From brunij at earthlink.net Fri Dec 1 02:41:36 2006 From: brunij at earthlink.net (Joseph Oreste Bruni) Date: Fri Dec 1 02:39:50 2006 Subject: Importing my keys fails In-Reply-To: <200611301323.39754.msemtd@yahoo.co.uk> References: <26152351.1164836018568.JavaMail.root@elwamui-cypress.atl.sa.earthlink.net> <200611301152.34032.msemtd@yahoo.co.uk> <200611301323.39754.msemtd@yahoo.co.uk> Message-ID: <176AFBBC-B55E-4C66-A875-B6DCD3F51376@earthlink.net> On Nov 30, 2006, at 6:23 AM, Michael Erskine wrote: > >> My limited understanding was that symetric keys were just a pair >> of fancy numbers! :) > > Sorry, I meant asymmetric keys of course :) > > Regards, > Michael Erskine. The keys themselves are similar at a basic level. But the packaging and data file formats are not interoperable. An SSH key file is not much more than the key, but an OpenPGP key also contains elements of identity such as email addresses, etc. as well as signatures from other users. With some work, you could probably extract the RSA key data from the PGP key and convert it to the format used for OpenSSH, but honestly it isn't work the trouble. There is also some effort to make OpenPGP and X.509 certificates somewhat interoperable since they have more in common in both content and purpose. Someday there might be a grand unification of all things PKI, but I'm not holding my breath. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2508 bytes Desc: not available Url : /pipermail/attachments/20061130/47d5b539/smime.bin From larstiq at larstiq.dyndns.org Fri Dec 1 02:04:01 2006 From: larstiq at larstiq.dyndns.org (Wouter van Heyst) Date: Fri Dec 1 03:54:44 2006 Subject: Logo ballot reminder In-Reply-To: <456DCFA0.2040908@cs.cornell.edu> References: <8764d6b4zk.fsf@wheatstone.g10code.de> <6DFB28AC-3B5D-4D90-A95E-5B4792441080@earthlink.net> <87r6vmnon5.fsf@wheatstone.g10code.de> <456DCFA0.2040908@cs.cornell.edu> Message-ID: <20061201010401.GB1493@larstiq.dyndns.org> On Wed, Nov 29, 2006 at 01:21:20PM -0500, Andrew Myers wrote: > Hi all, > > CIVS originally sent text/plain emails. But it was useful to be able to > embed links and to preserve election description formatting. The HTML it > sends is pretty minimal -- I don't think it should set off reasonable > spam filters. It certainly was enough to make my brain register it as unreadable, I only went back to it when Warner mentioned the deadline again. Looking at it now I agree it is rather minimal as far as html goes, but it's still not something I'd willingly read as email (had to spawn a browser to look at it). > At least, I haven't heard this complaint before. Making > HTML mail an option seems like a good idea, though there are already too > many options for my taste. If someone wants to write that patch I'd be > happy to include it. I had a look at the code, but unfortunately I'm not much of a perl coder. I'm sure there others on this list who can do a better job than I can. > I hope the election system has been working well for everyone otherwise. The system was fairly easy to use, the hardest part was deciding how the various entries ranked :) Wouter van Heyst -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: Digital signature Url : /pipermail/attachments/20061201/c4a537b9/attachment.pgp From tmz at pobox.com Fri Dec 1 04:09:14 2006 From: tmz at pobox.com (Todd Zullinger) Date: Fri Dec 1 04:07:13 2006 Subject: Logo ballot reminder In-Reply-To: <20061201010401.GB1493@larstiq.dyndns.org> References: <8764d6b4zk.fsf@wheatstone.g10code.de> <6DFB28AC-3B5D-4D90-A95E-5B4792441080@earthlink.net> <87r6vmnon5.fsf@wheatstone.g10code.de> <456DCFA0.2040908@cs.cornell.edu> <20061201010401.GB1493@larstiq.dyndns.org> Message-ID: <20061201030914.GB11222@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wouter van Heyst wrote: > It certainly was enough to make my brain register it as unreadable, > I only went back to it when Warner mentioned the deadline again. > Looking at it now I agree it is rather minimal as far as html goes, > but it's still not something I'd willingly read as email (had to > spawn a browser to look at it). Egad, open a browser for that? :) I just have mutt dump html only messages through w3m -dump and display the text. That's after my other filters weed out the really obvious trash and spam. And then only for messages that are HTML only. If they are multipart alternative I prefer the text/plain part. Until it was mentioned here I hadn't noticed that the message was HTML only actually. > The system was fairly easy to use, the hardest part was deciding how > the various entries ranked :) I'll second that. :) - -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== Statistics are like a lamp-post to a drunken man - more for leaning on than illumination. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6rc1 (GNU/Linux) iQFDBAEBAgAtBQJFb5zaJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzj3zcIAITZK+Yse2sJjXBcp4av4XK3aS/cOI1c5/Uc BLRG4F7cYcJgbjQuVOpV70Ts07q5NSSsJ7fqfWDoRNP9nxpmKiSHQhbhq7q580GP su4WI4cVpKcEH/fyfYi4PO8h0ZsYd963qGmdktLrBUBuAFuCnJstQ+4QHXpAOQGA 71VM58ldNJb7n8F8iYx8cCSYQkXOtLkjGuy9WEZtLSkEj15pnGBJBDn63zDWSc/s TJ3x6f1gUQ6BTAlR+LgHShHcjULqESB70mHqsrUkvehaqyWp6xiuzVPRveDUBRrL oy6qheye0mGEx6kIwrw6ShX1ysob1RMlSr6gHCKrT3CnlL8fXmY= =26us -----END PGP SIGNATURE----- From alphasigmax at gmail.com Fri Dec 1 04:26:34 2006 From: alphasigmax at gmail.com (Alphax) Date: Fri Dec 1 04:25:45 2006 Subject: Logo ballot reminder In-Reply-To: <20061201010401.GB1493@larstiq.dyndns.org> References: <8764d6b4zk.fsf@wheatstone.g10code.de> <6DFB28AC-3B5D-4D90-A95E-5B4792441080@earthlink.net> <87r6vmnon5.fsf@wheatstone.g10code.de> <456DCFA0.2040908@cs.cornell.edu> <20061201010401.GB1493@larstiq.dyndns.org> Message-ID: <456FA0EA.9000604@gmail.com> Wouter van Heyst wrote: > On Wed, Nov 29, 2006 at 01:21:20PM -0500, Andrew Myers wrote: >> I hope the election system has been working well for everyone otherwise. > > The system was fairly easy to use, the hardest part was deciding how the > various entries ranked :) > I saw something weird where moving entries around didn't preserve the order that you had put things in... I ended up writing out all the option numbers on scraps of paper and shuffling them around until they were in the order I wanted :) -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 569 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061201/e8530302/signature.pgp From peter at stoddard.name Fri Dec 1 06:30:32 2006 From: peter at stoddard.name (Peter Stoddard) Date: Fri Dec 1 10:50:41 2006 Subject: Compile of Gnupg 2.0.1 failed - no libintl Message-ID: <3F441A29-B3D7-4799-97FB-0D8FC349B209@stoddard.name> Hi folks I tried compiling Gnupg 2.0.1 on a 733 MHz PowerPC G4 running Mac OSX 10.4.8 and the make failed with the following error: In file included from sysutils.c:41: i18n.h:27:23: error: libintl.h: No such file or directory sysutils.c: In function 'disable_core_dumps': sysutils.c:88: warning: implicit declaration of function 'gettext' sysutils.c:88: warning: incompatible implicit declaration of built-in function 'gettext' make[2]: *** [libcommon_a-sysutils.o] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 I looked libintl up and it involves native language support. Is this really necessary to ild Gnupg 2.x? If so, is there source code somewhere I can download? Thanks Pete -- Peter Stoddard -- GPG Key 4A1F5DA0 From linux at thorstenhau.de Fri Dec 1 07:16:23 2006 From: linux at thorstenhau.de (Thorsten Haude) Date: Fri Dec 1 12:26:39 2006 Subject: Logo ballot reminder In-Reply-To: <456DCFA0.2040908@cs.cornell.edu> References: <8764d6b4zk.fsf@wheatstone.g10code.de> <6DFB28AC-3B5D-4D90-A95E-5B4792441080@earthlink.net> <87r6vmnon5.fsf@wheatstone.g10code.de> <456DCFA0.2040908@cs.cornell.edu> Message-ID: <20061201060837.GA2037@eumel.yoo.local> Hi, * Andrew Myers wrote (2006-11-29 13:21): >CIVS originally sent text/plain emails. But it was useful to be able to >embed links and to preserve election description formatting. The HTML it >sends is pretty minimal -- I don't think it should set off reasonable >spam filters. I also picked the vote mail from the trashcan. In my case wasn't so much the words but the fact that it was HTML-only. Even in complete Outlook shops mails will have an alternative text part. The vote mail was the third or so HTML-only mail which proved to be ham, this served as a very good yardstick in the past. >At least, I haven't heard this complaint before. Maybe you don't regularly have votes by people thinking a lot about email communication. Thorsten -- Rarely do we find people who willingly engage in hard, solid thinking. There is an almost universal quest for easy answers and half-baked solutions. Nothing pains some people more than having to think. - Martin Luther King -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20061201/5c84450f/attachment.pgp From sydbarrett74 at hotmail.com Fri Dec 1 19:32:25 2006 From: sydbarrett74 at hotmail.com (Victor Escobar) Date: Fri Dec 1 20:55:05 2006 Subject: Problem building libksba Message-ID: Hi all, I'm trying to build libksba in order to build gnupg, and here's the output. make all-recursive Making all in gl cp ./alloca_.h alloca.h-t mv alloca.h-t alloca.h make all-am /bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wno-pointer-sign -o libgnu.la mkdir .libs ar cru .libs/libgnu.a ar: no archive members specified usage: ar -d [-TLsv] archive file ... ar -m [-TLsv] archive file ... ar -m [-abiTLsv] position archive file ... ar -p [-TLsv] archive [file ...] ar -q [-cTLsv] archive file ... ar -r [-cuTLsv] archive file ... ar -r [-abciuTLsv] position archive file ... ar -t [-TLsv] archive [file ...] ar -x [-ouTLsv] archive [file ...] make[3]: *** [libgnu.la] Error 1 make[2]: *** [all] Error 2 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 Please advise. From reynt0 at cs.albany.edu Sat Dec 2 03:52:04 2006 From: reynt0 at cs.albany.edu (reynt0) Date: Sat Dec 2 03:50:36 2006 Subject: Logo ballot reminder In-Reply-To: <456FA0EA.9000604@gmail.com> References: <8764d6b4zk.fsf@wheatstone.g10code.de> <6DFB28AC-3B5D-4D90-A95E-5B4792441080@earthlink.net> <87r6vmnon5.fsf@wheatstone.g10code.de> <456DCFA0.2040908@cs.cornell.edu> <20061201010401.GB1493@larstiq.dyndns.org> <456FA0EA.9000604@gmail.com> Message-ID: On Fri Dec 01, 2006, Alphax wrote: > I saw something weird where moving entries around didn't preserve the > order that you had put things in... I ended up writing out all the > option numbers on scraps of paper and shuffling them around until they > were in the order I wanted :) Similar for me moving entries by clicking movement buttons. And the display redrew quite slowly each time I changed a numerical value by direct respecification, though not when I clicked a movement button. So I ended up being precise only for the top few rank values and bottom few. From jmoore3rd at bellsouth.net Sat Dec 2 05:24:01 2006 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat Dec 2 05:30:29 2006 Subject: Logo ballot reminder In-Reply-To: References: <8764d6b4zk.fsf@wheatstone.g10code.de> <6DFB28AC-3B5D-4D90-A95E-5B4792441080@earthlink.net> <87r6vmnon5.fsf@wheatstone.g10code.de> <456DCFA0.2040908@cs.cornell.edu> <20061201010401.GB1493@larstiq.dyndns.org> <456FA0EA.9000604@gmail.com> Message-ID: <4570FFE1.1000708@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 reynt0 wrote: > On Fri Dec 01, 2006, Alphax wrote: > >> I saw something weird where moving entries around didn't preserve the >> order that you had put things in... I ended up writing out all the >> option numbers on scraps of paper and shuffling them around until they >> were in the order I wanted :) > > Similar for me moving entries by clicking movement buttons. > And the display redrew quite slowly each time I changed a > numerical value by direct respecification, though not when > I clicked a movement button. So I ended up being precise only > for the top few rank values and bottom few. This was My experience also. JOHN :-\ Timestamp: Friday 01 Dec 2006, 23:23 --500 (Eastern Standard Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn4350: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCgAGBQJFcP/fAAoJEBCGy9eAtCsP2j4H/3AHScNsBLr48gpBD7CQUYUD FzhZE1k9GFfplmUyjaHT9w6Trpxqib5/mImf4WdfCcQGbAApfIzTynbodoDh4jHe rVs0PLvhpZwA5v4F5gbI0fC1DZQtrr6PaH5yk7+rEWNKhrwdNj7HcSO1gz+FDhSm efRhE4ChW2kWB5SBK279k0BSuwrO0vkD6cUVDz/HHytqpG5y5PxF9DuMePk5WGit gAELJC2kmszINn8Wm6VCw1JRYGuJ2Mx2qRIvNgt5kqqhSYlJsr5sQKkjgHVed3ng KgHsZ4LUX1k9qXRhVUNDZQoYoja5pRe7ty0XWSvhjQNYKWsQbiS15t/QHP+azrE= =zXns -----END PGP SIGNATURE----- From wk at gnupg.org Sat Dec 2 18:01:07 2006 From: wk at gnupg.org (Werner Koch) Date: Sat Dec 2 18:06:47 2006 Subject: Problem building libksba In-Reply-To: (Victor Escobar's message of "Fri\, 01 Dec 2006 13\:32\:25 -0500") References: Message-ID: <87ac26b5bg.fsf@wheatstone.g10code.de> On Fri, 1 Dec 2006 19:32, sydbarrett74@hotmail.com said: > I'm trying to build libksba in order to build gnupg, and here's the > ar cru .libs/libgnu.a > ar: no archive members specified Get libksba 1.0.1 where this problem has been fixed. ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.1.tar.bz2 ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.1.tar.bz2.sig Salam-Shalom, Werner From wk at gnupg.org Sat Dec 2 18:08:56 2006 From: wk at gnupg.org (Werner Koch) Date: Sat Dec 2 18:11:52 2006 Subject: Logo ballot reminder In-Reply-To: <456DCFA0.2040908@cs.cornell.edu> (Andrew Myers's message of "Wed\, 29 Nov 2006 13\:21\:20 -0500") References: <8764d6b4zk.fsf@wheatstone.g10code.de> <6DFB28AC-3B5D-4D90-A95E-5B4792441080@earthlink.net> <87r6vmnon5.fsf@wheatstone.g10code.de> <456DCFA0.2040908@cs.cornell.edu> Message-ID: <8764cub4yf.fsf@wheatstone.g10code.de> On Wed, 29 Nov 2006 19:21, andru@cs.cornell.edu said: > before. Making HTML mail an option seems like a good idea, though > there are already too many options for my taste. If someone wants to > write that patch I'd be happy to include it. I'd really like it because I drop all mail with any HTML part into the spam folder except if my real name is included with the address. This is still a very effective spam filter. > I hope the election system has been working well for everyone Yes, it worked well. My feature requests would be: * A note that only 1000 addresses may be entered at once might be helpful * An extra prompt to verify whether the election shall really be terminated. * A note that the election will not be terminated automatically at the specified time. * An option to create a static page of the results without Javascript and an included stylesheet for easy integration into other websites as a reference to the outcome of the election Thanks for this great service. Shalom-Salam, Werner From wk at gnupg.org Sat Dec 2 18:45:07 2006 From: wk at gnupg.org (Werner Koch) Date: Sat Dec 2 19:03:49 2006 Subject: [Announce] Re: GnuPG Logo Contest In-Reply-To: <87ac4w9fji.fsf@wheatstone.g10code.de> (Werner Koch's message of "Tue\, 19 Sep 2006 15\:01\:05 +0200") References: <87ac4w9fji.fsf@wheatstone.g10code.de> Message-ID: <87slfy9opo.fsf@wheatstone.g10code.de> Hello, Back in September I announced a contest for a new GnuPG logo. By the end of October I received 41 submissions from 31 parties. The original plan was to let all the authors of GnuPG who signed a copyright assignment with the FSF to vote on a new logo. However, I only received 11 answers and there was no clear result: Only one submission got 2 votes. It would have been unfair to take this as a decision. So I looked around and found the CIVS [1] which implements a Condorcet voting system. I fed it with the addresses of all subscribers of the gnupg-users and gnupg-devel mailing lists and started the process. >From the 1231 unique subscribers, 199 took the time to rank the submissions and casted their vote. This time the result is pretty clear: Thomas Wittek [2] from Cologne is the lucky winner. He will soon see his design used with GnuPG and also receive 50 percent of the received donation (we received as of now 215 Euro but further donations won't be rejected [3]). Unfortunately I can't offer him a mail alias thomas at gnupg because this has been assigned to the creator of the old logo. Ranks 2 and 3 are held by Robbie Tingey and Michel Blinn. They will receive an email alias for their contribution. If you like to see the new logo, point your browser to http://logo-contest.gnupg.org You will also find also the detailed results of the ballot, all submissions and the list of sponsors. I want to thank all who submitted a logo to the contest as well as those who worked on a logo but submitted it too late. There are some really cool designs and I hope that some can be reused for another project. Special thanks to the sponsors: Intevation GmbH, Markus Komosinski, Parag Mehta, Folkert van Heusden, Ralph Angenendt, Alexander Tomisch, Robert Workman, Simon Josefsson. The remaining funds will be used to help with a new website design. Many thanks to all, Werner [1] http://www.cs.cornell.edu/andru/civs.html [2] http://gedankenkonstrukt.de/ueber/ (German) [3] http://www.gnupg.org/misc/logo-contest.html -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From randy at randyburns.us Sat Dec 2 20:02:49 2006 From: randy at randyburns.us (Randy Burns) Date: Sat Dec 2 20:01:34 2006 Subject: GnuPG Logo Contest In-Reply-To: <87slfy9opo.fsf@wheatstone.g10code.de> Message-ID: <359436.34809.qm@web50904.mail.yahoo.com> It's a good result. I hope you keep the sky blue color too. It would go well on an arm-logo t-shirt. :-) example: http://preview.tinyurl.com/yn8ot3 Randy --- Werner Koch wrote: > Hello, > > Back in September I announced a contest for a new GnuPG logo. By the > end of October I received 41 submissions from 31 parties. The > original plan was to let all the authors of GnuPG who signed a > copyright assignment with the FSF to vote on a new logo. However, I > only received 11 answers and there was no clear result: Only one > submission got 2 votes. It would have been unfair to take this as a > decision. > > So I looked around and found the CIVS [1] which implements a Condorcet > voting system. I fed it with the addresses of all subscribers of the > gnupg-users and gnupg-devel mailing lists and started the process. > >From the 1231 unique subscribers, 199 took the time to rank the > submissions and casted their vote. This time the result is pretty > clear: > > Thomas Wittek [2] from Cologne is the lucky winner. > > He will soon see his design used with GnuPG and also receive 50 > percent of the received donation (we received as of now 215 Euro but > further donations won't be rejected [3]). Unfortunately I can't offer > him a mail alias thomas at gnupg because this has been assigned to the > creator of the old logo. > > Ranks 2 and 3 are held by Robbie Tingey and Michel Blinn. They will > receive an email alias for their contribution. > > If you like to see the new logo, point your browser to > > http://logo-contest.gnupg.org > > You will also find also the detailed results of the ballot, all > submissions and the list of sponsors. > > I want to thank all who submitted a logo to the contest as well as > those who worked on a logo but submitted it too late. There are some > really cool designs and I hope that some can be reused for another > project. > > Special thanks to the sponsors: Intevation GmbH, Markus Komosinski, > Parag Mehta, Folkert van Heusden, Ralph Angenendt, Alexander Tomisch, > Robert Workman, Simon Josefsson. > > The remaining funds will be used to help with a new website design. > > > Many thanks to all, > > Werner > From dshaw at jabberwocky.com Sun Dec 3 06:25:07 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Sun Dec 3 06:23:53 2006 Subject: gpg strips '0x' on key searches... In-Reply-To: References: Message-ID: <20061203052507.GD28620@jabberwocky.com> On Tue, Oct 31, 2006 at 01:00:07PM -0800, Mark Atkinson wrote: > For example, in v1.4.5 that I'm using: > > gpg --keyserver hkp://pgpkeys.mit.edu --search-keys 0xCA6CDFB2 > > is translated to: > > http://pgpkeys.mit.edu:11371/pks/lookup?op=index&options=mr&search=CA6CDFB2&exact=on > > and fails. > > where > > http://pgpkeys.mit.edu:11371/pks/lookup?op=index&options=mr&search=0xCA6CDFB2&exact=on > > would work. Is this the fault of gpg, or the key server? It's in GPG. You're quite right, and this is fixed for the next release. David From benjamin at py-soft.co.uk Sun Dec 3 14:54:15 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun Dec 3 15:35:44 2006 Subject: Problem building libksba In-Reply-To: References: Message-ID: <4572D707.2080604@py-soft.co.uk> Victor Escobar wrote: > Please advise. This is fixed in v1.0.1 - see ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.0.1.tar.bz2 Ben From benjamin at py-soft.co.uk Sun Dec 3 17:38:19 2006 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sun Dec 3 17:36:44 2006 Subject: [Announce] GnuPG 2.0.1 released In-Reply-To: References: <877ixetl0e.fsf@wheatstone.g10code.de> <456DBEA7.2090202@py-soft.co.uk> <87vekynoz5.fsf@wheatstone.g10code.de> <456DC796.7050009@py-soft.co.uk> <456DCE34.3050506@py-soft.co.uk> Message-ID: <4572FD7B.3050809@py-soft.co.uk> reynt0 wrote: > May one ask, is there any chance there will be such a > packaged version for OS10.3.x as well as for 10.4.x? Unlikely I'm afraid: i/ The mac-gpg team consider 10.3.x to be a legacy system. ii/ I don't have access to 10.3.x iii/ gpg is easy enough to compile under MacOS now. However, please feel free to contribute a 10.3.x build. Ben From hhhobbit at securemecca.net Mon Dec 4 11:20:40 2006 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Mon Dec 4 11:18:43 2006 Subject: Two servers...one KeyPair In-Reply-To: <0MKpyh-1GpOCi1hpQ-0003O6@mx.perfora.net> References: <0MKpyh-1GpOCi1hpQ-0003O6@mx.perfora.net> Message-ID: <1165227640.4884.40.camel@sirius.brigham.net> On Tue, 2006-11-28 at 15:01 +0100, Albert Reiner wrote: > Message:1 > Date: Tue, 28 Nov 2006 15:01:25 +0100 > From: Albert Reiner > Subject: Re: Two servers...one KeyPair > To: Gnupg-users@gnupg.org > Cc: "Wolff, Alex" > Message-ID: <20061128140125.GA15808@tph.tuwien.ac.at> > Content-Type: text/plain; charset=us-ascii > > > I am trying to get around the problem of creating one key-pair and using it > > on two different servers (TEST and PROD). Is this possible? > > Generate the key on one server, export both private and public key > (gpg --export, gpg --export-private-key), transfer to the other > server, import private and public key. > > HTH, > > Albert. I apologize for not addressing this sooner. I never heard of the option --export-private-key. I gave the more complete response of how to do it using --export-secret-keys. Is --export-private-key part of 2.0 or are just you explaining the concept? I have never used 2.0, YET. I said that if you don't have completely duplicate key-rings, you should do the export. Additionally, if you have generated the keys on GnuPG, but you are using PGP instead of GnuPG on the other machine you will also want to do an --export-secret-keys and import it on the other machine EVEN if the key-rings are duplicates of each other. I forgot to ask the philosophical question of whether or not we should be asked the pass-phrase of the secret key to do this. I suppose not, since you still need to know it to use the key once you import it some place else. But it feels strange not to be prompted for your pass-phrase when you are exporting secret keys. Even if it doesn't do anything, the asking of you to confirm that you really want to export your secret key by asking for the pass-phrase of that key should clue you in that you are doing something that needs to be done with care and you should probably securely remove the file that was created when you no longer need it. HHH From areiner at tph.tuwien.ac.at Mon Dec 4 12:34:18 2006 From: areiner at tph.tuwien.ac.at (Albert Reiner) Date: Mon Dec 4 12:33:10 2006 Subject: Two servers...one KeyPair In-Reply-To: <1165227640.4884.40.camel@sirius.brigham.net> References: <0MKpyh-1GpOCi1hpQ-0003O6@mx.perfora.net> <1165227640.4884.40.camel@sirius.brigham.net> Message-ID: <20061204113418.GA6026@tph.tuwien.ac.at> On Mon, Dec 04, 2006 at 03:20:40AM -0700, Henry Hertz Hobbit wrote: > I never heard of the option --export-private-key. I gave the > more complete response of how to do it using --export-secret-keys. > Is --export-private-key part of 2.0 or are just you explaining > the concept? I have never used 2.0, YET. Neither have I; sorry for having caused confusion: I simply mis-remembered the name of the option and wrote -private- instead of -secret-. Albert. From hs2412 at gmail.com Tue Dec 5 10:22:44 2006 From: hs2412 at gmail.com (Hardeep Singh) Date: Tue Dec 5 11:55:15 2006 Subject: Questions from a newbie Message-ID: Hi All I need to travel a lot and send emails/proposals on the go. Mostly I just carry my docs on a pendrive, rarely also carrying a laptop. So even though I have known PGP for quite a long time and I tried my hand at it, also at thawte, I never took it seriously since PGP needs to be installed and all. Now I found GnuPG and liked it - its small and can be carried on the pendrive easily. I have a few questions: 1. While creating the key, I noticed RSA is sign only. Does it mean an RSA key cannot be used to encrypt? Why so - even RSA is now in public domain I believe. PGP (the free version) also allows RSA keys. The algorithm used instead by GnuPG is "DSA and Elgamal' which I havent heard of and dont know if they are equally secure. Are these compatible with PGP? 2. What happens if I loose the pendrive? They would not know the password but they would have the secret key. Does it make it easier for them to hack the messages I have already received, and possibly the encrypted files I have stored on the same pendrive? 3. Is there a wipe function or a wipe software also available from Gnu similar to the one offered by PGP? I need one that can be run from a pendrive without installation. Regards Hardeep Singh Give your resume visibility. Get a home for it. Resume Central. http://RC.Hardeep.name From joerg at schmitz-linneweber.de Tue Dec 5 10:15:16 2006 From: joerg at schmitz-linneweber.de (Joerg Schmitz-Linneweber) Date: Tue Dec 5 11:55:25 2006 Subject: sshd authentication problem with gpg-agent and OpenPGP card Message-ID: <457538A4.1020107@schmitz-linneweber.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! I recently found a problem when using OpenPGP cards with gpg-agent in combination with ssh/sshd. Technical details follows: - --- snip ----------------------- > gpg-agent --version gpg-agent (GnuPG) 2.0.0 - --- snip ----------------------- > rpm -qf `which ssh-add` openssh-3.9p1-12.10 - --- snip ----------------------- > ssh-add -l 1024 fingerprint_in_hex cardno:my_card_no (RSA) 1024 fingerprint_in_hex ~/id_dsa (DSA) 1024 fingerprint_in_hex ~/other_id_dsa (DSA) 1024 fingerprint_in_hex ~/other2_id_dsa (DSA) - --- snip ----------------------- (on the remote machine) # rpm -qf `which sshd` openssh-3.9p1-12.10 - --- snip ----------------------- OK. Connecting to the remote via: > ssh -vvvvi ~/.ssh/id_dsa remote_host works perfectly (no card involved) but: > ssh -vvvv remote_host tries to use the card and results in: - --- snip ----------------------- debug2: key: cardno:my_card (0x8095498) debug2: key: ~/.ssh/id_dsa (0x80999b0) debug2: key: ~/.ssh/other_id_dsa (0x8098d98) debug2: key: ~/.ssh/other2_id_dsa (0x8098d98) debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: cardno:my_card_no debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply Connection closed by remote_host - --- snip ----------------------- and the log on the remote machine explains this abrupt connection loss: - --- snip ----------------------- Dec 5 09:47:19 floyd sshd[4666]: fatal: buffer_get_bignum2: negative numbers not supported Dec 5 09:55:13 floyd sshd[4893]: fatal: buffer_get_bignum2: negative numbers not supported - --- snip ----------------------- The last snippet shows whats going on in gpg-agent: - --- snip ----------------------- [client at fd 4 connected] 4 - 2006-12-05 10:10:37 gpg-agent[10191]: SSH-Handhabungsroutine 0x80858b8 f?r fd 7 gestartet 4 - 2006-12-05 10:10:37 gpg-agent[10191]: ssh request handler for request_identities (11) started 4 - 2006-12-05 10:10:37 gpg-agent[10191]: new connection to SCdaemon established (reusing) [client at fd 5 connected] 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: <- GETATTR $AUTHKEYID 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> S $AUTHKEYID OPENPGP.3 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> OK 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: <- GETATTR SERIALNO 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> S SERIALNO my_serial_info 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> OK 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: <- READKEY OPENPGP.3 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> [ xx xx...(all bytes skipped) ] 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> OK 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: <- GETATTR $DISPSERIALNO 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> S $DISPSERIALNO the_displayable_serialno 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> OK 4 - 2006-12-05 10:10:37 gpg-agent[10191]: ssh request handler for request_identities (11) ready 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: <- RESTART 5 - 2006-12-05 10:10:37 scdaemon[10600.0] DBG: -> OK 4 - 2006-12-05 10:10:37 gpg-agent[10191]: SSH-Handhabungsroutine 0x80858b8 f?r fd 7 beendet - --- snip ----------------------- So gpg-agent in conjunction with this ssh version might deliver invalid data to the waiting ssh daemon. I found nothing particular on the mentioned bignum package in sshd though... :-( Anybody knows whats going on with OpenPGP card authentication? Werner? :-) Salut, J?rg - -- gpg/pgp key # 0xd7fa4512 fingerprint 4e89 6967 9cb2 f548 a806 7e8b fcf4 2053 d7fa 4512 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFdTik/PQgU9f6RRIRArT4AJ4wXZaBiR8oZWhlvAcZXSOP8VdUcwCgzbs/ aUdw1ByhBJlE8e3C9KeiGsE= =JwLw -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Dec 5 12:22:12 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue Dec 5 12:20:16 2006 Subject: Questions from a newbie In-Reply-To: References: Message-ID: <45755664.3010708@sixdemonbag.org> Hardeep Singh wrote: > 1. While creating the key, I noticed RSA is sign only. Does it mean > an RSA key cannot be used to encrypt? No. I use a set of RSA keys to encrypt and sign data. All that it means is you need to create your set of encryption keys in a separate step from creating your signing keys. When creating DSA/Elg keys, both the signing and encryption keys are created at the same time. RSA keys are created differently. Don't really know why it's that way, but that's the way it is. > The algorithm used instead by GnuPG is "DSA and Elgamal' which I > havent heard of and dont know if they are equally secure. The term 'Elgamal' has an unfortunate multitude of meanings. It refers to the Egyptian-American researcher Taher el Gamal, whose name has been Americanized as Elgamal. He did a lot of fundamental research into an entire family of cryptographic algorithms, which have since been called the Elgamal family. Elgamal is also used to describe a particular algorithm within the Elgamal family. The Digital Signature Algorithm, DSA, is part of the Elgamal family. So when you see "DSA and Elgamal", please don't think of them as two different algorithms; think of them as two very closely related algorithms. Anyway. You were wondering if the Elgamals are equally secure to RSA. The short answer is the Elgamals are believed to be comparable to RSA. Or maybe we should say RSA is believed comparable to the Elgamals. Either way, they can be used with confidence. > Are these compatible with PGP? PGP 5.0 or better, yes. > 2. What happens if I loose the pendrive? They would not know the > password but they would have the secret key. No, they would not. The secret key is stored in an encrypted format. The passphrase is needed to decrypt the secret key so that GnuPG can then use it. The cipher used to encrypt the secret key is of comparable strength to the cipher used to encrypt a PGP message. This means that as long as your passphrase is strong, you could publish your secret key in the _New York Times_ and still be confident that nobody would be able to read your email. > 3. Is there a wipe function or a wipe software also available from > Gnu similar to the one offered by PGP? I need one that can be run > from a pendrive without installation. For this one, we need to know what operating system you're using. From adam at e-ignite.co.uk Tue Dec 5 12:30:29 2006 From: adam at e-ignite.co.uk (Adam Gould) Date: Tue Dec 5 12:28:39 2006 Subject: Questions from a newbie In-Reply-To: References: Message-ID: <45755855.4040005@e-ignite.co.uk> Hardeep Singh wrote: > 1. While creating the key, I noticed RSA is sign only. Does it mean an > RSA key cannot be used to encrypt? Why so - even RSA is now in public > domain I believe. PGP (the free version) also allows RSA keys. No, it does not mean that you *can't* use RSA to encrypt. You would generate an RSA signing only key, then generate an RSA encryption subkey using the gpg --edit-key command. This way, you can have (for example) a 1024 bit RSA signing key with a 4096 bit RSA encryption key if you wish. Hardeep Singh wrote: > The algorithm used instead by GnuPG is "DSA and Elgamal' which I > havent heard of and dont know if they are equally secure. Are these > compatible with PGP? They are simply the default key types with GnuPG. The DSA key is the signing key and it can only be 1024 bits. The Elgamal key is an encryption key, and it is the size that you specify. Both DSA / Elgamal and RSA are compatible with PGP 5 and above. Hardeep Singh wrote: > 2. What happens if I loose the pendrive? They would not know the > password but they would have the secret key. Does it make it easier > for them to hack the messages I have already received, and possibly > the encrypted files I have stored on the same pendrive? Put quite simply, yes. If they have a copy of your private key, hackers only need to find your passphrase to compromise all of your previously secured communications. Using a dictionary attack on the key, they are far more likely to break the security of your emails and files. If you do ever lose your pendrive with secret keys on it, I would recommend that you revoke the keys you lost and create a new key pair. Hardeep Singh wrote: > 3. Is there a wipe function or a wipe software also available from Gnu > similar to the one offered by PGP? I need one that can be run from a > pendrive without installation. There are several free, open source wiping programs available, but these are not entirely useful when you are using a flash memory pen drive. In order to prolong the life of flash memory, all data is written to a random "sector" on the drive and this is controlled by a low-level controller over which the operating system of the host PC has no control. Therefore to absolutely securely remove data from a flash drive, you would need to delete the file then run a "free-space" wipe of the memory. You may be interested in Mobility Email (available at http://www.mobilityemail.net) - this is an open source mail client based on Mozilla code, and has built-in OpenPGP email encryption support. It is designed to run from a removable drive, so the disk letter does not matter and you can therefore use it on multiple computer terminals. It also supports profile locking and secure wiping of the disk if you choose to enable it. This encrypts your mail profile using AES symmetrical encryption (with a user-specified passphrase), deletes the unencrypted profile from your disk, then performs a "free-space wipe" of the memory, ensuring excellent security even if you lose the flash disk. This is quite a time-consuming process though, and may not be necessary for every-day use - this is why we included the option so that the users decide what level of security to use. I would highly recommend that you try it and form your own opinions - it's free, open source software and is compatible with Windows and Linux running WINE. Hope this helps, Adam -- e-ignite: OpenPGP Key: 0x4B45F6F5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 560 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061205/2e7a3f93/signature-0001.pgp From hawke at hawkesnest.net Tue Dec 5 17:11:05 2006 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue Dec 5 17:09:44 2006 Subject: adding passphrases to gpg-agent In-Reply-To: <87ac2h6q7m.fsf@wheatstone.g10code.de> References: <87lkm2ea5u.fsf@wheatstone.g10code.de> <87ac2h6q7m.fsf@wheatstone.g10code.de> Message-ID: Werner Koch wrote: > For example, you don't need to use ssh-add every time after starting > the agent. You do it only once and gpg-agent will store the entire > key on disk and no just in memeory as ssh-agent does. Is it possible to control/disable this behavior? I prefer to keep my ssh keys only on a USB disk, and not have them copied to any machine on which I happen to load them. -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061205/17011e41/signature.pgp From wk at gnupg.org Tue Dec 5 17:26:44 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Dec 5 17:31:53 2006 Subject: adding passphrases to gpg-agent In-Reply-To: (Alex Mauer's message of "Tue\, 05 Dec 2006 10\:11\:05 -0600") References: <87lkm2ea5u.fsf@wheatstone.g10code.de> <87ac2h6q7m.fsf@wheatstone.g10code.de> Message-ID: <877ix6l35n.fsf@wheatstone.g10code.de> On Tue, 5 Dec 2006 17:11, hawke@hawkesnest.net said: > Is it possible to control/disable this behavior? I prefer to keep my > ssh keys only on a USB disk, and not have them copied to any machine on > which I happen to load them. Make a ~/.gnupg/private-keys-v1.d/ a symlink to your USB disk. Salam-Shalom, Werner From sydbarrett74 at hotmail.com Tue Dec 5 18:45:04 2006 From: sydbarrett74 at hotmail.com (Victor Escobar) Date: Tue Dec 5 18:43:38 2006 Subject: Problem building 2.0.1 Message-ID: Hi all, I am having a problem with configure. It doesn't recognise that I have these libraries already installed (which I do, and all the latest versions). I'm using OSX 10.4.8... ----- configure: *** *** You need libgpg-error to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgpg-error *** (at least version 1.4 is required.) *** configure: *** *** You need libassuan with Pth support to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libassuan/ *** (at least version 0.9.3 (API 1) is required). *** configure: *** *** You need libksba to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libksba/ *** (at least version 1.0.0 using API 1 is required). *** configure: error: *** *** Required libraries not found. Please consult the above messages *** and install them before running configure again. *** From eray.aslan at caf.com.tr Tue Dec 5 18:13:01 2006 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Tue Dec 5 19:55:09 2006 Subject: encrypt the sent folder Message-ID: <4575A89D.8010003@caf.com.tr> Hi, How can I make sure that all the emails in my Sent folder are encrypted and can't be read without my private key? In other words, I want my email in my Sent folder to be encrypted even though the email sent on the wire is plain text. Encrypt to self option only works if I send an encrypted mail. I couldn't get it to work all the time. here is my gpg.conf: comment "" no-mangle-dos-filenames keyserver-options auto-key-retrieve verbose include-revoked include-subkeys expert default-recipient-self encrypt-to 0x34697591 default-key 0x34697591 Email client is Thunderbird/Enigmail. Mails are stored on IMAP server if it makes any difference. Thank you. -- Eray From rjh at sixdemonbag.org Tue Dec 5 20:03:13 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue Dec 5 20:01:01 2006 Subject: encrypt the sent folder In-Reply-To: <4575A89D.8010003@caf.com.tr> References: <4575A89D.8010003@caf.com.tr> Message-ID: <4575C271.70001@sixdemonbag.org> Eray Aslan wrote: > How can I make sure that all the emails in my Sent folder are encrypted > and can't be read without my private key? In other words, I want my > email in my Sent folder to be encrypted even though the email sent on > the wire is plain text. This is not a task for GnuPG. This is a task for an encrypted file system. On OS X, look into using encrypted home directories (System Preferences-->Security). On Windows, I've found TrueCrypt to be a pretty good solution. On Linux, look into cryptoloop. > Email client is Thunderbird/Enigmail. Mails are stored on IMAP server > if it makes any difference. It does. You need your IMAP server to run the encrypted file system. From qed at tiscali.it Tue Dec 5 20:25:48 2006 From: qed at tiscali.it (Qed) Date: Tue Dec 5 20:23:33 2006 Subject: encrypt the sent folder In-Reply-To: <4575C271.70001@sixdemonbag.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> Message-ID: <4575C7BC.8020809@tiscali.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 05/12/06 20:03, Robert J. Hansen wrote: >> How can I make sure that all the emails in my Sent folder are encrypted >> and can't be read without my private key? In other words, I want my >> email in my Sent folder to be encrypted even though the email sent on >> the wire is plain text. > This is not a task for GnuPG. This is a task for an encrypted file > system. Or, better, for an encryption plugin for his MUA. > On OS X, look into using encrypted home directories (System > Preferences-->Security). On Windows, I've found TrueCrypt to be a > pretty good solution. On Linux, look into cryptoloop. >> Email client is Thunderbird/Enigmail. Mails are stored on IMAP >> server if it makes any difference. > It does. You need your IMAP server to run the encrypted file system. This is suitable only if he owns the server or IMAP storage is kept in a directory on which he has rw permissions(e.g.: ~/home/Maildir). - -- Q.E.D. War is Peace Freedom is Slavery Ignorance is Strength ICQ UIN: 301825501 OpenPGP key ID: 0x58D14EB3 Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3 Check fingerprints before trusting a key! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6rc1 (GNU/Linux) iD8DBQFFdce7H+Dh0Dl5XacRA/4dAJ9j7M06Q1qJH3p56Pl+eABe3TaM0QCeIHUR wLUDzY1L0dnhTDwSlIvmuRQ= =i8GA -----END PGP SIGNATURE----- From eray.aslan at caf.com.tr Tue Dec 5 20:43:36 2006 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Tue Dec 5 20:41:32 2006 Subject: encrypt the sent folder In-Reply-To: <4575C271.70001@sixdemonbag.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> Message-ID: <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> On Tue, December 5, 2006 9:03 pm, Robert J. Hansen wrote: > Eray Aslan wrote: >> How can I make sure that all the emails in my Sent folder are encrypted >> and can't be read without my private key? In other words, I want my >> email in my Sent folder to be encrypted even though the email sent on >> the wire is plain text. > > This is not a task for GnuPG. This is a task for an encrypted file > system. On OS X, look into using encrypted home directories (System > Preferences-->Security). On Windows, I've found TrueCrypt to be a > pretty good solution. On Linux, look into cryptoloop. Surely there must be a better way. These all require admin access to the IMAP server. The software already does what I want some of the time (when I send the recipient encrypted email). I just want it to do it all the time. -- Eray From wk at gnupg.org Tue Dec 5 21:10:29 2006 From: wk at gnupg.org (Werner Koch) Date: Tue Dec 5 21:16:50 2006 Subject: Problem building 2.0.1 In-Reply-To: (Victor Escobar's message of "Tue\, 05 Dec 2006 12\:45\:04 -0500") References: Message-ID: <871wnehznu.fsf@wheatstone.g10code.de> On Tue, 5 Dec 2006 18:45, sydbarrett74@hotmail.com said: > I am having a problem with configure. It doesn't recognise that I have > these libraries already installed (which I do, and all the latest versions). > I'm using OSX 10.4.8... You need to make sure that the correct libraries are found. For example, if you installed them to /usr/local/ you need to make sure that /usr/local/bin comes early in the path, so that an old version alreay installed does not get in the way. You find more information about the checks done in config.log. Salam-Shalom, Werner From rjh at sixdemonbag.org Tue Dec 5 21:30:22 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue Dec 5 21:28:21 2006 Subject: encrypt the sent folder In-Reply-To: <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> Message-ID: <4575D6DE.9060703@sixdemonbag.org> Eray Aslan wrote: > Surely there must be a better way. These all require admin access to the > IMAP server. The software already does what I want some of the time (when > I send the recipient encrypted email). I just want it to do it all the > time. There isn't. If you want a program that does this, you're going to need to write it yourself. It seems like it could be done in just a couple of hours of Perl. But once you do that, you're going to need to hack on Enigmail/Thunderbird in able to support text searches through encrypted data, then you're going to need to... etc., etc. It's a nontrivial amount of work. Also remember that OpenPGP is a wire protocol. The protocol is not meant for mass storage. Sure, you can use GnuPG to encrypt files, but once you start dealing with large numbers of them you're generally going to be better off using a system that's purpose-built for the task. Like, say, an encrypted filesystem. From dshaw at jabberwocky.com Tue Dec 5 21:45:45 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Dec 5 21:44:32 2006 Subject: encrypt the sent folder In-Reply-To: <4575D6DE.9060703@sixdemonbag.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <4575D6DE.9060703@sixdemonbag.org> Message-ID: <20061205204545.GA9461@jabberwocky.com> On Tue, Dec 05, 2006 at 02:30:22PM -0600, Robert J. Hansen wrote: > Also remember that OpenPGP is a wire protocol. The protocol is not > meant for mass storage. Sure, you can use GnuPG to encrypt files, but > once you start dealing with large numbers of them you're generally going > to be better off using a system that's purpose-built for the task. > Like, say, an encrypted filesystem. I must disagree with this. OpenPGP is not solely a wire protocol. There are even parts of the specification that were added mainly for the benefit of mass storage. It's being used in storage in a number of places today. The nice thing about using OpenPGP as an archival primitive is that each encrypted file is its own file and decrypting one does not impact any others. This works well in the context of email, where each mail is its own object. David From rjh at sixdemonbag.org Tue Dec 5 21:52:56 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue Dec 5 21:50:44 2006 Subject: encrypt the sent folder In-Reply-To: <20061205204545.GA9461@jabberwocky.com> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <4575D6DE.9060703@sixdemonbag.org> <20061205204545.GA9461@jabberwocky.com> Message-ID: <4575DC28.6000509@sixdemonbag.org> David Shaw wrote: > I must disagree with this. OpenPGP is not solely a wire protocol. I probably should have said 'primarily'. It wasn't my intent to give the impression it was exclusively a wire protocol. > The nice thing about using OpenPGP as an archival primitive is that > each encrypted file is its own file and decrypting one does not impact > any others. This works well in the context of email, where each mail > is its own object. In other ways it doesn't work very well, since each email is encrypted separately, requiring complex bignum math for each decryption. Searching through large numbers of emails could potentially be very problematic. Compare this to an encrypted filesystem, which is typically much more performance-friendly. From dshaw at jabberwocky.com Tue Dec 5 22:15:18 2006 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Dec 5 22:14:03 2006 Subject: encrypt the sent folder In-Reply-To: <4575DC28.6000509@sixdemonbag.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <4575D6DE.9060703@sixdemonbag.org> <20061205204545.GA9461@jabberwocky.com> <4575DC28.6000509@sixdemonbag.org> Message-ID: <20061205211518.GB9461@jabberwocky.com> On Tue, Dec 05, 2006 at 02:52:56PM -0600, Robert J. Hansen wrote: > David Shaw wrote: > > I must disagree with this. OpenPGP is not solely a wire protocol. > > I probably should have said 'primarily'. It wasn't my intent to give > the impression it was exclusively a wire protocol. > > > The nice thing about using OpenPGP as an archival primitive is that > > each encrypted file is its own file and decrypting one does not impact > > any others. This works well in the context of email, where each mail > > is its own object. > > In other ways it doesn't work very well, since each email is encrypted > separately, requiring complex bignum math for each decryption. > Searching through large numbers of emails could potentially be very > problematic. > > Compare this to an encrypted filesystem, which is typically much more > performance-friendly. Absolutely. It all depends on what the goal is. Given a compromise, many distinct files can limit the damage done to a subset (or one) of the encrypted files. A compromise of an encrypted filesystem generally compromises the whole filesystem containing all the files. On the other side, as you say, an encrypted filesystem will probably outperform multiple encrypted files. Given the original request (to store encrypted mails on a remote IMAP server), OpenPGP seems like an obvious answer as it works even when the remote IMAP server isn't under the control of the user (which is often the case). OpenPGP (and encrypted filesystems) are two good solutions to two slightly different and overlapping problems. David From johanw at vulcan.xs4all.nl Tue Dec 5 22:39:50 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue Dec 5 22:39:08 2006 Subject: encrypt the sent folder In-Reply-To: <4575C271.70001@sixdemonbag.org> Message-ID: <200612052139.kB5LdoYU010513@vulcan.xs4all.nl> Robert J. Hansen wrote: >Preferences-->Security). On Windows, I've found TrueCrypt to be a >pretty good solution. On Linux, look into cryptoloop. TrueCrypt works also on Linux (kernel 2.6.5 and up). The advantage is that a TC volume can be accessed on both Linux and windows - very usefull when I use the same USB stick both at home and on my work. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Tue Dec 5 23:06:56 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue Dec 5 23:04:52 2006 Subject: Christmas is upon us again. Message-ID: <4575ED80.4040905@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Whether you're secular or religious, atheist or devout, I think we can all agree that the time of the year known as Christmas will soon be upon us. This is historically a time for personal reflection and charitable giving. We reflect on how fortunate we are, and we give in order to show our thanks and appreciation for that which we have received. This year, I'm grateful that we have a Free Software implementation of the OpenPGP protocol. I'm also grateful that the development process is fairly open and I'm grateful that, by and large, the people in the community are friendly. This year, I'm giving $10 to the Free Software Foundation (http://www.fsf.org) in the name of the GNU Privacy Guard, as my way of telling the developers "thanks". If you feel like joining me in this, well... feel free to say thanks on-list, or to write off a note to the developers. Likewise, I hope you'll give a small donation to the charity of your choice in the name of the GNU Privacy Guard. Merry Christmas to everyone. May we have peace on Earth and goodwill to all humanity. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJFde2AAAoJELcA9IL+r4EJzQAIAOJJW/1rDgO4H92MsjLHr0lj kl9hl3d1xSWrkscAuY6rDYWxrs/91H2f+CZGt8mDC6MOcJeBlb3QOs9BSmoWZG+6 dxDaSEern8mr7r7+WLeejOvDSK1bfTYT1S5KTJwy1jgs8F3xrL9RqJ4JW0acCVg5 HMYHhLfSUu4rWYJ/odGYat4qTT5CqtLYr5jFtWMEkGEpCsnDexgVmCkI4Q+8cE0p 4KMLEiUHvC8GKW/Ug8vFySkok5UBwv7iBPejQjqaKI/fvxc5/cx5D6sr42WD6HG6 keKvJD9g9b7DWJXDVXiVeBexsj8Hrbvp36oHFkwlERFNeBuAD3Lv1PY82KP2WEA= =+4hw -----END PGP SIGNATURE----- From tmz at pobox.com Wed Dec 6 00:00:33 2006 From: tmz at pobox.com (Todd Zullinger) Date: Wed Dec 6 00:35:59 2006 Subject: encrypt the sent folder In-Reply-To: <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> Message-ID: <20061205230033.GD32304@psilocybe.teonanacatl.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eray Aslan wrote: > Surely there must be a better way. These all require admin access > to the IMAP server. The software already does what I want some of > the time (when I send the recipient encrypted email). I just want > it to do it all the time. This doesn't like an entirely unreasonable feature request to make of Enigmail. Perhaps you'd want to check in with the Enigmail folks to see if the would consider adding such a feature? It has some potential to be useful but it might be icky to implement. Obviously, if you send a message unencrypted but store it encrypted, you won't really have an accurate record of your sent mail. The headers and MIME parts will be different. Some people prefer that what's in their sent mailbox be exactly equal to what was sent. (Pedants. :) I am curious though, what particular threats are you concerned about? That might help shape what options would be best to take. If you don't trust the IMAP server admins, then you should store your mail somewhere you do trust. If you are worried about someone cracking the server and getting at your sent messages then encryption on the server may be sufficient, but would involve either changes to you mail client or some other sort of access to your mailbox on the server. - -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== Oh, I feel so deliciously white trash! Mommy, I want a mullet! -- Stewie Griffin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6rc1 (GNU/Linux) iQFDBAEBAgAtBQJFdfoRJhhodHRwOi8vd3d3LnBvYm94LmNvbS9+dG16L3BncC90 bXouYXNjAAoJEEMlk4u+rwzjIIcIAKIcq+3PoQ/WaEZ2MExTp2vimQ/ReNOpu/vB BGYVylEg0yJ2mVRtodexGZ+GCSFxaQYmXqyS+5H93AbY7SlhKByRGkCi5caHOlLQ aED3FL5SL8ANzXDWDDWABt9YL43+Rx/0/PM81X4m5ueLJUyBC0agtlxGWHlgzUha t0ENzdf/DkjSOVxDvovoHcBmBBhwJMPlQvWd50l1MYbyFWamer3BDOZke1rVKS2p 0rDTvrWfMIqDKRR8Isbfj5LRIJ2ln99GdioDnKDvB24uzUFHWmCMSj6usFggqM09 EwX0sNAZoQ6DYqRNbMPiN1le2hACv0YJllatBYLZOPaiR0Zpjoc= =JPs0 -----END PGP SIGNATURE----- From sydbarrett74 at hotmail.com Wed Dec 6 01:47:58 2006 From: sydbarrett74 at hotmail.com (Victor Escobar) Date: Wed Dec 6 01:46:46 2006 Subject: Problem building 2.0.1 In-Reply-To: <871wnehznu.fsf@wheatstone.g10code.de> Message-ID: Walter, thank you for this tip. I'm such an idiot: /usr/local/bin was not in my path -- DOH! :( However, now I'm getting the following error during make: /usr/bin/ld: Undefined symbols: _gpg_error_from_syserror collect2: ld returned 1 exit status make[2]: *** [kbxutil] Error 1 make[2]: Leaving directory `/Users/sydbarrett74/Desktop/gnupg-2.0.1/kbx' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/Users/sydbarrett74/Desktop/gnupg-2.0.1' make: *** [all] Error 2 On 12/5/06 3:10 PM, "Werner Koch" wrote: > On Tue, 5 Dec 2006 18:45, sydbarrett74@hotmail.com said: > >> I am having a problem with configure. It doesn't recognise that I have >> these libraries already installed (which I do, and all the latest versions). >> I'm using OSX 10.4.8... > > You need to make sure that the correct libraries are found. For > example, if you installed them to /usr/local/ you need to make sure > that /usr/local/bin comes early in the path, so that an old version > alreay installed does not get in the way. > > You find more information about the checks done in config.log. > > > Salam-Shalom, > > Werner > > > From randy at randyburns.us Wed Dec 6 03:01:55 2006 From: randy at randyburns.us (Randy Burns) Date: Wed Dec 6 04:00:22 2006 Subject: Christmas is upon us again. In-Reply-To: <4575ED80.4040905@sixdemonbag.org> Message-ID: <20061206020155.82217.qmail@web50912.mail.yahoo.com> It's a great idea. A more direct link is: https://www.fsf.org/associate/support_freedom/donate Randy --- "Robert J. Hansen" wrote: > > Whether you're secular or religious, atheist or devout, I think we can > all agree that the time of the year known as Christmas will soon be upon > us. This is historically a time for personal reflection and charitable > giving. We reflect on how fortunate we are, and we give in order to > show our thanks and appreciation for that which we have received. > > This year, I'm grateful that we have a Free Software implementation of > the OpenPGP protocol. I'm also grateful that the development process is > fairly open and I'm grateful that, by and large, the people in the > community are friendly. > > This year, I'm giving $10 to the Free Software Foundation > (http://www.fsf.org) in the name of the GNU Privacy Guard, as my way of > telling the developers "thanks". > > If you feel like joining me in this, well... feel free to say thanks > on-list, or to write off a note to the developers. Likewise, I hope > you'll give a small donation to the charity of your choice in the name > of the GNU Privacy Guard. > > Merry Christmas to everyone. May we have peace on Earth and goodwill to > all humanity. > From shavital at mac.com Wed Dec 6 08:23:22 2006 From: shavital at mac.com (Charly Avital) Date: Wed Dec 6 08:21:49 2006 Subject: Problem building 2.0.1 In-Reply-To: <871wnehznu.fsf@wheatstone.g10code.de> References: <871wnehznu.fsf@wheatstone.g10code.de> Message-ID: <45766FEA.1040000@mac.com> Werner Koch wrote the following on 12/5/06 3:10 PM: > On Tue, 5 Dec 2006 18:45, sydbarrett74@hotmail.com said: > >> I am having a problem with configure. It doesn't recognise that I have >> these libraries already installed (which I do, and all the latest versions). >> I'm using OSX 10.4.8... > > You need to make sure that the correct libraries are found. For > example, if you installed them to /usr/local/ you need to make sure > that /usr/local/bin comes early in the path, so that an old version > alreay installed does not get in the way. > > You find more information about the checks done in config.log. > > > Salam-Shalom, > > Werner > Hi Werner, Running Mac PPC, OS 10.4.8 (Darwin 8.8.0) 1. First attempt with ./configure: ------------- checking for gpg-error-config... /usr/local/bin/gpg-error-config checking for GPG Error - version >= 1.4... yes checking for libgcrypt-config... /usr/local/bin/libgcrypt-config checking for LIBGCRYPT - version >= 1.2.0... yes checking LIBGCRYPT API version... okay checking for libassuan-config... /usr/local/bin/libassuan-config checking for LIBASSUAN - version >= 0.9.3... yes checking LIBASSUAN API version... okay checking for libassuan-config... (cached) /usr/local/bin/libassuan-config checking for LIBASSUAN pth - version >= 0.9.3... yes checking LIBASSUAN pth API version... okay checking for libassuan-config... (cached) /usr/local/bin/libassuan-config checking for LIBASSUAN - version >= 1.0.1... yes checking LIBASSUAN API version... okay checking for ksba-config... /usr/local/bin/ksba-config checking for KSBA - version >= 1.0.0... yes checking KSBA API version... okay ....[.........]........ config.status: creating po/Makefile GnuPG v2.0.1 has been configured as follows: Platform: Darwin (powerpc-apple-darwin8.8.0) OpenPGP: yes S/MIME: yes Agent: yes Smartcard: yes Protect tool: (default) Default agent: (default) Default pinentry: (default) Default scdaemon: (default) Default dirmngr: (default) PKITS based tests: no ----------------------- But then, with make: ----- /usr/bin/ld: Undefined symbols: _libiconv _libiconv_close _libiconv_open collect2: ld returned 1 exit status make[2]: *** [kbxutil] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 -------------------- 2. Second attempt with a fresh copy of the source code and./configure -- --disable-nls Same results regarding the presence of the required libraries, and for final configuration. But then, make (same final results): ------------------------- /usr/bin/ld: Undefined symbols: _libiconv _libiconv_close _libiconv_open collect2: ld returned 1 exit status make[2]: *** [kbxutil] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 --------------- 3. Trying to compile libiconv 1.11 with ./configure: ---------------- config.status: creating Makefile config.status: creating lib/Makefile config.status: creating include/localcharset.h config.status: creating include/localcharset.h.inst config.status: creating config.h ---------------- Then make: -------------- libtool: install: `4/Applications/libiconv-1.11/lib/libcharset.la' is not a directory Try `libtool --help --mode=install' for more information. make[2]: *** [install-lib] Error 1 make[1]: *** [install-lib] Error 2 make: *** [lib/localcharset.h] Error 2 --------------------- I am still digging in 'man libtool', the whole thing (dynamic, static, etc...) is too arcane *for my limited knowledge*. If you need more quotes from the outputs I can send them to you directly; I shall post to the list the final outcome (if there is one). Any ideas or suggestions? Thanks in advance, Charly From shavital at mac.com Wed Dec 6 08:36:31 2006 From: shavital at mac.com (Charly Avital) Date: Wed Dec 6 08:34:23 2006 Subject: Problem building 2.0.1 In-Reply-To: <45766FEA.1040000@mac.com> References: <871wnehznu.fsf@wheatstone.g10code.de> <45766FEA.1040000@mac.com> Message-ID: <457672FF.5000309@mac.com> Werner, My version of libtool is Apple Computer, Inc. version cctools-622.5 Sorry for the omission, Charly From eray.aslan at caf.com.tr Wed Dec 6 08:45:47 2006 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Wed Dec 6 08:43:55 2006 Subject: encrypt the sent folder In-Reply-To: <20061205230033.GD32304@psilocybe.teonanacatl.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> Message-ID: <4576752B.102@caf.com.tr> Todd Zullinger wrote: > Eray Aslan wrote: >> Surely there must be a better way. These all require admin access >> to the IMAP server. The software already does what I want some of >> the time (when I send the recipient encrypted email). I just want >> it to do it all the time. > > This doesn't like an entirely unreasonable feature request to make of > Enigmail. Perhaps you'd want to check in with the Enigmail folks to > see if the would consider adding such a feature? It has some > potential to be useful but it might be icky to implement. I thought it was a mis-configuration on my part. > Obviously, if you send a message unencrypted but store it encrypted, > you won't really have an accurate record of your sent mail. The > headers and MIME parts will be different. Some people prefer that > what's in their sent mailbox be exactly equal to what was sent. > (Pedants. :) Fair enough. > I am curious though, what particular threats are you concerned about? > That might help shape what options would be best to take. > > If you don't trust the IMAP server admins, then you should store your > mail somewhere you do trust. Nope. I am the admin. > If you are worried about someone cracking the server and getting at > your sent messages then encryption on the server may be sufficient, > but would involve either changes to you mail client or some other sort > of access to your mailbox on the server. The servers in question already has encryption at the file system level with cryptsetupLUKS for Linux and truecrypt for windows boxes. But the trouble is these do not provide any defense against attacks through the network. They will happily serve the emails thru the network to the appropriate user when asked. FS encryption is only good at boot time. Once the partition is mounted, you can access the data. I can give the end users a smartcard or a usb stick. The objective is to provide a solution so that not even the admin can read the emails (say by changing the password and logging in as the user) unless he/she has the secret key. -- Eray -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061206/20880ba1/signature.pgp From JPClizbe at tx.rr.com Wed Dec 6 08:57:41 2006 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed Dec 6 08:56:52 2006 Subject: encrypt the sent folder In-Reply-To: <20061205230033.GD32304@psilocybe.teonanacatl.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> Message-ID: <457677F5.5090004@tx.rr.com> Todd Zullinger wrote: > Eray Aslan wrote: >> Surely there must be a better way. These all require admin access >> to the IMAP server. The software already does what I want some of >> the time (when I send the recipient encrypted email). I just want >> it to do it all the time. > > This doesn't like an entirely unreasonable feature request to make of > Enigmail. Perhaps you'd want to check in with the Enigmail folks to > see if the would consider adding such a feature? It has some > potential to be useful but it might be icky to implement. Sounds unreasonable to me. It's completely beyond our scope to implement. Why is this unreasonable? You are asking an extension with hooks in certain steps of a MUA (Thunderbird/Seamonkey) to set policy on an IMAP server out of our control. Enigmail gets the message after the user clicks 'Send', does its processing, and passes the result back to the Mozilla mail-news code for mailing and storage. The extension has no control or interest in how the user has configured the MUA to handle sent items. In both the IMAP case and the local storage case, the message that is saved is the exact message that is sent on the wire. This is not an Enigmail function, but a function of the mail agent. There is no provision for processing a message on multiple paths and specifying separate handling on each path when sending, nor would it be reasonable to expect there to be. There are two RFEs filed in Bugzilla to allow the unencrypted storage of encrypted items. One applies to sent items, the other to received ones. These may be possible at some time in the future, but no one is making any promises. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061206/fa441c9e/signature.pgp From eray.aslan at caf.com.tr Wed Dec 6 09:17:19 2006 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Wed Dec 6 09:15:15 2006 Subject: encrypt the sent folder In-Reply-To: <457677F5.5090004@tx.rr.com> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <457677F5.5090004@tx.rr.com> Message-ID: <45767C8F.8030601@caf.com.tr> John Clizbe wrote: [snip] > There is no provision for processing a message on multiple paths and specifying > separate handling on each path when sending, nor would it be reasonable to > expect there to be. Ahh, this is the problem. > There are two RFEs filed in Bugzilla to allow the unencrypted storage of > encrypted items. One applies to sent items, the other to received ones. > These may be possible at some time in the future, but no one is making any promises. Should I open another RFE? These are all the same problem after all. And thank you for the explanation. -- Eray -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061206/20e35b68/signature.pgp From tmz at pobox.com Wed Dec 6 10:21:53 2006 From: tmz at pobox.com (Todd Zullinger) Date: Wed Dec 6 10:19:55 2006 Subject: encrypt the sent folder In-Reply-To: <4576752B.102@caf.com.tr> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <4576752B.102@caf.com.tr> Message-ID: <20061206092153.GC13050@psilocybe.teonanacatl.org> Eray Aslan wrote: > I thought it was a mis-configuration on my part. Nope. As John pointed out this is simply not feasible to do from within Enigmail based on the way it has to interact with Thunderbird. >> If you don't trust the IMAP server admins, then you should store >> your mail somewhere you do trust. > > Nope. I am the admin. I'll assume that means you trust you. ;-) >> If you are worried about someone cracking the server and getting at >> your sent messages then encryption on the server may be sufficient, >> but would involve either changes to you mail client or some other >> sort of access to your mailbox on the server. > > The servers in question already has encryption at the file system > level with cryptsetupLUKS for Linux and truecrypt for windows boxes. > But the trouble is these do not provide any defense against attacks > through the network. They will happily serve the emails thru the > network to the appropriate user when asked. FS encryption is only > good at boot time. Once the partition is mounted, you can access > the data. True. An encrypted FS that's always mounted isn't too secure. > I can give the end users a smartcard or a usb stick. The objective > is to provide a solution so that not even the admin can read the > emails Well, as I understand your original query, you're looking to get security on the sent messages that are not encrypted to the recipient. In that case, the message goes out via IMAP and SMTP on the server and thus the admin could just grab a copy somewhere in that process. That'd be a lot easier to do than trying to crack the gpg encrypted message in your sent mailbox. ISTM that the only good way for you to get the security you want in this case is to send the mail encrypted in the first place. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== Rupert! I told you to watch the bags! You were watching the boys again weren't you! -- Stewie Griffin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061206/62e673d0/attachment.pgp From tmz at pobox.com Wed Dec 6 10:22:11 2006 From: tmz at pobox.com (Todd Zullinger) Date: Wed Dec 6 10:20:05 2006 Subject: encrypt the sent folder In-Reply-To: <457677F5.5090004@tx.rr.com> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <457677F5.5090004@tx.rr.com> Message-ID: <20061206092211.GD13050@psilocybe.teonanacatl.org> John Clizbe wrote: > Sounds unreasonable to me. It's completely beyond our scope to > implement. That seems more like not feasible than unreasonable. But the results are the same. :-) Thank you for the explanation. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- Alexis De Tocqueville. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061206/73cd5107/attachment.pgp From JPClizbe at tx.rr.com Wed Dec 6 10:49:35 2006 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed Dec 6 10:48:12 2006 Subject: encrypt the sent folder In-Reply-To: <4576752B.102@caf.com.tr> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <4576752B.102@caf.com.tr> Message-ID: <4576922F.6000706@tx.rr.com> Eray Aslan wrote: > > The servers in question already have encryption at the file system level > with cryptsetupLUKS for Linux and truecrypt for windows boxes. But the > trouble is these do not provide any defense against attacks through the > network. They will happily serve the emails thru the network to the > appropriate user when asked. FS encryption is only good at boot time. > Once the partition is mounted, you can access the data. Once again, this would appear to be a server configuration issue, not a GnuPG issue. If it is possible for someone to easily spoof a user's credentials and access their emails, then it's an authentication issue. If you're worried about eavesdropping on the wire, you want SSL or TLS to secure the link. In the case given of IMAP, you want IMAP + TLS or IMAP + SSL Check with your server admins to determine if your server supports IMAP w/ TLS or IMAP w/SSL. POP3 and SMTP also may be configured to use one of these suites. If these are supported, you may select them on the 'Server Settings' tab in 'Account Settings' It sounds as if you need to sit down and realistically evaluate your security needs with those who administer your network and servers. If your threat level is such that you do not feel the existing tools can meet your needs, it's time get out your checkbook and call in a professional not continue to seek free advice on a mailing list. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061206/df96fe7c/signature-0001.pgp From eray.aslan at caf.com.tr Wed Dec 6 11:52:14 2006 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Wed Dec 6 11:50:19 2006 Subject: encrypt the sent folder In-Reply-To: <4576922F.6000706@tx.rr.com> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <4576752B.102@caf.com.tr> <4576922F.6000706@tx.rr.com> Message-ID: <4576A0DE.40107@caf.com.tr> John Clizbe wrote: > Eray Aslan wrote: >> The servers in question already have encryption at the file system level >> with cryptsetupLUKS for Linux and truecrypt for windows boxes. But the >> trouble is these do not provide any defense against attacks through the >> network. They will happily serve the emails thru the network to the >> appropriate user when asked. FS encryption is only good at boot time. >> Once the partition is mounted, you can access the data. > > Once again, this would appear to be a server configuration issue, not a GnuPG issue. I think I am not expressing myself clearly. > If it is possible for someone to easily spoof a user's credentials and access > their emails, then it's an authentication issue. No, see below. > If you're worried about > eavesdropping on the wire, you want SSL or TLS to secure the link. > > In the case given of IMAP, you want IMAP + TLS or IMAP + SSL We provide IMAP+SSL and POP3+SSL email access to our employees. Plain IMAP and POP3 is not provided. SMTP is also secured. We also provide webmail service secured with HTTPS. Again plain HTTP is not allowed. This is basic stuff. So eavesdropping on the wire is not my main concern. And mails are stored on IMAP servers with encrypted file systems. This is not an authentiation issue because you can change the authentication method at the server. I want the emails to stay encrypted even if the server is compromised. I don't want anyone with the root password to say "that is what you wrote 2 months ago" unless he has my secret key. And that is what GnuPG does, no? And since all our email accounts are virtual - meaning thay don't have a shell account, dont have a home directory and emails are stored under the same UID at the server - I have to solve this at the MUA level. Please tell if there is an alternative. -- Eray -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061206/e78d60f6/signature.pgp From rjh at sixdemonbag.org Wed Dec 6 12:14:12 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed Dec 6 12:12:06 2006 Subject: encrypt the sent folder In-Reply-To: <4576A0DE.40107@caf.com.tr> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <4576752B.102@caf.com.tr> <4576922F.6000706@tx.rr.com> <4576A0DE.40107@caf.com.tr> Message-ID: <4576A604.7030206@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Eray Aslan wrote: > Please tell if there is an alternative. Your best alternative at this point is to hire a professional information security consultant. Your needs are highly specialized. That means that nobody here can give you good advice on what to do, since none of us here are fully briefed on your infrastructure, your operations, your business, your threats, or any of the other dozens of things that go into a risk management plan. You're also going to need to address problems with public-key infrastructure if you want to deploy this for your employees. PKI is the big elephant in the middle of the room that nobody talks about; existing PKI designs are, speaking generally, absolutely terrible. Deploying PKI is something you'll want a specialist for. GnuPG is a tool. It is not a solution. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJFdqYEAAoJELcA9IL+r4EJes4IAKE+PHVnY3actxoElF1QB0iR qH5iiRsLM7Dw9zCLSaLoujWOyzVMLF0N0lBXx88bB4MS8kj16daBgbCs7paasyyy qAPER++Ra6ahIrmsWHERdmWJfhuqGab0o4f8jTyIZcBlfxJH+QMPp/b6mjek2XxU U8z//4EFaCVPAzX+HvAEl/Mo6EJ0O+8E0y7G9X0lnWO4caB8BUjMtXtb4nxAZPz7 U2qOfyBEpTHtyPG/u8dLWFokl6nX9GQhfVHCmWhjSNMrmlxtPmTHn68ycA33z8Ah L/6FWTzmg7Shd/XLg2TFWA0BrxE/7kmxf/FMTHYE8RIRM2KE0Gf8JTmut8utlvI= =TySs -----END PGP SIGNATURE----- From eray.aslan at caf.com.tr Wed Dec 6 12:24:36 2006 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Wed Dec 6 12:22:23 2006 Subject: encrypt the sent folder In-Reply-To: <4576A604.7030206@sixdemonbag.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <4576752B.102@caf.com.tr> <4576922F.6000706@tx.rr.com> <4576A0DE.40107@caf.com.tr> <4576A604.7030206@sixdemonbag.org> Message-ID: <4576A874.5020301@caf.com.tr> Robert J. Hansen wrote: > Your best alternative at this point is to hire a professional > information security consultant. [snip] I'll fight for the budget but it's not likely. Thanks anyway. -- Eray -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20061206/80a27530/signature.pgp From willems.luc at pandora.be Wed Dec 6 11:11:17 2006 From: willems.luc at pandora.be (Luc Willems) Date: Wed Dec 6 12:25:13 2006 Subject: using belgium EID with gnupg 2.0.1 Message-ID: <200612061111.17382.willems.luc@pandora.be> hello all , i'm trying to import my belgium eID card but it only imports the belgium Root CA this is the output i get luc@lieve:~/.gnupg> gpgsm --learn-card gpgsm[6605]: can't connect to `/tmp/gpg-GXgusb/S.gpg-agent': No such file or directory gpgsm: can't connect to the agent - trying fall back gpgsm[6605]: can't connect to `/home/luc/.gnupg/S.gpg-agent': No such file or directory gpgsm: no running gpg-agent - starting one gpgsm: DBG: connection to agent established gpgsm: issuer certificate {C2EAD603ED8E2ED59FA26D27D21E3826FC8024AC} not found using authorityKeyIdentifier gpgsm: issuer certificate (#/2.5.4.5=#323030363033,CN=Citizen CA,C=BE) not found gpgsm: issuer certificate missing - storing as ephemeral gpgsm: issuer certificate {C2EAD603ED8E2ED59FA26D27D21E3826FC8024AC} not found using authorityKeyIdentifier gpgsm: issuer certificate (#/2.5.4.5=#323030363033,CN=Citizen CA,C=BE) not found gpgsm: issuer certificate missing - storing as ephemeral gpgsm: issuer certificate {10F00C569B61EA573AB635976D9FDDB9148EDBE6} not found using authorityKeyIdentifier gpgsm: issuer certificate (#/CN=Belgium Root CA,C=BE) not found gpgsm: issuer certificate missing - storing as ephemeral gpgsm: certificate imported secmem usage: 0/16384 bytes in 0 blocks luc@lieve:~/.gnupg> gpgsm --list-keys /home/luc/.gnupg/pubring.kbx ---------------------------- Serial number: 580B056C5324DBB25057185FF9E5A650 Issuer: /CN=Belgium Root CA/C=BE Subject: /CN=Belgium Root CA/C=BE validity: 2003-01-26 23:00:00 through 2014-01-26 23:00:00 key type: 2048 bit RSA key usage: certSign crlSign policies: 2.16.56.1.1.1:N: chain length: unlimited fingerprint: DF:DF:AC:89:47:BD:F7:52:64:A9:23:3A:C1:0E:E3:D1:28:33:DA:CC if have the following gpg-agent.conf # GPGConf disabled this option here at Wed 06 Dec 2006 10:14:02 AM CET # allow-mark-trusted ###+++--- GPGConf ---+++### ignore-cache-for-signing allow-mark-trusted debug-level basic log-file socket:///home/luc/.gnupg/log-socket ###+++--- GPGConf ---+++### Wed 06 Dec 2006 10:51:20 AM CET # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. but for some reason it doesn't trust the root and citizen CA. I also didn't got a question to trust the CA certificates ? How can i fix this ? Also , the current scdaemon fails most of the time with my acr38 card reader. i'm using the pcsc driver but most of the time i get Card errors. The card works fine with firefox and thunderbird which uses the belgium pkcs11 library greetings, luc From msemtd at yahoo.co.uk Wed Dec 6 13:27:49 2006 From: msemtd at yahoo.co.uk (Michael Erskine) Date: Wed Dec 6 13:26:12 2006 Subject: Christmas is upon us again. In-Reply-To: <20061206020155.82217.qmail@web50912.mail.yahoo.com> References: <20061206020155.82217.qmail@web50912.mail.yahoo.com> Message-ID: <200612061227.49316.msemtd@yahoo.co.uk> On Wednesday 06 December 2006 02:01, Randy Burns wrote: > It's a great idea. A more direct link is: > https://www.fsf.org/associate/support_freedom/donate Excellent idea - I shall do the same. Regards, Michael Erskine. -- Slurm, n.: The slime that accumulates on the underside of a soap bar when it sits in the dish too long. -- Rich Hall, "Sniglets" Send instant messages to your online friends http://uk.messenger.yahoo.com From blueness at gmx.net Wed Dec 6 13:59:06 2006 From: blueness at gmx.net (Mica Mijatovic) Date: Wed Dec 6 14:00:51 2006 Subject: Christmas is upon us again. In-Reply-To: <4575ED80.4040905@sixdemonbag.org> References: <4575ED80.4040905@sixdemonbag.org> Message-ID: <719058079.20061206135906@gmx.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224 Was Tue, 05 Dec 2006, at 16:06:56 -0600, when Robert J. Hansen wrote: > Whether you're secular or religious, atheist or devout, I think we can > all agree that the time of the year known as Christmas will soon be upon > us. This is historically a time for personal reflection and charitable > giving. We reflect on how fortunate we are, and we give in order to > show our thanks and appreciation for that which we have received. > This year, I'm grateful that we have a Free Software implementation of > the OpenPGP protocol. I'm also grateful that the development process is > fairly open and I'm grateful that, by and large, the people in the > community are friendly. > This year, I'm giving $10 to the Free Software Foundation > (http://www.fsf.org) in the name of the GNU Privacy Guard, as my way of > telling the developers "thanks". > If you feel like joining me in this, well... feel free to say thanks > on-list, or to write off a note to the developers. Likewise, I hope > you'll give a small donation to the charity of your choice in the name > of the GNU Privacy Guard. > Merry Christmas to everyone. May we have peace on Earth and goodwill to > all humanity. * I thank you warmly and as a Buddhist wish you (all) Happy Tibetan New Year.[1] The speech is of very loving-kindness nature and is spreading characteristic velvet and silky atmosphere we all need (at least once in a year). I hope that Miss GnuGP Universe contest will be established at some time also, because it is very good idea. Ten US dollars sound good too, so I will be willing to donate as well, in this or other way, to FSF, as soon as Mr Richard Stallman stops his support for legalization of ga...marijuana and/or any "soft drugs", or at least removes this from his web site. I wish also to GnuPG to remain good, free (as in "freedom"), independent and nonrestricted software as long as possible, and to its related team(s) a good, reliable, stable, vital and quality organizational (cap)abilities. __________________________ [1] I also wish Happy International, Serbian, Chinese and Japanese New Year and Merry Orthodox Christmas, since I am coming from this cultural and spiritual milieu too. - -- Mica ~~~ For personal mail please use my address as it is *exactly* given in my "From" field, otherwise it will not reach me. ~~~ GPG keys/docs/software at: http://blueness.port5.com/pgpkeys/ http://tronogi.tripod.com/pgp/pgpkeys/ checking whether the reason is present and sane... piggy, piggy! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6-svn-4298 <>o<> tiger192 (Cygwin/MinGW32) iQCZAwUBRXa+WAYWnlFQ1cE7AQunhAQcC6oxzOXmX4msGVUkRr8UsEAoAu4F9sCE twBpxaEF6F5ikm7aEo+kBN2iy2jUM2n5dTA6VfgK6lwF8bhoSZfMl12pFXPg9f5N ejFx0OTk8AR7xr6T2w1G9a6aIfIzrLC7uv+5iuQTyyMNGngbTZ63TddJqnm27Xb2 mRXPuupeklLe3j7Z =DCDv -----END PGP SIGNATURE----- From shavital at mac.com Wed Dec 6 14:45:52 2006 From: shavital at mac.com (Charly Avital) Date: Wed Dec 6 14:44:21 2006 Subject: Christmas is upon us again. In-Reply-To: <20061206020155.82217.qmail@web50912.mail.yahoo.com> References: <20061206020155.82217.qmail@web50912.mail.yahoo.com> Message-ID: <4576C990.7000507@mac.com> Randy Burns wrote the following on 12/5/06 9:01 PM: > It's a great idea. A more direct link is: > https://www.fsf.org/associate/support_freedom/donate > > Randy > > --- "Robert J. Hansen" wrote: [...] >> This year, I'm giving $10 to the Free Software Foundation >> (http://www.fsf.org) in the name of the GNU Privacy Guard, as my way of >> telling the developers "thanks". >> >> If you feel like joining me in this, well... feel free to say thanks >> on-list, or to write off a note to the developers. Likewise, I hope >> you'll give a small donation to the charity of your choice in the name >> of the GNU Privacy Guard. Kudos to Robert for the initiative. Donation sent via the above link (thanks Randy). Thanks, Merry Christmas, Happy Hanukkah and a Happy New Year to Charly From alain.mp.bertrand at tele2.be Wed Dec 6 15:09:21 2006 From: alain.mp.bertrand at tele2.be (alain bertrand) Date: Wed Dec 6 16:55:41 2006 Subject: Expectk and echo from GnuPG ---edit-key Command> Message-ID: <200612061509.22400.alain.mp.bertrand@tele2.be> Hi, I'm scripting a Tcl/Tk frontend using Expect extension. It's all right up to GnuPG 1.4.2. With GnuPG 1.4.5, the spawned process from tcl script (spawn gpg --no-use-agent --edit-key 0x12345678) echoes back character by character everything is sent to gpg. So my tcl script receive back a mix of data from and to gpg. Tcl sends delsig It received: Command> d Command> de Command> del Command> dels Command> delsi Command> delsig Command> and not "Command> " prompt only. Why is 1.4.5 behaviour different from 1.4.2 ? Is it possible to avoid this echoing precluding use of Expect for key edition ? I'm a Linux rookie. Thanks for your help. Alain. From peter at stoddard.name Wed Dec 6 07:23:59 2006 From: peter at stoddard.name (Peter Stoddard) Date: Wed Dec 6 17:31:10 2006 Subject: Compile of Gnupg 2.0.1 failed - no libintl Message-ID: <3110FC4B-8B8B-48B1-A98D-0444F652BBEA@stoddard.name> Hi folks I tried compiling Gnupg 2.0.1 on a 733 MHz PowerPC G4 running Mac OSX 10.4.8 and the make failed with the following error: In file included from sysutils.c:41: i18n.h:27:23: error: libintl.h: No such file or directory sysutils.c: In function 'disable_core_dumps': sysutils.c:88: warning: implicit declaration of function 'gettext' sysutils.c:88: warning: incompatible implicit declaration of built-in function 'gettext' make[2]: *** [libcommon_a-sysutils.o] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 I looked libintl up and it involves native language support. Is this really necessary to ild Gnupg 2.x? If so, is there source code somewhere I can download? Thanks Pete -- Peter Stoddard -- GPG Key 4A1F5DA0 From vedaal at hush.com Wed Dec 6 18:30:55 2006 From: vedaal at hush.com (vedaal at hush.com) Date: Wed, 06 Dec 2006 12:30:55 -0500 Subject: encrypt the sent folder (Eray Aslan) Message-ID: <20061206173056.50708DA835@mailserver7.hushmail.com> On Wed, 06 Dec 2006 10:59:14 -0500 gnupg-users-request at gnupg.org wrote: >Send Gnupg-users mailing list submissions to > gnupg-users at gnupg.org > >To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnupg.org/mailman/listinfo/gnupg-users >or, via email, send a message with subject or body 'help' to > gnupg-users-request at gnupg.org > >You can reach the person managing the list at >Message: 1 >Date: Wed, 06 Dec 2006 12:52:14 +0200 >From: Eray Aslan >We provide IMAP+SSL and POP3+SSL email access to our employees. >Plain >IMAP and POP3 is not provided. SMTP is also secured. We also >provide >webmail service secured with HTTPS. Again plain HTTP is not >allowed. >This is basic stuff. So eavesdropping on the wire is not my main >concern. And mails are stored on IMAP servers with encrypted file >systems. > >This is not an authentiation issue because you can change the >authentication method at the server. I want the emails to stay >encrypted even if the server is compromised. I don't want anyone >with >the root password to say "that is what you wrote 2 months ago" >unless he >has my secret key. And that is what GnuPG does, no? > >And since all our email accounts are virtual - meaning thay don't >have a >shell account, dont have a home directory and emails are stored >under >the same UID at the server - I have to solve this at the MUA >level. >Please tell if there is an alternative. at the risk of sounding simplistic, maybe there is not too difficult workaround: [1] make it an option to save mail that is sent, and make the default as 'not' saving it [2]those wishing to have their sent mail stored encrypted, can forward the sent mail to to self, (as this is not usually done, it must be implemented to 'allow' it, but that shouldn't be that hard to do), and encrypt the forwarded mail with the sender's default key [3] add something in the subject line like: 'forwarded mail of 'date', encrypted' [4] add a disclaimer that users choosing to save mail in the 'sent' folder without encrypting it, will have it stored as cleartext on the server this keeps the users informed, gives them a choice, allows them to be protected (and does so by default) and protects the provider vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 From dougb at dougbarton.us Wed Dec 6 19:33:39 2006 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 06 Dec 2006 10:33:39 -0800 Subject: Compile of Gnupg 2.0.1 failed - no libintl In-Reply-To: <3110FC4B-8B8B-48B1-A98D-0444F652BBEA@stoddard.name> References: <3110FC4B-8B8B-48B1-A98D-0444F652BBEA@stoddard.name> Message-ID: <45770D03.1080900@dougbarton.us> Peter Stoddard wrote: > Hi folks > > I tried compiling Gnupg 2.0.1 on a 733 MHz PowerPC G4 running Mac OSX > 10.4.8 and the make failed with the following error: > > In file included from sysutils.c:41: > i18n.h:27:23: error: libintl.h: No such file or directory > sysutils.c: In function 'disable_core_dumps': > sysutils.c:88: warning: implicit declaration of function 'gettext' > sysutils.c:88: warning: incompatible implicit declaration of built-in > function 'gettext' > make[2]: *** [libcommon_a-sysutils.o] Error 1 > make[1]: *** [all-recursive] Error 1 > make: *** [all] Error 2 > > I looked libintl up and it involves native language support. Is this > really necessary to ild Gnupg 2.x? If so, is there source code > somewhere I can download? Try adding --disable-nls to your configure command. Also try doing './configure --help | more' to see if there is anything else there that is relevant, but only change things if you're pretty sure you know what's going to happen if you do. :) Doug -- If you're never wrong, you're not trying hard enough From peter at digitalbrains.com Wed Dec 6 20:08:07 2006 From: peter at digitalbrains.com (Peter Lebbing) Date: Wed, 06 Dec 2006 20:08:07 +0100 Subject: Christmas is upon us again. In-Reply-To: <4576C990.7000507@mac.com> References: <20061206020155.82217.qmail@web50912.mail.yahoo.com> <4576C990.7000507@mac.com> Message-ID: <45771517.7090603@digitalbrains.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, I will join in too and donate to the FSF, as a strong supporter of enabling *free speech* (GnuPG and other crypto/anonimity products), and free software in general. Peter. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRXcVFfqr/97I5g4/AQIoPwP/eVBXF0X4nKkS8Vh4SG3yq87aKuyJRbxh Ks/grhOA2h9b+NYLeI2sREunVl32Q5zXIck6qlar4isSPPKcxiD8jWQO9IHeKb6D AaCI74ogFUC6d8QTIKv1tgfuCme6WWiZ3FpqO5AbtSTvyJWRDWg62/AkI7twK4W1 HPiSGuPYm84= =RFRL -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Dec 6 23:13:21 2006 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 06 Dec 2006 16:13:21 -0600 Subject: encrypt the sent folder In-Reply-To: <20061206092211.GD13050@psilocybe.teonanacatl.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <457677F5.5090004@tx.rr.com> <20061206092211.GD13050@psilocybe.teonanacatl.org> Message-ID: <45774081.9030105@sixdemonbag.org> Todd Zullinger wrote: > That seems more like not feasible than unreasonable. But the results > are the same. :-) Infeasible: "we have the manpower, we have the tools, we have the talent, but the architecture is working against us in a big way." Unreasonable: "our manpower is stretched so thin that all infeasible RFEs are unreasonable expectations of us." As is unfortunately common with open-source projects, there's a major lack of manpower on Enigmail. If you know Javascript and would like to get your hands dirty with Enigmail, why not volunteer over on the Enigmail list? :) From peter at stoddard.us Thu Dec 7 01:46:34 2006 From: peter at stoddard.us (Peter Stoddard) Date: Wed, 6 Dec 2006 16:46:34 -0800 Subject: Compile of Gnupg 2.0.1 failed - no libintl In-Reply-To: <45770D03.1080900@dougbarton.us> References: <3110FC4B-8B8B-48B1-A98D-0444F652BBEA@stoddard.name> <45770D03.1080900@dougbarton.us> Message-ID: <06E1F3DC-32AA-4798-83FC-41DC02E47033@stoddard.us> On Dec 6, 2006, at 10:33 AM, Doug Barton wrote: > Peter Stoddard wrote: >> Hi folks >> >> I tried compiling Gnupg 2.0.1 on a 733 MHz PowerPC G4 running Mac OSX >> 10.4.8 and the make failed with the following error: >> >> In file included from sysutils.c:41: >> i18n.h:27:23: error: libintl.h: No such file or directory >> sysutils.c: In function 'disable_core_dumps': >> sysutils.c:88: warning: implicit declaration of function 'gettext' >> sysutils.c:88: warning: incompatible implicit declaration of built-in >> function 'gettext' >> make[2]: *** [libcommon_a-sysutils.o] Error 1 >> make[1]: *** [all-recursive] Error 1 >> make: *** [all] Error 2 >> >> I looked libintl up and it involves native language support. Is this >> really necessary to ild Gnupg 2.x? If so, is there source code >> somewhere I can download? > > Try adding --disable-nls to your configure command. Also try doing > './configure --help | more' to see if there is anything else there > that is relevant, but only change things if you're pretty sure you > know what's going to happen if you do. :) Thanks for the suggestion Doug. I tried configure --disable-nls, and I got further in the make but it eventually failed with the following error: /usr/bin/ld: Undefined symbols: _libiconv _libiconv_close _libiconv_open collect2: ld returned 1 exit status make[2]: *** [kbxutil] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 I don't know what other configuration options to try, and I don't understand what *any* of them do, so I'm going to bag gnupg 2.0.1 and wait until I can find out what is going on, or maybe wait for a macosx binary. I'm running 1.4.5 and its working fine for me. Pete -- Peter Stoddard -- GPG Key 4A1F5DA0 -- Peter Stoddard -- GPG Key 4A1F5DA0 From tmz at pobox.com Thu Dec 7 04:14:03 2006 From: tmz at pobox.com (Todd Zullinger) Date: Wed, 6 Dec 2006 22:14:03 -0500 Subject: encrypt the sent folder In-Reply-To: <45774081.9030105@sixdemonbag.org> References: <4575A89D.8010003@caf.com.tr> <4575C271.70001@sixdemonbag.org> <1121.85.101.16.38.1165347816.squirrel@mail.caf.com.tr> <20061205230033.GD32304@psilocybe.teonanacatl.org> <457677F5.5090004@tx.rr.com> <20061206092211.GD13050@psilocybe.teonanacatl.org> <45774081.9030105@sixdemonbag.org> Message-ID: <20061207031403.GI13050@psilocybe.teonanacatl.org> Robert J. Hansen wrote: > Todd Zullinger wrote: >> That seems more like not feasible than unreasonable. But the >> results are the same. :-) > > Infeasible: "we have the manpower, we have the tools, we have the > talent, but the architecture is working against us in a big way." > > Unreasonable: "our manpower is stretched so thin that all infeasible > RFEs are unreasonable expectations of us." I suppose that's one way to define the terms. I was thinking that unreasonable would be more aptly applied to a request that wasn't grounded in any good reasoning. Not feasible could be applied for either lack of manpower or lack of an available set of hooks to achieve the goal. > As is unfortunately common with open-source projects, there's a > major lack of manpower on Enigmail. If you know Javascript and > would like to get your hands dirty with Enigmail, why not volunteer > over on the Enigmail list? :) While I think that the Enigmail team has done a really great job of integrating OpenPGP into Thunderbird[1], I'm a happy Mutt user and not looking to switch back to any graphical MUA. ;-) I sincerely appreciate the efforts of all those folks that create the tools so many of us use, from the kernel hackers working on low level drivers for obscure funtions I will likely never understand, to David, Werner, Timo and all the GnuPG developers/contributors, to Ingo, John, Patrick and others who spend hours integrating those pieces into easy to use graphical interfaces that I can teach a friend to use pretty quickly. [1] For Windows, Thunderbird with Enigmail is the only thing I'd recommend to friends getting started. For linux, it's either Thunderbird/Enigmail or Kmail. Both projects have done a lot to make using PGP both seemless and secure. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== The chains of habit are too weak to be felt until they are too strong to be broken -- Samuel Johnson (1709-1784) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061206/58dd4283/attachment.pgp From tmz at pobox.com Thu Dec 7 05:37:25 2006 From: tmz at pobox.com (Todd Zullinger) Date: Wed, 6 Dec 2006 23:37:25 -0500 Subject: Info doc conflict between 1.4.6 and 2.0.1? Message-ID: <20061207043724.GJ13050@psilocybe.teonanacatl.org> I was updating my system to 1.4.6 today and noticed the following in the make install output (I've got 2.0.1 installed already): install-info: menu item `gpg' already exists, for file `gnupg' I don't recall seeing this before, but I don't use the info docs much, so maybe I've just missed it previously. It seems that 1.4.6 changed the texinfo file to use the dircategory "GNU Utilities" just as 2.0.1 does. 1.4.5 used GnuPG. Without knowing much about how install-info works, I'm guessing that it's balking because both programs try to create a gpg entry in the same info section. If I'm looking to install both 1.4.6 and 2.0.1 simultaneously, shouldn't the info pages for both versions be able to coexist? If I'm doing something wrong or am incorrect in expecting that the info files should be parallel installable, let me know. If not, would a proper fix be to use gpg2 as the entry for 2.0.1? -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== No oppression is so heavy or lasting as that which is inflicted by the perversion and exorbitance of legal authority. -- Joseph Addison -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061206/bf1ca0bb/attachment.pgp From shavital at mac.com Thu Dec 7 06:07:07 2006 From: shavital at mac.com (Charly Avital) Date: Thu, 07 Dec 2006 00:07:07 -0500 Subject: Info doc conflict between 1.4.6 and 2.0.1? In-Reply-To: <20061207043724.GJ13050@psilocybe.teonanacatl.org> References: <20061207043724.GJ13050@psilocybe.teonanacatl.org> Message-ID: <4577A17B.80809@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Todd Zullinger wrote the following on 12/6/06 11:37 PM: > I was updating my system to 1.4.6 today and noticed the following in > the make install output (I've got 2.0.1 installed already): > > install-info: menu item `gpg' already exists, for file `gnupg' > > I don't recall seeing this before, but I don't use the info docs much, > so maybe I've just missed it previously. It seems that 1.4.6 changed > the texinfo file to use the dircategory "GNU Utilities" just as 2.0.1 > does. 1.4.5 used GnuPG. Without knowing much about how install-info > works, I'm guessing that it's balking because both programs try to > create a gpg entry in the same info section. > > If I'm looking to install both 1.4.6 and 2.0.1 simultaneously, > shouldn't the info pages for both versions be able to coexist? > > If I'm doing something wrong or am incorrect in expecting that the > info files should be parallel installable, let me know. If not, would > a proper fix be to use gpg2 as the entry for 2.0.1? I am MacOS X user (10.4.6), unable till now to compile 2.0.1 (posted a few messages explaining why). If you are MacOS X user, could you please explain how you succeeded to compile 2.0.1. Thanks. I had no problem compiling 1.4.6 (and all its predecessors) from source. Charly KeyOnCard at: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRXehaSRJoUyU/RYhAQKz2gQAgNde+O79/HZW/5tiwb4Ci7g56wMo5gyC UAFnrVvJeB+u6YjHSOxqEN+R8ik6sEdDloDrPNDUOzyXaibbno7gIE8Xv6JvoF7E wHU7lYY6jzImUiR5x/+Ic+utXJgqwGpPiJy9folzByn2rieFXHFNlitN4uJYGQNZ W+xXerzuX7E= =jvRB -----END PGP SIGNATURE----- From tmz at pobox.com Thu Dec 7 06:50:58 2006 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 7 Dec 2006 00:50:58 -0500 Subject: Info doc conflict between 1.4.6 and 2.0.1? In-Reply-To: <4577A17B.80809@mac.com> References: <20061207043724.GJ13050@psilocybe.teonanacatl.org> <4577A17B.80809@mac.com> Message-ID: <20061207055058.GA18723@psilocybe.teonanacatl.org> Charly Avital wrote: > I am MacOS X user (10.4.6), unable till now to compile 2.0.1 (posted > a few messages explaining why). > If you are MacOS X user, could you please explain how you succeeded > to compile 2.0.1. Thanks. Sorry, I'm using linux. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== It is impossible to enjoy idling thoroughly unless one has plenty of work to do. -- Jerome K. Jerome -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061207/d64808a0/attachment.pgp From wk at gnupg.org Thu Dec 7 10:14:49 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 10:14:49 +0100 Subject: Info doc conflict between 1.4.6 and 2.0.1? In-Reply-To: <20061207043724.GJ13050@psilocybe.teonanacatl.org> (Todd Zullinger's message of "Wed\, 6 Dec 2006 23\:37\:25 -0500") References: <20061207043724.GJ13050@psilocybe.teonanacatl.org> Message-ID: <87lklkhxti.fsf@wheatstone.g10code.de> On Thu, 7 Dec 2006 05:37, tmz at pobox.com said: > I don't recall seeing this before, but I don't use the info docs much, > so maybe I've just missed it previously. It seems that 1.4.6 changed > the texinfo file to use the dircategory "GNU Utilities" just as 2.0.1 > does. 1.4.5 used GnuPG. Without knowing much about how install-info That is quite possible. I forgot to did this chnage in the release candidate and it was too late to do another one due to the security bug. > If I'm doing something wrong or am incorrect in expecting that the > info files should be parallel installable, let me know. If not, would > a proper fix be to use gpg2 as the entry for 2.0.1? I think so and will change it for the next release. Salam-Shalom, Werner From wk at gnupg.org Thu Dec 7 10:16:22 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 10:16:22 +0100 Subject: Info doc conflict between 1.4.6 and 2.0.1? In-Reply-To: <4577A17B.80809@mac.com> (Charly Avital's message of "Thu\, 07 Dec 2006 00\:07\:07 -0500") References: <20061207043724.GJ13050@psilocybe.teonanacatl.org> <4577A17B.80809@mac.com> Message-ID: <87hcw8hxqx.fsf@wheatstone.g10code.de> On Thu, 7 Dec 2006 06:07, shavital at mac.com said: > I am MacOS X user (10.4.6), unable till now to compile 2.0.1 (posted a > few messages explaining why). > If you are MacOS X user, could you please explain how you succeeded to > compile 2.0.1. Thanks. I know that there are some problems. Please give me some time wor work through them. IIRC, you need to use --disable-nls as weel as the latest versions of the libraries (maybe even from SVN). Shalom-Salam, Werner From wk at gnupg.org Thu Dec 7 10:21:18 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 10:21:18 +0100 Subject: Problem building 2.0.1 In-Reply-To: <45766FEA.1040000@mac.com> (Charly Avital's message of "Wed\, 06 Dec 2006 02\:23\:22 -0500") References: <871wnehznu.fsf@wheatstone.g10code.de> <45766FEA.1040000@mac.com> Message-ID: <87d56whxip.fsf@wheatstone.g10code.de> On Wed, 6 Dec 2006 08:23, shavital at mac.com said: > ----- > /usr/bin/ld: Undefined symbols: > _libiconv Well, you need a proper iconv installation too. We need too do have an extra test for it in case NLS has been disabled. NLS requires iconv anyway but there is some otehr code in gpg which needs it too. Can you please add your problem it to the bug tracker, so we don't forget about it? Use category gnupg and mention libiconv in the title. http://bugs.g10code.com . Salam-Shalom, Werner From wk at gnupg.org Thu Dec 7 10:23:29 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 10:23:29 +0100 Subject: using belgium EID with gnupg 2.0.1 In-Reply-To: <200612061111.17382.willems.luc@pandora.be> (Luc Willems's message of "Wed\, 6 Dec 2006 11\:11\:17 +0100") References: <200612061111.17382.willems.luc@pandora.be> Message-ID: <8764cohxf2.fsf@wheatstone.g10code.de> On Wed, 6 Dec 2006 11:11, willems.luc at pandora.be said: > i'm trying to import my belgium eID card but it only imports the belgium Root CA I have currently no time to care about it. I hope I can look at this in the next week. My two developer cards work just fine. You need to import the root certificates, though. Shalom-Salam, Werner From wk at gnupg.org Thu Dec 7 10:25:21 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 10:25:21 +0100 Subject: Compile of Gnupg 2.0.1 failed - no libintl In-Reply-To: <06E1F3DC-32AA-4798-83FC-41DC02E47033@stoddard.us> (Peter Stoddard's message of "Wed\, 6 Dec 2006 16\:46\:34 -0800") References: <3110FC4B-8B8B-48B1-A98D-0444F652BBEA@stoddard.name> <45770D03.1080900@dougbarton.us> <06E1F3DC-32AA-4798-83FC-41DC02E47033@stoddard.us> Message-ID: <871wnchxby.fsf@wheatstone.g10code.de> On Thu, 7 Dec 2006 01:46, peter at stoddard.us said: > I don't know what other configuration options to try, and I don't > understand what *any* of them do, so I'm going to bag gnupg 2.0.1 and > wait until I can find out what is going on, or maybe wait for a > macosx binary. I'm running 1.4.5 and its working fine for me. You should install libiconv. See my response too Charly Avital's report. Salam-Shalom, Werner From johanw at vulcan.xs4all.nl Wed Dec 6 11:28:50 2006 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 6 Dec 2006 11:28:50 +0100 (MET) Subject: encrypt the sent folder In-Reply-To: <457607CF.2090607@madhatt.com> Message-ID: <200612061028.kB6ASo2j022084@vulcan.xs4all.nl> Andrew Berg wrote: >> TrueCrypt works also on Linux (kernel 2.6.5 and up). The advantage is >> that a TC volume can be accessed on both Linux and windows - very >> usefull when I use the same USB stick both at home and on my work. >Uhhh... TC requires admin rights in order to mount a virtual drive. You >must have admin rights at work. If not, how are you able to use it? I have on my local machine. As a programmer, I need to. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From wk at gnupg.org Thu Dec 7 17:07:12 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 17:07:12 +0100 Subject: [Announce] Maintenance release for GnuPG 1.2.x Message-ID: <87psavbsgf.fsf@wheatstone.g10code.de> Hello, I am pleased to announce a security update to the 1.2 series of GnuPG: Version 1.2.8. The 1.2.x series has reached end of life status about 2 years ago. However, I make an update available for the sake of those who can't migrate to 1.4. There is no guarantee that all problems are solved in 1.2 - it is in general better to migrate to the activly maintained 1.4 series. You will find that version as well as corresponding signatures at the usual place (ftp://ftp.gnupg.org/gcrypt/gnupg/). Noteworthy changes in version 1.2.8 (2006-12-07) ------------------------------------------------ Backported security fixes. Note, that the 1.2.x series has reached end of life status. You should migrate to 1.4.x. * Fixed a serious and exploitable bug in processing encrypted packages. [CVE-2006-6235]. * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169] * User IDs are now capped at 2048 bytes. This avoids a memory allocation attack [CVE-2006-3082]. * Added countermeasures against the Mister/Zuccherato CFB attack . Happy Hacking, Werner -- Werner Koch The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20061207/2e2372f7/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From tmz at pobox.com Thu Dec 7 18:16:10 2006 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 7 Dec 2006 12:16:10 -0500 Subject: Info doc conflict between 1.4.6 and 2.0.1? In-Reply-To: <87lklkhxti.fsf@wheatstone.g10code.de> References: <20061207043724.GJ13050@psilocybe.teonanacatl.org> <87lklkhxti.fsf@wheatstone.g10code.de> Message-ID: <20061207171610.GD20318@psilocybe.teonanacatl.org> Werner Koch wrote: > On Thu, 7 Dec 2006 05:37, tmz at pobox.com said: > >> I don't recall seeing this before, but I don't use the info docs >> much, so maybe I've just missed it previously. It seems that 1.4.6 >> changed the texinfo file to use the dircategory "GNU Utilities" >> just as 2.0.1 does. 1.4.5 used GnuPG. Without knowing much about >> how install-info > > That is quite possible. I forgot to did this chnage in the release > candidate and it was too late to do another one due to the security > bug. Yes, I can understand that there were far more important things to be done. Here's hoping you can take this weekend off and relax. :) >> If I'm doing something wrong or am incorrect in expecting that the >> info files should be parallel installable, let me know. If not, would >> a proper fix be to use gpg2 as the entry for 2.0.1? > > I think so and will change it for the next release. If it helps, attached a one line patch against current svn. That seems to be all that's needed to get both 1.4 and 2.0 installed together happily. Thanks again to you and the whole GnuPG team! -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== To tax and to please, no more than to love and be wise, is not given to men. -- Edmund Burke -------------- next part -------------- Index: doc/gnupg.texi =================================================================== --- doc/gnupg.texi (revision 4372) +++ doc/gnupg.texi (working copy) @@ -48,7 +48,7 @@ @dircategory GNU Utilities @direntry -* gpg: (gnupg). OpenPGP encryption and signing tool. +* gpg2: (gnupg). OpenPGP encryption and signing tool. * gpgsm: (gnupg). S/MIME encryption and signing tool. @end direntry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061207/d92e90bb/attachment.pgp From wk at gnupg.org Thu Dec 7 19:20:48 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 19:20:48 +0100 Subject: Signed patch against 1.4.5 Message-ID: <871wnbbm9r.fsf@wheatstone.g10code.de> An embedded and charset-unspecified text was scrubbed... Name: filter-context-14-small.diff Url: /pipermail/attachments/20061207/43134302/attachment-0001.diff From wk at gnupg.org Thu Dec 7 19:21:33 2006 From: wk at gnupg.org (Werner Koch) Date: Thu, 07 Dec 2006 19:21:33 +0100 Subject: Signed patch against 2.0.1 Message-ID: <87wt53a7o2.fsf@wheatstone.g10code.de> An embedded and charset-unspecified text was scrubbed... Name: filter-context-20-small.diff Url: /pipermail/attachments/20061207/6bd11edc/attachment.diff From tmz at pobox.com Thu Dec 7 20:01:22 2006 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 7 Dec 2006 14:01:22 -0500 Subject: Signed patch against 2.0.1 In-Reply-To: <87wt53a7o2.fsf@wheatstone.g10code.de> References: <87wt53a7o2.fsf@wheatstone.g10code.de> Message-ID: <20061207190122.GI20318@psilocybe.teonanacatl.org> Werner Koch wrote: > Here comes a signed patch against 2.0.1 for those who care to verify > signatures ;-). Thanks Werner. Seems that the list archives scrub the attachment, which makes it less useful than it'd be otherwise, 'cause you can't point others to the signed patch. If any of the list owners have some free time I'd be happy to try to get that corrected or take it to the mailman-users list for advice if need be. (It seems that the content filter settings for the list may be a little aggressive.) BTW, I really like your Content-Type boundary string. :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== Lack of money is the root of all evil. -- George Bernard Shaw "Man and Superman", 1903 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061207/d8d62fed/attachment.pgp From larstiq at larstiq.dyndns.org Thu Dec 7 21:41:42 2006 From: larstiq at larstiq.dyndns.org (Wouter van Heyst) Date: Thu, 7 Dec 2006 21:41:42 +0100 Subject: Signed patch against 2.0.1 In-Reply-To: <20061207190122.GI20318@psilocybe.teonanacatl.org> References: <87wt53a7o2.fsf@wheatstone.g10code.de> <20061207190122.GI20318@psilocybe.teonanacatl.org> Message-ID: <20061207204141.GC4525@larstiq.dyndns.org> On Thu, Dec 07, 2006 at 02:01:22PM -0500, Todd Zullinger wrote: > Werner Koch wrote: > > Here comes a signed patch against 2.0.1 for those who care to verify > > signatures ;-). > > Thanks Werner. Seems that the list archives scrub the attachment, > which makes it less useful than it'd be otherwise, 'cause you can't > point others to the signed patch. If any of the list owners have some > free time I'd be happy to try to get that corrected or take it to the > mailman-users list for advice if need be. (It seems that the content > filter settings for the list may be a little aggressive.) I got a patch plus sig just fine, sure it isn't somewhere between the list server and you that the scrubbing happens? Wouter van Heyst -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: Digital signature Url : /pipermail/attachments/20061207/1a66580a/attachment.pgp From tmz at pobox.com Thu Dec 7 22:11:16 2006 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 7 Dec 2006 16:11:16 -0500 Subject: Signed patch against 2.0.1 In-Reply-To: <20061207204141.GC4525@larstiq.dyndns.org> References: <87wt53a7o2.fsf@wheatstone.g10code.de> <20061207190122.GI20318@psilocybe.teonanacatl.org> <20061207204141.GC4525@larstiq.dyndns.org> Message-ID: <20061207211116.GO20318@psilocybe.teonanacatl.org> Wouter van Heyst wrote: > I got a patch plus sig just fine, sure it isn't somewhere between > the list server and you that the scrubbing happens? I'm only talking about the archives. The patch arrived here just fine as well. But say I want to point at it in a distribution package or tell a friend about it. The archives are less than useful: http://lists.gnupg.org/pipermail/gnupg-users/2006-December/029976.html -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ====================================================================== The American people are becoming more and more afraid of, and are running away from, their own revolution. -- Leonard E. Read -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20061207/486c0a45/attachment.pgp From z.himsel at gmail.com Thu Dec 7 22:22:53 2006 From: z.himsel at gmail.com (Zach Himsel) Date: Thu, 7 Dec 2006 16:22:53 -0500 Subject: GnuPG 2.0.1 compile error Message-ID: <8d5f78b30612071322m60825028wb22d8168babb7814@mail.gmail.com> Yes, I know there has been a lot of compiling error going around on gnupg-users recently but I have tried to find the problem, but cannot. My './configure' works fine, but I get the following error part-way through 'make': ================================ compress.c:36:18: error: zlib.h: No such file or directory compress.c:61: error: expected declaration specifiers or '...' before 'z_stream' compress.c: In function 'init_compress': compress.c:76: error: 'Z_DEFAULT_COMPRESSION' undeclared (first use in this function) compress.c:76: error: (Each undeclared identifier is reported only once compress.c:76: error: for each function it appears in.) compress.c:82: warning: implicit declaration of function 'deflateInit2' compress.c:82: error: 'zs' undeclared (first use in this function) compress.c:82: error: 'Z_DEFLATED' undeclared (first use in this function) compress.c:83: error: 'Z_DEFAULT_STRATEGY' undeclared (first use in this function) compress.c:84: warning: implicit declaration of function 'deflateInit' compress.c:85: error: 'Z_OK' undeclared (first use in this function) compress.c:87: error: 'Z_MEM_ERROR' undeclared (first use in this function) compress.c:88: error: 'Z_VERSION_ERROR' undeclared (first use in this function) compress.c: At top level: compress.c:97: error: expected declaration specifiers or '...' before 'z_stream' compress.c: In function 'do_compress': compress.c:104: error: 'zs' undeclared (first use in this function) compress.c:109: warning: implicit declaration of function 'deflate' compress.c:110: error: 'Z_STREAM_END' undeclared (first use in this function) compress.c:110: error: 'Z_FINISH' undeclared (first use in this function) compress.c:112: error: 'Z_OK' undeclared (first use in this function) compress.c: At top level: compress.c:134: error: expected declaration specifiers or '...' before 'z_stream' compress.c: In function 'init_uncompress': compress.c:148: warning: implicit declaration of function 'inflateInit2' compress.c:148: error: 'zs' undeclared (first use in this function) compress.c:149: warning: implicit declaration of function 'inflateInit' compress.c:149