040304@hammernoch.net> On 17.06.2004 12:43, bboett@bboett.dyndns.org wrote: (...) > hmmm other question since i am at it... > > the old secret key of my laptop, i revoked it, can i safely delete it, > or do i have to keep it around? the revokation certificate was send > to the key servers some time ago... This depends on whether you have (and still need access to) material encrypted to this key. I would never delete an old key. You never know where you have old encrypted stuff on old backups you need years afterwards... Ludwig From str at strgt.cjb.net Thu Jun 17 14:16:38 2004 From: str at strgt.cjb.net (Stuardo - StR - Rodriguez) Date: Thu Jun 17 20:24:45 2004 Subject: new with GPG Message-ID: <200406171216.51269.str@strgt.cjb.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there... I'm new here. And I'm starting to use GPG where I work and I would like to know how to use gpg with with Windows. Anyone here using it with Outlook and/or Outlook express? Is there an alternative to Outlook/Outlook-express for windows that uses GPG? Thanks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0Yuy5T8kS/5gJMARAoo+AJ9taNWWMp4CYlCRdDxDWKhYDdVeGACdFgtb oDdWxge4AUcAoVK1KRYLN3Y= =lQjd -----END PGP SIGNATURE----- From wrenhunt at hotmail.com Thu Jun 17 23:37:58 2004 From: wrenhunt at hotmail.com (J. Wren Hunt) Date: Thu Jun 17 23:35:02 2004 Subject: new with GPG In-Reply-To: <200406171216.51269.str@strgt.cjb.net> References: <200406171216.51269.str@strgt.cjb.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stuardo - StR - Rodriguez wrote: | Hi there... | | I'm new here. And I'm starting to use GPG where I work and I would like to | know how to use gpg with with Windows. Anyone here using it with Outlook | and/or Outlook express? | | Is there an alternative to Outlook/Outlook-express for windows that uses GPG? | | Thanks Do yourself a favor and get Mozilla's Thunderbird at http://www.mozilla.org/products/thunderbird/. Version 0.7 was just released. You may pick up the Enigmail extension to provide for GPG functionality at http://enigmail.mozdev.org Wren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0g82A/qR4Uok1vQRAqpoAKDxFy25UM+KEZQF/KYYo6GLSfJTuQCgoEw5 zR1QHD5Pp3CRe3B706fKo8c= =oDuu -----END PGP SIGNATURE----- From lists at ulrichschneider.de Fri Jun 18 07:12:15 2004 From: lists at ulrichschneider.de (Ulrich Schneider) Date: Fri Jun 18 07:14:18 2004 Subject: RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs In-Reply-To: <20040616021327.B94362@willy_wonka> References: <40CFE077.9030907@ulrichschneider.de> <20040616021327.B94362@willy_wonka> Message-ID: <40D279AF.9030808@ulrichschneider.de> Thanks, that was very helpful. Besides ... is there a doku how to replace the enc. key with another enc. key of higher key length when you want to have the same signature key? Atom 'Smasher' wrote: > On Wed, 16 Jun 2004, Ulrich Schneider wrote: > > >>> Why are DSA-Keys always generated with only 1024 bits even when I tell >>> gpg that the key has to be generated with 2048 bits. > > ================= > > DSA is the "digital signature algorithm", DSS is the "digital signature > standard" (both specified in FIPS-186). the ~algorithm~ can be used with > any size hash or key, but the ~standard~ uses a 160 bit hash (SHA1) with > a maximum key size of 1024. it's generally believed that a key larger > than 1024 bits used to sign a 160 bit hash would be a waste of bits. > > there are some arguments against this logic, but it's already past my > bedtime ;) > > >>> And why are there different keypairs for signing and encryption? And >>> why are these keypairs from different kind (DSA and ElGamal). Why >>> isn`t there one keypair used for signing and encryption? > > ================= > > as i understand it, this is largely a historical artifact. RSA performs > reasonably well for both signing and encryption, but until recently > (2000) it was not in the public domain. public domain algorithms (such > as DSA and ElGamal) allowed public key crypto to be used in "free" > applications before the RSA patent expired, and they're still with us > today. > > the ~other~ algorithms mostly tend to be better suited either for > encryption or signing. > > you ~can~ use a single RSA key for both encryption and signing, but > there are advantages to having a "primary" key for signing, and one or > more "subkeys" for encryption and/or signing. > > >>> gnupg says the following: >>> Please select what kind of key you want: >>> (1) DSA and ElGamal (default) >>> (2) DSA (sign only) >>> (4) RSA (sign only) >>> >>> So as you can see here, even RSA is used for signing only. Why is there >>> no possibility to use RSA keypairs for encryption? > > ================= > > if you use this: > $ gpg --expert --gen-key > > you will have an option to create an RSA key that can be used for both > signing and encryption: > (6) RSA (sign and encrypt) > > you can use that all by itself as a key, but i'd recommend against it. > that's what i use as my ~primary~ key: i have a DSA signing subkey and > an ElGamal encryption subkey. > > > >>> The GNU Privacy Handbook says: >>> "GnuPG is able to create several different types of keypairs, but a >>> primary key must be capable of making signatures. There are therefore >>> only three options. Option 1 actually creates two keypairs. A DSA >>> keypair is the primary keypair usable only for making signatures. An >>> ElGamal subordinate keypair is also created for encryption. Option 2 is >>> similar but creates only a DSA keypair. Option 4[1] creates a single >>> ElGamal keypair usable for both making signatures and performing >>> encryption. In all cases it is possible to later add additional subkeys >>> for encryption and signing. For most users the default option is fine. > > ================ > > out of date documentation.... ElGamal is no longer used for signatures. > > >>> You must also choose a key size. The size of a DSA key must be between >>> 512 and 1024 bits, and an ElGamal key may be of any size. GnuPG, >>> however, requires that keys be no smaller than 768 bits. Therefore, if >>> Option 1 was chosen and you choose a keysize larger than 1024 bits, the >>> ElGamal key will have the requested size, but the DSA key will be 1024 >>> bits." > > =================== > > 768 is the smallest DSA key you can create now, but there hardly any > reason to use anything less than 1024. > > >>> If there is alway two public keys -one for signing and one for >>> encryption- the question arise for which key is the fingerprint >>> computed? I guess for the main-key. > > ==================== > > you don't ~need~ to have a separate signing and encryption key, but it's > a good idea. you can have an RSA key that does both encryption and > signing (with no subkeys) or you can have a sign-only key (with no > encryption subkeys). > > and yes, the "key fingerprint" is that of the primary key. > > >>> But what`s going on with the subkey? Is there no need to check the >>> fingerprint of the subkey? Or is it checked indirectly with the >>> fingerprint of the main key? How does this work? > > ===================== > > a subkey is "bound", or associated with, a particular primary key. if i > tell you my "key fingerprint" is "1234", then my subkey(s) must be > signed by the primary key (1234). > > that implies (but doesn't actually prove) ownership of the subkey(s). > > if you feel the need, you can check subkey fingerprints using this: > $ gpg --fingerprint --fingerprint {key id} > > > >>> I also have another question. Is there a possibility to show a key in >>> human readable form. Best output I produced is a gpg --export --armor >>> . A key consists of an exponent and a modulus. Is there a >>> way to show these values? > > ======================= > > pgpdump: PGP packet visualizer > > pgpdump will let you look into the heart and soul of OpenPGP data, > including keys. if you want to see the exponent, modulus and other fun > math stuff do something like this: > $ gpg --export {key id} | pgpdump -i > > and pipe that into a pager (more, less, most). > > >>> Another problem: >>> I created a 2048 bit RSA keypair with gpg. When I try to encrypt a file >>> for this key, gnupg tells me: >>> gpg: 0x149881408FAB041C: skipped: unusable public key >>> gpg: : encryption failed: unusable public key >>> >>> I also have another 2048 bit RSA key in my keyring. Encryption for this >>> key works. How could that be? Sometimes it works, sometimes not? It >>> probably has something to to, by which program the key was generated. >>> Here are the comments taken from the public key block. > > ===================== > > in order for an RSA key to work for both signing and encryption, you > have to create it as a "sign and encrypt" RSA key, as described above. > > using pgpdump, a sign-only RSA key will say: > Flag - This key may be used to certify other keys > Flag - This key may be used to sign data > a sign and encrypt RSA key will _also_ say: > Flag - This key may be used to encrypt communications > Flag - This key may be used to encrypt storage > > >>> Probably I told you too many questions, but I`m relly interested in >>> understanding, how the whole thing works. > > ==================== > > i know how it is... i'm new to pgp/gpg myself. i've only been using it > for less than a year, but i started out by reading EVERYTHING i could > find on the topic, twice (and asking some pretty stupid questions). > > after playing and experimenting with it, i've become very comfortable > with it's inner workings. > > this is a good list for asking questions... > > > > ...atom > > _________________________________________ > PGP key - http://atom.smasher.org/pgp.txt > 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > ------------------------------------------------- > > "Cryptography is like literacy in the Dark Ages. Infinitely > potent, for good and ill... yet basically an intellectual > construct, an idea, which by its nature will resist efforts > to restrict it to bureaucrats and others who deem only > themselves worthy of such Privilege." > -- Vin McLellan, > A Thinking Man's Creed for Crypto _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From atom at suspicious.org Fri Jun 18 08:39:11 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Fri Jun 18 08:47:46 2004 Subject: RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs In-Reply-To: <40D279AF.9030808@ulrichschneider.de> References: <40CFE077.9030907@ulrichschneider.de> <20040616021327.B94362@willy_wonka> <40D279AF.9030808@ulrichschneider.de> Message-ID: <20040618015427.M94362@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 18 Jun 2004, Ulrich Schneider wrote: > Thanks, that was very helpful. > > Besides ... is there a doku how to replace the enc. key with another > enc. key of higher key length when you want to have the same signature > key? ========================== you want to keep the (primary) signing key, and replace an encryption subkey with something bigger? you can create a new encryption (sub)key using "--edit-key", "addkey". you have three options for what to do with the old key: 1) leave it. the default gpg behavior is to use the newest key it can find. this means that your new key will be used when a gpg user encrypts a message to you, and the old key will be ignored. i have no idea which encryption subkey would be used by other pgp applications: if someone is sending you an encrypted message, and they use MIT-PGP or PGPi, it ~might~ use the old encryption subkey... i don't know... 2) revoke it. in the edit-key menu, select the old key and "revkey". that subkey still exists, and can be used to decrypt previously encrypted messages, but anyone with a current copy of the key will not be able to use that subkey for encryption. 3) delete it. in the edit-key menu, select the old key and "delkey". that subkey no longer exists and can not be used to encrypt (or decrypt!!) messages. option #3 could be dangerous: you will not be able to read messages encrypted with that subkey. if someone has on older copy of your key (before you delete that subkey), they can encrypt a message to that subkey and you will have no way to decrypt it. if your key has *NOT* been circulated, then deleting the key might be a nice option; if/when you do put your key into circulation, it won't have an unnecessary subkey in it. i would recommended options #1 or #2 if your key is in circulation. anyone could have an old copy of your key, and encrypt a message to a subkey that is no longer current (but they might not know it). in either case, you *will* be able to decrypt the message. if you don't have any signatures on your key, and it's not widely used in public, you might consider just creating a new key from scratch... make it as big as you want. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Proprietary software seeks to maximize its value solely in monetary terms by achieving a monopoly. Open Source software maximizes its value by assuring that a monopoly cannot be achieved." -- Mark Webbink, Senior Vice President and General Counsel of Red Hat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDSjhUACgkQnCgLvz19QeOg9wCaAnwSvJX9OMdP2rRBPdnazTRv BLkAoKWPe+PAJWvXILq5DuHucUsnNZm2 =m8R6 -----END PGP SIGNATURE----- From str at strgt.cjb.net Fri Jun 18 12:24:56 2004 From: str at strgt.cjb.net (Stuardo - StR - Rodriguez) Date: Fri Jun 18 18:22:27 2004 Subject: new with GPG In-Reply-To: References: <200406171216.51269.str@strgt.cjb.net> Message-ID: <200406181024.57557.str@strgt.cjb.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 17 June 2004 21:37, J. Wren Hunt wrote: >JW: Do yourself a favor and get Mozilla's Thunderbird at >JW: http://www.mozilla.org/products/thunderbird/. Version 0.7 was just >JW: released. ThunderBird is a replacement for Outlook-Express But What about Outlook - the one with the calendar, and notes and etc etc.. ThunderBird does not have all this thinks.. Anyone knows about a good replacement for Outlook full for windows with GPG support? - -- - ----------------------- Stuardo -StR- Rodr?guez - ----------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0sL45T8kS/5gJMARAlCBAJ9gTxyKeib8yycRcph2f8TUdzhC6ACfU7nG xc7WGAfKKCtseqBkxNjDz5s= =+Qxl -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Jun 18 18:34:12 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Jun 18 18:31:21 2004 Subject: RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs In-Reply-To: <40D279AF.9030808@ulrichschneider.de> References: <40CFE077.9030907@ulrichschneider.de> <20040616021327.B94362@willy_wonka> <40D279AF.9030808@ulrichschneider.de> Message-ID: <20040618163412.GD30971@jabberwocky.com> On Fri, Jun 18, 2004 at 07:12:15AM +0200, Ulrich Schneider wrote: > Thanks, that was very helpful. > > Besides ... is there a doku how to replace the enc. key with another > enc. key of higher key length when you want to have the same signature key? "gpg --edit-key (thekey)" "key (n)" where n is the subkey you want to replace "revkey" (follow the prompts, enter your passphrase, etc) "addkey" (follow the prompts, select a new key type, enter your passphrase, etc) "save" David From sling at biochem.wustl.edu Fri Jun 18 19:42:47 2004 From: sling at biochem.wustl.edu (Song Ling) Date: Fri Jun 18 19:39:46 2004 Subject: new with GPG In-Reply-To: <200406181024.57557.str@strgt.cjb.net> Message-ID: Thank you for the message. I am also new to GPG, my question is: Is there a Windows version of GPG that I may apply to encrypt a file before sending it with Outlook-Express as attachment? Song Ling On Fri, 18 Jun 2004, Stuardo - StR - Rodriguez wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 17 June 2004 21:37, J. Wren Hunt wrote: > >JW: Do yourself a favor and get Mozilla's Thunderbird at > >JW: http://www.mozilla.org/products/thunderbird/. Version 0.7 was just > >JW: released. > > ThunderBird is a replacement for Outlook-Express > > But What about Outlook - the one with the calendar, and notes and etc etc.. > ThunderBird does not have all this thinks.. > > Anyone knows about a good replacement for Outlook full for windows with GPG > support? > > - -- > - ----------------------- > Stuardo -StR- Rodr?guez > - ----------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFA0sL45T8kS/5gJMARAlCBAJ9gTxyKeib8yycRcph2f8TUdzhC6ACfU7nG > xc7WGAfKKCtseqBkxNjDz5s= > =+Qxl > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From hmujtaba at forumsys.com Fri Jun 18 19:53:25 2004 From: hmujtaba at forumsys.com (Hasnain Mujtaba) Date: Fri Jun 18 19:50:59 2004 Subject: Diffie Hellman V. ElGamal Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D190378@bstn-exch1.forumsys.com> Hi all, When we generate keys in GPG, we have the options of creating a ElGamal key pair. With PGP8, the option is DH/DSS. Why doesn't GPG provide a DH/DSS option? Isn't DH more common than ElGamal? Thanks Hasnain. ---- The information contained in this electronic mail and any attached document is the confidential and proprietary business information of Forum Systems, Inc. It is intended solely for the addressed recipient listed above. It may not be distributed in any manner without the express written consent of Forum Systems, Inc. From dshaw at jabberwocky.com Fri Jun 18 20:48:22 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Fri Jun 18 20:45:28 2004 Subject: Diffie Hellman V. ElGamal In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D190378@bstn-exch1.forumsys.com> References: <4DCE15B9C4E66F4CA967EBF64C53D64D190378@bstn-exch1.forumsys.com> Message-ID: <20040618184821.GA32692@jabberwocky.com> On Fri, Jun 18, 2004 at 01:53:25PM -0400, Hasnain Mujtaba wrote: > Hi all, > > When we generate keys in GPG, we have the options of creating a ElGamal > key pair. With PGP8, the option is DH/DSS. Why doesn't GPG provide a > DH/DSS option? Isn't DH more common than ElGamal? DH/DSS (PGP) == DSA and Elgamal (GnuPG). For historical reasons, PGP calls Elgamal Diffie-Hellman, or DH. Basically, when PGP 5 was being written, the patent holder on Diffie Hellman told the company that if they called it DH instead of Elgamal, they'd give them a free patent licence (there were still a few months left in the patent). Anyway, the patent has long since expired, but the name stuck. David From lists2 at onryou.com Sat Jun 19 03:35:10 2004 From: lists2 at onryou.com (Cory Donnelly) Date: Sat Jun 19 03:31:36 2004 Subject: Deleting uids from a public key Message-ID: <40D3984E.5050703@onryou.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm attempting to delete an out-of-date uid/e-mail address from my public key. The deleting part is simple, keyservers however don't seem to recognize the change. I'm comfortable using deluid to remove a uid from my key, but I'm concerned that after doing so gpg doesn't ask for my password. When I view my key with 'gpg --list-secret-keys' the second uid and associated e-mail address are gone, but when I export my public key and send it off to keyserver.kjsl.com (either using the web interface or 'gpg - --send-key') the uid doesn't seem to get removed. Any ideas? Thanks, Cory -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFA05hOokBdAgPGOhURAq/GAJ9bflu4yRq9CTvScX0raqn/FzEQNQCfQRDc HvNruTUQPdqj5CQtJmfBWR8= =Jq/e -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Jun 19 04:30:41 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Sat Jun 19 04:27:52 2004 Subject: Deleting uids from a public key In-Reply-To: <40D3984E.5050703@onryou.com> References: <40D3984E.5050703@onryou.com> Message-ID: <20040619023041.GA3429@jabberwocky.com> On Fri, Jun 18, 2004 at 09:35:10PM -0400, Cory Donnelly wrote: > I'm attempting to delete an out-of-date uid/e-mail address from my > public key. The deleting part is simple, keyservers however don't seem > to recognize the change. > > I'm comfortable using deluid to remove a uid from my key, but I'm > concerned that after doing so gpg doesn't ask for my password. When I > view my key with 'gpg --list-secret-keys' the second uid and associated > e-mail address are gone, but when I export my public key and send it off > to keyserver.kjsl.com (either using the web interface or 'gpg > --send-key') the uid doesn't seem to get removed. Keyservers are add-only. Once a key is on the keyservers, you can't delete a user ID. What you can do is revoke (rather than delete) the user ID. This marks the user ID as unusable, and it will be ignored (but still present) from then on out. Just use "revuid" instead of "deluid". David From linux at codehelp.co.uk Sat Jun 19 15:12:04 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Sat Jun 19 15:09:49 2004 Subject: Deleting uids from a public key In-Reply-To: <40D3984E.5050703@onryou.com> References: <40D3984E.5050703@onryou.com> Message-ID: <200406191412.11787.linux@codehelp.co.uk> On Saturday 19 June 2004 2:35, Cory Donnelly wrote: > I'm attempting to delete an out-of-date uid/e-mail address from my > public key. The deleting part is simple, Deletion only works for local keys, keys that are already on keyservers should have old UID's revoked instead. > keyservers however don't seem > to recognize the change. Keyservers only ever add details, never subtract. Once a key is on a keyserver, it remains available for as long as keyservers continue to synchronise. This is why anything on your key that is out-of-date should be revoked. > I'm comfortable using deluid to remove a uid from my key, but I'm > concerned that after doing so gpg doesn't ask for my password. I can delete a UID from your key with no need for secret keys or passphrases - it'll just re-appear as soon as the key is refreshed. Subkeys are different, but UID's can be deleted by anyone, anytime. There's little point in doing so if the key came from a keyserver in the first place. > When I > view my key with 'gpg --list-secret-keys' the second uid and associated > e-mail address are gone, but when I export my public key and send it off > to keyserver.kjsl.com (either using the web interface or 'gpg > --send-key') the uid doesn't seem to get removed. Keyservers don't remove, they merge the incoming data with any existing data. The only things that can change your key once on a keyserver are new signatures, new UID's, revoked UID's, revoked sigs and revocation certificates for the key itself. > Any ideas? --edit-key revuid -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040619/ccb8de7f/attachment.bin From thomas at northernsecurity.net Sat Jun 19 17:59:18 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Sat Jun 19 17:56:58 2004 Subject: new with GPG In-Reply-To: References: <200406181024.57557.str@strgt.cjb.net> Message-ID: <20040619155918.GA6997@northernsecurity.net> On Fri, Jun 18, 2004 at 12:42:47PM -0500, Song Ling wrote: > Thank you for the message. > > I am also new to GPG, my question is: Is there a Windows version of > GPG that I may apply to encrypt a file before sending it with > Outlook-Express as attachment? > GPG-relay? http://sites.inka.de/tesla/gpgrelay.html /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040619/2d573110/attachment.bin From jerry.windrel at verizon.net Sun Jun 20 22:17:01 2004 From: jerry.windrel at verizon.net (Jerry Windrel) Date: Sun Jun 20 22:13:34 2004 Subject: new with GPG References: <200406171216.51269.str@strgt.cjb.net> <200406181024.57557.str@strgt.cjb.net> Message-ID: <001501c45703$8c17b9a0$6401a8c0@Windows> You should be able to continue using full Outlook if you use GPG with a graphical front end like WinPT that allows you to encrypt and decrypt inside any application's window (Outlook, etc.). I actually use the free version of PGP for that. It has somewhat of an advantage of being all in one. It has "hot keys" which let you do your encryption/decryption/signing all from within whatever application you're using (Outlook, etc.). The beauty of the hot keys is that the application doesn't have to have any specific support from PGP, so it will work in Notepad, Word, web browser text boxes, etc. ----- Original Message ----- From: "Stuardo - StR - Rodriguez" To: Sent: Friday, June 18, 2004 6:24 AM Subject: Re: new with GPG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 17 June 2004 21:37, J. Wren Hunt wrote: >JW: Do yourself a favor and get Mozilla's Thunderbird at >JW: http://www.mozilla.org/products/thunderbird/. Version 0.7 was just >JW: released. ThunderBird is a replacement for Outlook-Express But What about Outlook - the one with the calendar, and notes and etc etc.. ThunderBird does not have all this thinks.. Anyone knows about a good replacement for Outlook full for windows with GPG support? - -- - ----------------------- Stuardo -StR- Rodr?guez - ----------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA0sL45T8kS/5gJMARAlCBAJ9gTxyKeib8yycRcph2f8TUdzhC6ACfU7nG xc7WGAfKKCtseqBkxNjDz5s= =+Qxl -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From sling at biochem.wustl.edu Mon Jun 21 05:20:12 2004 From: sling at biochem.wustl.edu (Song Ling) Date: Mon Jun 21 05:17:14 2004 Subject: new with GPG In-Reply-To: <001501c45703$8c17b9a0$6401a8c0@Windows> Message-ID: Could you please give us more details or point us to some sites about running Outlook with GPG or PGP or something else free? Windows users need to be supported. Thank you. Song On Sun, 20 Jun 2004, Jerry Windrel wrote: > You should be able to continue using full Outlook if you use GPG with a > graphical front end like WinPT that allows you to encrypt and decrypt inside > any application's window (Outlook, etc.). > > I actually use the free version of PGP for that. It has somewhat of an > advantage of being all in one. It has "hot keys" which let you do your > encryption/decryption/signing all from within whatever application you're > using (Outlook, etc.). The beauty of the hot keys is that the application > doesn't have to have any specific support from PGP, so it will work in > Notepad, Word, web browser text boxes, etc. > > > ----- Original Message ----- > From: "Stuardo - StR - Rodriguez" > To: > Sent: Friday, June 18, 2004 6:24 AM > Subject: Re: new with GPG > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 17 June 2004 21:37, J. Wren Hunt wrote: > >JW: Do yourself a favor and get Mozilla's Thunderbird at > >JW: http://www.mozilla.org/products/thunderbird/. Version 0.7 was just > >JW: released. > > ThunderBird is a replacement for Outlook-Express > > But What about Outlook - the one with the calendar, and notes and etc etc.. > ThunderBird does not have all this thinks.. > > Anyone knows about a good replacement for Outlook full for windows with GPG > support? > > - -- > - ----------------------- > Stuardo -StR- Rodr?guez > - ----------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFA0sL45T8kS/5gJMARAlCBAJ9gTxyKeib8yycRcph2f8TUdzhC6ACfU7nG > xc7WGAfKKCtseqBkxNjDz5s= > =+Qxl > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From jerry.windrel at verizon.net Mon Jun 21 06:00:29 2004 From: jerry.windrel at verizon.net (Jerry Windrel) Date: Mon Jun 21 05:56:55 2004 Subject: new with GPG References: Message-ID: <002901c45744$4b54fc70$6401a8c0@Windows> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I got my free Windows PGP from http://www.pgp.com/products/freeware.html . The advantage over GnuPG is that it doesn't require the installation of a separate front-end component, and I found it was a good way to get started, personally. (Since then I've also installed and used GnuPG, both on Windows and Linux.) The PDF manual that comes with it is pretty good, but I wish it would give more emphasis to the HotKeys, which I've found is the most convenient way to use it, since they allow you to encrypt/decrypt/sign/verify in any application, without a plugin. I do 99% of my stuff with the HotKeys (or the right-click PGP context menu that gets added to Windows Explorer). I almost never use the PGPMail tool, which the manual focuses on. It took me a while to clue into using PGP that way, though. Install it and feel free to email me with any questions. I've talked people through it a few times. - ----- Original Message ----- From: "Song Ling" To: "Jerry Windrel" Cc: Sent: Sunday, June 20, 2004 11:20 PM Subject: Re: new with GPG Could you please give us more details or point us to some sites about running Outlook with GPG or PGP or something else free? Windows users need to be supported. Thank you. Song On Sun, 20 Jun 2004, Jerry Windrel wrote: > You should be able to continue using full Outlook if you use GPG > with a graphical front end like WinPT that allows you to encrypt > and decrypt inside any application's window (Outlook, etc.). > > I actually use the free version of PGP for that. It has somewhat > of an advantage of being all in one. It has "hot keys" which let > you do your encryption/decryption/signing all from within whatever > application you're using (Outlook, etc.). The beauty of the hot > keys is that the application doesn't have to have any specific > support from PGP, so it will work in Notepad, Word, web browser > text boxes, etc. > > > ----- Original Message ----- > From: "Stuardo - StR - Rodriguez" > To: > Sent: Friday, June 18, 2004 6:24 AM > Subject: Re: new with GPG > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 17 June 2004 21:37, J. Wren Hunt wrote: > >JW: Do yourself a favor and get Mozilla's Thunderbird at > >JW: http://www.mozilla.org/products/thunderbird/. Version 0.7 was > >just JW: released. > > ThunderBird is a replacement for Outlook-Express > > But What about Outlook - the one with the calendar, and notes and > etc etc.. ThunderBird does not have all this thinks.. > > Anyone knows about a good replacement for Outlook full for windows > with GPG support? > > - -- > - ----------------------- > Stuardo -StR- Rodr?guez > - ----------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFA0sL45T8kS/5gJMARAlCBAJ9gTxyKeib8yycRcph2f8TUdzhC6ACfU7nG > xc7WGAfKKCtseqBkxNjDz5s= > =+Qxl > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com iQA/AwUBQNZdOIlVuABWWiqVEQIBFgCg9jpyGg9n9hCLE/fPIQHMsUZN/P0AmgJl JLs8zOiSkrUsMLAPKswmQn2u =iz9l -----END PGP SIGNATURE----- From Dave.Falkins at jmfamily.com Wed Jun 16 22:01:33 2004 From: Dave.Falkins at jmfamily.com (Falkins Jr, David) Date: Mon Jun 21 13:09:32 2004 Subject: --logger-fd n in Windows Visual Basic Message-ID: <7A1CE09ED65C5D40AEBD178FC5657AA101C225D8@D05ONSIGHT01.D05.Mi8OnSight.com> Shell this command... sCommand = "cmd /C gpg.exe --recipient ""myRECIPIENT"" --output ""myOUTPUT"" --encrypt ""myINPUT"" 2>""myLOG""" 2> redirects stderr to file -------------------------------------------------- This e-mail transmission contains information intended only for the use of the recipient(s) named above. Further, it contains information that may be privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message (including any attachments) is strictly prohibited. If you have received this e-mail in error, please notify the sender by reply e-mail and then delete this message from your mail system. Thank you for your compliance. -------------- next part -------------- An HTML attachment was scrubbed... URL: /pipermail/attachments/20040616/2b73d93d/attachment.html From Pongracz.Szabolcs at evosoft.hu Fri Jun 18 11:14:11 2004 From: Pongracz.Szabolcs at evosoft.hu (Pongracz Szabolcs) Date: Mon Jun 21 13:09:43 2004 Subject: ###adding compression algorythm Message-ID: <40D2B263.5050601@evosoft.hu> Hello, I use gnupg 1.2.4 on windows. I would like to use bz2 for the compression before encryption. How can I tell gnupg a new compression algorythm. My gnupg currently doesn't know bz2 as compression algorythm, see the version output. ----------------------- gpg (GnuPG) 1.2.4 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: C:/gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFIS Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB ----------------------- Thanks, Szabolcs From eddie at roosenmaallen.com Fri Jun 18 16:25:11 2004 From: eddie at roosenmaallen.com (Eddie Roosenmaallen) Date: Mon Jun 21 13:09:50 2004 Subject: new with GPG In-Reply-To: <200406171216.51269.str@strgt.cjb.net> References: <200406171216.51269.str@strgt.cjb.net> Message-ID: <40D2FB47.1050005@roosenmaallen.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have, in the past, used GnuPG with Outlook Express. There is a plugin called GpgOE (http://0guita.com.ar/winpt/gpgoe.html) which gives you limited GnuPG support. A far better choixce would be to switch to Thunderbird (http://www.mozilla.org/products/thunderbird/) and use the Enigmail plugin (http://enigmail.mozdev.org). Peace, Eddie Roosenmaallen Stuardo - StR - Rodriguez wrote: > Hi there... > > I'm new here. And I'm starting to use GPG where I work and I would like to > know how to use gpg with with Windows. Anyone here using it with Outlook > and/or Outlook express? > > Is there an alternative to Outlook/Outlook-express for windows that uses GPG? > > Thanks _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA0vtHtGGqbMwazQURAuOXAKDaj3NCGuMxPhEWVyDDDubQNhUYiQCdHfP8 nmKkHqNgyV9L2F3wFqbxN8Y= =WCDh -----END PGP SIGNATURE----- From wk at gnupg.org Mon Jun 21 13:26:22 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 21 13:28:33 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040617030402.GB7934@jabberwocky.com> (David Shaw's message of "Wed, 16 Jun 2004 23:04:02 -0400") References: <20040616000959.GA2844@netzpunkt.org> <200406160956.33545.linux@codehelp.co.uk> <20040616100106.GC5365@netzpunkt.org> <20040616234931.GU4503@uriel.eclipsed.net> <20040617030402.GB7934@jabberwocky.com> Message-ID: <87pt7t9mox.fsf@wheatstone.g10code.de> On Wed, 16 Jun 2004 23:04:02 -0400, David Shaw said: > distribution channel does not have to be secure. Who cares if a > keyserver is hacked up one side and down the other? Unless it is We use keyservers also for revocations. A cracked keyserver might ignore revocations for certain keys and thus gives the attacker a way continuing the use of a compromised key. Salam-Shalom, Werner From dshaw at jabberwocky.com Mon Jun 21 14:25:28 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Mon Jun 21 20:03:00 2004 Subject: Duplicated User IDs arisen In-Reply-To: <87pt7t9mox.fsf@wheatstone.g10code.de> References: <20040616000959.GA2844@netzpunkt.org> <200406160956.33545.linux@codehelp.co.uk> <20040616100106.GC5365@netzpunkt.org> <20040616234931.GU4503@uriel.eclipsed.net> <20040617030402.GB7934@jabberwocky.com> <87pt7t9mox.fsf@wheatstone.g10code.de> Message-ID: <20040621122527.GA7243@jabberwocky.com> On Mon, Jun 21, 2004 at 01:26:22PM +0200, Werner Koch wrote: > On Wed, 16 Jun 2004 23:04:02 -0400, David Shaw said: > > > distribution channel does not have to be secure. Who cares if a > > keyserver is hacked up one side and down the other? Unless it is > > We use keyservers also for revocations. A cracked keyserver might > ignore revocations for certain keys and thus gives the attacker a way > continuing the use of a compromised key. But there is a crucial difference between a secure distribution channel and a reliable distribution channel. An attacker cannot falsely revoke a key - the best he can do is try to prevent a revocation from being distributed. This is similar to a denial of service where the attacker tries to prevent a user from getting a key in the first place, in hopes they will send a message unencrypted. David From atom at suspicious.org Mon Jun 21 20:48:20 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 21 20:45:42 2004 Subject: HOPE 5 - Encryption Key Signing Message-ID: <20040621144252.B22648@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 this is cool... there's gonna be a keysigning party at HOPE 5.... Encryption Key Signing Seth Hardy It's a surprising fact that a large number of attendees at this very conference, even those who call themselves hackers and/or security professionals, probably don't use any sort of encryption - or don't use it properly. One reason may be because people think nobody else uses it. So until it has a stronger presence, it won't be as widespread as it really should be. In order to help fight this, Seth will be hosting a key signing session. There will be a rundown of why people should be using strong crypto, how the web of trust works, and moderation to public verification of identity and key fingerprints. is anyone here attending HOPE this year? should we organize a sub-set of keysignings, amongst those of us on this list? ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "When one tries to rise above Nature one is liable to fall below it." -- Sherlock Holmes (Arthur Conan Doyle) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDXLXoACgkQnCgLvz19QeNgnwCfUBABBRQJLFAKEhrJNSmb8pZg 1N0AoIs81Yy0CyGY8TaMyFda9g8oH2AR =HIMX -----END PGP SIGNATURE----- From atom at suspicious.org Mon Jun 21 21:34:52 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 21 21:32:06 2004 Subject: HOPE 5 - Encryption Key Signing In-Reply-To: <20040621144252.B22648@willy_wonka> References: <20040621144252.B22648@willy_wonka> Message-ID: <20040621153405.F22648@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 oops... left this out... http://www.the-fifth-hope.org/hoop/5hope_speakers.khtml http://www.the-fifth-hope.org/ ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "This society began with stolen labor on stolen land, which makes all such claims to a tradition of freedom, null and void. It must also be said, that democracy and slavery cannot exist side by side. Nor can democracy and capitalism for that matter. No class society, based on exploitation of the many to enrich a greedy few, can properly claim to be a democracy." -- Ron Wilkins, KPFK (Pacifica), Los Angeles -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDXOGMACgkQnCgLvz19QeMhkACbBe304L/JAdpWJWCGmVegrArn fmAAoJmTszrfbFdXm196s+1QXeP93u43 =sL7c -----END PGP SIGNATURE----- From linux at codehelp.co.uk Mon Jun 21 22:05:14 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Mon Jun 21 22:01:24 2004 Subject: Strange behaviour on MacOSX In-Reply-To: <20040621144252.B22648@willy_wonka> References: <20040621144252.B22648@willy_wonka> Message-ID: <40D73F7A.1050502@codehelp.co.uk> Atom 'Smasher' wrote: > this is cool... there's gonna be a keysigning party at HOPE 5.... > > _________________________________________ > PGP key - http://atom.smasher.org/pgp.txt > 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > ------------------------------------------------- I just emailed atom about this but although I know atom likes tinkering with his keys, it might not be the key that is wrong. I think there's something strange going on with GnuPG 1.2.4 on MacOSX. When I verify this email on my iBook I get: fergus:~ neil$ gpg --verify Documents/atom.eml gpg: Signature made Mon Jun 21 19:48:26 2004 BST using DSA key ID 3D7D41E3 gpg: Good signature from "Atom Smasher " gpg: aka "Atom Smasher " gpg: WARNING: This key has been revoked by its owner! gpg: This could mean that the signature is forgery. gpg: reason for revocation: Key is superseded gpg: revocation comment: This key has been superseded by: gpg: revocation comment: 4096R 0x762A3B98A3C396C9C6B7582AB88D52E4D9F57808 gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 When I verify the same email on my PC (running the same version of GnuPG on Debian unstable) I get: neil@garfield:~$ gpg --verify atom.eml gpg: Signature made Mon Jun 21 19:48:26 2004 BST using DSA key ID 3D7D41E3 gpg: Good signature from "Atom Smasher " gpg: aka "Atom Smasher " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 Subkey fingerprint: 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 I can scp the email back and forth, delete the original key (that came from keyserver.kjsl.com) and use the key from a file from atom's own website and no difference. What might be going on? Here's --check-sigs from the MacOSX box: fergus:~ neil$ gpg --check-sigs d9f57808 pub 4096R/D9F57808 2004-05-11 Atom Smasher sig!3 P D9F57808 2004-05-12 Atom Smasher uid Atom Smasher sig!3 P D9F57808 2004-05-12 Atom Smasher sub 1024D/3D7D41E3 2003-10-04 [expires: 2006-01-25] sig! D9F57808 2004-05-12 Atom Smasher sub 2048g/1E88BF71 2003-10-04 [expires: 2006-01-25] sig! D9F57808 2004-05-12 Atom Smasher and again from the PC: neil@garfield:~$ gpg --check-sigs d9f57808 pub 4096R/D9F57808 2004-05-11 Atom Smasher sig!3 P D9F57808 2004-05-12 Atom Smasher uid Atom Smasher sig!3 P D9F57808 2004-05-12 Atom Smasher sub 1024D/3D7D41E3 2003-10-04 [expires: 2006-01-25] sig! D9F57808 2004-05-12 Atom Smasher sub 2048g/1E88BF71 2003-10-04 [expires: 2006-01-25] sig! D9F57808 2004-05-12 Atom Smasher I can't see any difference in the key. BTW. What does the P mean? -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20040621/d15b39b9/signature.bin From atom at suspicious.org Mon Jun 21 22:15:52 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 21 22:13:00 2004 Subject: Strange behaviour on MacOSX In-Reply-To: <40D73F7A.1050502@codehelp.co.uk> References: <20040621144252.B22648@willy_wonka> <40D73F7A.1050502@codehelp.co.uk> Message-ID: <20040621161115.F22648@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 21 Jun 2004, Neil Williams wrote: > BTW. What does the P mean? ==================== "P" in the signature means that there is a policy URL. sorry... i handled your off-list message on the command line and didn't notice all of that key stuff... too many lines starting with "gpg:"... on the machine that's being weird, have you tried deleting my [old] key multiple times? until it says the key isn't there? then, just to be sure, do a "--list-keys smasher" and make sure it's really gone.... ~then~ import the new key. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Fighting crime by building more jails is like fighting cancer by building more cemeteries." -- Paul Kelly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDXQf0ACgkQnCgLvz19QeOHVgCgpw1J4YjtBVn946DpJN+AJR/9 d3YAnjwbQQPHD/qZd858WuSjVayCaG+w =n2QH -----END PGP SIGNATURE----- From mail at mark-kirchner.de Mon Jun 21 23:11:46 2004 From: mail at mark-kirchner.de (Mark Kirchner) Date: Mon Jun 21 23:10:58 2004 Subject: Strange behaviour on MacOSX In-Reply-To: <40D73F7A.1050502@codehelp.co.uk> References: <20040621144252.B22648@willy_wonka> <40D73F7A.1050502@codehelp.co.uk> Message-ID: <731980873.20040621231146@mark-kirchner.de> On Monday, June 21, 2004, 10:05:14 PM, Neil wrote: > I just emailed atom about this but although I know atom likes tinkering > with his keys, it might not be the key that is wrong. I think there's > something strange going on with GnuPG 1.2.4 on MacOSX. When I verify > this email on my iBook I get: > > fergus:~ neil$ gpg --verify Documents/atom.eml > [snip] > Primary key fingerprint: 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 Only primary here, which means that on this machine you have his "original" key (signing key == primary). This key is revoked. > When I verify the same email on my PC (running the same version of GnuPG > on Debian unstable) I get: > > neil@garfield:~$ gpg --verify atom.eml > [snip] > Primary key fingerprint: 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > Subkey fingerprint: 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3 On this machine you probably have his new key only, where the "original" key was turned into a signing subkey. This subkey is not revoked. I could reproduce this behavior: - With both of his keys in my keyring I get the revoked-key-waring from gpg - after deleting the "original" key from the keyring the warning's gone Regards, Mark Kirchner -- _____________________________________________________________ Key (0x19DC86D3): http://www.mark-kirchner.de/keys/key-mk.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 183 bytes Desc: not available Url : /pipermail/attachments/20040621/47adaabb/attachment.bin From linux at codehelp.co.uk Tue Jun 22 01:38:02 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jun 22 01:34:19 2004 Subject: Strange behaviour In-Reply-To: <731980873.20040621231146@mark-kirchner.de> References: <20040621144252.B22648@willy_wonka> <40D73F7A.1050502@codehelp.co.uk> <731980873.20040621231146@mark-kirchner.de> Message-ID: <200406220038.06939.linux@codehelp.co.uk> Mark Kirchner wrote: > > On this machine you probably have his new key only, where the > "original" key was turned into a signing subkey. This subkey is not > revoked. > > I could reproduce this behavior: > - With both of his keys in my keyring I get the revoked-key-waring > from gpg > - after deleting the "original" key from the keyring the warning's > gone Excellent, thanks. The other box had deleted both the old keys when they showed up as revoked on the last refresh. It's sorted on the other box now - nice to know it was something simple. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040622/ec977957/attachment.bin From Holger.Sesterhenn at smgwtest.aachen.utimaco.de Tue Jun 22 09:50:56 2004 From: Holger.Sesterhenn at smgwtest.aachen.utimaco.de (Holger Sesterhenn) Date: Tue Jun 22 09:49:04 2004 Subject: ###adding compression algorythm In-Reply-To: <40D2B263.5050601@evosoft.hu> References: <40D2B263.5050601@evosoft.hu> Message-ID: <40D7E4E0.1090901@smgwtest.aachen.utimaco.de> Hi, > I use gnupg 1.2.4 on windows. I would like to use bz2 for the > compression before encryption. > How can I tell gnupg a new compression algorythm. > My gnupg currently doesn't know bz2 as compression algorythm, see the > version output. You can download the development version 1.3.6. But remember that most of the other OpenPGP clients does not support BZ2 compression at the moment (e.g. PGP 8.0x). -- Best Regards, Holger Sesterhenn --- Internet http://www.utimaco.com From test524 at comcast.net Tue Jun 22 14:12:56 2004 From: test524 at comcast.net (Charles) Date: Tue Jun 22 14:07:27 2004 Subject: Truncated file in GPG? Message-ID: <40D82248.8050001@comcast.net> Hello all, I'm running GPG version 1.0.6 on Debian stable for the first time. Kernel version is 2.4.18. (I sent this to the Debian mailing list, but didn't get a response--I'm not sure it is Debian specific.) I'm trying to perform a relatively simple task: encrypt a big MS Outlook mail archive file so that only I can decrypt it. I created a key for myself, and encrypted the file with gpg -e -r Charles mail.pst mail.pst is a 116MB file. The resulting mail.pst.gpg is 80MB. Something is clearly wrong. Though I'm aware GPG has compression, .PST is already a pretty compressed format. Doing gpg -d to decrypt gave me back a file that was about 81MB -- far smaller than the original. charles@compute1:/files/Work$ gpg -e -r Charles mail.pst charles@compute1:/files/Work$ ls -l total 200208 -r-------- 1 charles charles 122470400 May 2 22:11 mail.pst -rw-r--r-- 1 charles charles 82329455 Jun 18 21:41 mail.pst.gpg What's going on here? I'm running on a 667MHz P3 with 128MB RAM. Any help most appreciated. Thanks, Charles. From linux at codehelp.co.uk Tue Jun 22 15:10:41 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jun 22 15:07:52 2004 Subject: Truncated file in GPG? In-Reply-To: <40D82248.8050001@comcast.net> References: <40D82248.8050001@comcast.net> Message-ID: <200406221410.50492.linux@codehelp.co.uk> On Tuesday 22 June 2004 1:12, Charles wrote: > Hello all, > > I'm running GPG version 1.0.6 on Debian stable for the first time. You might find better results if you can use Debian testing or unstable - I've been using unstable for months now without problems. GnuPG in unstable is v 1.2.4 > Kernel version is 2.4.18. (I sent this to the Debian mailing list, but > didn't get a response--I'm not sure it is Debian specific.) It might not even be Linux specific, see later. > I'm trying > to perform a relatively simple task: encrypt a big MS Outlook mail > archive file so that only I can decrypt it. I created a key for myself, > and encrypted the file with > > gpg -e -r Charles mail.pst Where is this command being executed? There have been problems encrypting large files on Windows and this might be down to Windows memory management (which wouldn't affect you) or Windows filesystem management (which could). Do an md5sum of the original file, copy it to a genuine Linux filesystem, md5sum it and compare. Then try the encryption. > mail.pst is a 116MB file. But probably only contains 60Mb of mail. (Been there, done that.) It would be easy if you could export mail messages as files in a batch operation. > The resulting mail.pst.gpg is 80MB. Something is clearly wrong. Though > I'm aware GPG has compression, .PST is already a pretty compressed > format. ?? Last time I used it, it was a completely bloated format! One option: use a utility to farm these messages out into a directory as discrete files - far easier to view and read later. I had horrendous trouble getting archived mailboxes back into MS clients before I adopted KMail. I now use MHonArc (a perl script) to archive the mail into HTML. It's far easier and it's how most mail archives operate across the web. Easy to read, well indexed, easy to search. Example: http://www.dclug.org.uk/archive/ Eudora can be very useful in converting different mailbox formats and it writes into a true Unix/Linux format. http://mango.human.cornell.edu/kens/MoreFAQ.html#Convert Anything that converts into a open standard is going to make it easy to archive, encrypt and process. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040622/494d5eea/attachment-0001.bin From Ram.Manickam at logicacmg.com Tue Jun 22 11:22:57 2004 From: Ram.Manickam at logicacmg.com (Manickam, Ram) Date: Tue Jun 22 15:22:45 2004 Subject: Decryption Failed Message-ID: <7F3847280587D311BD3C00A0C9CFE6930592ECC0@hopper.logica.co.uk> Hi I'm working on GPG on Windows. I have installed and created keys successfully. Whenever my recepient tries to decrypt the message he gets the following error message : "gpg:decryption failed: secret key not available" The recipient has got the public keys. Can anyone help me where i'm doing wrong ? Couldn't find this error messages in FAQ. So i think i've got something wrong . Regards ~Ram This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. From wk at gnupg.org Tue Jun 22 15:37:12 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 22 15:38:29 2004 Subject: gpgme and signature comments In-Reply-To: <20040616124229.70bce279@BeBop> (Bill Thompson's message of "Wed, 16 Jun 2004 12:42:29 -0700") References: <20040616124229.70bce279@BeBop> Message-ID: <871xk790jb.fsf@wheatstone.g10code.de> On Wed, 16 Jun 2004 12:42:29 -0700, Bill Thompson said: > This may be a shot in the dark, but is anyone else having issues with > adding comments to a GPG ascii signature when signing through gpgme? The canonical answer is: Do not use inlined signatures - use proper PGP/MIME signatures. For good reasons I orginally implemented only the PGP/MIME signature format and abstained from doing this pretty long outdated PGP kludge on signing mails. You problems is just one of severals. Shalom-Salam, Werner From wk at gnupg.org Tue Jun 22 15:40:05 2004 From: wk at gnupg.org (Werner Koch) Date: Tue Jun 22 15:38:37 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040621122527.GA7243@jabberwocky.com> (David Shaw's message of "Mon, 21 Jun 2004 08:25:28 -0400") References: <20040616000959.GA2844@netzpunkt.org> <200406160956.33545.linux@codehelp.co.uk> <20040616100106.GC5365@netzpunkt.org> <20040616234931.GU4503@uriel.eclipsed.net> <20040617030402.GB7934@jabberwocky.com> <87pt7t9mox.fsf@wheatstone.g10code.de> <20040621122527.GA7243@jabberwocky.com> Message-ID: <87wu1z7lu2.fsf@wheatstone.g10code.de> On Mon, 21 Jun 2004 08:25:28 -0400, David Shaw said: > This is similar to a denial of service where the attacker tries to > prevent a user from getting a key in the first place, in hopes they > will send a message unencrypted. However in the case of a revocation, the user has to no way to decide whether to send it unencrypted or not - he will beleive that the key is still not revoked. Well, this is a general problem with all ways of doing revocations and there is no straight solution for it. Salam-Shalom, Werner From samuel at Update.UU.SE Tue Jun 22 15:55:22 2004 From: samuel at Update.UU.SE (Samuel ]slund) Date: Tue Jun 22 15:52:29 2004 Subject: Decryption Failed In-Reply-To: <7F3847280587D311BD3C00A0C9CFE6930592ECC0@hopper.logica.co.uk> References: <7F3847280587D311BD3C00A0C9CFE6930592ECC0@hopper.logica.co.uk> Message-ID: <20040622135522.GA17583@Update.UU.SE> On Tue, Jun 22, 2004 at 10:22:57AM +0100, Manickam, Ram wrote: > Hi > > I'm working on GPG on Windows. I have installed and created keys > successfully. Whenever my recepient tries to decrypt the message he gets the > following error message : > > "gpg:decryption failed: secret key not available" > > The recipient has got the public keys. > > Can anyone help me where i'm doing wrong ? Couldn't find this error messages > in FAQ. So i think i've got something wrong . You _seem_ to be saying that _you_ have created a key that you encrypt to and the recipient have got the public key for your key and can not decrypt the message. This is backwards. The recipient should have created their own key and you should encrypt to the recipients public key. When the recipient want to send things to you, your public key is used for encryption and you use your own private key to decrypt. HTH //Samuel From iam-est-hora-surgere at despammed.com Tue Jun 22 19:18:37 2004 From: iam-est-hora-surgere at despammed.com (Marcus Frings) Date: Tue Jun 22 19:15:45 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys Message-ID: Hello, could anyone please point me to the right section in the man page (which I'm obviously missing) how I can find out with a single gpg command line option if a key is just a sign-only key or a "normal" sign-and-encrypt key? Thanks in advance! Regards, Marcus -- "Es gibt nichts auf der Welt, das so riecht... Ich liebe den Geruch von Napalm am Morgen. Wei?t du, einmal haben wir einen H?gel bombardiert, 12 Stunden lang. Als alles vorbei war, lief ich da rauf. Das war ein Geruch - Du kennst doch diesen Geruch von Benzin - der ganze H?gel - ja, wie roch er? - wie nach Sieg roch er." From atom at suspicious.org Tue Jun 22 20:07:23 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 22 20:21:09 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: References: Message-ID: <20040622140238.J27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Jun 2004, Marcus Frings wrote: > could anyone please point me to the right section in the man page > (which I'm obviously missing) how I can find out with a single gpg > command line option if a key is just a sign-only key or a "normal" > sign-and-encrypt key? ============================= i'm not sure if there's a command to tell you that, as such. one way to do it is this: $ echo test | gpg --trust-model always -er 0xD9F57808 2> /dev/null > /dev/null ; echo $? if it says "0" the key can be used for encryption. anything else means the key can't be used for encryption... maybe because there's no encryption key, maybe because it's expired, revoked, not found ... ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- To become vegetarian is to step into the stream which leads to nirvana. -- Buddha -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDYdWIACgkQnCgLvz19QeP54QCfT5VZ/gNuK2dyVAAmNTAwUZhc 7aIAmQG52WjvfhQgfgOU7uQZAX/b+/aP =/7rj -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Jun 22 20:50:43 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Jun 22 20:47:48 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: References: Message-ID: <20040622185042.GC23950@jabberwocky.com> On Tue, Jun 22, 2004 at 07:18:37PM +0200, Marcus Frings wrote: > Hello, > > could anyone please point me to the right section in the man page > (which I'm obviously missing) how I can find out with a single gpg > command line option if a key is just a sign-only key or a "normal" > sign-and-encrypt key? gpg --with-colons --list-keys (thekey) Look in the 11th field. Capital S means the key can sign. Capital E means the key can encrypt. Capital C means the key can certify (i.e. sign other keys). David From stoyan at adiumdesign.com Tue Jun 22 20:53:49 2004 From: stoyan at adiumdesign.com (Stoyan Dimitrov) Date: Tue Jun 22 20:51:04 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <20040622140238.J27888@willy_wonka> References: <20040622140238.J27888@willy_wonka> Message-ID: <40D8803D.5010302@adiumdesign.com> when you type: gpg --list-keys look in the input after the type of the key (pub|sup) is the length of the key folowed by a single letter (for example '1024g') this letter tells you what is the what kind exactly is the key. read this: http://www.gnupg.org/gph/en/manual.html#AEN244 Atom 'Smasher' wrote: > On Tue, 22 Jun 2004, Marcus Frings wrote: > >>> could anyone please point me to the right section in the man page >>> (which I'm obviously missing) how I can find out with a single gpg >>> command line option if a key is just a sign-only key or a "normal" >>> sign-and-encrypt key? > > ============================= > > i'm not sure if there's a command to tell you that, as such. > > one way to do it is this: > $ echo test | gpg --trust-model always -er 0xD9F57808 2> /dev/null > > /dev/null ; echo $? > > if it says "0" the key can be used for encryption. anything else means > the key can't be used for encryption... maybe because there's no > encryption key, maybe because it's expired, revoked, not found ... > > > ...atom > > _________________________________________ > PGP key - http://atom.smasher.org/pgp.txt > 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > ------------------------------------------------- > > To become vegetarian is to step into the stream > which leads to nirvana. > -- Buddha _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- _________________ Best Regards, Stoyan Dimitrov From atom at suspicious.org Tue Jun 22 21:00:29 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Tue Jun 22 20:57:42 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <40D8803D.5010302@adiumdesign.com> References: <20040622140238.J27888@willy_wonka> <40D8803D.5010302@adiumdesign.com> Message-ID: <20040622145748.V27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Jun 2004, Stoyan Dimitrov wrote: > when you type: > gpg --list-keys > look in the input after the type of the key (pub|sup) is the length of the > key folowed by a single letter (for example '1024g') this letter tells you > what is the what kind exactly is the key. > read this: http://www.gnupg.org/gph/en/manual.html#AEN244 =================== that alone won't distinguish a sign-only RSA key, an encrypt-only RSA key or a sign+encrypt RSA key.... in all cases the key type is "R". ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Like many big companies, Microsoft wins by dominating distribution channels, not by having better products. Having a technical edge over competitors is not critical to their business." -- Paul Graham -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDYgdIACgkQnCgLvz19QeMVigCePif0WTK+Qk3+R0UzEUP2u1uE tNQAnjSfu3JbtGEkZi4LMMhJpt6sDZCT =uY2T -----END PGP SIGNATURE----- From Billt at Mahagonny.com Tue Jun 22 21:19:32 2004 From: Billt at Mahagonny.com (Bill Thompson) Date: Tue Jun 22 21:18:44 2004 Subject: PGP/Mime and Outlook (was: gpgme and signature comments) In-Reply-To: <871xk790jb.fsf@wheatstone.g10code.de> References: <20040616124229.70bce279@BeBop> <871xk790jb.fsf@wheatstone.g10code.de> Message-ID: <20040622121932.506b55dc@BeBop> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Jun 2004 15:37:12 +0200 Werner Koch wrote: > On Wed, 16 Jun 2004 12:42:29 -0700, Bill Thompson said: > > > This may be a shot in the dark, but is anyone else having issues with > > adding comments to a GPG ascii signature when signing through gpgme? > > The canonical answer is: Do not use inlined signatures - use proper > PGP/MIME signatures. > > For good reasons I orginally implemented only the PGP/MIME signature > format and abstained from doing this pretty long outdated PGP kludge > on signing mails. You problems is just one of severals. > I understand the problems with in-line signatures, but unfortunately many of the people I send e-mail to use M$ Outlook and Outlook Express. Outlook Express treats PGP/MIME signatures as "hostile attachments" and will not let OE users open them by default. The MS Office version of Outlook hides the signature attachment as a dat file. At least with an ASCII signature the recipient can see the signature and read the e-mail no matter how broken their MUA is. Is there a better answer to the compatibility issue? Should I just stop signing messages altogether? What are other people doing? - -BillT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA2IZEuLPldPuWZnARAtrdAKD6/oi/QoPzhmZHyvW0JNYXE3bbrACg8h5y pKe6aJln3AFzfwwwfLKXeR8= =Xo2w -----END PGP SIGNATURE----- From vedaal at hush.com Wed Jun 23 00:00:11 2004 From: vedaal at hush.com (vedaal@hush.com) Date: Tue Jun 22 23:57:13 2004 Subject: Duplicated User IDs arisen Message-ID: <200406222200.i5MM0Cxt015228@mailserver3.hushmail.com> >Message: 3 >Date: Tue, 22 Jun 2004 15:40:05 +0200 >From: Werner Koch >Subject: Re: Duplicated User IDs arisen >To: gnupg-users@gnupg.org >Message-ID: <87wu1z7lu2.fsf@wheatstone.g10code.de> >Content-Type: text/plain; charset=us-ascii > >On Mon, 21 Jun 2004 08:25:28 -0400, David Shaw said: > >> This is similar to a denial of service where the attacker tries >to >> prevent a user from getting a key in the first place, in hopes >they >> will send a message unencrypted. > >However in the case of a revocation, the user has to no way to decide >whether to send it unencrypted or not - he will beleive that the >key >is still not revoked. Well, this is a general problem with all >ways >of doing revocations and there is no straight solution for it. would a possible solution be to have key servers insist on entering the key id and fingerprint, before executing the search ? in any event, any key returned by the search should not be used until confirmed with the key id number and fingerprint, so this information is usually readily available to the searcher, and able to be entered into the keyserver search criteria. under such a system, there could be 'no' duplicate id's, and no denial of service spoofs, (other than a 'malicious' [or 'tampered with and rendered malicious'] keyserver, that, for one reason or other, intentionally 'lists' keys as revoked when in fact they are not. a possible solution to this, would be to allow users to download the 'revoked' key anyway, and have the user see from the key packets themselves that the revocation is genuine, gnupg would warn the user from encrypting to such a revoked key, so there would be no threat to the user.) vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about.php?subloc=affiliate&l=427 From iam-est-hora-surgere at despammed.com Wed Jun 23 00:02:37 2004 From: iam-est-hora-surgere at despammed.com (Marcus Frings) Date: Tue Jun 22 23:59:35 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys References: <20040622185042.GC23950@jabberwocky.com> Message-ID: * David Shaw wrote: > gpg --with-colons --list-keys (thekey) > Look in the 11th field. Capital S means the key can sign. Capital E > means the key can encrypt. Capital C means the key can certify > (i.e. sign other keys). Excellent! This is what I was looking for. Thanks, David! Regards, Marcus -- Post mortem, stirred tarantulas trill HHHHH through lung-books lined with gauze. Their cerci writhe outside the frame and scythes of come spell "No One's Home". (Rob Hardin: nerve terminals) From iam-est-hora-surgere at despammed.com Wed Jun 23 00:06:37 2004 From: iam-est-hora-surgere at despammed.com (Marcus Frings) Date: Wed Jun 23 00:08:03 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys References: <20040622140238.J27888@willy_wonka> Message-ID: * Atom 'Smasher' wrote: > one way to do it is this: > $ echo test | gpg --trust-model always -er 0xD9F57808 2> /dev/null > /dev/null ; echo $? Thanks for your help but David's way is much easier! :-) Regards, Marcus -- "Look at you, hacker. A pathetic creature of meat and bone, panting and sweating as you run through my corridors. How can you challenge a perfect, immortal machine?" (Shodan in System Shock) From jerry.windrel at verizon.net Wed Jun 23 02:41:45 2004 From: jerry.windrel at verizon.net (Jerry Windrel) Date: Wed Jun 23 02:38:00 2004 Subject: PGP/Mime and Outlook (was: gpgme and signature comments) References: <20040616124229.70bce279@BeBop><871xk790jb.fsf@wheatstone.g10code.de> <20040622121932.506b55dc@BeBop> Message-ID: <007801c458ba$dcc49a90$6401a8c0@Windows> I'm able to read PGP/Mime messages in Outlook Express, although in a relatively painful way. It arrives as 2 attachments, one .txt and the other signature.dat. I even recently found a way to verify those signatures with the free version of PGP, although it requires lots of clicking. ----- Original Message ----- From: "Bill Thompson" To: "Werner Koch" Cc: "Gnupg-Users" Sent: Tuesday, June 22, 2004 3:19 PM Subject: PGP/Mime and Outlook (was: gpgme and signature comments) > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 22 Jun 2004 15:37:12 +0200 > Werner Koch wrote: > > > On Wed, 16 Jun 2004 12:42:29 -0700, Bill Thompson said: > > > > > This may be a shot in the dark, but is anyone else having issues with > > > adding comments to a GPG ascii signature when signing through gpgme? > > > > The canonical answer is: Do not use inlined signatures - use proper > > PGP/MIME signatures. > > > > For good reasons I orginally implemented only the PGP/MIME signature > > format and abstained from doing this pretty long outdated PGP kludge > > on signing mails. You problems is just one of severals. > > > > I understand the problems with in-line signatures, but unfortunately many > of the people I send e-mail to use M$ Outlook and Outlook Express. Outlook > Express treats PGP/MIME signatures as "hostile attachments" and will not > let OE users open them by default. The MS Office version of Outlook hides > the signature attachment as a dat file. At least with an ASCII signature > the recipient can see the signature and read the e-mail no matter how > broken their MUA is. > > Is there a better answer to the compatibility issue? Should I just stop > signing messages altogether? What are other people doing? > > - -BillT > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFA2IZEuLPldPuWZnARAtrdAKD6/oi/QoPzhmZHyvW0JNYXE3bbrACg8h5y > pKe6aJln3AFzfwwwfLKXeR8= > =Xo2w > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From stoyan at adiumdesign.com Wed Jun 23 08:49:34 2004 From: stoyan at adiumdesign.com (Stoyan Dimitrov) Date: Wed Jun 23 08:46:45 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <20040622145748.V27888@willy_wonka> References: <20040622140238.J27888@willy_wonka> <40D8803D.5010302@adiumdesign.com> <20040622145748.V27888@willy_wonka> Message-ID: <40D927FE.3090703@adiumdesign.com> As far as I can remember in man pages there's no such thinkg like encrypting RSA keys. And generating of keys of that type is "certain potentially incompatible" (http://annys.eines.info/cgi-bin/man/man2html?1+gpg). So in general it is not needed to distinguish RSA keytypes. Atom 'Smasher' wrote: > On Tue, 22 Jun 2004, Stoyan Dimitrov wrote: > >>> when you type: >>> gpg --list-keys >>> look in the input after the type of the key (pub|sup) is the length of >>> the key folowed by a single letter (for example '1024g') this letter >>> tells you what is the what kind exactly is the key. >>> read this: http://www.gnupg.org/gph/en/manual.html#AEN244 > > =================== > > that alone won't distinguish a sign-only RSA key, an encrypt-only RSA > key or a sign+encrypt RSA key.... in all cases the key type is "R". > > > ...atom > > _________________________________________ > PGP key - http://atom.smasher.org/pgp.txt > 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > ------------------------------------------------- > > "Like many big companies, Microsoft wins by dominating > distribution channels, not by having better products. > Having a technical edge over competitors is not > critical to their business." > -- Paul Graham -- _________________ Best Regards, Stoyan Dimitrov From atom at suspicious.org Wed Jun 23 09:01:56 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 23 08:59:02 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <40D927FE.3090703@adiumdesign.com> References: <20040622140238.J27888@willy_wonka> <40D8803D.5010302@adiumdesign.com> <20040622145748.V27888@willy_wonka> <40D927FE.3090703@adiumdesign.com> Message-ID: <20040623025408.S27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Jun 2004, Stoyan Dimitrov wrote: > As far as I can remember in man pages there's no such thinkg like encrypting > RSA keys. And generating of keys of that type is "certain potentially > incompatible" (http://annys.eines.info/cgi-bin/man/man2html?1+gpg). So in > general it is not needed to distinguish RSA keytypes. ====================== i'm not sure about the man page, but gpg *does* handle RSA keys in sign-only, encrypt-only and sign+encrypt variations. in the output from --list-keys, all of them are noted as "R". actually... AFAIK, the RSA keys are technically the same for all 3 of the different uses; only the flags on the key specify how it is to be used. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Never forget that everything Hitler did in Germany was legal." -- Martin Luther King, Jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDZKusACgkQnCgLvz19QeObTACfXMB9+oRTpnLJSudfRT6ZsnRP y9MAmwU/bx1eA2GfefLOExaYl6oxQGnE =AAX/ -----END PGP SIGNATURE----- From stoyan at adiumdesign.com Wed Jun 23 09:37:37 2004 From: stoyan at adiumdesign.com (Stoyan Dimitrov) Date: Wed Jun 23 09:40:53 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <20040623025408.S27888@willy_wonka> References: <20040622140238.J27888@willy_wonka> <40D8803D.5010302@adiumdesign.com> <20040622145748.V27888@willy_wonka> <40D927FE.3090703@adiumdesign.com> <20040623025408.S27888@willy_wonka> Message-ID: <40D93341.8070608@adiumdesign.com> I'm not telling that gpg can not handle RSA keys I'm telling that using a RSA encrypting keys is deprecated. Atom 'Smasher' wrote: > On Wed, 23 Jun 2004, Stoyan Dimitrov wrote: > >>> As far as I can remember in man pages there's no such thinkg like >>> encrypting RSA keys. And generating of keys of that type is "certain >>> potentially incompatible" >>> (http://annys.eines.info/cgi-bin/man/man2html?1+gpg). So in general it >>> is not needed to distinguish RSA keytypes. > > ====================== > > i'm not sure about the man page, but gpg *does* handle RSA keys in > sign-only, encrypt-only and sign+encrypt variations. > > in the output from --list-keys, all of them are noted as "R". > > actually... AFAIK, the RSA keys are technically the same for all 3 of > the different uses; only the flags on the key specify how it is to be used. > > > ...atom > > _________________________________________ > PGP key - http://atom.smasher.org/pgp.txt > 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > ------------------------------------------------- > > "Never forget that everything Hitler did > in Germany was legal." > -- Martin Luther King, Jr _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- _________________ Best Regards, Stoyan Dimitrov From atom at suspicious.org Wed Jun 23 09:54:03 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 23 09:51:07 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <40D93341.8070608@adiumdesign.com> References: <20040622140238.J27888@willy_wonka> <40D8803D.5010302@adiumdesign.com> <20040622145748.V27888@willy_wonka> <40D927FE.3090703@adiumdesign.com> <20040623025408.S27888@willy_wonka> <40D93341.8070608@adiumdesign.com> Message-ID: <20040623034429.E27888@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 23 Jun 2004, Stoyan Dimitrov wrote: > I'm not telling that gpg can not handle RSA keys I'm telling that using > a RSA encrypting keys is deprecated. ====================== not according to my understanding of the latest OpenPGP draft - http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-10.txt 9.1. Public Key Algorithms ID Algorithm -- --------- 1 - RSA (Encrypt or Sign) 2 - RSA Encrypt-Only 3 - RSA Sign-Only <> Implementations MUST implement DSA for signatures, and Elgamal for encryption. Implementations SHOULD implement RSA keys. Implementations MAY implement any other algorithm. section 12.4 mentions deprecated _forms_ of RSA keys, but that doesn't mean that RSA keys will become deprecated anytime soon. that section is actually the reference to what i previously mentioned: >> actually... AFAIK, the RSA keys are technically the same for all 3 of >> the different uses; only the flags on the key specify how it is to be used. There are algorithm types for RSA-signature-only, and RSA-encrypt-only keys. These types are deprecated. The "key flags" subpacket in a signature is a much better way to express the same idea, and generalizes it to all algorithms. An implementation SHOULD NOT create such a key, but MAY interpret it. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "If the world were merely seductive, that would be easy. If it were merely challenging, that would be no problem. But I arise in the morning torn between a desire to improve the world, and a desire to enjoy the world. This makes it hard to plan the day." -- E.B. White -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDZNyEACgkQnCgLvz19QeNDJwCfSIamymIC0+14jW8/I79TQx9i k3EAn2wHe1oIf4Jq35cMU7j2pZ10CGyg =l4sL -----END PGP SIGNATURE----- From ralph at strg-alt-entf.org Wed Jun 23 11:20:11 2004 From: ralph at strg-alt-entf.org (Ralph Angenendt) Date: Wed Jun 23 11:17:48 2004 Subject: PGP/Mime and Outlook (was: gpgme and signature comments) In-Reply-To: <20040622121932.506b55dc@BeBop> References: <20040616124229.70bce279@BeBop> <871xk790jb.fsf@wheatstone.g10code.de> <20040622121932.506b55dc@BeBop> Message-ID: <20040623092011.GM10922@br-online.de> Bill Thompson wrote: > I understand the problems with in-line signatures, but unfortunately many > of the people I send e-mail to use M$ Outlook and Outlook Express. Outlook > Express treats PGP/MIME signatures as "hostile attachments" and will not > let OE users open them by default. The MS Office version of Outlook hides > the signature attachment as a dat file. At least with an ASCII signature > the recipient can see the signature and read the e-mail no matter how > broken their MUA is. > > Is there a better answer to the compatibility issue? Should I just stop > signing messages altogether? What are other people doing? Forget about OE or Outlook users and sign with PGP/MIME. How would you sign Attachments otherwise? Separately outside of your MUA? How would you sign non ASCII text inline? So much for compatibility, using *only* ASCII characters would break the language I normally write in. There are tools for Users of OE or Outlook, which enable them to read and sign with PGP/MIME (gpgrelay would come to mind, I don't know, if any of the other plugins are still in active development). My 2 cents, YMMV, but I do not want to be compatible with MUAs breaking ever second existing standard. Ralph -- Ralph Angenendt......ra@br-online.de | .."Text processing has made it possible Bayerischer Rundfunk...HA-Multimedia | ....to right-justify any idea, even one Rundfunkplatz 1........80300 M?nchen | .which cannot be justified on any other Tl:089.5900.16023..Fx:089.5900.16240 | ..........grounds." -- J. Finnegan, USC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20040623/aae6d915/attachment.bin From paolomail at noze.it Thu Jun 24 09:51:04 2004 From: paolomail at noze.it (Paolo Galati) Date: Thu Jun 24 09:48:31 2004 Subject: gpg --gen-key using /dev/urandom is possible? Message-ID: <1088063463.3241.1.camel@localhost> Hello all, there is a way to specify /dev/urandom as random number generator for --gen-key? I generate keys using a python script calling gpg trought a python product, the script stop responding because there's not enought entropy. A solution for this should be use /dev/urandom instead of /dev/random but i'm not able to find a way to use it. I know that using urandom is lack of security but for my use this is not a problem. Any help most appreciated. Thanks, Paolo -- Paolo Galati - [ n o z e S.r.l. ] Via Giuntini, 25/29 - 56023 Navacchio - Cascina (PI) Tel +39 (0)50 754380 - Fax +39 (0)50 754381 - mailto:paolomail@noze.it - http://www.noze.it From Bhaskar.Karuppiah at ge.com Thu Jun 24 16:35:17 2004 From: Bhaskar.Karuppiah at ge.com (Bhaskar.Karuppiah@ge.com) Date: Thu Jun 24 16:32:51 2004 Subject: Error while decrypting Message-ID: <38E8E66093F7D311BC3300508BCF431E1297F4CD@kans023cercge.erc.gecapital.com> Hi, When I try to decrypt the file I am getting the error message "gpg: mpi too large (25161 bits)". Any help on this would be much appreciated. Thanks, Bhaskar. From dshaw at jabberwocky.com Thu Jun 24 22:33:33 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 24 22:30:58 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <40D93341.8070608@adiumdesign.com> References: <20040622140238.J27888@willy_wonka> <40D8803D.5010302@adiumdesign.com> <20040622145748.V27888@willy_wonka> <40D927FE.3090703@adiumdesign.com> <20040623025408.S27888@willy_wonka> <40D93341.8070608@adiumdesign.com> Message-ID: <20040624203333.GD11342@jabberwocky.com> On Wed, Jun 23, 2004 at 10:37:37AM +0300, Stoyan Dimitrov wrote: > I'm not telling that gpg can not handle RSA keys I'm telling that using > a RSA encrypting keys is deprecated. RSA encrypting keys are not deprecated. GnuPG supports both RSA signing and RSA encryption. Try adding a new subkey onto a key. Note that RSA encryption is one of the options. David From boldyrev+nospam at cgitftp.uiggm.nsc.ru Thu Jun 24 17:24:20 2004 From: boldyrev+nospam at cgitftp.uiggm.nsc.ru (Ivan Boldyrev) Date: Thu Jun 24 22:47:10 2004 Subject: ###adding compression algorythm References: <40D2B263.5050601@evosoft.hu> <40D7E4E0.1090901@smgwtest.aachen.utimaco.de> Message-ID: <7a8rq1xng4.ln2@ibhome.cgitftp.uiggm.nsc.ru> On 8783 day of my life Holger Sesterhenn wrote: > But remember that most of the other OpenPGP clients does not support BZ2 > compression at the moment (e.g. PGP 8.0x). But it is handled by key preference mechanisim, isn't it? At least, there is no harm... -- Ivan Boldyrev Onions have layers. Unix has layers too. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20040624/03fd2cc1/attachment.bin From dshaw at jabberwocky.com Thu Jun 24 23:11:53 2004 From: dshaw at jabberwocky.com (David Shaw) Date: Thu Jun 24 23:08:56 2004 Subject: ###adding compression algorythm In-Reply-To: <40D7E4E0.1090901@smgwtest.aachen.utimaco.de> References: <40D2B263.5050601@evosoft.hu> <40D7E4E0.1090901@smgwtest.aachen.utimaco.de> Message-ID: <20040624211153.GE11342@jabberwocky.com> On Tue, Jun 22, 2004 at 09:50:56AM +0200, Holger Sesterhenn wrote: > Hi, > > > I use gnupg 1.2.4 on windows. I would like to use bz2 for the > > compression before encryption. > > How can I tell gnupg a new compression algorythm. > > My gnupg currently doesn't know bz2 as compression algorythm, see the > > version output. > > You can download the development version 1.3.6. > > But remember that most of the other OpenPGP clients does not support BZ2 > compression at the moment (e.g. PGP 8.0x). GnuPG 1.2.4 supports BZip2. Most likely the GnuPG binary he is using was not linked with the BZip2 DLL. I know there is one out there, but I have no idea how common it is. David From wrenhunt at hotmail.com Thu Jun 24 23:47:17 2004 From: wrenhunt at hotmail.com (J. Wren Hunt) Date: Thu Jun 24 23:44:43 2004 Subject: Error while decrypting In-Reply-To: <38E8E66093F7D311BC3300508BCF431E1297F4CD@kans023cercge.erc.gecapital.com> References: <38E8E66093F7D311BC3300508BCF431E1297F4CD@kans023cercge.erc.gecapital.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bhaskar.Karuppiah@ge.com wrote: | Hi, | When I try to decrypt the file I am getting the error message "gpg: mpi too | large (25161 bits)". Any help on this would be much appreciated. | | Thanks, | Bhaskar. You didn't specify which version/platform you're using, but check out: http://www.angelfire.com/pr/pgpf/pgpoddities.html Wren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA20vlA/qR4Uok1vQRAkPBAJ4hCQO1W9xb6CYAw13QklR114ZDDwCeNslc w/tSOQ4jS56Dieanr6e3cMs= =o4EP -----END PGP SIGNATURE----- From stoyan at adiumdesign.com Fri Jun 25 14:12:04 2004 From: stoyan at adiumdesign.com (Stoyan Dimitrov) Date: Fri Jun 25 14:09:11 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <20040624203333.GD11342@jabberwocky.com> References: <20040622140238.J27888@willy_wonka> <40D8803D.5010302@adiumdesign.com> <20040622145748.V27888@willy_wonka> <40D927FE.3090703@adiumdesign.com> <20040623025408.S27888@willy_wonka> <40D93341.8070608@adiumdesign.com> <20040624203333.GD11342@jabberwocky.com> Message-ID: <40DC1694.5040805@adiumdesign.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Now I get the situation. If you give me some links to fresh docs I'll appreciate that. David Shaw wrote: | On Wed, Jun 23, 2004 at 10:37:37AM +0300, Stoyan Dimitrov wrote: | |>I'm not telling that gpg can not handle RSA keys I'm telling that using |>a RSA encrypting keys is deprecated. | | | RSA encrypting keys are not deprecated. GnuPG supports both RSA | signing and RSA encryption. Try adding a new subkey onto a key. Note | that RSA encryption is one of the options. | | David | | _______________________________________________ | Gnupg-users mailing list | Gnupg-users@gnupg.org | http://lists.gnupg.org/mailman/listinfo/gnupg-users | - -- _________________ Best Regards, Stoyan Dimitrov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFA3BaUAH4oJh49lcMRAg1FAJ99741aPntdGLNl34BU9T8yrmv7RgCfRsvI MKsoisNxwQCsXfq3dwfuk6g= =Z9Ti -----END PGP SIGNATURE----- From Bhaskar.Karuppiah at ge.com Fri Jun 25 15:58:07 2004 From: Bhaskar.Karuppiah at ge.com (Bhaskar.Karuppiah@ge.com) Date: Fri Jun 25 15:55:38 2004 Subject: Error while decrypting Message-ID: <38E8E66093F7D311BC3300508BCF431E1297F4D5@kans023cercge.erc.gecapital.com> Hi Folks, Your help much appreciated ! Thanks Wren for your repsonse /....here is the details explanation of my error ... Server A and Server B used to send and recieve the files from each other.Server A runs on Sun Soloris and Server B runs on SunOS 5.9. Because of business decision we had to move Sun soloaris to Windows NT platform in server A.So we replaced Server A with new server which runs on Windows NT.All the keys have been exported to new server.When Server B tries to decrypt the file which was encrypted by new server , Server B is getting the following error message.The error message is "gpg: mpi too large (25161 bits)". We did not face problem until Server A is not replaced with Windows NT.It worked fine with old server. Please advice what could be the reason , any solution for that? Thanks, Bhaskar. -----Original Message----- From: J. Wren Hunt [mailto:wrenhunt@hotmail.com] Sent: Thursday, June 24, 2004 4:47 PM To: gnupg-users@gnupg.org Subject: Re: Error while decrypting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bhaskar.Karuppiah@ge.com wrote: | Hi, | When I try to decrypt the file I am getting the error message "gpg: mpi too | large (25161 bits)". Any help on this would be much appreciated. | | Thanks, | Bhaskar. You didn't specify which version/platform you're using, but check out: http://www.angelfire.com/pr/pgpf/pgpoddities.html Wren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA20vlA/qR4Uok1vQRAkPBAJ4hCQO1W9xb6CYAw13QklR114ZDDwCeNslc w/tSOQ4jS56Dieanr6e3cMs= =o4EP -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From Bhaskar.Karuppiah at ge.com Fri Jun 25 20:30:24 2004 From: Bhaskar.Karuppiah at ge.com (Bhaskar.Karuppiah@ge.com) Date: Fri Jun 25 20:28:57 2004 Subject: Decryption error. Message-ID: <38E8E66093F7D311BC3300508BCF431E1297F4E1@kans023cercge.erc.gecapital.com> Hi, I am having some strange error coming when I try to decrypt the file Server A and Server B used to send and recieve the files from each other.Server A runs on Sun Soloris and Server B runs on SunOS 5.9. Because of business decision we had to move Sun soloaris to Windows NT platform in server A.So we replaced Server A with new server which runs on Windows NT.All the keys have been exported to new server.When Server B tries to decrypt the file which was encrypted by new server , Server B is getting the following error message.The error message is gpg: Ohhhh jeeee: mpi crosses packet border secmem usage: 0/0 bytes in 0/0 blocks of pool 0/16384 We did not face problem until Server A is not replaced with Windows NT.It worked fine with old server. ....Can anyone hlep on this ? Thanks, Bhaskar. From rodrigopadula at sagraluzzatto.com.br Sat Jun 26 04:19:43 2004 From: rodrigopadula at sagraluzzatto.com.br (Rodrigo Padula) Date: Sat Jun 26 04:17:20 2004 Subject: GNUPG - BRAZIL Message-ID: <40DCDD3F.5040301@sagraluzzatto.com.br> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Werner Koch!! I am Brazilian, have just founded a group of studies Linux in my university and it would like to contribute with the popularization and translation of Gnupg here in Brazil! I would like to know how I do to contribute with the project GNUPG.ORG. - -- ================================================ * RODRIGO PADULA DE OLIVEIRA * * (o- BACHARELANDO EM SISTEMAS DE INFORMA??O * * //\ FACULDADE METODISTA GRANBERY - FMG * * V_/_ * * PostgreSQL - PHP - Slackware - Java * ================================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA3N0/0mHtsToThscRAuR3AJ4hUzzqtiCubYG1NGe+gfZvIN+b+ACgkvdu G1/5Gvd0Fyo9VlTzzOArK2A= =A4ER -----END PGP SIGNATURE----- From jharris at widomaker.com Sun Jun 27 20:27:37 2004 From: jharris at widomaker.com (Jason Harris) Date: Sun Jun 27 20:27:42 2004 Subject: key count, 2004-06-06 (+ duplicates by short keyid) Message-ID: <20040606200843.GR2103@wilma.widomaker.com> As of Sun Jun 6 19:30:00 2004 UTC, there are 172029 v2/v3 pubkeys, 1844621 v4 pubkeys, 1858528 subkeys, and 1793 duplicate (short) keyids on keyserver.kjsl.com. The duplicates appear below, sorted in reverse by the number of duplicates per keyid and then by keyid. This automated listing is more current than my manual list at: http://keyserver.kjsl.com/~jharris/duplicate_keyids.html and hopefully includes all the keys listed in it. (short keyid # of duplicates) DEADBEEF 4 6FC52472 2 6E849BB2 2 61DCAD84 2 59518C3D 2 10337301 2 FFEA1A95 1 FF86E089 1 FF6A6CA0 1 FF5F9A8D 1 FF495AD7 1 FF48CD90 1 FEEB7515 1 FEDF1BB3 1 FECB35D4 1 FEA05E06 1 FE9F8A51 1 FE69E918 1 FE61A9AE 1 FE5077F1 1 FE35FFBF 1 FDC940E7 1 FD7DB54D 1 FD3E3C28 1 FD04D2C9 1 FCEF82E1 1 FC2AD841 1 FC16E008 1 FBEB0BD6 1 FBDA93F0 1 FBD826F1 1 FBC324F6 1 FBB4F7B8 1 FB159E0D 1 FB14C5C7 1 FAEBD5FC 1 FAE0A994 1 FADFCD89 1 FACCD6D9 1 FAA99F8C 1 FA97182E 1 FA6176B4 1 FA00F4C7 1 F9DF3BF9 1 F9D0D26C 1 F9B4FB55 1 F99B11F2 1 F9826058 1 F91B36F2 1 F8FFD2F6 1 F8CA5F37 1 F8C6AACB 1 F831179D 1 F821C7C3 1 F80BD0FC 1 F7D25A87 1 F7C8A4F6 1 F790CE44 1 F773DE29 1 F76D77B9 1 F752FF43 1 F7482D02 1 F6FD5F57 1 F6D3E297 1 F6C7674A 1 F62A9198 1 F62591B5 1 F6119336 1 F5DF448C 1 F5D9D05E 1 F592EC30 1 F57F15E6 1 F527C750 1 F50BABB6 1 F4E3451D 1 F4C14E0B 1 F4B16D4B 1 F49FF063 1 F49E7EA5 1 F437FBB6 1 F4313A10 1 F4158062 1 F4102A7E 1 F3FCA949 1 F3F1D119 1 F3B7DE70 1 F397F98F 1 F37CB526 1 F35EE110 1 F35427EF 1 F34A75EB 1 F32BA4E7 1 F2F6EE93 1 F2F69F23 1 F2EEFCAB 1 F2DE1C64 1 F29E66C6 1 F28D86F3 1 F283C630 1 F22B91C1 1 F22A0263 1 F21C6560 1 F1FE5367 1 F1CF1800 1 F1C3EE5F 1 F1ADA78C 1 F18E3037 1 F185844A 1 F13972CD 1 F0FF4CF9 1 F099168C 1 F092ABFF 1 F07BD1EC 1 F00001BA 1 EFE465C9 1 EFDB4DFF 1 EF4F7D9B 1 EF4B2B1B 1 EF36997B 1 EF1A0D9D 1 EF1334E3 1 EF045A4A 1 EEEBC3CA 1 EEB93047 1 EE921CC1 1 EE841041 1 EE74769A 1 EE6C909D 1 EE6A1D59 1 EE4E9CBE 1 EE4949C9 1 EE190C59 1 EDAAE59C 1 ED58D277 1 ECF84952 1 EC9E1DFB 1 EC5665F4 1 EC28990F 1 EC0B60A5 1 EBFE19B1 1 EBFCEE57 1 EBF7584B 1 EBF5437B 1 EBC1AD29 1 EB9A9B36 1 EB73A58F 1 EB59D2E5 1 EB41899C 1 EB2CB21A 1 EADAF319 1 EAC003F8 1 EABF58FA 1 EA493162 1 EA330727 1 EA1D232D 1 EA070B69 1 E9FD0549 1 E9D500CD 1 E9C3AE75 1 E98CCB7F 1 E97A51C2 1 E9328E33 1 E8DAC5E0 1 E8B3A39E 1 E8AC04AA 1 E88C93C7 1 E86DAA49 1 E84F4732 1 E84BD0F1 1 E8344447 1 E7F1ECA9 1 E7DBE6F0 1 E76723FE 1 E73407C9 1 E7207217 1 E71E928D 1 E7165CA8 1 E6F2E251 1 E6E9E432 1 E6D5DF42 1 E6CB1A65 1 E6856DE5 1 E6738B71 1 E60847F4 1 E5E310C9 1 E5C37E59 1 E5B0BB4F 1 E5526149 1 E5522013 1 E5518D56 1 E537F0FE 1 E52A5A90 1 E515AF36 1 E4FEF2C9 1 E4FC38AC 1 E4EBA0D5 1 E4E8E13A 1 E4D4A010 1 E4CBBC73 1 E4C1F455 1 E4BE7B9F 1 E4BD2401 1 E490B8AF 1 E48A7A7A 1 E481CE40 1 E46B98D5 1 E428B785 1 E415B338 1 E412528C 1 E4095839 1 E3F014C2 1 E3E9DFE1 1 E39AFA69 1 E36B0F9C 1 E35AA856 1 E33CE394 1 E320CC89 1 E31CF95D 1 E316E1C6 1 E2F9E87C 1 E2A654C2 1 E29BC79D 1 E269EE80 1 E22C01C1 1 E21A58C3 1 E210E9B1 1 E207DF53 1 E1E33DA3 1 E1A695D1 1 E1762D0A 1 E14758B7 1 E146913F 1 E1247F0C 1 E113492A 1 E0F33253 1 E0C1EF35 1 E0AEC5B2 1 E0261027 1 E023BC6A 1 E018A303 1 DFB2B0D0 1 DFB196B0 1 DF5D2870 1 DF480802 1 DF3E8ED0 1 DF160971 1 DEFCD2FB 1 DEED60C0 1 DEB38CFD 1 DEB36882 1 DEA0382F 1 DE5D2D89 1 DE4A83AE 1 DE3E6789 1 DE1C3DFA 1 DDB289D4 1 DDA3F71E 1 DD5E53C0 1 DCD2E949 1 DCA936D8 1 DC6F4AF5 1 DC3C73D1 1 DC294139 1 DBC8486E 1 DBACFFB8 1 DB612E04 1 DB54F1EE 1 DB5498C8 1 DB417E40 1 DB2FD68E 1 DB2E641C 1 DB13EFA4 1 DB127C12 1 DAFD9EEC 1 DAFCC82E 1 DABF1902 1 DAB62EDC 1 DA9240F5 1 DA83C1B0 1 DA68AA9B 1 DA602DD1 1 DA4741A2 1 DA3F9441 1 DA3E21F5 1 DA0516CE 1 D9FC04D7 1 D9C18885 1 D9B2495D 1 D977F7ED 1 D95D2131 1 D94B31F0 1 D94A5D84 1 D93ED534 1 D923B439 1 D8F23CA8 1 D8E61860 1 D8C8F3ED 1 D873C5A9 1 D856E1D3 1 D801ECFD 1 D79DA15F 1 D79842FB 1 D74C5F79 1 D74C546E 1 D747690B 1 D730FAAF 1 D730EEB9 1 D7289701 1 D7105B74 1 D70D2A7E 1 D6E0FD64 1 D6CE34D6 1 D6C2440E 1 D6B4889B 1 D669140C 1 D6603892 1 D64E3F6D 1 D642143E 1 D624D56A 1 D5DC1BF9 1 D5CF5A50 1 D5C96F11 1 D5B4A430 1 D5B47A46 1 D5A12271 1 D596E7D4 1 D5926B78 1 D58CB69D 1 D56C1743 1 D5276C2F 1 D50B5187 1 D4F76FE9 1 D4EC72AD 1 D4E3ECAE 1 D4B98B53 1 D49B0275 1 D483E12A 1 D42B9CB1 1 D420D5CE 1 D4135633 1 D3FA450C 1 D3D9FF2A 1 D3AE4BA1 1 D3ABD4E3 1 D37E3362 1 D3613155 1 D32F3547 1 D2B47918 1 D268335B 1 D24A2ABB 1 D23C47FE 1 D1C3696E 1 D1BD8CAD 1 D1AD0821 1 D1A0E42D 1 D111E820 1 D0FA3598 1 D0AFA10B 1 D09ECD9F 1 D0961561 1 D0422188 1 D040CACC 1 D03C17F9 1 D03B4865 1 D032E6A8 1 D02B940F 1 D00F2CDE 1 CFD28B45 1 CFA0C8B0 1 CF924D61 1 CF6B5950 1 CF62D0C4 1 CED37FF7 1 CEAC5C00 1 CE9FA937 1 CE7D0067 1 CDD050C3 1 CDC5A1B7 1 CDB07D73 1 CDAF7557 1 CD4F0C21 1 CD3891F1 1 CD20BD7D 1 CD07DC2C 1 CCFF0104 1 CC8C470A 1 CC66E722 1 CC12E8FB 1 CBFDDC1F 1 CBAC8696 1 CB649C90 1 CB501A68 1 CB12F02F 1 CAF09C61 1 CAC44D51 1 CAADAC28 1 CA7CA2A5 1 CA7BAB0A 1 CA57868A 1 CA0D9524 1 C9EFF417 1 C9EA8406 1 C9E73AC3 1 C9E1AF7E 1 C9E0C417 1 C99E9B78 1 C965C4A5 1 C9336CC9 1 C8D7DE5D 1 C8A2836F 1 C8632747 1 C8568F66 1 C8344E2E 1 C7A119B5 1 C7806863 1 C752847A 1 C7399C7A 1 C71C9220 1 C7138A01 1 C6C80B8D 1 C6C6E310 1 C68357E2 1 C663621A 1 C6501016 1 C62AD0A0 1 C603B705 1 C5FF0A21 1 C5DC8A3A 1 C5C76C81 1 C5B6107F 1 C5A196B9 1 C5334C52 1 C4F26949 1 C4D5167C 1 C4798E05 1 C4786479 1 C40DA8E8 1 C3EB7DE5 1 C3AEACC3 1 C3A66724 1 C38D2A3D 1 C3826A03 1 C34910D0 1 C33603C1 1 C31D3929 1 C30BC6E5 1 C2D3A6DA 1 C21F4F00 1 C1DC35BC 1 C13BF36E 1 C11F6F3B 1 C0BA470F 1 C07ED679 1 C008C0A6 1 BFB528B7 1 BFA35666 1 BF71BDF4 1 BF5A3D1A 1 BED13542 1 BEC507D1 1 BEC10F93 1 BEAE0747 1 BE7B3AA2 1 BE378C4F 1 BE283571 1 BE1B98D8 1 BD81AE64 1 BD6D1A49 1 BD0FD942 1 BD0C16C4 1 BCAAA04D 1 BC799D53 1 BC6102C6 1 BC56D27C 1 BC349218 1 BC233281 1 BC0A530B 1 BC047C0A 1 BBF961F9 1 BBDAD91B 1 BBD92EB1 1 BB44B70C 1 BB35C66D 1 BB34BB9B 1 BAFC0363 1 BAF40252 1 BAEF1196 1 BA6CD06E 1 BA45BDF6 1 BA099952 1 BA08D0D4 1 B9B71C4C 1 B99F8379 1 B9869872 1 B986484E 1 B902E268 1 B8D3D51F 1 B8B539C8 1 B8B1D870 1 B877EAF4 1 B86E1155 1 B847F1D1 1 B8384117 1 B8170D80 1 B813BF46 1 B7F26B77 1 B7EE92C6 1 B7D1ABBF 1 B7BD960F 1 B7A464F9 1 B77AC4C9 1 B7683091 1 B753388D 1 B73FDC72 1 B7373685 1 B6AF2183 1 B6A8B7DC 1 B6995831 1 B6746995 1 B671B1EE 1 B62F43F9 1 B5CB72B7 1 B5A431FC 1 B5984048 1 B58F6E0C 1 B57D2192 1 B554F710 1 B51F25AE 1 B509FFB3 1 B4AE8D20 1 B4A70D4D 1 B470FE8A 1 B46DC1B1 1 B44078FB 1 B3E99F8C 1 B3D737D6 1 B3D693F2 1 B3D0A7B0 1 B3CD9812 1 B3C99E28 1 B3B8C015 1 B36E4C28 1 B33CFFF0 1 B3148FD4 1 B301618A 1 B2FD738B 1 B2F84AED 1 B2964921 1 B2620BB7 1 B253A92C 1 B2324431 1 B2305050 1 B20D9A65 1 B1F3E29B 1 B1CC6BD0 1 B1BB3676 1 B18C014F 1 B1793A97 1 B173A7B4 1 B1699533 1 B163261F 1 B162429A 1 B13572B7 1 B12BFBCE 1 B12A9E03 1 B121F847 1 B1150D44 1 B1054E2B 1 B0DF3092 1 B0C41186 1 B0B12CAB 1 B0946332 1 B07C9D47 1 B059FF01 1 B0509FBE 1 AFD17D59 1 AF99F592 1 AF85FF26 1 AF62EB67 1 AF3E9638 1 AF275805 1 AEEB8B5B 1 AECE4A7A 1 AE7472A5 1 AE5871F3 1 AE55B221 1 AE433DE3 1 AE19E0C8 1 ADDD90C4 1 ADDA78BE 1 AD5D2D2B 1 AD1556E6 1 ACD658F0 1 ACAB37E1 1 ACA06F77 1 AC8AAEF9 1 AC879B8C 1 AC77066A 1 AC63A600 1 AC39BBA2 1 AC30B989 1 AC03601E 1 ABDAA3DA 1 ABAFAD6E 1 ABAA3C90 1 ABA3AE8F 1 AB145AD0 1 AB0DDDFB 1 AAB5538C 1 AA7DD5D9 1 AA6B8C07 1 AA6451DB 1 AA6330DE 1 AA2D3D51 1 A9F83387 1 A9E781C0 1 A9C747A7 1 A9C1DA04 1 A985450F 1 A956406D 1 A9117B51 1 A8CC5B8D 1 A8BF6085 1 A8B35D11 1 A8A369C9 1 A89E8BF2 1 A86F98CE 1 A7C3B5F9 1 A7B26A1A 1 A76D53F5 1 A768291F 1 A74300B3 1 A712FDC0 1 A710A4A7 1 A6ECA8F3 1 A6DE7508 1 A6DE1F89 1 A6C7836D 1 A6452044 1 A6371EFC 1 A5FC0936 1 A5DAF484 1 A5BF15B6 1 A5A2EDE5 1 A56E15A3 1 A55AAECF 1 A546C9E9 1 A52B06FB 1 A513EC05 1 A4C5A65D 1 A4B119CE 1 A4973A65 1 A48CA749 1 A480F8D3 1 A47C2E15 1 A459E563 1 A41D767D 1 A35FD3FC 1 A35EA3D1 1 A34B3553 1 A3166F17 1 A3146596 1 A2FD4AF7 1 A2CADC81 1 A2B9A085 1 A25837CC 1 A2120CD4 1 A2080434 1 A1FBC4DF 1 A1C71AC6 1 A1AB8452 1 A1A5917C 1 A1A4E5D2 1 A19EE6FA 1 A127B880 1 A1271B4E 1 A11DA8F2 1 A0C5B0D6 1 A0C2AC69 1 A0A12B52 1 A08C20BD 1 A076FB94 1 A04C4CB0 1 A03588F4 1 A00006C8 1 9FEFA726 1 9FD7A290 1 9FCB8F11 1 9FC561A1 1 9FBDD7A0 1 9FB3FAD2 1 9F4DD493 1 9F1C26AF 1 9F0B7674 1 9EDD895D 1 9EC3E1C1 1 9E8480BD 1 9E7A3BCB 1 9E66EAE6 1 9E2CB1AB 1 9E136429 1 9D886B88 1 9D701AD1 1 9D69CE01 1 9D5EC10D 1 9D5A28C5 1 9D41A5E0 1 9D311099 1 9D23D715 1 9CCD4C36 1 9C977DC6 1 9C797A33 1 9C62C238 1 9C2607DE 1 9C07D7E1 1 9BF76715 1 9BDC67B7 1 9BCCB299 1 9BC6E569 1 9B91477D 1 9B81FBEA 1 9B4A16A2 1 9B453F02 1 9B21CC3D 1 9B097544 1 9B01B926 1 9AEA8E7C 1 9AE95DB4 1 9ADC3F22 1 9AD2D787 1 9ACE8476 1 9AA829DD 1 9A6B2ED1 1 9A5FF152 1 9A2E7CF3 1 9A295B04 1 9A05C531 1 99F5A28D 1 99DC18FF 1 99C88F47 1 99BDA4A1 1 999F8048 1 9997BEFD 1 99827D58 1 99698A01 1 99659458 1 9939DA76 1 9910E565 1 98E9D53D 1 98E8562D 1 98B85A14 1 98B3C089 1 98AFE82E 1 98AB344B 1 988D16E5 1 987D847D 1 9857D0AC 1 98453972 1 97E11812 1 97DFB49B 1 97CB4AA7 1 97C54618 1 97C07C3C 1 97B02B9F 1 9765F187 1 975CA949 1 973C1033 1 972CE23B 1 96E8EEDA 1 96BC6AEE 1 96B31AB2 1 96B128E0 1 96935B9C 1 9686D87A 1 9680419D 1 967DC5DD 1 967885A6 1 9652ED31 1 965238F3 1 96348FD1 1 95EF1453 1 958BC6BA 1 9585AEE2 1 95063EB5 1 94E52A28 1 9488E5F9 1 947C42DF 1 9460EF34 1 942F97AC 1 941DCFCD 1 93CFD861 1 938883D3 1 93738FC3 1 9364F4F4 1 93157581 1 92EE7592 1 92C11F27 1 92987D92 1 928F323D 1 924F0AE6 1 9216F7C3 1 91A89703 1 9189AC99 1 917FAE6B 1 9150E5B0 1 9134EA18 1 9131544A 1 90EA2F9D 1 906E7BA0 1 903C18AE 1 9009BA70 1 9003D406 1 8FF8A5FE 1 8FD86BA7 1 8FA45433 1 8F4B50B0 1 8F4AAFE7 1 8F1DCFA4 1 8F1C5E0A 1 8F103CDE 1 8EC4070F 1 8EB3039C 1 8E9A7257 1 8E913541 1 8E813F21 1 8E6C5CB9 1 8E69EECE 1 8E5222DD 1 8DDFBFE6 1 8D89BF15 1 8D7EAD6B 1 8D56CB67 1 8D315505 1 8D0B88F3 1 8CFC045E 1 8CF85F2D 1 8CDECCCE 1 8CB97256 1 8C90A57F 1 8C8EB1F0 1 8C68A2D0 1 8BE42553 1 8B8D1E9D 1 8B5BEF71 1 8AAEE315 1 8A963CA6 1 8A34ABA7 1 8A20D87D 1 89F0B16D 1 89D7CB14 1 89B5EF29 1 89B5CEDD 1 898040B7 1 89694C4C 1 891F9237 1 88FBB364 1 88ED08C5 1 88EBF681 1 88E56929 1 88A2E2C9 1 88956A20 1 8884F4BA 1 8880D131 1 8844B415 1 880F1F45 1 878AB4DB 1 877A446F 1 876F1A2D 1 8767061F 1 87643D9E 1 875DD099 1 8736A158 1 87274DB7 1 87215224 1 86E9F8D4 1 86A8BA32 1 8695A967 1 866A3DAD 1 864387D5 1 8626AC55 1 86224F18 1 8615F33E 1 8601AF9C 1 85F53CA8 1 85ECA856 1 85E5A62A 1 85CFC6EF 1 85875053 1 8575A580 1 85490143 1 8545F21C 1 85365895 1 853654B5 1 84A24375 1 84800409 1 8472E971 1 846D581E 1 84499C79 1 843EBE20 1 843A3360 1 84006A4E 1 83E4CA95 1 83989776 1 838E25BF 1 834DA0A9 1 834733AC 1 833837CC 1 82892AA3 1 82677E75 1 8236BBFA 1 81DC42DD 1 81CAA485 1 8173F9A9 1 8162F90D 1 8104A699 1 8100C470 1 80A991E6 1 809E90F5 1 8092DA51 1 8053BF89 1 80474F32 1 8038ADD1 1 800DAA6E 1 7FFEDDFA 1 7FE905CC 1 7FC625DA 1 7FA098B3 1 7F937764 1 7F5EFE30 1 7F46702F 1 7F2FA038 1 7F0585F1 1 7EDBEC4E 1 7EA2E8EC 1 7E971FAE 1 7E785D53 1 7E5E91ED 1 7E334162 1 7E1D050E 1 7E0E2801 1 7E02424C 1 7DFB3738 1 7DDAB28F 1 7D688F15 1 7D4EC548 1 7D047EB3 1 7D01FA48 1 7CFF623B 1 7CC1E713 1 7C18488D 1 7BFE3FC1 1 7B6A2997 1 7B3FECA8 1 7B22F4FA 1 7B0F054F 1 7B0EC78E 1 7B08536A 1 7AE9EAC7 1 7AA7A28B 1 7A818722 1 7A4A5F53 1 7A0E8801 1 79A29990 1 798CF548 1 79780805 1 7974C95E 1 796B3439 1 7958AD6F 1 792F6885 1 78AC0AF8 1 787E18A4 1 78695CFD 1 784E6BBF 1 781E0E81 1 78130F32 1 77FCAE8E 1 77F476CC 1 77E19C76 1 77A3FBBB 1 779A9891 1 77984DDC 1 77486DCF 1 772B6551 1 76AE7175 1 768D627E 1 7688AA16 1 76781382 1 7649131D 1 764183DD 1 763C940C 1 7636F92E 1 760A972F 1 75CA9E60 1 75AA6352 1 758C6BC5 1 7543B782 1 74D35A55 1 74CD1041 1 74B8918F 1 7457B219 1 74303CA8 1 740F69ED 1 73C51AFC 1 73043469 1 7300B960 1 72F3AD39 1 72D98613 1 72D5E7B4 1 72CADA85 1 72B4D960 1 72A6A02D 1 728E84AD 1 72787E1C 1 722A7990 1 7208F11E 1 717161AE 1 716EB518 1 71668B91 1 71579DFD 1 71422425 1 70FFF9E2 1 70FC2835 1 70FA79A3 1 70F7362D 1 70DCD4F2 1 70D64C49 1 70AE18FC 1 708F21A0 1 70819317 1 705A7DBF 1 70555EB4 1 7027CBFA 1 6FF8AD8A 1 6FEE4A9D 1 6FE71551 1 6FE3B1F4 1 6FD1C1C4 1 6FCD8A93 1 6FCB62BB 1 6FC9E91D 1 6FAFC661 1 6FA09C8B 1 6F9C1DBE 1 6F57602C 1 6F4ABFC8 1 6F39F385 1 6F202346 1 6F1FD824 1 6F0747C6 1 6EA9656E 1 6E940539 1 6E3A63C3 1 6E269F33 1 6E03252F 1 6DC986EF 1 6D816342 1 6D4E678A 1 6D3C7479 1 6D3AF72C 1 6D20B645 1 6D0589F6 1 6CACA598 1 6CA05373 1 6C876CEC 1 6C7F11DE 1 6C66EC2F 1 6C6481CA 1 6C6133BD 1 6C32639E 1 6C1DC67B 1 6C1C1DB2 1 6C195A5F 1 6BFDB5B1 1 6BE64D50 1 6B8B4141 1 6B75150E 1 6B481AB2 1 6B3DC50C 1 6AF17EA7 1 6AAE7A60 1 6A8F3B36 1 6A4C83F3 1 69CF3E39 1 69CAA252 1 69C65B1B 1 69A97E35 1 69877383 1 696AF4E5 1 693BA922 1 6914D9E9 1 691281AA 1 68E65C33 1 68C746C5 1 68B9F2E1 1 689F0C80 1 68967AC6 1 68601497 1 67F71227 1 67F19C8D 1 67CFC0D4 1 67C0A6FE 1 67A39D11 1 679A7B31 1 6798ACDF 1 67800C7C 1 66FBDC22 1 66811C6E 1 666F51C8 1 65CCF300 1 65BFC16D 1 65B51E0D 1 657ACDEC 1 65516DAA 1 654BC86B 1 6538D16B 1 64D4C5A3 1 649701F6 1 6469923A 1 642DC3B5 1 6401A109 1 63DB2AC5 1 63BEB808 1 638D221A 1 6354A474 1 630D1137 1 630C2C80 1 63037F7F 1 62FD6545 1 62CAD444 1 62AA84B2 1 629EC328 1 6291B7B3 1 62464A3C 1 621FFE5D 1 6211000E 1 61F3445D 1 61D9DBEC 1 61BAD897 1 619F548A 1 61968F51 1 6195CC02 1 615B9A33 1 613BD2F9 1 6125A9AD 1 60E1FFD3 1 60DB165B 1 608BB3C9 1 60759D09 1 6062FDA2 1 60497BF4 1 603A161E 1 602ABD10 1 6017BDD7 1 60154CD5 1 5FB423B6 1 5FA63B8D 1 5F9F4379 1 5F4B6D40 1 5F33F7B7 1 5F2986D2 1 5F26D087 1 5F244ECA 1 5F1141A5 1 5EFD3DC1 1 5EE8F65A 1 5EE76F85 1 5EB90F67 1 5E986314 1 5E181A6D 1 5DF6AE1D 1 5DECF171 1 5DB5C01B 1 5D9EFC4D 1 5D7CD8AE 1 5D7C5207 1 5D460BB2 1 5D0E2861 1 5D0D8A0D 1 5CEDB0EF 1 5CE2CE5E 1 5CDC5684 1 5CC0B513 1 5CA46E7D 1 5C995945 1 5C8415AF 1 5C75D890 1 5BEE687D 1 5BEADB3D 1 5BE97622 1 5BE524E9 1 5BB03781 1 5BA36BE1 1 5B927374 1 5B3F9640 1 5AF343D0 1 5A8BE3F5 1 5A84B219 1 5A7B6A54 1 5A73C98E 1 5A62D6B1 1 5A1D8BD3 1 5A1A5201 1 59C25118 1 59BA6993 1 596B51FD 1 5958E083 1 5930BDC7 1 590C575C 1 58D766D1 1 5819CF01 1 580545C6 1 57C71C82 1 57A96C80 1 5798556B 1 5768246C 1 5767735F 1 5742B46E 1 57190CE2 1 56AC4D6B 1 569D00EC 1 567BA000 1 566CE73A 1 566AB279 1 55EBF239 1 55CBCAC2 1 55B2D6C2 1 55AD1433 1 55A49D93 1 553569BE 1 547E6907 1 54508B3B 1 544E17D6 1 53E0EEE4 1 53BFC700 1 53651DE3 1 532414CE 1 52E7B5EE 1 52E4D0DB 1 5214057B 1 51FD1E64 1 51FC68CA 1 51F7AA99 1 51F79498 1 51F3DD2B 1 51DE75E4 1 51AC728B 1 51A4488C 1 5188FF6D 1 5180DF5C 1 514A86F1 1 5113A93E 1 50C64A83 1 508728F1 1 506F036A 1 504B34F0 1 50238A9D 1 4FBAF1A6 1 4FA75F05 1 4F709D15 1 4F57456E 1 4F275C49 1 4EE218A7 1 4EE04BC9 1 4E999D75 1 4E54E46A 1 4E062DFC 1 4DDFC7CF 1 4DC90D11 1 4D9D72EA 1 4D5C52B1 1 4D34A0EF 1 4D2294BD 1 4D22032A 1 4D082587 1 4C621713 1 4C22B70B 1 4C1A7F18 1 4C0D1EC3 1 4BAE5061 1 4B99D24A 1 4B8FFF5D 1 4B82FC4C 1 4B63C3B2 1 4B35C392 1 4B2BE9F1 1 4B1B86E5 1 4B1202C0 1 4AF8FC3E 1 4ADD98C6 1 4ACD8F49 1 4A90AD06 1 4A8BEC8F 1 4A87734A 1 4A2B7F33 1 4A1E9476 1 49C60322 1 49BFBFD0 1 49561B91 1 49299FCD 1 490C5BCE 1 4903984A 1 48D8CDDE 1 48991887 1 48289587 1 4827DD7F 1 48229794 1 47FF0547 1 47E78BE8 1 47C6D5FA 1 47B81485 1 47B57B32 1 47A7606C 1 479B59A6 1 478BF40C 1 4781CE09 1 47773F6C 1 475DD6E1 1 4740FECC 1 472F50B5 1 46FADE2B 1 46E18F5F 1 46E09E1D 1 4650D196 1 46509089 1 463F7174 1 463C5060 1 45DD2581 1 45B283E1 1 45A6E792 1 45708711 1 456FF437 1 454208FC 1 45402B60 1 44F56AE5 1 44764DFB 1 44657857 1 444FCABD 1 4442A170 1 43BDC7E8 1 43B726C5 1 43A75E60 1 4386FD2D 1 4375BA12 1 43714484 1 4363B423 1 434B21F9 1 431C9CAF 1 4318F5A3 1 4318372B 1 42FE92FE 1 42FBC3DC 1 42F0A0A0 1 42619341 1 424AF333 1 421ADB86 1 41CCA7BE 1 41712E8E 1 41579935 1 4131A403 1 40B8AAA5 1 4085FA17 1 406A3EF1 1 40454420 1 40380DE6 1 402C84BD 1 3F924C4C 1 3F790C63 1 3F5E1D96 1 3F297F37 1 3F021CEE 1 3EF0FE84 1 3EED622B 1 3EDDE3E8 1 3E8A7ADC 1 3E7E6EDD 1 3E450097 1 3E0DE786 1 3E0A7183 1 3DFDF9F4 1 3DEC86EB 1 3DDAF9A4 1 3DD29D15 1 3DD1D416 1 3DCE5DE7 1 3DA44272 1 3D7D41E3 1 3D4AA34B 1 3D45029A 1 3D2A7407 1 3CED4507 1 3CEAFBFD 1 3CB0A5B0 1 3C8062DD 1 3C777CC5 1 3C338C6C 1 3C0BE998 1 3BECB6CD 1 3BE8B3FF 1 3BDFE03F 1 3BD632AF 1 3BB3B286 1 3B80E74C 1 3B693818 1 3B2948E9 1 3B1D9DF6 1 3B03BF01 1 3AE1ECD5 1 3AE04EAD 1 3ADE1B26 1 3AC7B6F9 1 3ABE47FC 1 3A882409 1 3A43827A 1 3A2F6830 1 3A2E2E9F 1 3A27D00C 1 39F5E107 1 39E6F085 1 39AD3E14 1 39AB7A89 1 39708D15 1 395B2E0C 1 3941360B 1 393A67EB 1 391CF57F 1 39199DBA 1 391627C5 1 38E95B78 1 38B514DA 1 38A4A841 1 38838E3F 1 385107B4 1 382EFDC3 1 381C352C 1 37EC15D0 1 37E204E2 1 37B7EB70 1 3791AA27 1 377FE07F 1 37193EE4 1 37020CA4 1 36F11F8D 1 366C5442 1 35AAA6B9 1 3584C3FE 1 3542CB68 1 3532B0CC 1 352F659A 1 34CAFEEA 1 34B3EBB4 1 34810F32 1 346D4282 1 34677F93 1 3463BA9C 1 345ED6CC 1 34596799 1 342AB185 1 341BA168 1 34143D7F 1 340B887F 1 33A19563 1 338D6FB9 1 335F5FF8 1 334FFCE3 1 32F9D082 1 32E78C9E 1 32C6C7E9 1 3298FECC 1 32443AE8 1 3218899B 1 320A5809 1 3203B408 1 31FB10F9 1 3174D7C6 1 3165E3DB 1 316366F5 1 311CEE01 1 3119C062 1 31017307 1 30C150CE 1 30AADF87 1 309B05DD 1 308D8740 1 304AE829 1 2FCBD9BC 1 2FB8C6A9 1 2F95EFD3 1 2F442E7C 1 2F3F47AD 1 2F2BE408 1 2F0764D8 1 2EFFAA0D 1 2EF88DD4 1 2ED6FC89 1 2EBAAE4C 1 2EB2FE5E 1 2E9859B0 1 2E478D2F 1 2E0EFE48 1 2DEC55D9 1 2DE973C3 1 2DE4A992 1 2D81B2FD 1 2D6D1CF3 1 2D0B163B 1 2CD059FB 1 2CC326B2 1 2CBB6E90 1 2C99011A 1 2C7893A8 1 2BF28C1C 1 2BE3033A 1 2BD61950 1 2BCCCDF9 1 2BB98F61 1 2BB42445 1 2BA4F30A 1 2BA1992A 1 2B4BC5C1 1 2B44CE3B 1 2B287ED5 1 2B143BCA 1 2AF489DA 1 2AB4E7E3 1 2AAC7244 1 2A83F1C6 1 2A82FD06 1 2A520B71 1 29B4CABF 1 299A88AC 1 29640C53 1 29476C7C 1 2946DEE2 1 29200DE5 1 2905288A 1 2904A433 1 28E9F1D6 1 28CE6BE5 1 28C3CC97 1 28B654FA 1 2860B957 1 282F5301 1 27EAC459 1 27C030C5 1 27B9ADB6 1 27848427 1 277A5385 1 276B7ABC 1 274B98A3 1 2737C04D 1 2724373D 1 26E6C236 1 26DE4D33 1 26C840ED 1 26C6E439 1 267DA49D 1 266B52ED 1 266353CE 1 265FDFF0 1 2652C53B 1 26486DD3 1 2617A882 1 25FBD1DB 1 25D89166 1 25D37C99 1 25C1D1C5 1 25C0A858 1 257018C3 1 2533ACAD 1 25058797 1 25022112 1 24CB26B9 1 24BBC063 1 249989A9 1 2468D45F 1 2435F628 1 2433B4CD 1 24318396 1 240498A9 1 239CF1EC 1 23826A9C 1 2359D67D 1 2331D852 1 2327F354 1 231926BC 1 229F7587 1 228E15F9 1 2289BA06 1 2275DD7D 1 225CA009 1 224C368B 1 223E9149 1 223C9DBD 1 223726AF 1 221EDC21 1 220DAA23 1 21A799A4 1 21A754A9 1 21A13B16 1 218D9BD4 1 214F783D 1 20EB5597 1 20DA8DA5 1 2053BF70 1 2051536F 1 201C2A70 1 201B55DF 1 1FF93337 1 1FF32DEE 1 1FE70BE2 1 1FDCA0D0 1 1FD5B72E 1 1FC376B6 1 1FBE7C43 1 1F79D1C6 1 1F43255F 1 1EFFBA41 1 1EDFAA11 1 1EA5D6B1 1 1E8E1B36 1 1E88BF71 1 1E3E0B8E 1 1E29E27C 1 1E1C8E52 1 1E0DDA12 1 1D8709F3 1 1D46E463 1 1CF177EE 1 1CE774F5 1 1C917B65 1 1C8CD39A 1 1C5A59AB 1 1BFBDAFE 1 1B9C2C77 1 1B389331 1 1B245ED7 1 1B0AD801 1 1A96577E 1 1A769744 1 1A6F4F8E 1 1A5665D6 1 1A25D86C 1 19EB7462 1 19E8AFFE 1 19980101 1 193979FE 1 192DFC86 1 191A566C 1 18FF24C5 1 181C7A86 1 18154164 1 17307658 1 171CAA4A 1 16F4289E 1 16F1BB82 1 16DD8FD5 1 16144C84 1 15EF5BF3 1 15B5D2CC 1 15AF5F92 1 159789FB 1 15529C79 1 15422EE3 1 14E5FA20 1 1493A535 1 1485F4E5 1 14795CCB 1 141A61C8 1 14031225 1 1400A529 1 13ED6FD7 1 13ED62A2 1 13E55141 1 13BAE516 1 13BA9CB7 1 136D6A40 1 136CAE4F 1 1328612C 1 132811C2 1 132294C2 1 13147802 1 12FFF8AB 1 126EB674 1 121062DE 1 11E4B0A8 1 11C545ED 1 11983878 1 1131B260 1 1126FC80 1 1109BB9C 1 107E8E01 1 10325C4C 1 10286889 1 0FEA3255 1 0FB6FE04 1 0F752DEB 1 0EB8D771 1 0E845B46 1 0E8315C8 1 0E76AD39 1 0E524168 1 0E04CB22 1 0DCB908F 1 0DC6BF21 1 0D53AFD5 1 0D4F6575 1 0D090C01 1 0CA7D261 1 0C5C53E1 1 0C38637F 1 0C0DFEFD 1 0C0DDFAA 1 0BFA074E 1 0BA85EB1 1 0B4A53CD 1 0B388C6F 1 0B13ED43 1 0AEB4BDE 1 0ADAAD89 1 0A9E090E 1 0A8BBB87 1 0A8A57EF 1 0A5CC571 1 0A503E41 1 0A35FDE3 1 0A163BCE 1 0A0F1541 1 09ECAD67 1 09D85B63 1 09804D87 1 0974755E 1 09612E92 1 094E7C4A 1 0932DECB 1 09256417 1 08B4322D 1 0884675A 1 086DE212 1 08666719 1 084ACEF8 1 08445403 1 08012EBC 1 07ED2832 1 07E6E55A 1 07E6C19B 1 07BC55B6 1 07AB8A93 1 07A65AC1 1 079BB351 1 077D28E1 1 0765885E 1 071355A9 1 070EE274 1 06DCE912 1 06318DBD 1 06269CC5 1 06238A9C 1 05EE0ADC 1 05E51435 1 0569BCB5 1 053C04CB 1 05038075 1 04F8B4D8 1 04BF290C 1 049E669F 1 04071F9F 1 03BB0A13 1 037DA89F 1 036F166E 1 036701B2 1 035CFDDC 1 0346CFC4 1 0332405D 1 02DA0278 1 02BA2FE0 1 028E5613 1 026F7782 1 024365B8 1 021E467B 1 02103F08 1 02054988 1 01FAE88B 1 01D6F21E 1 01D5548F 1 01681CF7 1 01307F03 1 0122F043 1 00FCC016 1 00E54666 1 00B57409 1 0073B461 1 00613384 1 00000001 1 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040627/88dbf5f5/attachment.bin From linux at codehelp.co.uk Mon Jun 28 00:58:49 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Mon Jun 28 00:55:42 2004 Subject: missing subkey In-Reply-To: <40DC1694.5040805@adiumdesign.com> References: <20040624203333.GD11342@jabberwocky.com> <40DC1694.5040805@adiumdesign.com> Message-ID: <200406272358.49732.linux@codehelp.co.uk> This hasn't appeared after 24hrs, re-posting. Was anyone else able to verify Stoyan's message on the list (Re: Detection of sign-only vs. sign-and-encrypt keys) Yesterday 1:12:04 and again today? I use Debian unstable, GnuPG 1.2.4 and --auto-key-retrieve and --include-subkeys with keyserver.kjsl.com but the subkey is not found, even though the main key is imported seemingly successfully. The subkey shows up on the search results page using a www interface, but it is not imported. Here's my output: On Saturday 26 June 2004 7:59, you wrote: > I have published this key already @ random.sks.keyserver.penguin.de http://sks.keyserver.penguin.de:11371/pks/lookup?search=0x1E3D95C3&fingerprint=on&op=vindex gives the main key as 0xB8D71FB6 - which I already have in the keyring: gpg: Signature made Sat Jun 26 07:59:42 2004 BST using DSA key ID 1E3D95C3 gpg: key B8D71FB6: "Stoyan Dimitrov " not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: Can't check signature: public key not found Your key only shows up with one subkey, 5831A000 neil@garfield:~$ gpg --delete-key B8D71FB6 gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 1024D/B8D71FB6 2004-06-15 Stoyan Dimitrov Delete this key from the keyring? yes neil@garfield:~$ gpg --import (pasted the key block as on this page:) http://sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0x8C12BBBAB8D71FB6 gpg: key B8D71FB6: public key "Stoyan Dimitrov " imported gpg: Total number processed: 1 gpg: imported: 1 neil@garfield:~$ gpg --list-key B8D71FB6 pub 1024D/B8D71FB6 2004-06-15 Stoyan Dimitrov uid Stoyan Dimitrov uid Stoyan Dimitrov (stoyanski) sub 2048g/5831A000 2004-06-15 No second subkey, despite it being shown on the search page. I also tried my preferred keyserver and had the same result. The subkey shows in the results but is not imported. http://keyserver.kjsl.com:11371/pks/lookup?docmd=lookup&op=vindex&search=0xB8D71FB6&fingerprint=on I've sent this to the list as well because I can't see what has happened to the key and how the second subkey can be imported. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040627/b26cee1a/attachment-0001.bin From jharris at widomaker.com Mon Jun 28 01:22:15 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Jun 28 01:19:30 2004 Subject: missing subkey In-Reply-To: <200406272358.49732.linux@codehelp.co.uk> References: <20040624203333.GD11342@jabberwocky.com> <40DC1694.5040805@adiumdesign.com> <200406272358.49732.linux@codehelp.co.uk> Message-ID: <20040627232215.GA45568@wilma.widomaker.com> On Sun, Jun 27, 2004 at 11:58:49PM +0100, Neil Williams wrote: > Was anyone else able to verify Stoyan's message on the list (Re: Detection of > sign-only vs. sign-and-encrypt keys) Yesterday 1:12:04 and again today? > > I use Debian unstable, GnuPG 1.2.4 and --auto-key-retrieve and > --include-subkeys with keyserver.kjsl.com but the subkey is not found, even > though the main key is imported seemingly successfully. > > The subkey shows up on the search results page using a www interface, but it > is not imported. > gpg: Signature made Sat Jun 26 07:59:42 2004 BST using DSA key ID 1E3D95C3 > gpg: key B8D71FB6: "Stoyan Dimitrov " not changed > gpg: Total number processed: 1 > gpg: unchanged: 1 > gpg: Can't check signature: public key not found On subkeys.pgp.net, the signature for the signing subkey still isn't available. It wasn't on biglumber.com as of yesterday either, but it is now: %uuencode 000014-002.sig < 000014-002.sig begin 644 000014-002.sig MB$D$&!$"``D%`D#1;``"&P(`"@D0C!*[NKC7'[8=80"@BM=<4>"P!Q<2$4>V >RX3Q4-XR$"T`H(H$RN"/>=Z`EBDES]-/&R'S2V[J ` end -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040627/a16712e8/attachment.bin From linux at codehelp.co.uk Mon Jun 28 01:41:03 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Mon Jun 28 02:12:23 2004 Subject: missing subkey In-Reply-To: <20040627232215.GA45568@wilma.widomaker.com> References: <200406272358.49732.linux@codehelp.co.uk> <20040627232215.GA45568@wilma.widomaker.com> Message-ID: <200406280041.06833.linux@codehelp.co.uk> On Monday 28 June 2004 12:22, you wrote: > On subkeys.pgp.net, the signature for the signing subkey still isn't > available. It wasn't on biglumber.com as of yesterday either, but it is > now: > > %uuencode 000014-002.sig < 000014-002.sig > begin 644 000014-002.sig > MB$D$&!$"``D%`D#1;``"&P(`"@D0C!*[NKC7'[8=80"@BM=<4>"P!Q<2$4>V > > >RX3Q4-XR$"T`H(H$RN"/>=Z`EBDES]-/&R'S2V[J Sorry, I don't understand what you've done with uuencode there, I can't get the second subkey, even though it's listed in the web interface and biglumber.com doesn't have any matches: Search results for "1D0E12EDBE255476430CDB418C12BBBAB8D71FB6" Sorry, no matches were found. No change at this end. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040628/937d86e4/attachment.bin From jharris at widomaker.com Mon Jun 28 02:30:31 2004 From: jharris at widomaker.com (Jason Harris) Date: Mon Jun 28 02:27:39 2004 Subject: missing subkey In-Reply-To: <200406280041.06833.linux@codehelp.co.uk> References: <200406272358.49732.linux@codehelp.co.uk> <20040627232215.GA45568@wilma.widomaker.com> <200406280041.06833.linux@codehelp.co.uk> Message-ID: <20040628003031.GA45967@wilma.widomaker.com> On Mon, Jun 28, 2004 at 12:41:03AM +0100, Neil Williams wrote: > Sorry, I don't understand what you've done with uuencode there, I can't get It is the packet output by gpgsplit(1). > the second subkey, even though it's listed in the web interface and > biglumber.com doesn't have any matches: > > Search results for "1D0E12EDBE255476430CDB418C12BBBAB8D71FB6" > Sorry, no matches were found. > > No change at this end. [your key] > http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 [Stoyan's key] http://www.biglumber.com/x/web?qs=1D0E12EDBE255476430CDB418C12BBBAB8D71FB6 It isn't fully registered at biglumber yet: http://www.biglumber.com/x/web?sf=1D0E12EDBE255476430CDB418C12BBBAB8D71FB6 but certain searches do return the key: http://www.biglumber.com/x/web?qs=B8D71FB6 http://www.biglumber.com/x/web?qs=Stoyan%20Dimitrov http://www.biglumber.com/x/web?qs=adiumdesign -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040627/eb84e25a/attachment.bin From stoyan at adiumdesign.com Mon Jun 28 08:30:59 2004 From: stoyan at adiumdesign.com (Stoyan Dimitrov) Date: Mon Jun 28 08:28:08 2004 Subject: missing subkey In-Reply-To: <20040628003031.GA45967@wilma.widomaker.com> References: <200406272358.49732.linux@codehelp.co.uk> <20040627232215.GA45568@wilma.widomaker.com> <200406280041.06833.linux@codehelp.co.uk> <20040628003031.GA45967@wilma.widomaker.com> Message-ID: <40DFBB23.8000904@adiumdesign.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Harris wrote: | On Mon, Jun 28, 2004 at 12:41:03AM +0100, Neil Williams wrote: | | |>Sorry, I don't understand what you've done with uuencode there, I can't get | | | It is the packet output by gpgsplit(1). | | |>the second subkey, even though it's listed in the web interface and |>biglumber.com doesn't have any matches: |> |>Search results for "1D0E12EDBE255476430CDB418C12BBBAB8D71FB6" |>Sorry, no matches were found. |> |>No change at this end. | | | [your key] | |>http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 | | | [Stoyan's key] | http://www.biglumber.com/x/web?qs=1D0E12EDBE255476430CDB418C12BBBAB8D71FB6 | | It isn't fully registered at biglumber yet: Is this caused by my mistake or just have to wait the system to do it by its own? I'm really confused, bacause the publishing keys it really straightforward process or I'm missing the big point? | | http://www.biglumber.com/x/web?sf=1D0E12EDBE255476430CDB418C12BBBAB8D71FB6 | | but certain searches do return the key: | | http://www.biglumber.com/x/web?qs=B8D71FB6 | http://www.biglumber.com/x/web?qs=Stoyan%20Dimitrov | http://www.biglumber.com/x/web?qs=adiumdesign | | | | ------------------------------------------------------------------------ | | _______________________________________________ | Gnupg-users mailing list | Gnupg-users@gnupg.org | http://lists.gnupg.org/mailman/listinfo/gnupg-users - -- _________________ Best Regards, Stoyan Dimitrov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFA37siAH4oJh49lcMRAs6YAJ41NCTH/3MAdYms/Usc4+HvpmufDQCfcuCX lHk8z15I/lZ5WQez3olbDP8= =Nyyi -----END PGP SIGNATURE----- From holkoe at gmx.de Tue Jun 22 15:41:42 2004 From: holkoe at gmx.de (Holger Koetzle) Date: Mon Jun 28 10:14:12 2004 Subject: Error "no writable public keyring found: eof" Message-ID: <40D83716.8090904@gmx.de> Hello, I just installed GnuGP. When generating my keys I get the following message: gpg: no writable public keyring found: eof Key generation failed: eof gpg: can't create `e:/programme/GnuPG\random_seed': No such file or directory Does anybody know what the problem is? I use gpg 1.2.4 (Windows version) Holger From bernhard at bksys.at Tue Jun 22 17:05:58 2004 From: bernhard at bksys.at (Bernhard Kuemel) Date: Mon Jun 28 10:14:25 2004 Subject: set new key as default Message-ID: <40D84AD6.6000605@bksys.at> Hi gnupg-users! How do I set a newly generated key to be used by default? It uses my old key but fails on many actions because this is an IDEA key. Thanks, Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From shavital at mac.com Mon Jun 28 10:31:00 2004 From: shavital at mac.com (Charly Avital) Date: Mon Jun 28 10:28:32 2004 Subject: missing subkey In-Reply-To: <40DFBB23.8000904@adiumdesign.com> References: <200406272358.49732.linux@codehelp.co.uk> <20040627232215.GA45568@wilma.widomaker.com> <200406280041.06833.linux@codehelp.co.uk> <20040628003031.GA45967@wilma.widomaker.com> <40DFBB23.8000904@adiumdesign.com> Message-ID: <7C63E08C-C8DD-11D8-8B99-000393C2DC84@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 28, 2004, at 2:30 AM, S[...] D[...] wrote: [...] > Is this caused by my mistake or just have to wait the system to do it > by > its own? I'm really confused, bacause the publishing keys it really > straightforward process or I'm missing the big point? The system did it by itself. A few hours ago, your key, with its two subkeys, was NOT available on subkeys.pgp.net. Now it is available (I have replaced the addresses on purpose, against grabbers): - ------ pub 1024D/0x8C12BBBAB8D71FB6 2004-06-15 uid S[---] D[...] no/spamat_adiumdesign.com uid S[...] D[...] no/spam_atmail.bg> uid S[...] D[...] no/spam_atkeatebg.com> sub 2048g/0x98C823355831A000 2004-06-15 sub 1024D/0x007E28261E3D95C3 2004-06-17 - -------------- Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (Darwin) iD8DBQFA39dQ8SG5rMkbCF4RAuOnAKDDGTqo2l7hVBXSLip1/GWqhDCbAwCgqZo+ Lh2uN8odYAiwoGwNeTz0Qnk= =nS5e -----END PGP SIGNATURE----- From atom at suspicious.org Mon Jun 28 10:41:59 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 28 10:39:22 2004 Subject: set new key as default In-Reply-To: <40D84AD6.6000605@bksys.at> References: <40D84AD6.6000605@bksys.at> Message-ID: <20040628043917.H92142@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Jun 2004, Bernhard Kuemel wrote: > Hi gnupg-users! > > How do I set a newly generated key to be used by default? It uses my old key > but fails on many actions because this is an IDEA key. ================ in your config file (~/.gnupg/gpg.conf) add a line like this: default-key 0xB88D52E4D9F57808 ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth." -- Sherlock Holmes (Arthur Conan Doyle) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDf2d0ACgkQnCgLvz19QePJqACgmAljWFKpgsj2hHxx5wma8wSH mwYAmgNAcxkCPMGsdPp8EDx99w8MsQhl =AmvR -----END PGP SIGNATURE----- From johanw at vulcan.xs4all.nl Mon Jun 28 12:20:21 2004 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Mon Jun 28 12:17:10 2004 Subject: set new key as default In-Reply-To: <40D84AD6.6000605@bksys.at> from Bernhard Kuemel at "Jun 22, 2004 05:05:58 pm" Message-ID: <200406281020.MAA03710@vulcan.xs4all.nl> Bernhard Kuemel wrote: >How do I set a newly generated key to be used by default? It uses >my old key but fails on many actions because this is an IDEA key. Use the IDEA plugin to solve the errors. To chenge the default, use default-key ABCDEF01 in gpg.conf, of --default-key on the commandline. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk at gnupg.org Fri Jun 25 18:33:53 2004 From: wk at gnupg.org (Werner Koch) Date: Mon Jun 28 14:09:34 2004 Subject: gpg --gen-key using /dev/urandom is possible? In-Reply-To: <1088063463.3241.1.camel@localhost> (Paolo Galati's message of "Thu, 24 Jun 2004 09:51:04 +0200") References: <1088063463.3241.1.camel@localhost> Message-ID: <87isdfsiku.fsf@wheatstone.g10code.de> On Thu, 24 Jun 2004 09:51:04 +0200, Paolo Galati said: > there is a way to specify /dev/urandom as random number generator for > --gen-key? No. You need to modify the code yourself. > I know that using urandom is lack of security but for my use this is not > a problem. Frankly, I am not sure wether even the entropy estimation of /dev/random is good enough. For certain usages of one-time-public-keys a PRNG might be sufficient, though. But do not take this as an advise of doing so. Salam-Shalom, Werner From atom at suspicious.org Mon Jun 28 18:11:25 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Mon Jun 28 18:08:46 2004 Subject: gpg --gen-key using /dev/urandom is possible? In-Reply-To: <87isdfsiku.fsf@wheatstone.g10code.de> References: <1088063463.3241.1.camel@localhost> <87isdfsiku.fsf@wheatstone.g10code.de> Message-ID: <20040628120645.N92142@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 depending on your OS, there should be a way to "hot-rod" your /dev/random. doug barton has a great how-to for doing this in freeBSD: http://people.freebsd.org/~dougb/randomness.html the output from my /dev/random increased tremendously after following that how-to... no more waiting for entropy... i had a script generate a thousand keys (4096!), and not a single one had to wait for system entropy. before doing that, even generating a single key on my desktop often required waiting for entropy. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Fascism is capitalism in decay." -- Nikolai Lenin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDgQzgACgkQnCgLvz19QePjiwCfVnnT6LKPnW6gp2yU1lwcetlK RjEAnAvOjRYvDt+q5aohj11aVjVk+cxv =huJf -----END PGP SIGNATURE----- From jharris at widomaker.com Mon Jun 28 21:17:23 2004 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 29 20:07:36 2004 Subject: new (2004-06-27) keyanalyze results (+sigcheck) Message-ID: <20040628191723.GX2103@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2004-06-27/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 155f621a4a6d1b0691afd27242c749673e8a0afd 9893772 preprocess.keys 4739ed00e2f38758bfafd839fd6b1bb63933cb1f 6649985 othersets.txt c140f62aa68ed6926efcf5fa42eb2c82497e5128 2538440 msd-sorted.txt b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html d4ad2af73b635967d1c16f55c18c9d155c11c26a 2289 keyring_stats ae39e9a48a50ec04ad5bee4a2ca1a2d9171f4633 1001800 msd-sorted.txt.bz2 3af077d39605ed6104ca445d9f4e4dcf8ba68662 26 other.txt f99ea51886b10acffdd292c404997ded08a52f7c 1420744 othersets.txt.bz2 6a9fde238142ea70ecc77f6369c1df84bf8b5617 4036208 preprocess.keys.bz2 46cfbfba9b45380f80cde555b0b06e9af74e8b8a 9662 status.txt e6bd1d638f7f4982d3cdd7928a383aef43b3af1b 211754 top1000table.html c72f6708b3e4df23e6a8410402e463498e160e2b 30622 top1000table.html.gz 370b7ae2e4c1d2f4824ab28d0e8befa598dae7fc 11085 top50table.html 086f2f8617c03fd7862a34eea19dbb35f8591ff6 2334 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040628/a79fd9a0/attachment.bin From jharris at widomaker.com Mon Jun 28 21:22:32 2004 From: jharris at widomaker.com (Jason Harris) Date: Tue Jun 29 20:07:49 2004 Subject: missing subkey In-Reply-To: <7C63E08C-C8DD-11D8-8B99-000393C2DC84@mac.com> References: <200406272358.49732.linux@codehelp.co.uk> <20040627232215.GA45568@wilma.widomaker.com> <200406280041.06833.linux@codehelp.co.uk> <20040628003031.GA45967@wilma.widomaker.com> <40DFBB23.8000904@adiumdesign.com> <7C63E08C-C8DD-11D8-8B99-000393C2DC84@mac.com> Message-ID: <20040628192232.GY2103@wilma.widomaker.com> On Mon, Jun 28, 2004 at 04:31:00AM -0400, Charly Avital wrote: > The system did it by itself. A few hours ago, your key, with its two No, it was manually uploaded to keyserver.kjsl.com (TZ=PST8PDT): [Sun Jun 27 23:18:42 2004] listener [www]: new www connection from [Sun Jun 27 23:18:42 2004] reader [www]: request received: POST /pks/add [Sun Jun 27 23:18:42 2004] kd_add: flags=100000 [Sun Jun 27 23:18:42 2004] display_new_sig: new subkey sig by B8D71FB6 added to B8D71FB6 As far as being officially registered on biglumber, you should receive an email encrypted to the key you submitted at the address you submitted. My last one had the subject "biglumber.com login" and said to login to the given https URL with the given password. Logging in should complete the registration process. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20040628/ebc5df81/attachment.bin From linux at codehelp.co.uk Sat Jun 26 16:14:02 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jun 29 20:08:03 2004 Subject: missing subkey In-Reply-To: <40DC1694.5040805@adiumdesign.com> References: <20040624203333.GD11342@jabberwocky.com> <40DC1694.5040805@adiumdesign.com> Message-ID: <200406261514.02887.linux@codehelp.co.uk> Was anyone else able to verify Stoyan's message on the list (Re: Detection of sign-only vs. sign-and-encrypt keys) Yesterday 1:12:04 and again today? I use Debian unstable, GnuPG 1.2.4 and --auto-key-retrieve and --include-subkeys with keyserver.kjsl.com but the subkey is not found, even though the main key is imported seemingly successfully. The subkey shows up on the search results page using a www interface, but it is not imported. Here's my output: On Saturday 26 June 2004 7:59, you wrote: > I have published this key already @ random.sks.keyserver.penguin.de http://sks.keyserver.penguin.de:11371/pks/lookup?search=0x1E3D95C3&fingerprint=on&op=vindex gives the main key as 0xB8D71FB6 - which I already have in the keyring: gpg: Signature made Sat Jun 26 07:59:42 2004 BST using DSA key ID 1E3D95C3 gpg: key B8D71FB6: "Stoyan Dimitrov " not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg: Can't check signature: public key not found Your key only shows up with one subkey, 5831A000 neil@garfield:~$ gpg --delete-key B8D71FB6 gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 1024D/B8D71FB6 2004-06-15 Stoyan Dimitrov Delete this key from the keyring? yes neil@garfield:~$ gpg --import (pasted the key block as on this page:) http://sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0x8C12BBBAB8D71FB6 gpg: key B8D71FB6: public key "Stoyan Dimitrov " imported gpg: Total number processed: 1 gpg: imported: 1 neil@garfield:~$ gpg --list-key B8D71FB6 pub 1024D/B8D71FB6 2004-06-15 Stoyan Dimitrov uid Stoyan Dimitrov uid Stoyan Dimitrov (stoyanski) sub 2048g/5831A000 2004-06-15 No second subkey, despite it being shown on the search page. I also tried my preferred keyserver and had the same result. The subkey shows in the results but is not imported. http://keyserver.kjsl.com:11371/pks/lookup?docmd=lookup&op=vindex&search=0xB8D71FB6&fingerprint=on I've sent this to the list as well because I can't see what has happened to the key and how the second subkey can be imported. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040626/840a55eb/attachment.bin From cwsiv at keepandbeararms.com Tue Jun 29 03:21:47 2004 From: cwsiv at keepandbeararms.com (Carl William Spitzer IV) Date: Tue Jun 29 20:09:04 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <20040622185042.GC23950@jabberwocky.com> References: <20040622185042.GC23950@jabberwocky.com> Message-ID: <1088471141.13420.2.camel@linux.site> On Tue, 2004-06-22 at 11:50, David Shaw wrote: > On Tue, Jun 22, 2004 at 07:18:37PM +0200, Marcus Frings wrote: > > Hello, > > > > could anyone please point me to the right section in the man page > > (which I'm obviously missing) how I can find out with a single gpg > > command line option if a key is just a sign-only key or a "normal" > > sign-and-encrypt key? > > gpg --with-colons --list-keys (thekey) > > Look in the 11th field. Capital S means the key can sign. Capital E > means the key can encrypt. Capital C means the key can certify > (i.e. sign other keys). > > David cwsiv@linux:~> gpg --with-colons --list-keys tru::0:1066600614:1237427459 pub:-:1024:17:A347DE566D347FFF:2000-05-22:::-:Dan Stromberg ::scESC: sub:-:1024:16:4CCEB4037D432915:2000-05-22::::::e: pub:-:1024:17:F04287FDA2667802:2003-10-19:::-:Peter Kerekes ::scESC: sub:-:2048:16:9FBA5531DDBB3A73:2003-10-19::::::e: pub:-:1024:17:2014F5DBAE127015:2001-04-14:2008-02-24::-:Todd A. Lyons (Cannonball) ::scESC: sub:-:1024:16:4CBA508200B8B965:2001-04-14::::::e: pub:u:2048:1:24D9A247950AF4EC:2004-01-23:::u:Carl William Spitzer (new key) ::escESC: pub:u:1024:17:15288D7B735CAED2:2004-03-20:2009-03-19::u:CWSIV ::scESC: sub:u:2048:16:738868947501072E:2004-03-20:2009-03-19:::::e: sub:u:1024:17:F02B99A74F35B6C2:2004-03-20:2009-03-19:::::s: pub:-:1024:17:0B44ECCD82DB500E:2004-01-15:::-:Crypto1969 ::scESC: sub:-:2048:16:BCE381EB8184DA4D:2004-01-15::::::e: Interesting I get only lowercase letters not the capitols you indicate. I made my keys with 1.2.4 under and updated Suse 8.2 now 9.1 Is this a display variation or something wrong. Note some have more than one letter. CWSIV From jsuarez at ono.com Tue Jun 29 16:54:59 2004 From: jsuarez at ono.com (Jaime =?iso-8859-1?Q?Su=E1rez?=) Date: Tue Jun 29 20:09:44 2004 Subject: FW: Re: gpg --gen-key using /dev/urandom is possible? Message-ID: <20040629145459.GA881@ono.com> > the output from my /dev/random increased tremendously after following that > how-to... no more waiting for entropy... i had a script generate a > thousand keys (4096!), and not a single one had to wait for system > entropy. ?Could you please post the script? ?Any link about estimating entropy? Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20040629/0a710736/attachment.bin From mail at mark-kirchner.de Tue Jun 29 21:31:43 2004 From: mail at mark-kirchner.de (Mark Kirchner) Date: Tue Jun 29 21:31:09 2004 Subject: Detection of sign-only vs. sign-and-encrypt keys In-Reply-To: <1088471141.13420.2.camel@linux.site> References: <20040622185042.GC23950@jabberwocky.com> <1088471141.13420.2.camel@linux.site> Message-ID: <1478392621.20040629213143@mark-kirchner.de> On Tuesday, June 29, 2004, 3:21:47 AM, Carl wrote: >> Look in the 11th field. Capital S means the key can sign. Capital E >> means the key can encrypt. Capital C means the key can certify >> (i.e. sign other keys). > > pub:-:1024:17:A347DE566D347FFF:2000-05-22:::-:Dan Stromberg > ::scESC: ^^^ > pub:-:1024:17:F04287FDA2667802:2003-10-19:::-:Peter Kerekes > ::scESC: ^^^ > pub:-:1024:17:2014F5DBAE127015:2001-04-14:2008-02-24::-:Todd A. Lyons > (Cannonball) ::scESC: ^^^ > [snip] > > Interesting I get only lowercase letters not the capitols you indicate. I don't think so, see above. Well, it's the twelfth field, if you start counting with the "pub" / "sub" field. And you have to start your counting with "1"... On second thought, one could argue that it's a kind of an array, so starting with "0" would be justified... :-) The subkeys you listed have only lowercase letters, right. According to the docs/DETAILS.TXT file, the uppercase letters are given for the primary key only: "To denote the _usable_ capabilities of the entire key". > Note some have more than one letter. Yes, since a lot of keys can encrypt, sign and certify (or any combination of that). Regards, Mark Kirchner -- Stolen sigline of the day: You may have to right to bear arms but I have the right to arm bears. SCNR, really... :-) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 183 bytes Desc: not available Url : /pipermail/attachments/20040629/99d01923/attachment.bin From herrera at users.sourceforge.net Tue Jun 22 08:12:35 2004 From: herrera at users.sourceforge.net (Tomislav Markovski) Date: Tue Jun 29 22:03:14 2004 Subject: Beginners question: How to transfer my keys at work Message-ID: <1087824790.2720.23.camel@localhost.localdomain> Dear List, A beginners question: What is the best method to transfer my keys (pub/priv) to another computer, so I would use the same GPG signatures and encryptions at home and at work? I'm sorry, this question has probably been asked many times. I just signed up with the list, and I'm not very adept in manipulating gnupg. Thank you. -- ???????? ????????? From webmaster at digitallyimpressed.com Mon Jun 21 15:27:18 2004 From: webmaster at digitallyimpressed.com (Rainer Bendig, Digitally Impressed) Date: Wed Jun 30 00:06:45 2004 Subject: ###adding compression algorythm In-Reply-To: <40D2B263.5050601@evosoft.hu> References: <40D2B263.5050601@evosoft.hu> Message-ID: <40D6E236.6070709@digitallyimpressed.com> Hello Szabolcs, *, Pongracz Szabolcs schrieb am 18.06.2004 11:14: > I use gnupg 1.2.4 on windows. I would like to use bz2 for the > compression before encryption. I tried to compile my version (1.3.6) with this "how-to" [1] but it didn't work out, or better, it doesn't show bzip2 (or sth similar) on the version output (of the win32 version) ... mybe i can compile 1.2.4 (or the 1.2.5rc2) it with bzip(2) support, if it works ... dont really know [1] http://lists.gnupg.org/pipermail/gnupg-devel/ <- -> 2003-December/020651.html -- so long, Rainer Bendig aka mindz PGP/GPG key (ID: 0x247FECD5) http://DigitallyImpressed.com get it from wwwkeys.de.pgp.net for contacting me take a look on http://digitallyimpressed.com/contact From atom at suspicious.org Wed Jun 30 05:04:02 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 30 05:02:10 2004 Subject: FW: Re: gpg --gen-key using /dev/urandom is possible? In-Reply-To: <20040629145459.GA881@ono.com> References: <20040629145459.GA881@ono.com> Message-ID: <20040629222822.F92142@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 29 Jun 2004, Jaime [iso-8859-1] Suárez wrote: >> the output from my /dev/random increased tremendously after following that >> how-to... no more waiting for entropy... i had a script generate a >> thousand keys (4096!), and not a single one had to wait for system >> entropy. > > ¿Could you please post the script? ¿Any link about estimating entropy? > Thanks. ================== MD5 (gen-key-batch.gz) = 4409429759af233af7b27fb94b1e1c1e the script is *crude* and lacking comments, but attached. it writes each key-pair to it's own public/private files, using the current date/time as a prefix: if it generates keys faster than 1/second, files will get clobbered, using the current naming convention. as is, it generates a sign+encrypt RSA primary key with NO subkeys, and a finite life. read the docs and you'll see how to generate a more common DSA/ElGamal key. if you want to generate 20 keys (all with the same UID) just run: $ ./gen-key-batch 20 there a section (Unattended key generation) in doc/gnupg/DETAILS that goes into the the options and how to set them. ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Capitalism is the astounding belief that the most wickedest of men will do the most wickedest of things for the greatest good of everyone." -- John Maynard Keynes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDiLawACgkQnCgLvz19QePvQACghkGXztpDz1qeWBc422euAGZ2 0VQAn2uM3DH3F/P8w1AV4okmsp+CjjHy =PTD6 -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: gen-key-batch.gz Type: application/octet-stream Size: 386 bytes Desc: Url : /pipermail/attachments/20040629/a3284c41/gen-key-batch.exe From atom at suspicious.org Wed Jun 30 06:00:22 2004 From: atom at suspicious.org (Atom 'Smasher') Date: Wed Jun 30 05:58:10 2004 Subject: Beginners question: How to transfer my keys at work In-Reply-To: <1087824790.2720.23.camel@localhost.localdomain> References: <1087824790.2720.23.camel@localhost.localdomain> Message-ID: <20040629235716.C92142@willy_wonka> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Jun 2004, Tomislav Markovski wrote: > A beginners question: > What is the best method to transfer my keys (pub/priv) to another > computer, so I would use the same GPG signatures and encryptions at home > and at work? > I'm sorry, this question has probably been asked many times. I just > signed up with the list, and I'm not very adept in manipulating gnupg. ================= before you do that, i would recommend reading this tutorial - http://fortytwo.ch/gpg/subkeys ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "A good many observers have remarked that if equality could come at once the Negro would not be ready for it. I submit that the white American is even more unprepared." -- Martin Luther King, Jr. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iEYEARECAAYFAkDiOt4ACgkQnCgLvz19QeOF0wCdF52vicXudN/xPQf+MRqQrPWN v2AAnjFq+7udMNfphxAoNZZOFZsLHuFi =sdOG -----END PGP SIGNATURE----- From greg at turnstep.com Thu Jun 17 06:29:42 2004 From: greg at turnstep.com (Greg Sabino Mullane) Date: Wed Jun 30 07:38:09 2004 Subject: Duplicated User IDs arisen In-Reply-To: <20040617041120.GA11294@jabberwocky.com> Message-ID: <7fae93ff43426783ac07cb97d3145269@biglumber.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > What do you plan on doing that SKS isn't already doing? > SKS fixed all of the PKS bugs and corruptions, but given > the parameters and limitations of a public keyserver network, > it seems that many of the remaining problems are inherent > in the architecture. Users will be able to edit their own keys, including removing signatures, uids, and even the whole key if they desire. All changes (and additions!) will be made only be the owner of the key. That's the big change. ;) - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200406170029 -----BEGIN PGP SIGNATURE----- iD8DBQFA0R6ZvJuQZxSWSsgRAufeAKDo/TUV1rf7aRKvNv0dlyigYfrgxACgjAiO gGhjfkwVBbdW0WsYMNE9AGQ= =p4c7 -----END PGP SIGNATURE----- From g-r-v at ukr.net Wed Jun 30 09:43:04 2004 From: g-r-v at ukr.net (Robert Golovniov) Date: Wed Jun 30 09:40:56 2004 Subject: GnuPG on Windows working with mailto keyservers? Message-ID: <200406300751.i5U7pkiw082167@gw.core> Hello gnupg-users, Can the Windows version of GnuPG be taught to work with the mailto keyservers? Are there some guidelines for that? -- -=Robert & Beata Golovniov | Lviv, Ukraine=- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mailto:golovniov@interia.pl?subject=PGP%20Key&Body=Embedded%20key ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lists at ulrichschneider.de Tue Jun 15 20:20:12 2004 From: lists at ulrichschneider.de (Ulrich Schneider) Date: Wed Jun 30 14:58:05 2004 Subject: RSA keys for encryption and in general DSA/RSA/ElGamal-keypairs Message-ID: <40CF3DDC.6030208@ulrichschneider.de> Hello everybody, I`m new to PGP/gnupg. Some questions I have, can not be answered from the www.gnupg.org FAQ`s and www.google.de. So probably you could help me. That would be great! Why are DSA-Keys always generated with only 1024 bits even when I tell gpg that the key has to be generated with 2048 bits. And why are there different keypairs for signing and encryption? And why are these keypairs from different kind (DSA and ElGamal). Why isn`t there one keypair used for signing and encryption? gnupg says the following: Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) So as you can see here, even RSA is used for signing only. Why is there no possibility to use RSA keypairs for encryption? The GNU Privacy Handbook says: "GnuPG is able to create several different types of keypairs, but a primary key must be capable of making signatures. There are therefore only three options. Option 1 actually creates two keypairs. A DSA keypair is the primary keypair usable only for making signatures. An ElGamal subordinate keypair is also created for encryption. Option 2 is similar but creates only a DSA keypair. Option 4[1] creates a single ElGamal keypair usable for both making signatures and performing encryption. In all cases it is possible to later add additional subkeys for encryption and signing. For most users the default option is fine. You must also choose a key size. The size of a DSA key must be between 512 and 1024 bits, and an ElGamal key may be of any size. GnuPG, however, requires that keys be no smaller than 768 bits. Therefore, if Option 1 was chosen and you choose a keysize larger than 1024 bits, the ElGamal key will have the requested size, but the DSA key will be 1024 bits." If there is alway two public keys -one for signing and one for encryption- the question arise for which key is the fingerprint computed? I guess for the main-key. But what`s going on with the subkey? Is there no need to check the fingerprint of the subkey? Or is it checked indirectly with the fingerprint of the main key? How does this work? I also have another question. Is there a possibility to show a key in human readable form. Best output I produced is a gpg --export --armor . A key consists of an exponent and a modulus. Is there a way to show these values? Another problem: I created a 2048 bit RSA keypair with gpg. When I try to encrypt a file for this key, gnupg tells me: gpg: 0x149881408FAB041C: skipped: unusable public key gpg: : encryption failed: unusable public key I also have another 2048 bit RSA key in my keyring. Encryption for this key works. How could that be? Sometimes it works, sometimes not? It probably has something to to, by which program the key was generated. Here are the comments taken from the public key block. 1. key (encryption doesn`t work) Version: GnuPG v1.2.4 (MingW32) - GPGshell v3.10 2. key (encryption works) Version: PGPfreeware 5.5.3i for non-commercial use Probably I told you too many questions, but I`m relly interested in understanding, how the whole thing works. Best regards, Ulrich Schneider From wk at gnupg.org Wed Jun 30 15:38:18 2004 From: wk at gnupg.org (Werner Koch) Date: Wed Jun 30 15:38:21 2004 Subject: List blacklisted? In-Reply-To: <200405301234.18684.gnupg@ml0402.albert.uni.cc> (gnupg@ml0402.albert.uni.cc's message of "Sun, 30 May 2004 12:34:18 +0200") References: <200405301234.18684.gnupg@ml0402.albert.uni.cc> Message-ID: <87isdt1cig.fsf@vigenere.g10code.de> On Sun, 30 May 2004 12:34:18 +0200, Albert said: > 554 SMTP service not available (failed to find host name from IP > address) The reverse DNS is not setup properly. We don't accept mails from such hosts anymore. Salam-Shalom, Werner From mail at xfraggle.de Tue Jun 29 13:50:03 2004 From: mail at xfraggle.de (Stefan (The Fraggle) Jaksch) Date: Tue Jul 6 16:38:57 2004 Subject: Import *.p12 Keys into GnuPG fails Message-ID: <40E1576B.5030108@xfraggle.de> Hi, I am trying to use GnuPG with my signed keypair. This I have only in the P12-format. The call gpg --import file.p12 results in an error message: gpg: no valid OpenPGP data found. gpg: Total number processed: 0 How can I convert the P12-format into OpenPGP? Thank you very much for your help. Redards, Stefan -- ________________________________________________________ Stefan Jaksch mailto:mail@xfraggle.de ________________________________________________________ From thomas at northernsecurity.net Wed Jun 30 17:15:26 2004 From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=) Date: Tue Jul 6 16:41:17 2004 Subject: Duplicated User IDs arisen In-Reply-To: <7fae93ff43426783ac07cb97d3145269@biglumber.com> References: <20040617041120.GA11294@jabberwocky.com> <7fae93ff43426783ac07cb97d3145269@biglumber.com> Message-ID: <20040630151526.GA23924@northernsecurity.net> On Thu, Jun 17, 2004 at 04:29:42AM -0000, Greg Sabino Mullane wrote: > Users will be able to edit their own keys, including removing > signatures, uids, and even the whole key if they desire. All > changes (and additions!) will be made only be the owner of the > key. That's the big change. ;) Thats nice, but how are you planning to talk to other keyservers (PKS, SKS for example) that doesnt have this restrictions? Or are you going to create a seperate keyserver network? /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C -- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: Digital signature Url : /pipermail/attachments/20040630/a1920fab/attachment.bin From holkoe at gmx.de Wed Jun 30 15:51:39 2004 From: holkoe at gmx.de (Holger Koetzle) Date: Tue Jul 6 16:41:39 2004 Subject: Error "no writable public keyring found: eof" In-Reply-To: <40E15C42.2010508@smgwtest.aachen.utimaco.de> References: <40D83716.8090904@gmx.de> <40E15C42.2010508@smgwtest.aachen.utimaco.de> Message-ID: <40E2C56B.5080706@gmx.de> Holger Sesterhenn schrieb: > Moin, > > Holger Koetzle wrote: > >>I just installed GnuGP. When generating my keys I get the following >>message: >>gpg: no writable public keyring found: eof >>Key generation failed: eof >>gpg: can't create `e:/programme/GnuPG\random_seed': No such file or >>directory > > > Hmm. Sieht so aus, als h?tte GnuPG ein Problem mit dem Anlegen der Datei > 'random_seed'. Die wird bei der Key-Generierung ben?tigt. Eventuell > kommt GnuPG nicht mit der gemischten Schreibweise des Pfades klar? In > der Windows-Welt ist ja der Backslash `\` die Wahl, in der Unix-Welt der > Forwardslash '/'. Steht der Pfad irgendwo in den Konfig-Dateien? > Hmm, ist mir etwas peinlich. Ich hatte nen kleinen Buchstabendreher beim Bearbeiten der Pfade in der Registry: 'GnuPG' statt 'GnuGP'. Jetzt l?uft's wie es oll. Prinzipiell ist es vielleicht doch besser, alles ins Standardverzeicnis von GnuGP auf c: zu installieren, und damit eine weitere Fehlerquelle auszuschliessen. Danke f?r die Hilfe. Holger K?tzle From linux at codehelp.co.uk Wed Jun 30 20:08:23 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jul 6 16:42:43 2004 Subject: Duplicated User IDs arisen In-Reply-To: <7fae93ff43426783ac07cb97d3145269@biglumber.com> References: <7fae93ff43426783ac07cb97d3145269@biglumber.com> Message-ID: <200406301908.26263.linux@codehelp.co.uk> On Thursday 17 June 2004 5:29, Greg Sabino Mullane wrote: > > What do you plan on doing that SKS isn't already doing? > > SKS fixed all of the PKS bugs and corruptions, but given > > the parameters and limitations of a public keyserver network, > > it seems that many of the remaining problems are inherent > > in the architecture. > > Users will be able to edit their own keys, including removing > signatures, uids, and even the whole key if they desire. All > changes (and additions!) will be made only be the owner of the > key. That's the big change. ;) So those changes will be insulated from the effects of synchronising with other keyservers? (You are going to synchronise?!) Why do it this way when you could just accept keys as they are - let the owners edit the key on their own systems - the keyserver would simply accept the key AS-IS and not do any merge operations. In effect, overwrite the current key with the new. Logically, you would then change synchronising so that it works this way: 1. If I don't have the key, take a copy 2. If I do have the key, accept revocations only. (Presumably you are not going to allow anyone to un-revoke a key). (If the user has deleted the entire key, what then? You can't simply ignore all new keys when synchronising, you'd have to keep a log of the fingerprint and reject keys you know to have been deleted. Seems odd.) Users would need some sort of login and then be able to upload a changed key that would overwrite any existing copies. Is it worth the bother? -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040630/86348ab2/attachment.bin From linux at codehelp.co.uk Wed Jun 30 20:17:34 2004 From: linux at codehelp.co.uk (Neil Williams) Date: Tue Jul 6 16:42:48 2004 Subject: Gpg 1.2.4 with The Bat 2.11 error In-Reply-To: <805586367.20040612132651@pd.jaring.my> References: <805586367.20040612132651@pd.jaring.my> Message-ID: <200406301917.35343.linux@codehelp.co.uk> On Saturday 12 June 2004 6:26, omn wrote: > I'm a newbie to gpg. Please send your key to a keyserver - there's no point signing emails if the reader cannot verify the signature by downloading your public key. gpg --keyserver subkeys.pgp.net --send-key 0x29D7378D > gpg: mnman@pd.jaring.my: skipped: public key already present So you have this as the default key, that's OK. > encrypt-to 0x0F8CFE9629D7378D > default-key 0x0F8CFE9629D7378D It just means that you don't need to specify -r 29D7378D when you encrypt to anyone else. > gpg: D6506963: There is no indication that this key really belongs to the > owner You haven't signed this key with 0x29D7378D so gpg can't verify that this is the key that you say it is. (I can tell that because D6506963 is on the keyservers.) IF you have verified the fingerprint with the user of D6506963, and checked the email address and photo ID, then sign the key and you'll be able to encrypt. Read about keysigning before making a public declaration that you have personally verified D6506963 by signing it. http://www.dclug.org.uk/linux_doc/gnupgsign.html > I could only sign & encrypt to myself. Because only your own key is trusted so far. > What could be the source of error? Lack of trust in the other key. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : /pipermail/attachments/20040630/f436b453/attachment.bin From sanchezthecactus at yahoo.com Wed Jun 30 19:39:00 2004 From: sanchezthecactus at yahoo.com (Sanchez the Cactus) Date: Wed Jul 14 18:12:35 2004 Subject: using gnupg with a secure ldap (ldaps) keyserver Message-ID: <20040630173900.40468.qmail@web12103.mail.yahoo.com> Hi, I'm trying to use gnupg to send my key to my company's keyserver. The URL scheme for the keyserver is ldaps://ldap.company.com:636/ou=pgp keys,dc=company,dc=com. Unfortunately, I can't figure out how to get gpg to recognize this url schema and connect successfully. If I set the keyserver option to be that url, i get: unable to execute program "gpgkeys_ldaps": No such file or directory gpg: no handler for keyserver scheme "ldaps" if i change it to simply be ldap instead of ldaps, I get: gpgkeys: internal LDAP bind error: Can't contact LDAP server gpg: keyserver internal error is there a way to get this working? Thanks, -Joe PS. please CC: me, as I'm not subscribed to the list __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail