From wk at gnupg.org Mon Jul 2 15:52:42 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 15:52:42 +0200
Subject: getting signed text in plain
In-Reply-To: <1183227859.3301.3.camel@etch> (Mario Lenz's message of "Sat, 30
Jun 2007 20:24:19 +0200")
References: <1183227859.3301.3.camel@etch>
Message-ID: <871wfqq5ed.fsf@wheatstone.g10code.de>
On Sat, 30 Jun 2007 20:24, m at riolenz.de said:
> I'm trying to get the "plaintext" out of a signature, but without any
> success :-/
Please run your test program as
GPGME_DEBUG=5:gpgme.log ./testpgm
and show us the gpgme.log file.
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 2 15:57:57 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 15:57:57 +0200
Subject: Broken pipe?
In-Reply-To: <4684D32C.7050406@free.fr> (Guillaume Yziquel's message of "Fri,
29 Jun 2007 11:38:52 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D32C.7050406@free.fr>
Message-ID: <87wsxioql6.fsf@wheatstone.g10code.de>
On Fri, 29 Jun 2007 11:38, guillaume.yziquel at free.fr said:
> Visibly, purging pcscd does not solve the problem. Concerning
> permissions, I guess I have some work to do:
Indeed. That is your problem. Use lsusb to figure out where the SCR335
is attached and the manually update the ownership for testing. The
HOWTO has hints on how to install the hotplug stuff.
Salam-Shalom,
Werner
From wk at gnupg.org Mon Jul 2 16:01:26 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 16:01:26 +0200
Subject: Broken pipe?
In-Reply-To: <4684CB36.1030005@free.fr> (Guillaume Yziquel's message of "Fri,
29 Jun 2007 11:04:54 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr>
<9e0cf0bf0706280752t69bc1677l497099595db00e56@mail.gmail.com>
<4684CB36.1030005@free.fr>
Message-ID: <87sl86oqfd.fsf@wheatstone.g10code.de>
On Fri, 29 Jun 2007 11:04, guillaume.yziquel at free.fr said:
> and I was rather surprised by that: do you still need libpcsclite.so.xxx
> to run the builtin ccid driver? Because I removed these file through
No.
> aptitude. Because I've got the following complaint:
>> gpg: apdu_open_reader: failed to open driver `libpcsclite.so.1': libpcsclite.so.1: Ne peut ouvrir le fichier d'objet partag?: Aucun fichier ou r?pertoire de ce type
Scdaemon falls back to pcsc if it can't open the reader using the
interal ccid driver. This is the reason you see this error message.
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 2 17:29:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 02 Jul 2007 17:29:45 +0200
Subject: Broken pipe?
In-Reply-To: <4684D9EF.8090204@free.fr> (Guillaume Yziquel's message of "Fri,
29 Jun 2007 12:07:43 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D9EF.8090204@free.fr>
Message-ID: <87ved2n7rq.fsf@wheatstone.g10code.de>
On Fri, 29 Jun 2007 12:07, guillaume.yziquel at free.fr said:
> I apologize for the weight of this message.
As I alrady said: You have no permission to write to the USB device.
Shalom-Salam,
Werner
From bahamut at digital-signal.net Mon Jul 2 20:34:11 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Mon, 02 Jul 2007 13:34:11 -0500
Subject: "algorithm 11 not available"
Message-ID: <46894523.5090300@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
gpg2 -k returns some public keys, then this:
> DBG: md_enable: algorithm 11 not available gpg: Ohhhh jeeee: ...
> this is a bug (sig-check.c:450:check_backsig) Aborted
(GPG 2.0.4)
I'm testing FireGPG in Linux, and entered a lower-case 'k' by mistake.
GPG 1.4.7 doesn't return this error.
BTW, FireGPG fails miserably with gpg2, although it seems to work with
1.4.7.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRolFIfiOA0Bgp4/LAQM3NAf+Jn9lUAxOjJnPe2Za+BuKlz2ew0mIpktp
GmDf6PGb86Mpo5LlNY8i6CNwDc5c7mGvKljT+jkoe/eJQhq4PDfhlVIr0Ooz/vwz
eH4lhYY6bt334d8gOlvp+wRDSxUc+RTlLok3IP9Bjv6XZt1K0EbFLbzAWz3fSY/N
Rfe7JGjGt4md3UKYVux5UQI49HARGVtUmgJ/YBSTTT5SCVFlHN2tD5yV4Smwgmzd
0cNFbmQ4MylqNYx4re/fzq3imyNBSJLL0LPe+yqAdlASyysGR5yQNNWKNhfFuFHJ
RVHLSbJjp3C47+jGcFjLeV41NQISWPEbUQwPitFf/OyzvHxplTVywg==
=y9t3
-----END PGP SIGNATURE-----
From m at riolenz.de Mon Jul 2 20:41:03 2007
From: m at riolenz.de (Mario Lenz)
Date: Mon, 02 Jul 2007 20:41:03 +0200
Subject: getting signed text in plain
In-Reply-To: <871wfqq5ed.fsf@wheatstone.g10code.de>
References: <1183227859.3301.3.camel@etch>
<871wfqq5ed.fsf@wheatstone.g10code.de>
Message-ID: <1183401664.3329.7.camel@etch>
Hi!
I ran the test program with the latest version (1.1.4) and attached the
log.
greez
Mario
Am Montag, den 02.07.2007, 15:52 +0200 schrieb Werner Koch:
> On Sat, 30 Jun 2007 20:24, m at riolenz.de said:
>
> > I'm trying to get the "plaintext" out of a signature, but without any
> > success :-/
>
> Please run your test program as
>
> GPGME_DEBUG=5:gpgme.log ./testpgm
>
> and show us the gpgme.log file.
>
>
> Shalom-Salam,
>
> Werner
>
--
They can tak' oour lives but they cannae tak' oour troousers!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpgme.log
Type: text/x-log
Size: 4969 bytes
Desc: not available
Url : /pipermail/attachments/20070702/285e8160/attachment.bin
From bahamut at digital-signal.net Mon Jul 2 21:04:01 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Mon, 02 Jul 2007 14:04:01 -0500
Subject: FireGPG (correction)
Message-ID: <46894C21.4090905@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
There was a mismatch of GPG versions. I fixed that, and FireGPG makes
valid signatures with GPG 2.0.4.
The "algorithm 11 not available" problem remains, though.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRolMIfiOA0Bgp4/LAQN7jgf6AqShM9yLKWxxgfk2Y2gzQGgXUsbzeEZb
3R509WWYzTfcmadih6Zav+R0RxaVlLh59OK3BWGjGfsK/8emKhOXKd1J7CE18GAj
uQhnEc2d2JcFp+YvEK3IEv9sbc60AzFjO/9F02EQbWvNYPXVwlPH3jwkbHefmKsb
D8rNyTfon1KzFsdwgpX5mIWwX15x+j6TTzKnFZHzqOTXGAGBnr542M1K5OZyy6VR
IGtFyaDrjfgkeZZQkAJJXB8UNCKQY6x54UDChIYFafoAkUpuZqHmGlMVp5QSovi3
C4UCNJPMigFbMQSbhaJzJYhT0ECJcbob0+88TQhbCspIOMBEdvmRbA==
=iI5w
-----END PGP SIGNATURE-----
From jmoore3rd at bellsouth.net Mon Jul 2 22:32:05 2007
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Mon, 02 Jul 2007 16:32:05 -0400
Subject: FireGPG (correction)
In-Reply-To: <46894C21.4090905@digital-signal.net>
References: <46894C21.4090905@digital-signal.net>
Message-ID: <468960C5.9070203@bellsouth.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Andrew Berg wrote:
> There was a mismatch of GPG versions. I fixed that, and FireGPG makes
> valid signatures with GPG 2.0.4.
> The "algorithm 11 not available" problem remains, though.
'Algorithm 11' or S11 is Camellia and *should not* be Enabled except for
those approved for Inter Interoperability TESTing. Therefore S11 should
_not_ appear unless You have Compiled GnuPG with this algorithm enabled. :-\
JOHN ;)
Timestamp: Monday 02 Jul 2007, 16:30 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8-svn4511: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: My Homepage: http://tinyurl.com/yzhbhx
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCgAGBQJGiWDDAAoJEBCGy9eAtCsPHl4H/1e+5mgsyAC7TDW6cGAahbwf
X051+/Njx8elLr7QJY756gOeKN3LA7bhWbyUK/HJcbmfqFBcqwbTBmqxwEBWySc8
gCyIpGMFdlAfnOYCUPj3vCUEW07CIixCOY6WHOK5/U+p/pYkxT5/shT/0W+ISJ0W
Poab1/mIU0HJBJ7dOauTMAcLkAdnxb0kq6lzpOurcdvpN2B17aE1pnUvY1pXJhL5
7VAETU6i6GrfRUPlhmGXLYI1JAXHObtprvgYH+686IuU4Kl2V2cAhsDuLstKoQQO
b/a8GF5B+sQuTKy7fxjuzxAi4ORrlx56ZxtETJ6dKdBi1zs3eSYDLfEebVxPEvU=
=TsSE
-----END PGP SIGNATURE-----
From JPClizbe at tx.rr.com Tue Jul 3 01:55:56 2007
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Mon, 02 Jul 2007 18:55:56 -0500
Subject: FireGPG (correction)
In-Reply-To: <468960C5.9070203@bellsouth.net>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net>
Message-ID: <4689908C.8010006@tx.rr.com>
John W. Moore III wrote:
> Andrew Berg wrote:
>> There was a mismatch of GPG versions. I fixed that, and FireGPG makes
>> valid signatures with GPG 2.0.4.
>> The "algorithm 11 not available" problem remains, though.
>
> 'Algorithm 11' or S11 is Camellia and *should not* be Enabled except for
> those approved for Inter Interoperability TESTing. Therefore S11 should
> _not_ appear unless You have Compiled GnuPG with this algorithm enabled. :-\
Ummm
Except the OP was referring to gpg2 which does not have any of the Camellia code
in it yet. So concluding that it's Camellia is a bit of a stretch.
Since the error occurred in md_enable, it'd be a safer bet to go checking in the
hash functions.
Also, this is a *known error*, see this thread, 'Algorithm 11 not available',
http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
It stems from the fact that the cipher library in gpg2 does not have SHA-224
(hash algorithm 11) enabled.
Amazing tool, list archives. 8-}\
--
John P. Clizbe Inet: John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
As we know, We know there are some things
There are known knowns. We do not know.
There are things we know we know. But there are also unknown unknowns,
We also know The ones we don?t know
There are known unknowns. We don?t know.
That is to say -The Existential Poetry of Donald H. Rumsfeld
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 663 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070702/55a1aecb/attachment-0001.pgp
From mkallas at schokokeks.org Tue Jul 3 09:13:41 2007
From: mkallas at schokokeks.org (Michael Kesper)
Date: Tue, 3 Jul 2007 09:13:41 +0200 (CEST)
Subject: Broken pipe?
In-Reply-To: <87ved2n7rq.fsf@wheatstone.g10code.de>
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D9EF.8090204@free.fr> <87ved2n7rq.fsf@wheatstone.g10code.de>
Message-ID: <43060.164.61.12.24.1183446821.squirrel@mail.schokokeks.org>
Hi,
Werner Koch schrieb:
> On Fri, 29 Jun 2007 12:07, guillaume.yziquel at free.fr said:
>
>> I apologize for the weight of this message.
>
> As I alrady said: You have no permission to write to the USB device.
This seems to be the result of several half-correct howtos for installing
the cardreader. Recently I wanted to install it on a new machine but got
the same result. For the instant, I "solved" it by installing pcscd and
libpcsclite1.
I think we need a better way for new users to install the reader, maybe a
small installation package or something similar.
Best wishes
Michael
--
Nobody can save your freedom but YOU -
become a fellow of the FSFE! http://www.fsfe.org/en
From guillaume.yziquel at free.fr Tue Jul 3 11:30:01 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Tue, 03 Jul 2007 11:30:01 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <87wsxioql6.fsf@wheatstone.g10code.de>
References: <467FE61A.6050000@free.fr>
<46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr>
<4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr>
<87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr>
<87wsxioql6.fsf@wheatstone.g10code.de>
Message-ID: <468A1719.3020405@free.fr>
Werner Koch a ?crit :
> On Fri, 29 Jun 2007 11:38, guillaume.yziquel at free.fr said:
>
>> Visibly, purging pcscd does not solve the problem. Concerning
>> permissions, I guess I have some work to do:
>
> Indeed. That is your problem. Use lsusb to figure out where the SCR335
> is attached and the manually update the ownership for testing. The
> HOWTO has hints on how to install the hotplug stuff.
I read the hotplug stuff was deprecated, and that udev should be used
instead. The output of lsusb -v concerning the smart card reader follows.
My main problem is that I do not really understand how udev works. I
understood there was lots of renaming involved. And with all these
renamings, I do not really know how to make ownership changes.
I'd really love to find a good document on how udev works. In particular
with debian.
Thank you.
Guillaume Yziquel.
> Bus 003 Device 003: ID 04e6:5115 SCM Microsystems, Inc. SCR335 SmartCard Reader
> Device Descriptor:
> bLength 18
> bDescriptorType 1
> bcdUSB 2.00
> bDeviceClass 0 (Defined at Interface level)
> bDeviceSubClass 0
> bDeviceProtocol 0
> bMaxPacketSize0 16
> idVendor 0x04e6 SCM Microsystems, Inc.
> idProduct 0x5115 SCR335 SmartCard Reader
> bcdDevice 5.18
> iManufacturer 1 SCM Microsystems Inc.
> iProduct 2 SCR33x USB Smart Card Reader
> iSerial 5 21120706318555
> bNumConfigurations 1
> Configuration Descriptor:
> bLength 9
> bDescriptorType 2
> wTotalLength 93
> bNumInterfaces 1
> bConfigurationValue 1
> iConfiguration 3 CCID Class
> bmAttributes 0xa0
> (Bus Powered)
> Remote Wakeup
> MaxPower 100mA
> Interface Descriptor:
> bLength 9
> bDescriptorType 4
> bInterfaceNumber 0
> bAlternateSetting 0
> bNumEndpoints 3
> bInterfaceClass 11 Chip/SmartCard
> bInterfaceSubClass 0
> bInterfaceProtocol 0
> iInterface 4 CCID Interface
> ChipCard Interface Descriptor:
> bLength 54
> bDescriptorType 33
> bcdCCID 1.00
> nMaxSlotIndex 0
> bVoltageSupport 1 5.0V
> dwProtocols 3 T=0 T=1
> dwDefaultClock 4000
> dwMaxiumumClock 12000
> bNumClockSupported 0
> dwDataRate 9600 bps
> dwMaxDataRate 307200 bps
> bNumDataRatesSupp. 0
> dwMaxIFSD 252
> dwSyncProtocols 00000000
> dwMechanical 00000000
> dwFeatures 000100BA
> Auto configuration based on ATR
> Auto voltage selection
> Auto clock change
> Auto baud rate change
> Auto PPS made by CCID
> TPDU level exchange
> dwMaxCCIDMsgLen 263
> bClassGetResponse echo
> bClassEnvelope echo
> wlcdLayout none
> bPINSupport 0
> bMaxCCIDBusySlots 1
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x01 EP 1 OUT
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x82 EP 2 IN
> bmAttributes 2
> Transfer Type Bulk
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0040 1x 64 bytes
> bInterval 0
> Endpoint Descriptor:
> bLength 7
> bDescriptorType 5
> bEndpointAddress 0x83 EP 3 IN
> bmAttributes 3
> Transfer Type Interrupt
> Synch Type None
> Usage Type Data
> wMaxPacketSize 0x0010 1x 16 bytes
> bInterval 16
> Device Status: 0x0000
> (Bus Powered)
From wk at gnupg.org Tue Jul 3 12:54:09 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 03 Jul 2007 12:54:09 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <468A1719.3020405@free.fr> (Guillaume Yziquel's message of "Tue,
03 Jul 2007 11:30:01 +0200")
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk>
<4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk>
<4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de>
<4684D32C.7050406@free.fr> <87wsxioql6.fsf@wheatstone.g10code.de>
<468A1719.3020405@free.fr>
Message-ID: <87sl85kbam.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 11:30, guillaume.yziquel at free.fr said:
> My main problem is that I do not really understand how udev works. I
> understood there was lots of renaming involved. And with all these
> renamings, I do not really know how to make ownership changes.
Nor do I. The whole hotplug stuff just works for me since years and I
frankly don't know what is the difference between udev and hotplug. The
problem is that I only rarely install new machines and that some of mine
are going back to Potato. There is one new box here with a plain Etch
installation. If I find time I will attach a reader to that box and
check it out.
Salam-Shalom,
Werner
From guillaume.yziquel at free.fr Tue Jul 3 13:35:10 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Tue, 03 Jul 2007 13:35:10 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <87sl85kbam.fsf@wheatstone.g10code.de>
References: <467FE61A.6050000@free.fr>
<46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr>
<4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr>
<87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr>
<87wsxioql6.fsf@wheatstone.g10code.de> <468A1719.3020405@free.fr>
<87sl85kbam.fsf@wheatstone.g10code.de>
Message-ID: <468A346E.40100@free.fr>
Werner Koch a ?crit :
> On Tue, 3 Jul 2007 11:30, guillaume.yziquel at free.fr said:
>
>> My main problem is that I do not really understand how udev works. I
>> understood there was lots of renaming involved. And with all these
>> renamings, I do not really know how to make ownership changes.
>
> Nor do I. The whole hotplug stuff just works for me since years and I
> frankly don't know what is the difference between udev and hotplug. The
> problem is that I only rarely install new machines and that some of mine
> are going back to Potato. There is one new box here with a plain Etch
> installation. If I find time I will attach a reader to that box and
> check it out.
This link describes the udev thingy in an understandable way:
http://www.reactivated.net/writing_udev_rules.html
Maybe it is too specific to Debian. I do not know.
It deals with ownership problems somewhere inside. I think it should be
a good reference for the HOWTO. As it was mentioned in some mail before,
the HOWTO is not completely complete, concerning udev machinery. If you
type the commands somewhat too fast, reading blindly, then you get my
problem. Rights management is mentioned in the GPG Smartacard HOWTO, but
very very quickly, without instructions to follow. It is therefore
somewhat hard to follow.
I think the HOWTO needs this information, because its absence really
makes life complicated for average or below-average users trying to get
the smartacard reader working.
Guillaume Yziquel.
From patrick at mozilla-enigmail.org Tue Jul 3 14:13:36 2007
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Tue, 03 Jul 2007 14:13:36 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <468A1719.3020405__20886.5336528563$1183455306$gmane$org@free.fr>
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr> <87wsxioql6.fsf@wheatstone.g10code.de>
<468A1719.3020405__20886.5336528563$1183455306$gmane$org@free.fr>
Message-ID: <468A3D70.9070703@mozilla-enigmail.org>
Guillaume Yziquel wrote:
> Werner Koch a ?crit :
>> On Fri, 29 Jun 2007 11:38, guillaume.yziquel at free.fr said:
>>
>>> Visibly, purging pcscd does not solve the problem. Concerning
>>> permissions, I guess I have some work to do:
>> Indeed. That is your problem. Use lsusb to figure out where the SCR335
>> is attached and the manually update the ownership for testing. The
>> HOWTO has hints on how to install the hotplug stuff.
>
> I read the hotplug stuff was deprecated, and that udev should be used
> instead. The output of lsusb -v concerning the smart card reader follows.
>
> My main problem is that I do not really understand how udev works. I
> understood there was lots of renaming involved. And with all these
> renamings, I do not really know how to make ownership changes.
>
> I'd really love to find a good document on how udev works. In particular
> with debian.
The basic idea with udev is that you define rules for defining the group
and permission of devices (and other actions such as launching
applications). Here is a how-to that explains how these things work:
http://reactivated.net/writing_udev_rules.html
In your case you should create a file containing something like the
example below (everything on one line) and place it into
/etc/udev/rules.d. Check the README in /etc/udev/rules.d for the file
naming conventions.
SYSFS{idProduct}=="5115", SYSFS{idVendor}=="04e6", MODE="660",
GROUP="myspecialgroup"
HTH
-Patrick
From guillaume.yziquel at free.fr Tue Jul 3 15:00:35 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Tue, 03 Jul 2007 15:00:35 +0200
Subject: Ownership of usb device with udev.
In-Reply-To: <468A3D70.9070703@mozilla-enigmail.org>
References: <467FE61A.6050000@free.fr> <46800621.1060509@freecharity.org.uk> <4680D026.5020000@free.fr> <4680D1F3.803@freecharity.org.uk> <4683BC7E.9030207@free.fr> <87ved7b20y.fsf@wheatstone.g10code.de> <4684D32C.7050406@free.fr> <87wsxioql6.fsf@wheatstone.g10code.de> <468A1719.3020405__20886.5336528563$1183455306$gmane$org@free.fr>
<468A3D70.9070703@mozilla-enigmail.org>
Message-ID: <468A4873.4060600@free.fr>
> SYSFS{idProduct}=="5115", SYSFS{idVendor}=="04e6", MODE="660",
> GROUP="myspecialgroup"
In fact, what puzzled me is that I already had all this written down.
The problem was that there was some \newline between two of the keys.
This splitted off the line in two, and it was not parsed correctly at
boot time.
It's now settled. At least for the hardware part. I'm getting error
messages through Thunderbird/Icedove, now, and I hope that it's because
of some wrong pin...
Thank you all very much.
Guillaume Yziquel.
From bahamut at digital-signal.net Tue Jul 3 15:41:09 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Tue, 03 Jul 2007 08:41:09 -0500
Subject: algortihm 11
In-Reply-To: <4689908C.8010006@tx.rr.com>
References: <46894C21.4090905@digital-signal.net> <468960C5.9070203@bellsouth.net>
<4689908C.8010006@tx.rr.com>
Message-ID: <468A51F5.2040901@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
John Clizbe wrote:
> Also, this is a *known error*, see this thread, 'Algorithm 11 not
> available',
> http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
>
>
> It stems from the fact that the cipher library in gpg2 does not
> have SHA-224 (hash algorithm 11) enabled.
>
> Amazing tool, list archives. 8-}\
I will remember that I need to search archives before posting
something relating to discussions I have earlier ignored.
Anyway, I don't understand. SHA224 is not in my
personal-digest-prefs, and all I did was list keys. Was there
something special about one of the keys?
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRopR9PiOA0Bgp4/LAQPqbggA39jQmEoQki3walOa480fCuuwaloaSaPu
x88zQOyrLSevPNPUbskGbukNATT1SiDlcsXAfil8bzKPJftS7CrI6jBOgCwyaqrp
fZTTiDSnZwbjI9O7e9s0G7butAdHCwoYoyxIMWV5wZY3SWUxqYaJ3IJP6Z3fw8cF
Iptj+vvS63fva7ggyDsw/5iVW6li1eRU0wya2BofLvOPqMuUH8aSFe45LKt4hO4X
o2cNey/f43uVHmQhM7us9Cs1sk4XRz9JjNZpuGASEzbWeNvLWTU1dxDoWj7an5vq
rI81xgYKOoFywicQ+ROkYhe0m8ONIraBIohMNBjK4719lRfgY5HeEw==
=D2+J
-----END PGP SIGNATURE-----
From shavital at mac.com Tue Jul 3 16:30:55 2007
From: shavital at mac.com (Charly Avital)
Date: Tue, 03 Jul 2007 17:30:55 +0300
Subject: Algorithm 11 [was: FireGPG (correction)]
In-Reply-To: <4689908C.8010006@tx.rr.com>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
Message-ID: <468A5D9F.7060002@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
John Clizbe wrote the following on 7/3/07 2:55 AM:
[...]
> It stems from the fact that the cipher library in gpg2 does not have SHA-224
> (hash algorithm 11) enabled.
Under MacOS 10.4.9, I run gpg2 from a binary installer compiled by Ben
Donnachie:
item 'mac-gpg
2.0.4-2.zip that uses libgcrypt 1.3.0 with support for SHA224:
$ gpg2 -v --version
gpg (GnuPG) 2.0.4
Copyright (C) 2007 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ELG
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),
AES256 (S9), TWOFISH (S10)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), TIGER192 (H6), SHA256 (H8),
SHA384 (H9), SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)
Charly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRopdms3GMi2FW4PvAQizEwf6AiwhI2D+xT4Yc4FqB67a6wlZFypWetE1
eFzHA/IcyeCKH5Y8aYTVy6b4vfoOFJRzvnocE7cFAbFH87cYMTNd1sfV2D8Hkwg/
P6oz8kV/SuzPP1A5psXqVWfTl6f30kzzbTZI33eOvpBzR0sQphMF4QeZzbik/wMb
1bXw/86vqET5UJaDe1pegkcRzj59rZAFwMU/SG4umriuL2lq+qkO/22bjgPn5yuw
clRHiQu7Pa2PjhTVX3HQIttMRYLkLcXq9gM0BEmuDulKDeMX/NEnE5J3s05yKhTU
7vEnQrjHpUpm4mbeSEikHHLP/YWkMdQjwjBPZUL9ocdyQfxTROo8nQ==
=9L+o
-----END PGP SIGNATURE-----
From wk at gnupg.org Tue Jul 3 18:15:02 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 03 Jul 2007 18:15:02 +0200
Subject: Algorithm 11
In-Reply-To: <468A5D9F.7060002@mac.com> (Charly Avital's message of "Tue, 03
Jul 2007 17:30:55 +0300")
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com>
Message-ID: <87hcolihvd.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 16:30, shavital at mac.com said:
> Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), TIGER192 (H6), SHA256 (H8),
> SHA384 (H9), SHA512 (H10), SHA224 (H11)
^^^^^^^^^^^^^^
It depends on the installed version of libgcrypt. 1.3.x comes with
SHA224.
Shalom-Salam,
Werner
From dshaw at jabberwocky.com Tue Jul 3 18:18:36 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 3 Jul 2007 12:18:36 -0400
Subject: algortihm 11
In-Reply-To: <468A51F5.2040901@digital-signal.net>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A51F5.2040901@digital-signal.net>
Message-ID: <20070703161836.GA15775@jabberwocky.com>
On Tue, Jul 03, 2007 at 08:41:09AM -0500, Andrew Berg wrote:
> John Clizbe wrote:
> > Also, this is a *known error*, see this thread, 'Algorithm 11 not
> > available',
> > http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
> >
> >
> > It stems from the fact that the cipher library in gpg2 does not
> > have SHA-224 (hash algorithm 11) enabled.
> >
> > Amazing tool, list archives. 8-}\
> I will remember that I need to search archives before posting
> something relating to discussions I have earlier ignored.
>
> Anyway, I don't understand. SHA224 is not in my
> personal-digest-prefs, and all I did was list keys. Was there
> something special about one of the keys?
Yes. A key likely used SHA224 for a subkey certification or a
"backsig" certification. When GPG2 tried to verify that subkey, it
needed SHA224, didn't find it, and failed.
David
From bahamut at digital-signal.net Tue Jul 3 18:30:19 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Tue, 03 Jul 2007 11:30:19 -0500
Subject: Algorithm 11
In-Reply-To: <468A5D9F.7060002@mac.com>
References: <46894C21.4090905@digital-signal.net> <468960C5.9070203@bellsouth.net>
<4689908C.8010006@tx.rr.com> <468A5D9F.7060002@mac.com>
Message-ID: <468A799B.4060700@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Charly Avital wrote:
> Under MacOS 10.4.9, I run gpg2 from a binary installer compiled by
> Ben Donnachie:
>
> item
> 'mac-gpg 2.0.4-2.zip that uses libgcrypt 1.3.0 with support for
> SHA224:
>
>
>
> $ gpg2 -v --version gpg (GnuPG) 2.0.4 Copyright (C) 2007 Free
> Software Foundation, Inc. This program comes with ABSOLUTELY NO
> WARRANTY. This is free software, and you are welcome to
> redistribute it under certain conditions. See the file COPYING for
> details.
>
> Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG
> Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192
> (S8), AES256 (S9), TWOFISH (S10) Hash: MD5 (H1), SHA1 (H2),
> RIPEMD160 (H3), TIGER192 (H6), SHA256 (H8), SHA384 (H9), SHA512
> (H10), SHA224 (H11) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB
> (Z2), BZIP2 (Z3)
I built it from source from gnupg.org. No SHA224, no bzip2.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRop5m/iOA0Bgp4/LAQMuygf9F1P8Fmxu9wZyItK8+aKJRktHrj2f+pp0
DZEQ+cUko5toSYW064c7oz9b+j3oAXVW0/8HOF3BPm+DFUbm18jHn+ZCQXjZhY+4
4VuWz7g8y75BrA0aXbU/orn2YHfxFykPgjzl8SjoOPp6nGx8kT8dUN3w60+yVVSL
cJm3SwAxpKlDMSt1ePxOAu1nMCodh2AmeqhZyJdVNlLu9b5NPLTeUQHXZp+rfyWW
nSpUBFCL7GLWcyVR9gr4y41dnZQlIM8h3BXHWm+6PkVaddMfHGYEqriBGe9sGZcY
kAbahUWkenbnkVyFiPw52xoeK9SuKoETetc5mll5WS33/ujWIyEirw==
=+hZj
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Jul 3 19:03:02 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 3 Jul 2007 13:03:02 -0400
Subject: algortihm 11
In-Reply-To: <20070703161836.GA15775@jabberwocky.com>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A51F5.2040901@digital-signal.net>
<20070703161836.GA15775@jabberwocky.com>
Message-ID: <20070703170302.GB15775@jabberwocky.com>
On Tue, Jul 03, 2007 at 12:18:36PM -0400, David Shaw wrote:
> On Tue, Jul 03, 2007 at 08:41:09AM -0500, Andrew Berg wrote:
> > John Clizbe wrote:
> > > Also, this is a *known error*, see this thread, 'Algorithm 11 not
> > > available',
> > > http://lists.gnupg.org/pipermail/gnupg-users/2007-April/030974.html
> > >
> > >
> > > It stems from the fact that the cipher library in gpg2 does not
> > > have SHA-224 (hash algorithm 11) enabled.
> > >
> > > Amazing tool, list archives. 8-}\
> > I will remember that I need to search archives before posting
> > something relating to discussions I have earlier ignored.
> >
> > Anyway, I don't understand. SHA224 is not in my
> > personal-digest-prefs, and all I did was list keys. Was there
> > something special about one of the keys?
>
> Yes. A key likely used SHA224 for a subkey certification or a
> "backsig" certification. When GPG2 tried to verify that subkey, it
> needed SHA224, didn't find it, and failed.
I should add, though, that this bug is fixed and will be in the next
gpg2 release.
David
From shavital at mac.com Tue Jul 3 19:42:06 2007
From: shavital at mac.com (Charly Avital)
Date: Tue, 03 Jul 2007 20:42:06 +0300
Subject: Algorithm 11
In-Reply-To: <468A799B.4060700@digital-signal.net>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com> <468A799B.4060700@digital-signal.net>
Message-ID: <468A8A6E.6080801@mac.com>
Andrew Berg wrote the following on 7/3/07 7:30 PM:
[...]
> I built it from source from gnupg.org. No SHA224, no bzip2.
I believe it is because the src that is posted does not include
libgcrypt 1.3.0
Charly
From wk at gnupg.org Tue Jul 3 20:24:59 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 03 Jul 2007 20:24:59 +0200
Subject: algortihm 11
In-Reply-To: <20070703170302.GB15775@jabberwocky.com> (David Shaw's message of
"Tue, 3 Jul 2007 13:03:02 -0400")
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A51F5.2040901@digital-signal.net>
<20070703161836.GA15775@jabberwocky.com>
<20070703170302.GB15775@jabberwocky.com>
Message-ID: <87wsxh9wg4.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 19:03, dshaw at jabberwocky.com said:
> I should add, though, that this bug is fixed and will be in the next
> gpg2 release.
I hope to get it out this week but I need to sort out some license
problems first.
Salam-Shalom,
Werner
From bahamut at digital-signal.net Tue Jul 3 21:25:57 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Tue, 03 Jul 2007 14:25:57 -0500
Subject: Algorithm 11
In-Reply-To: <468A8A6E.6080801@mac.com>
References: <46894C21.4090905@digital-signal.net> <468960C5.9070203@bellsouth.net>
<4689908C.8010006@tx.rr.com> <468A5D9F.7060002@mac.com>
<468A799B.4060700@digital-signal.net> <468A8A6E.6080801@mac.com>
Message-ID: <468AA2C5.9030106@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Charly Avital wrote:
>> I built it from source from gnupg.org. No SHA224, no bzip2.
> I believe it is because the src that is posted does not include
> libgcrypt 1.3.0
It doesn't include any libgcrypt. The configure script said I didn't
have it, and gave a link to an FTP directory. I got 1.2.4 from there.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRoqixfiOA0Bgp4/LAQMLZQf+Il+UXs904JZoid/kCF58bTOpHwPqKxDp
ecnshUyDiYvPXL2GnD2SrjvaPP8KmtxQjVsWNyZNaMTk+LYyJCIN6VBsvP2rThBL
TJkjy+GgJ3L1cixvhSnuT11tjxnQyYFCBBeu2O/H4vev/6wEEhrJIPZKMBVJ99Os
fp/iAnkcNU1T18u2kSxIHi574rt9r08CBL01bep2RV5u+OvAHsrxXUE7NnuaI6i2
VOC+NSOFFQOb1yozUE4rLxbAyPVjsPUfq8ZcURLXg6mx82A4TluvJqX0aoIXBkyu
uGcM8d3ew6g4nUxaJ77BhXpyEVxayZ5PTSMbcMUwIJA28tlU9I58qg==
=+tb7
-----END PGP SIGNATURE-----
From wk at gnupg.org Wed Jul 4 09:43:53 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 04 Jul 2007 09:43:53 +0200
Subject: Algorithm 11
In-Reply-To: <468AA2C5.9030106@digital-signal.net> (Andrew Berg's message of
"Tue, 03 Jul 2007 14:25:57 -0500")
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com> <468A799B.4060700@digital-signal.net>
<468A8A6E.6080801@mac.com> <468AA2C5.9030106@digital-signal.net>
Message-ID: <87fy44k406.fsf@wheatstone.g10code.de>
On Tue, 3 Jul 2007 21:25, bahamut at digital-signal.net said:
> It doesn't include any libgcrypt. The configure script said I didn't
> have it, and gave a link to an FTP directory. I got 1.2.4 from there.
Check out ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/
Despite it is called alpha it is pretty usable.
Salam-Shalom,
Werner
From g.dampies at ru.ac.za Mon Jul 2 15:33:15 2007
From: g.dampies at ru.ac.za (Mr Gareth Dampies)
Date: Mon, 02 Jul 2007 15:33:15 +0200
Subject: Enigmail ...
Message-ID: <4688FE9B.7080404@ru.ac.za>
How do I uninstall Enigmail?
Thanks.
From rjh at sixdemonbag.org Wed Jul 4 11:45:49 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 04 Jul 2007 04:45:49 -0500
Subject: Enigmail ...
In-Reply-To: <4688FE9B.7080404@ru.ac.za>
References: <4688FE9B.7080404@ru.ac.za>
Message-ID: <468B6C4D.1000207@sixdemonbag.org>
Mr Gareth Dampies wrote:
> How do I uninstall Enigmail?
First, I would suggest asking on the Enigmail mailing list, instead of
GnuPG-Users.
Second, these instructions will uninstall Enigmail. They will not
uninstall GnuPG. Uninstalling GnuPG is different depending on what
operating system you're running, and we don't know what you're running.
That said: you uninstall Enigmail the same way you uninstall any other
extension.
>From the main Thunderbird window, click "Tools-->Add-ons", then click
"Enigmail" and "Uninstall".
From jharris at widomaker.com Thu Jul 5 00:11:18 2007
From: jharris at widomaker.com (Jason Harris)
Date: Wed, 4 Jul 2007 18:11:18 -0400
Subject: new (2007-06-24) keyanalyze results (+sigcheck
Message-ID: <20070704221118.GA5420@wilma.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2007-06-24/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
693fa8ec79909f3d195d7cd8bc06a99ff6a99aa6 14964552 preprocess.keys
73d4bd2eb5c64c1cf854595f3bbad72a5777127a 8661346 othersets.txt
fdb1a56cfe503d48338489e2340eeebf57a28273 3615016 msd-sorted.txt
159cb81ff86b7504d9f708a25541515492ad4848 2278 keyring_stats
b1321ea5b121e4e68fb95c6c0e753a378ec12071 1420564 msd-sorted.txt.bz2
338c7eb79665fa65a5f42259e4e84446fab2d37b 26 other.txt
018a9e1ebb8bfdaacb161242916bc530febd968b 1882078 othersets.txt.bz2
583fd8ebd8baeb5039b51143f1548e5f78cd9f65 6093727 preprocess.keys.bz2
8eb09cf808d26cb32b63fe365566e2bed4d90418 15279 status.txt
556bed2ac8938c2992df6032d7dd4f59f53dd871 194216 top1000table.html
11dcb21463783d31fa6f66e06fee8b2a042d6545 29469 top1000table.html.gz
cae4113ba50ea044406ea43f943e2d51ff86760c 9712 top50table.html
564551becfcd0ad911704c48b1774a1f118e3015 2529 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20070704/c742a180/attachment-0001.pgp
From newton at hammet.net Thu Jul 5 05:13:28 2007
From: newton at hammet.net (Newton Hammet)
Date: Wed, 04 Jul 2007 22:13:28 -0500
Subject: Generated new key and testing it.
In-Reply-To: <87hcolihvd.fsf@wheatstone.g10code.de>
References: <46894C21.4090905@digital-signal.net>
<468960C5.9070203@bellsouth.net> <4689908C.8010006@tx.rr.com>
<468A5D9F.7060002@mac.com> <87hcolihvd.fsf@wheatstone.g10code.de>
Message-ID: <1183605209.8539.3.camel@linux>
Just a test to see how my signature fares (both ascii below and the
gnupg signature packet)
--
pub 4096R/6447518D 2007-07-05
Key fingerprint = 52BF 4EEA 3CD7 5698 EC68 56B7 B196 B8DD 6447 518D
Newton Hammet (Software Engineer and Mathematician)
Key servers: pgp.mit.edu, others...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20070704/06763919/attachment.pgp
From m at riolenz.de Thu Jul 5 18:43:52 2007
From: m at riolenz.de (Mario Lenz)
Date: Thu, 05 Jul 2007 18:43:52 +0200
Subject: getting signed text in plain
In-Reply-To: <1183401664.3329.7.camel@etch>
References: <1183227859.3301.3.camel@etch>
<871wfqq5ed.fsf@wheatstone.g10code.de> <1183401664.3329.7.camel@etch>
Message-ID: <1183653832.3296.3.camel@etch>
Hi!
I've tried around a bit and it looks like the plaintext is already
missing in gpg_verify() in gpgme/rungpg.c :-(
But *should* my code work and it's a bug in gpgme or have I done
anything wrong?
greez
Mario
--
Well is it said: "See a pin and pick it up, and all day long you'll have
a pin."
From wk at gnupg.org Fri Jul 6 12:23:54 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 12:23:54 +0200
Subject: [Announce] GnuPG 2.0.5 released
Message-ID: <87abu925l1.fsf@wheatstone.g10code.de>
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.5.
This is maintenance release with a few bug fixes and support for
building for W32 platforms.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
signatures, help authenticating using Secure Shell and to provide a
framework for public key cryptography. It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.7) in that
it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching. The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time. We will keep maintaining GnuPG-1
versions because they are very useful for small systems and for server
based applications requiring only OpenPGP support.
GnuPG is distributed under the terms of the GNU General Public License
(GPL). GnuPG-2 works best on GNU/Linux or *BSD systems.
What's New
===========
* Switched license to GPLv3.
* Basic support for Windows. Run "./autogen.sh --build-w32" to build
it. As usual the mingw cross compiling toolchain is required.
* Fixed bug when using the --p12-charset without --armor.
* The command --gen-key may now be used instead of the
gpgsm-gencert.sh script.
* Changed key generation to reveal less information about the
machine. Bug fixes for gpg2's card key generation.
Note that we plan to released GnuPG 1.4.8 within the next few weeks.
Getting the Software
====================
Please follow the instructions found at http://www.gnupg.org/download/
or read on:
GnuPG 2.0.5 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
is not available at ftp.gnu.org.
On the FTP server and ist mirrors you should find the following files
in the gnupg/ directory:
gnupg-2.0.5.tar.bz2 (3432k)
gnupg-2.0.5.tar.bz2.sig
GnuPG source compressed using BZIP2 and OpenPGP signature.
gnupg-2.0.4-2.0.5.diff.bz2 (251k)
A patch file to upgrade a 2.0.4 GnuPG source tree. This patch
does not include updates of the language files.
Note, that we don't distribute gzip compressed tarballs.
Checking the Integrity
======================
In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
signature of the file gnupg-2.0.5.tar.bz2 you would use this command:
gpg --verify gnupg-2.0.5.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key. Note, that you can retrieve the signing key using the command
finger wk ,at' g10code.com
or using a keyserver like
gpg --recv-key 1CE0C630
The distribution key 1CE0C630 is signed by the well known key
5B0358A2. If you get an key expired message, you should retrieve a
fresh copy as the expiration date might have been prolonged.
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
gnupg-2.0.5.tar.bz2, you would run the sha1sum command like this:
sha1sum gnupg-2.0.5.tar.bz2
and check that the output matches the first line from the
following list:
9435e7fabe525ce943a5818008d412ecad244018 gnupg-2.0.5.tar.bz2
e9ff3b74aaa23e6a8503f7b910e44c0c34eead3b gnupg-2.0.4-2.0.5.diff.bz2
Internationalization
====================
GnuPG comes with support for 27 languages. Due to a lot of new and
changed strings most translations are not entirely complete. The
Swedish, Turkish, German and Russian translations are close to be
complete.
Documentation
=============
We are currently working on an installation guide to explain in more
detail how to configure the new features. As of now the chapters on
gpg-agent and gpgsm include brief information on how to set up the
whole thing. Please watch the GnuPG website for updates of the
documentation. In the meantime you may search the GnuPG mailing list
archives or ask on the gnupg-users mailing lists for advise on how to
solve problems. Many of the new features are around for several years
and thus enough public knowledge is already available. KDE's KMail is
the most prominent user of GnuPG. In fact it has been developed along
with the Kmail folks. Mutt users might want to use the configure
option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make
use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP
support.
The manual is also available online in HTML format at
http://www.gnupg.org/documentation/manuals/gnupg/
and as an PDF at
http://www.gnupg.org/documentation/manuals/gnupg.pdf .
For questions on how to build for W32 you are best advised to ask on the
gnupg-devel mailing list.
Support
=======
Improving GnuPG is costly, but you can help! We are looking for
organizations that find GnuPG useful and wish to contribute back. You
can contribute by reporting bugs, improve the software, or by donating
money.
Commercial support contracts for GnuPG are available, and they help
finance continued maintenance. g10 Code GmbH, a Duesseldorf based
company owned and headed by GnuPG's principal author, is currently
funding GnuPG development. We are always looking for interesting
development projects.
The GnuPG service directory is available at:
http://www.gnupg.org/service.html
Thanks
======
We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word or answering questions on the mailing
lists.
Happy Hacking,
The GnuPG Team (David, Marcus, Werner and all other contributors)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20070706/4ec39c8b/attachment.pgp
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From brian at briansmith.org Fri Jul 6 15:40:01 2007
From: brian at briansmith.org (Brian Smith)
Date: Fri, 6 Jul 2007 20:40:01 +0700
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87abu925l1.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
Message-ID: <003301c7bfd3$2850b110$6501a8c0@Junk>
Werner Koch wrote:
> * Switched license to GPLv3.
Why was the license switched to GPLv3? And, who made this decision?
Thanks,
Brian
From wk at gnupg.org Fri Jul 6 17:10:36 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 17:10:36 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <003301c7bfd3$2850b110$6501a8c0@Junk> (Brian Smith's message of
"Fri, 6 Jul 2007 20:40:01 +0700")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<003301c7bfd3$2850b110$6501a8c0@Junk>
Message-ID: <878x9ty3df.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 15:40, brian at briansmith.org said:
> Why was the license switched to GPLv3? And, who made this decision?
The FSF towers.
Even without being an FSF copyrighted GNU package I would have done
that. The GPLv3 has some weaknesses but it makes some things clearer
and adjusts for the changed legal environment we have encountered over
the last decade. It is a good license.
Salam-Shalom,
Werner
From bahamut at digital-signal.net Fri Jul 6 17:40:40 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Fri, 06 Jul 2007 10:40:40 -0500
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87abu925l1.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
Message-ID: <468E6278.2050801@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Werner Koch wrote:
> * Basic support for Windows.
Could you be more specific?
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo5id/iOA0Bgp4/LAQM5TAgA21HYGzTfNvYFI7k+1EtiX/5Dcllt1SGD
ELdY6zcisntExHjfcih29dVuRVMywaff8v9ZYnbwx3sIabVyVukUAE3ENdcQEsdP
G0ubQC4VPE8/0Trki9eOnTOUlSmq7GXlUY71IXHdiXbyEXrP57VMh32MXi7Uuw3W
3s4oAK/gSZPbXcfecydODzN3a8NUgXzpF7Jf6mk7ue9P0j7XNusjd7pr59KIM1Oh
iO+SsNowlvUKjCJMPzoQvhdtR6wNZ5Z/Mf3p6xqyuau2NhhqRI0jr+Ul0nqMlaFt
MS6o2Wkydtp7U8+2ryE37W8PjHZbuufny38K63PAAAX+tM/xhF23MA==
=sVbs
-----END PGP SIGNATURE-----
From rjh at sixdemonbag.org Fri Jul 6 18:13:53 2007
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 06 Jul 2007 11:13:53 -0500
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <878x9ty3df.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de> <003301c7bfd3$2850b110$6501a8c0@Junk>
<878x9ty3df.fsf@wheatstone.g10code.de>
Message-ID: <468E6A41.6090402@sixdemonbag.org>
Werner Koch wrote:
> Even without being an FSF copyrighted GNU package I would have done
> that.
Speaking of, Werner, I always thought it was a FSF requirement that all
GNU packages have copyright signed over to the FSF. Is GnuPG an
exception to the rule, was some special accomodation reached, what?
From wk at gnupg.org Fri Jul 6 18:24:04 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 18:24:04 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <468E6A41.6090402@sixdemonbag.org> (Robert J. Hansen's message of
"Fri, 06 Jul 2007 11:13:53 -0500")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<003301c7bfd3$2850b110$6501a8c0@Junk>
<878x9ty3df.fsf@wheatstone.g10code.de>
<468E6A41.6090402@sixdemonbag.org>
Message-ID: <87ir8xwlej.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 18:13, rjh at sixdemonbag.org said:
> Speaking of, Werner, I always thought it was a FSF requirement that all
> GNU packages have copyright signed over to the FSF. Is GnuPG an
> exception to the rule, was some special accomodation reached, what?
Well, not all GNU packages but those that make up the core OS. For some
reasons RMS counts GnupG as a core apckage so I assigned the copyright
to the FSF back in 1998.
The only exception is that we host in Europe and used to have only
European developers due to the former US export controls.
Shalom-Salam,
Werner
From alon.barlev at gmail.com Fri Jul 6 18:32:20 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 6 Jul 2007 19:32:20 +0300
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87abu925l1.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
Message-ID: <9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
On 7/6/07, Werner Koch wrote:
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.5.
Hello Werner,
It will be nice if you publish dependency like libassuan and libskba
version requirements (if changed).
Also, you have parallel make issue.
At:
common/Makefile.am you include $(top_srcdir)/am/cmacros.am which defines:
libcommon = ../common/libcommon.a
libcommonpth = ../common/libcommonpth.a
This causes dependency of t-convert to be out of subdir thus fail parallel make.
The following temporary solves the issue:
sed -i 's#\.\./common/libcommon#libcommon#g' common/Makefile.in
Best Regards,
Alon Bar-Lev.
From wk at gnupg.org Fri Jul 6 18:30:03 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 18:30:03 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <468E6278.2050801@digital-signal.net> (Andrew Berg's message of
"Fri, 06 Jul 2007 10:40:40 -0500")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<468E6278.2050801@digital-signal.net>
Message-ID: <87ejjlwl4k.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 17:40, bahamut at digital-signal.net said:
>> * Basic support for Windows.
> Could you be more specific?
Well, you can run gpgsm and also gpg2 on Windows (tested with XPpro).
gpg-agent is fired up as required, gpg-connect-agent works and we will
eventually also make dirmngr work. scdaemon should also work but I have
not tested it. There is a basic pinentry port for native Windows
(pinentry 0.7.3, released today). It not stable enough for production
use but we expect to have the major bugs squished out by November.
Building it is just the usual "./autogen.sh --build-w32" with all libs
already in place. We will do a Gpg4win release next week which includes
all this stuff, although at that time only be useful at the command
line.
Salam-Shalom,
Werner
From wk at gnupg.org Fri Jul 6 19:07:31 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 06 Jul 2007 19:07:31 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
(Alon Bar-Lev's message of "Fri, 6 Jul 2007 19:32:20 +0300")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
Message-ID: <87tzshtq98.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 18:32, alon.barlev at gmail.com said:
> It will be nice if you publish dependency like libassuan and libskba
> version requirements (if changed).
Yeah I know I should have done it. However configure tells you about
this and where to get it. I was pretty busy to release all these other
libs.
> Also, you have parallel make issue.
Yeah, I noticed this but it was too late to fix it. There is a reason
why make does not do parallel builds by default ;-). Will be fixed with
the next released as I have now a dual core box dedicated to testing.
Salam-Shalom,
Werner
From shavital at mac.com Fri Jul 6 19:21:34 2007
From: shavital at mac.com (Charly Avital)
Date: Fri, 06 Jul 2007 20:21:34 +0300
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
References: <87abu925l1.fsf@wheatstone.g10code.de>
<9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
Message-ID: <468E7A1E.8010206@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Alon Bar-Lev wrote the following on 7/6/07 7:32 PM:
[...]
> Hello Werner,
>
> It will be nice if you publish dependency like libassuan and libskba
> version requirements (if changed).
- -------
configure:
*** You need libassuan with Pth support to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version 1.0.2 (API 1) is required).
***
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libksba/
*** (at least version 1.0.2 using API 1 is required).
- -------
After installing the above libraries,
- ---
GnuPG v2.0.5 has been configured as follows:
Platform: Darwin (i386-apple-darwin8.10.1)
OpenPGP: yes
S/MIME: yes
Agent: yes
Smartcard: yes (without internal CCID driver)
Protect tool: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default dirmngr: (default)
PKITS based tests: no
- -------
But, make:
- ------
gcc -DHAVE_CONFIG_H -I. -I.. -I../intl -I/usr/local/include
- -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -Wpointer-arith -MT
utf8conv.o -MD -MP -MF .deps/utf8conv.Tpo -c -o utf8conv.o utf8conv.c
utf8conv.c: In function 'native_to_utf8':
utf8conv.c:386: error: 'ICONV_CONST' undeclared (first use in this function)
utf8conv.c:386: error: (Each undeclared identifier is reported only once
utf8conv.c:386: error: for each function it appears in.)
utf8conv.c:386: error: parse error before 'char'
utf8conv.c: In function 'do_utf8_to_native':
utf8conv.c:652: error: 'ICONV_CONST' undeclared (first use in this function)
utf8conv.c:652: error: parse error before 'char'
utf8conv.c: In function 'jnlib_iconv':
utf8conv.c:727: warning: passing argument 2 of 'libiconv' from
incompatible pointer type
make[2]: *** [utf8conv.o] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
- --------
>
> Also, you have parallel make issue.
> At:
> common/Makefile.am you include $(top_srcdir)/am/cmacros.am which defines:
>
> libcommon = ../common/libcommon.a
> libcommonpth = ../common/libcommonpth.a
>
> This causes dependency of t-convert to be out of subdir thus fail parallel make.
>
> The following temporary solves the issue:
> sed -i 's#\.\./common/libcommon#libcommon#g' common/Makefile.in
The above is way above and beyond my very limited comprehension and
capability.
S.S.
Charly
MacOS 10.4.10 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4 -
Thunderbird 2.0.0.0 - Enigmail 0.95.2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo56Gs3GMi2FW4PvAQiZgAf/RaqJFkUlgymDe72CEGlsHspv0rfSKGmD
SO1ZYRJVH+UXQH5GvCJcjUGly/AblZG4GbFLf8QDyV5xgtVgsLSMionmBQe6Qyz2
Ct5Tw6QN/sesSUrbzalL0x9HoAWrm1JSPZROKiK2Jq+gDyhzprLTU5BeQw1RCPOg
cbr1aGrE7AYBLE3Y2ttbe2RcOntkbURvht9sTTRE0req1eaeOfYip1c+MTI/o4HF
jB6GhiQeVX1h13giphmoaQikr7Wd3t7DTi538Ix/EnkPJz8iCtg3tHY03jsjbun6
IU/mUmLi9HrT96gqjyx4Q4ovfbRmnyTO6j7yjjtVzTq/QxdNiOEglg==
=cm9x
-----END PGP SIGNATURE-----
From alon.barlev at gmail.com Fri Jul 6 20:40:29 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 6 Jul 2007 21:40:29 +0300
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <87ejjlwl4k.fsf@wheatstone.g10code.de>
References: <87abu925l1.fsf@wheatstone.g10code.de>
<468E6278.2050801@digital-signal.net>
<87ejjlwl4k.fsf@wheatstone.g10code.de>
Message-ID: <9e0cf0bf0707061140n4ab6747i905fb2662169632e@mail.gmail.com>
On 7/6/07, Werner Koch wrote:
> (pinentry 0.7.3, released today). It not stable enough for production
Any more surprises?
BTW: You ignored all patches from:
https://bugs.g10code.com/gnupg/issue798
Alon.
From bahamut at digital-signal.net Fri Jul 6 22:40:23 2007
From: bahamut at digital-signal.net (Andrew Berg)
Date: Fri, 06 Jul 2007 15:40:23 -0500
Subject: Not sure how to build w32pth
Message-ID: <468EA8B7.8020300@digital-signal.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
If I run ./configure, it tells me it can only build for w32.
If I run ./autogen.sh --build-w32, it tells me to run make distclean.
If I run make distclean, it tells me there is no rule for distclean
and stops.
- --
Windows NT 5.1.2600.2180 | Thunderbird 2.0.0.4 | Enigmail 0.95.2 | GPG
1.4.7
Key ID: 0xF88E034060A78FCB - available on major keyservers and upon
request
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo6otviOA0Bgp4/LAQM4zAgAqr4tXNpnLoVIx2pBOe6dUBG+hvMeLPH7
r/d32Bd0fKntsRdA96ABOX+NKsRH5iVpeY/ZttxThyTNn0hkB0QNZ3mxO1hpr/x6
5cXczhoN8gU+QnTG2q6FkOkmfk8wZtW+n8A5YiM9lI/ThxozqiQUBv+7yOYY0wEN
nJ/AuvgFTgvUWyRmU4FUcl1sKwMfYZoov19LPVT254AFgLnu1jLC3Cyt+EQnGUJl
MHMl79fH8ZlM4r52iPElov/bhn5WsiAm9xkLYG0+C8t/V5i8J8UJ8wtViAM2XkiT
UieL98OGSyLmYclhigSNzlqOhLUMVoQpwSsryYy+zB0hBpMWyieRVw==
=fYbH
-----END PGP SIGNATURE-----
From mlisten at hammernoch.net Fri Jul 6 23:12:53 2007
From: mlisten at hammernoch.net (=?ISO-8859-15?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Fri, 06 Jul 2007 23:12:53 +0200
Subject: Cross Compile gnupg 1.4.7 on a Mac PPC for Mac Intel?
Message-ID: <468EB055.7050205@hammernoch.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
did sombody succeed in cross compiling gnupg 1.4-series on a PPC-Mac for
an Intel Mac? (both run Mac OS X 10.4.10)?
If yes, what would I have to consider? Any specific configure-switches?
TIA
Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo6wVFYnpxVXVowdAQrB3ggAxxzwSNxUherrL/JUrZCHCuZVA9G6CRw9
5YglcdDF4ufNLL5bFhRAyidSutdD5GzQAl7uuu86GdEnxI8vtIbhHxFIX2j/F0x2
ebUd45g/NRX7vrAs4w2tVEE6C6IhV86pmrnesBGPMW7gP+6nx/OBqHVTtV+eKOV/
6aBLzceHUxvMK7gC/Tz7qpP/orNSQcUV0cy/7J2whHReMjYze74RU6Yo4SffdXoX
Y5klh3LRByo0YDxZYa2bXopUEQg4WJ4ji1jJnSkkXJI9bFgrEfs6w4nzVcD8665q
CQ9ww8Hd8Ia26UG3/fTcupODjymr82sahcjBF1ug/0Ara0EKr2sU3w==
=jn5w
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Sat Jul 7 01:37:56 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 6 Jul 2007 19:37:56 -0400
Subject: Cross Compile gnupg 1.4.7 on a Mac PPC for Mac Intel?
In-Reply-To: <468EB055.7050205@hammernoch.net>
References: <468EB055.7050205@hammernoch.net>
Message-ID: <20070706233756.GB2896@jabberwocky.com>
On Fri, Jul 06, 2007 at 11:12:53PM +0200, Ludwig H?gelsch?fer wrote:
> Hi,
>
> did sombody succeed in cross compiling gnupg 1.4-series on a PPC-Mac for
> an Intel Mac? (both run Mac OS X 10.4.10)?
>
> If yes, what would I have to consider? Any specific configure-switches?
It's in the README:
Building Universal Binaries on Apple OS X
-----------------------------------------
You can build a universal ("fat") binary that will work on both
PPC and Intel Macs with something like:
./configure CFLAGS="-arch ppc -arch i386" --disable-endian-check \
--disable-dependency-tracking --disable-asm
If you are doing the build on a OS X 10.4 (Tiger) PPC machine you
may need to add "-isysroot /Developer/SDKs/MacOSX10.4u.sdk" to
those CFLAGS. Note that any third-party libraries you may link
with need to be universal as well. All Apple-supplied libraries
(even libraries not originally written by Apple like curl, zip,
and BZ2) are universal.
David
From mlisten at hammernoch.net Sat Jul 7 15:37:34 2007
From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Sat, 07 Jul 2007 15:37:34 +0200
Subject: Cross Compile gnupg 1.4.7 on a Mac PPC for Mac Intel?
In-Reply-To: <20070706233756.GB2896@jabberwocky.com>
References: <468EB055.7050205@hammernoch.net>
<20070706233756.GB2896@jabberwocky.com>
Message-ID: <468F971E.1000600@hammernoch.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
David Shaw wrote on 07.07.2007 1:37 Uhr:
> On Fri, Jul 06, 2007 at 11:12:53PM +0200, Ludwig H?gelsch?fer wrote:
>> Hi,
>>
>> did sombody succeed in cross compiling gnupg 1.4-series on a PPC-Mac for
>> an Intel Mac? (both run Mac OS X 10.4.10)?
>>
>> If yes, what would I have to consider? Any specific configure-switches?
>
> It's in the README:
> (...)
Thanks a lot, configure and make ran smoothly and the binaries are
running on both platforms!
Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRo+XHVYnpxVXVowdAQrbTAf+KHT8cDgUZ5p4VLZAJrEv5dRWYvO16mlC
UGm2zurTZ/tglZ7GX1y4J6C5yWq/Yzvngr8fQo0LKARMtiU19ILRHMdtqzawbA58
zt+EZIo51/L8urhp1mRLWyLvNHxvB3XETuTu18xt5W7nvyHrNekxZ2iiCuqQnfEz
myEttkcJfnkiuTjsVJMkA4iQFOHfVZPKE70+SsBBkO74lZ30oOd+y04/S9uoEx89
bhIrDGqWjmZKcK+hkR7GLy5zWx6imQIKO0YKYHyUFIlgpD5nuXo1NnAJV1TwCVPW
EFDLr8/E98tiHOhxmhRLXi2D6prDNmBm/qQYKtaMTUtUtHVB5yMkNA==
=C+zx
-----END PGP SIGNATURE-----
From wk at gnupg.org Mon Jul 9 08:55:08 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 08:55:08 +0200
Subject: Not sure how to build w32pth
In-Reply-To: <468EA8B7.8020300@digital-signal.net> (Andrew Berg's message of
"Fri, 06 Jul 2007 15:40:23 -0500")
References: <468EA8B7.8020300@digital-signal.net>
Message-ID: <87myy6t6b7.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 22:40, bahamut at digital-signal.net said:
> If I run ./configure, it tells me it can only build for w32.
> If I run ./autogen.sh --build-w32, it tells me to run make distclean.
> If I run make distclean, it tells me there is no rule for distclean
> and stops.
It is a very simple test to avoid bulding with an unclean tree. Just
remove config.log .
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 9 09:39:51 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 09:39:51 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <9e0cf0bf0707061140n4ab6747i905fb2662169632e@mail.gmail.com>
(Alon Bar-Lev's message of "Fri, 6 Jul 2007 21:40:29 +0300")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<468E6278.2050801@digital-signal.net>
<87ejjlwl4k.fsf@wheatstone.g10code.de>
<9e0cf0bf0707061140n4ab6747i905fb2662169632e@mail.gmail.com>
Message-ID: <877ipaja9k.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 20:40, alon.barlev at gmail.com said:
> BTW: You ignored all patches from:
> https://bugs.g10code.com/gnupg/issue798
Sorry. Applied right now.
Shalom-Salam,
Werner
From wk at gnupg.org Mon Jul 9 09:47:02 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 09:47:02 +0200
Subject: [Announce] GnuPG 2.0.5 released
In-Reply-To: <468E7A1E.8010206@mac.com> (Charly Avital's message of "Fri, 06
Jul 2007 20:21:34 +0300")
References: <87abu925l1.fsf@wheatstone.g10code.de>
<9e0cf0bf0707060932kc599540pcf39dfa018a991d1@mail.gmail.com>
<468E7A1E.8010206@mac.com>
Message-ID: <873azyj9xl.fsf@wheatstone.g10code.de>
On Fri, 6 Jul 2007 19:21, shavital at mac.com said:
> utf8conv.c:386: error: 'ICONV_CONST' undeclared (first use in this function)
Ah yes, you build without NLS (gettext) support. Probably because GNU
gettext is not installed on your machine. I have removed the included
copy of gettext as it is not justified anymore (there are so many
requirements now that this extra one does not really make it worse).
Unfortunately, the test for iconv is only run if gettext support is
requested. I have changed that now.
The workaround is to add a line
/* Define as const if the declaration of iconv() needs const. */
#define ICONV_CONST
to config.h after running configure.
Salam-Shalom,
Werner
From guillaume.yziquel at free.fr Mon Jul 9 11:14:06 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Mon, 09 Jul 2007 11:14:06 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
Message-ID: <4691FC5E.1010803@free.fr>
Hello list.
I'm into trouble again. I'm still on this svn+ssh+gpg-agent+smartcard
problem. I'm not using pcscd any more, but scdaemon, which used to work
fine. I do not recall having done anything special that might have
broken things up.
However, I get the following kind of error messages while trying to use
svn + ssh + gnupg-agent + smartcard:
> yziquel at seldon:~/svn$ svn update
It then pops some gtk pinentry program, and I entered my pin inside.
> Agent admitted failure to sign using the key.
> gyzmo at server.domain.org's password:
Below are some logs. gpg-agent.log and scdaemon.log.
Some interesting error messages in these logs are:
> 2007-07-09 10:44:20 gpg-agent[3881] starting a new PIN Entry
> 2007-07-09 10:44:20 gpg-agent[3881] DBG: connection to PIN entry established
> 2007-07-09 10:44:25 gpg-agent[3881] smartcard signing failed: ?l?ment manquant dans l'objet
and
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: usb_bulk_read error: Ressource temporairement non disponible
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bulk-in seqno does not match (1/0)
and
> 2007-07-09 10:44:25 scdaemon[4315] verify CHV2 failed: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] operation auth result: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] app_auth_sign failed: ?l?ment manquant dans l'objet
> scdaemon[4315.0] DBG: -> ERR 100663364 ?l?ment manquant dans l'objet
I thank you for all the help you guys have and might lend me.
Guillaume Yziquel.
> yziquel at seldon:~/var/log$ tail -n 50 gpg-agent.log
> 2007-07-09 10:36:09 gpg-agent[3876] listening on socket `/tmp/gpg-qkcjVL/S.gpg-agent'
> 2007-07-09 10:36:09 gpg-agent[3876] listening on socket `/tmp/gpg-k5aAuE/S.gpg-agent.ssh'
> 2007-07-09 10:37:14 gpg-agent[3877] ssh handler 0x651790 for fd 8 started
> 2007-07-09 10:37:14 gpg-agent[3877] ssh request handler for request_identities (11) started
> 2007-07-09 10:37:14 gpg-agent[3877] no running SCdaemon - starting it
> 2007-07-09 10:37:15 gpg-agent[3877] DBG: first connection to SCdaemon established
> 2007-07-09 10:37:15 gpg-agent[3877] DBG: additional connections at `/tmp/gpg-VXmdX8/S.scdaemon'
> 2007-07-09 10:37:16 gpg-agent[3877] ssh request handler for request_identities (11) ready
> 2007-07-09 10:37:16 gpg-agent[3877] ssh handler 0x651790 for fd 8 terminated
> 2007-07-09 10:37:16 gpg-agent[3877] SIGUSR2 received - checking smartcard status
> 2007-07-09 10:37:25 gpg-agent[3877] ssh handler 0x65c540 for fd 8 started
> 2007-07-09 10:37:25 gpg-agent[3877] ssh request handler for request_identities (11) started
> 2007-07-09 10:37:25 gpg-agent[3877] new connection to SCdaemon established (reusing)
> 2007-07-09 10:37:25 gpg-agent[3877] ssh request handler for request_identities (11) ready
> 2007-07-09 10:37:25 gpg-agent[3877] ssh request handler for sign_request (13) started
> 2007-07-09 10:37:25 gpg-agent[3877] DBG: detected card with S/N D2760001240101010001000007180000
> 2007-07-09 10:37:25 gpg-agent[3877] starting a new PIN Entry
> 2007-07-09 10:37:26 gpg-agent[3877] DBG: connection to PIN entry established
> 2007-07-09 10:37:28 gpg-agent[3877] smartcard signing failed: Erreur d'entr?e/sortie
> 2007-07-09 10:37:28 gpg-agent[3877] ssh request handler for sign_request (13) ready
> 2007-07-09 10:37:33 gpg-agent[3877] ssh handler 0x65c540 for fd 8 terminated
> 2007-07-09 10:37:36 gpg-agent[3877] ssh handler 0x65c540 for fd 8 started
> 2007-07-09 10:37:36 gpg-agent[3877] ssh request handler for request_identities (11) started
> 2007-07-09 10:37:36 gpg-agent[3877] new connection to SCdaemon established (reusing)
> 2007-07-09 10:37:36 gpg-agent[3877] ssh request handler for request_identities (11) ready
> 2007-07-09 10:37:37 gpg-agent[3877] ssh request handler for sign_request (13) started
> 2007-07-09 10:37:37 gpg-agent[3877] DBG: detected card with S/N D2760001240101010001000007180000
> 2007-07-09 10:37:37 gpg-agent[3877] starting a new PIN Entry
> 2007-07-09 10:37:37 gpg-agent[3877] DBG: connection to PIN entry established
> 2007-07-09 10:37:39 gpg-agent[3877] smartcard signing failed: Erreur d'entr?e/sortie
> 2007-07-09 10:37:39 gpg-agent[3877] ssh request handler for sign_request (13) ready
> 2007-07-09 10:37:52 gpg-agent[3877] ssh handler 0x65c540 for fd 8 terminated
> 2007-07-09 10:38:54 gpg-agent[3877] SIGTERM received - shutting down ...
> 2007-07-09 10:38:54 gpg-agent[3877] gpg-agent (GnuPG) 2.0.4 stopped
> 2007-07-09 10:40:56 gpg-agent[3880] listening on socket `/tmp/gpg-wayu32/S.gpg-agent'
> 2007-07-09 10:40:56 gpg-agent[3880] listening on socket `/tmp/gpg-vRKsdY/S.gpg-agent.ssh'
> 2007-07-09 10:44:17 gpg-agent[3881] ssh handler 0x651790 for fd 8 started
> 2007-07-09 10:44:17 gpg-agent[3881] ssh request handler for request_identities (11) started
> 2007-07-09 10:44:17 gpg-agent[3881] no running SCdaemon - starting it
> 2007-07-09 10:44:18 gpg-agent[3881] DBG: first connection to SCdaemon established
> 2007-07-09 10:44:18 gpg-agent[3881] DBG: additional connections at `/tmp/gpg-FUmNMV/S.scdaemon'
> 2007-07-09 10:44:19 gpg-agent[3881] ssh request handler for request_identities (11) ready
> 2007-07-09 10:44:20 gpg-agent[3881] SIGUSR2 received - checking smartcard status
> 2007-07-09 10:44:20 gpg-agent[3881] ssh request handler for sign_request (13) started
> 2007-07-09 10:44:20 gpg-agent[3881] DBG: detected card with S/N D2760001240101010001000007180000
> 2007-07-09 10:44:20 gpg-agent[3881] starting a new PIN Entry
> 2007-07-09 10:44:20 gpg-agent[3881] DBG: connection to PIN entry established
> 2007-07-09 10:44:25 gpg-agent[3881] smartcard signing failed: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 gpg-agent[3881] ssh request handler for sign_request (13) ready
> 2007-07-09 10:44:30 gpg-agent[3881] ssh handler 0x651790 for fd 8 terminated
> yziquel at seldon:~/var/log$
> yziquel at seldon:~/var/log$ tail -n 150 scdaemon.log
> 2007-07-09 10:38:51 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:53 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:54 scdaemon[4174] SIGTERM received - shutting down ...
> scdaemon[4174.0] DBG: <- [EOF]
> 2007-07-09 10:38:54 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:54 scdaemon[4174] handler for fd -1 terminated
> 2007-07-09 10:38:55 scdaemon[4174] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-09 10:38:55 scdaemon[4174] scdaemon (GnuPG) 2.0.0 stopped
> 2007-07-09 10:44:17 scdaemon[4315] listening on socket `/tmp/gpg-FUmNMV/S.scdaemon'
> 2007-07-09 10:44:17 scdaemon[4315] handler for fd -1 started
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: using CCID reader 0 (ID=04E6:5115:21120706318555:0)
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: idVendor: 04E6 idProduct: 5115 bcdDevice: 0518
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: ChipCard Interface Descriptor:
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bLength 54
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bDescriptorType 33
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bcdCCID 1.00
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: nMaxSlotIndex 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bVoltageSupport 1 5.0V
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwProtocols 3 T=0 T=1
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwDefaultClock 4000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxiumumClock 12000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bNumClockSupported 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwDataRate 9600 bps
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxDataRate 307200 bps
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bNumDataRatesSupp. 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxIFSD 252
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwSyncProtocols 00000000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMechanical 00000000
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwFeatures 000100BA
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto configuration based on ATR
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto voltage selection
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto clock change
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto baud rate change
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: Auto PPS made by CCID
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: TPDU level exchange
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: dwMaxCCIDMsgLen 263
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bClassGetResponse echo
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bClassEnvelope echo
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: wlcdLayout none
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bPINSupport 0
> 2007-07-09 10:44:17 scdaemon[4315] DBG: ccid-driver: bMaxCCIDBusySlots 1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: usb_bulk_read error: Ressource temporairement non disponible
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bulk-in seqno does not match (1/0)
> 2007-07-09 10:44:18 scdaemon[4315] reader slot 0: using ccid driver
> scdaemon[4315.0] DBG: -> OK GNU Privacy Guard's Smartcard server ready
> scdaemon[4315.0] DBG: <- GETINFO socket_name
> scdaemon[4315.0] DBG: -> D /tmp/gpg-FUmNMV/S.scdaemon
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- OPTION event-signal=12
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- GETATTR $AUTHKEYID
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 04 00 00 01 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: protocol ..........: T=1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bmFindexDindex ....: 11
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bmTCCKST1 .........: 10
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bGuardTimeT1 ......: 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bmWaitingIntegersT1: 45
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bClockStop ........: 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bIFSC .............: 128
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: bNadValue .........: 0
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 61 07 00 00 00 00 05 01 00 00 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 05 00 00 00 00 06 00 00 00 00 C1 01 FC 3C
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 00 E1 01 FC 1C
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: IFSD has been set to 252
> 2007-07-09 10:44:18 scdaemon[4315] reader slot 0: using ccid driver
> 2007-07-09 10:44:18 scdaemon[4315] slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 0B 00 00 00 00 07 04 00 00 00 00 07 00 A4 00 0C 02 3F 00 92
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 02 6B 00 69
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 0F 00 00 00 00 08 04 00 00 00 40 0B 00 A4 04 00 06 D2 76 00 01 24 01 6D
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 40 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00 90 00 B1
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 09 04 00 00 00 00 05 00 CA 00 4F 00 80
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 12 D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00 90 00 1C
> 2007-07-09 10:44:18 scdaemon[4315] AID: D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 0A 04 00 00 00 40 05 00 CA 00 C4 00 4B
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 40 09 00 FE FE FE 03 03 03 90 00 24
> 2007-07-09 10:44:18 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 0B 04 00 00 00 00 05 00 CA 00 6E 00 A1
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 CB 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 07 18 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05 01 04 00 00 20 C4 07 00 FE FE FE 03 03 03 C5 3C 4F A3 06 33 5A 23 5A 0F 63 33 A8 51 1D 09 F4 65 40 EC 28 AA C6 EC 8D 12 06 3A BF 38 6B EB 08 1C E2 8C 31 A5 64 27 AB B6 8A B1 09 98 8F 69 59 24 46 AC 1E EF F9 BB EF 44 06 CA D9 AE C6 3C C4 85 A6 CD 7E C6 6E 9E EC 33 65 F2 70 F2 75 E4 C3 2F 6C A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 46 0A 3E 14 46 0A 3E 29 46 0A 3E 27 5E 07 79 7A 69 71 75 65 6C 90 00 AB
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: sending 6F 09 00 00 00 00 0C 04 00 00 00 40 05 00 CA 00 5E 00 D1
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 40 09 79 7A 69 71 75 65 6C 90 00 BE
> scdaemon[4315.0] DBG: -> S $AUTHKEYID OPENPGP.3
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- GETATTR SERIALNO
> scdaemon[4315.0] DBG: -> S SERIALNO D2760001240101010001000007180000
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- READKEY OPENPGP.3
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: sending 6F 0B 00 00 00 00 0D 04 00 00 00 00 07 00 47 81 00 02 A4 00 67
> 2007-07-09 10:44:19 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 8F 7F 49 81 89 81 81 80 BE E5 C7 82 2C 36 7D 9B 25 6D BB 97 40 BD AD B4 61 97 DC 15 D7 5F 85 90 53 16 E1 A4 90 D2 82 C6 B0 C7 73 51 CA 30 10 16 C2 3D 7E 00 77 11 C1 74 A6 03 45 60 7A 6A 8B 16 55 C8 26 1B 5A D7 07 EB 2F 29 E8 39 35 0E 00 C4 38 B3 8C D8 0D BE 69 5C C0 00 D8 6E F5 EF 20 60 BE 0B EE 94 9E 4B AA AB F5 B0 30 E9 8D 99 DD 0C 6B 0F B2 9C ED B7 1E 25 E8 A7 0B 6B 95 24 E5 7F 80 E9 DB 66 14 F1 43 09 82 04 E1 A9 D5 BD 90 00 BD
> scdaemon[4315.0] DBG: -> [ 44 20 28 31 30 3a 70 75 62 6c 69 63 ...(168 bytes skipped) ]
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- GETATTR $DISPSERIALNO
> scdaemon[4315.0] DBG: -> S $DISPSERIALNO 000100000718
> scdaemon[4315.0] DBG: -> OK
> 2007-07-09 10:44:19 scdaemon[4315] updating status of slot 0 to 0x0007
> 2007-07-09 10:44:20 scdaemon[4315] client pid is 3881, sending signal 12
> scdaemon[4315.0] DBG: <- SERIALNO
> scdaemon[4315.0] DBG: -> S SERIALNO D2760001240101010001000007180000 0
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- SETDATA 3021300906052B0E03021A0500041443C3B6F3A1D73168E08A9E2EC4D73938A73FC282
> scdaemon[4315.0] DBG: -> OK
> scdaemon[4315.0] DBG: <- PKAUTH OPENPGP.3
> 2007-07-09 10:44:20 scdaemon[4315] DBG: asking for PIN 'PIN'
> scdaemon[4315.0] DBG: -> INQUIRE NEEDPIN PIN
> scdaemon[4315.0] DBG: <- [ 44 20 34 30 36 31 34 32 00 00 00 00 ...(80 bytes skipped) ]
> scdaemon[4315.0] DBG: <- END
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 13 00 00 01 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: protocol ..........: T=1
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bmFindexDindex ....: 11
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bmTCCKST1 .........: 10
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bGuardTimeT1 ......: 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bmWaitingIntegersT1: 45
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bClockStop ........: 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bIFSC .............: 128
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: bNadValue .........: 0
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: sending 61 07 00 00 00 00 14 01 00 00 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
> data: 11 10 00 45 00 80 00
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: sending 6F 05 00 00 00 00 15 00 00 00 00 C1 01 FC 3C
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
> data: 00 E1 01 FC 1C
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: IFSD has been set to 252
> 2007-07-09 10:44:25 scdaemon[4315] reader slot 0: using ccid driver
> 2007-07-09 10:44:25 scdaemon[4315] slot 0: ATR=3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: sending 6F 0F 00 00 00 00 16 04 00 00 00 00 0B 00 20 00 82 06 34 30 36 31 34 32 AA
> 2007-07-09 10:44:25 scdaemon[4315] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
> data: 00 00 02 6A 88 E0
> 2007-07-09 10:44:25 scdaemon[4315] verify CHV2 failed: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] operation auth result: ?l?ment manquant dans l'objet
> 2007-07-09 10:44:25 scdaemon[4315] app_auth_sign failed: ?l?ment manquant dans l'objet
> scdaemon[4315.0] DBG: -> ERR 100663364 ?l?ment manquant dans l'objet
> scdaemon[4315.0] DBG: <- RESTART
> scdaemon[4315.0] DBG: -> OK
> yziquel at seldon:~/var/log$
From guillaume.yziquel at free.fr Mon Jul 9 11:24:42 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Mon, 09 Jul 2007 11:24:42 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4691FC5E.1010803@free.fr>
References: <4691FC5E.1010803@free.fr>
Message-ID: <4691FEDA.7060008@free.fr>
Guillaume Yziquel a ?crit :
> Hello list.
>
> I'm into trouble again. I'm still on this svn+ssh+gpg-agent+smartcard
> problem. I'm not using pcscd any more, but scdaemon, which used to work
> fine. I do not recall having done anything special that might have
> broken things up.
Sorry. Made a mistake. Everything is now fine. The smartcard was not
correctly inserted, and even plugging out and back in, it was
incorrectly inserted in the smartcard reader. False negatives...
Guillaume Yziquel.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070709/d77cef95/attachment.pgp
From marcus.brinkmann at ruhr-uni-bochum.de Mon Jul 9 15:46:30 2007
From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann)
Date: Mon, 09 Jul 2007 15:46:30 +0200
Subject: [Announce] GPGME 1.1.5 released
Message-ID: <87myy5heq1.wl%marcus.brinkmann@ruhr-uni-bochum.de>
Hi,
We are pleased to announce version 1.1.5 of GnuPG Made Easy,
a library designed to make access to GnuPG easier for applications.
It may be found in the file (about 907 KB/697 KB compressed)
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.gz
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.bz2
The following files are also available:
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.gz.sig
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5.tar.bz2.sig
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.4-1.1.5.diff.gz
It should soon appear on the mirrors listed at:
http://www.gnupg.org/mirrors.html
Bug reports and requests for assistance should be sent to:
gnupg-devel at gnupg.org
The sha1sum checksums for this distibution are
364399bb53ba93373c64b9270a567dcb263fdf3c gpgme-1.1.4-1.1.5.diff.bz2
dc2744b4555192546566bba754e708991677badc gpgme-1.1.5.tar.bz2
cdc16881e84ba475b761225707e2f198352395dd gpgme-1.1.5.tar.bz2.sig
428d0faee47509e69ce95620d5075579296cb884 gpgme-1.1.5.tar.gz
34968a0b335d876c4ab05899b23078badedd319e gpgme-1.1.5.tar.gz.sig
Noteworthy changes in version 1.1.5 (2007-07-09)
------------------------------------------------
* Bug and portability fixes (mainly for W32).
Marcus Brinkmann
mb at g10code.de
--
g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459
H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch
D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From james at freecharity.org.uk Mon Jul 9 16:52:34 2007
From: james at freecharity.org.uk (James Davis)
Date: Mon, 09 Jul 2007 15:52:34 +0100
Subject: Generating an authentication key for smart card
Message-ID: <46924BB2.9010309@freecharity.org.uk>
I've been playing with generating keys for transferal to a smart card.
This way I can make backups of my keys by exporting them before placing
them on the card.
Creating 1024-bit RSA keys for signing and encryption is straight
forward enough but what do I need to do to generate a (sub?)key to use
for authentication which I can later transfer to the card? Or am I
forced to create an authentication key on the card?
Thanks,
James
--
http://www.freecharity.org.uk/ - Free IT services for charities
http://www.freecharity.org.uk/wiki/ - The VCSWiki
From wk at gnupg.org Mon Jul 9 18:53:01 2007
From: wk at gnupg.org (Werner Koch)
Date: Mon, 09 Jul 2007 18:53:01 +0200
Subject: Generating an authentication key for smart card
In-Reply-To: <46924BB2.9010309@freecharity.org.uk> (James Davis's message of
"Mon, 09 Jul 2007 15:52:34 +0100")
References: <46924BB2.9010309@freecharity.org.uk>
Message-ID: <87hcodcydu.fsf@wheatstone.g10code.de>
On Mon, 9 Jul 2007 16:52, james at freecharity.org.uk said:
> Creating 1024-bit RSA keys for signing and encryption is straight
> forward enough but what do I need to do to generate a (sub?)key to use
> for authentication which I can later transfer to the card? Or am I
> forced to create an authentication key on the card?
Use "addkey" to create a new subkey, select "RSA (set your own
capabilities)", toggle the capabilities until they are as you want them.
after the key has been created, save start --edit-key again, select that
subkey and use the "keytocard" command to store the key on the card.
You need to do this in --export mode of course.
Salam-Shalom,
Werner
From danielkaminsky at web.de Tue Jul 10 10:47:49 2007
From: danielkaminsky at web.de (Daniel Kaminsky)
Date: Tue, 10 Jul 2007 10:47:49 +0200
Subject: gpgsm - "middle"-certificates
Message-ID: <200707101047.50545.danielkaminsky@web.de>
Hello,
I am able to sign and or encrpyt my mails. To do this, I have ordered an
demonstration certificate from GlobalSign. Their root certificate is
installed in most browsers and mail readers.
The problem I have, is that the "middle"-certificates, i.e. the certificates
in the chain between my user certificate and the root certificate, are not
sent along. This results in complaints about not being able to verify my
signature.
Is there any possibility to send these certificates along?
I use KMail (which uses Kleopatra) and gpgsm.
Thanks a lot in advance for any answer.
Regards, Daniel
From wk at gnupg.org Tue Jul 10 16:40:54 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 10 Jul 2007 16:40:54 +0200
Subject: [Announce] Gpg4win 1.1.1 released
Message-ID: <87644s724p.fsf@wheatstone.g10code.de>
Hi!
We are pleased to announce the availability of Gpg4win, version 1.1.1.
This is a maintenance release. It fixes a bug introduced with the last
release (problems using gpg via %PATH%), prepares the road for future
support of the S/MIME protocol and updates Sylpheed-Claws to its current
stable version.
About Gpg4win
-------------
The Gpg4win project aims at updating the Gpg4win Windows installation
package with GnuPG encryption tool, associated applications and
documentation on a regular basis. Especially the documentation
(handbooks "Novices", "Einsteiger" and "Durchblicker") are directly
maintained as part of the gpg4win project.
It is an international project. Due to the origin of the project the
German language is fully supported. People helping with translations
are very welcome!
The main difference compared to all other similar approaches (mainly
GnuPP, GnuPT, Windows Privacy Tools and GnuPG-Basics) is that the first
thing developed was the Gpg4win-Builder. This builder allows to easily
create new gpg4win.exe installers with updated components.
The builder runs on any decent Unix system, preferable Debian GNU/Linux.
Almost all products are automatically cross-compiled for integration
into the installer. With this concept it is hoped to prevent quick
aging of the installer package. This is due to easier updating and less
dependancy on single developers.
Noteworthy changes in version 1.1.1 (2007-07-10)
------------------------------------------------
* Replaced Sylpheed-Claws by a current Claws-Mail package.
* Add command line tools for CMS (S/MIME) to the standard installer.
* Translations of the installer are now done in the usual GNU gettext
way.
* Fixed a couple of bugs.
* Included components are:
GnuPG: 1.4.7
GnuPG2: 2.0.5 [*]
GPA: 0.7.6
GPGol: 0.9.91
GPGee: 1.3.1
WinPT: 1.2.0
Claws-Mail: 2.10.0 [*]
Novices: 1.0.0
Einsteiger: 2.0.2
Durchblicker: 2.0.2
(Marked packages are updated since the last release)
Future Work
-----------
* We are currently working on integrating S/MIME support into Claws-Mail.
* IMAP support for Claws-Mail is also in the works.
Using GPG via %PATH%
--------------------
As of version 1.1.0, Gpg4win updates the PATH variable to include a new
public directory containing the command line tools of Gpg4win. To avoid
having a bunch of DLLs in the PATH a special wrapper is used to access
these tools. With this release the wrapper should actually work and
allows access to gpg, gpgsm and gpg-connect-agent from anywhere in the
system without the need to know where Gpg4win has been installed.
Developers of frontends making use of Gpg4win might want to avoid the
use of these wrappers. A hidden option in the wrapper makes the actual
used binary available. For example, running "gpg --version --version"
will print the following to stdout if the wrapper is being used:
gpgwrap (Gpg4win) 1.1.1 ;C:\Programme\GNU\GnuPG\gpg.exe
gpg (GnuPG) 1.4.7
....
The string after the semicolon to the end of the first line may be used
for future invocations of gpg.exe.
Installation
------------
For installation instructions, please visit http://www.gpg4win.org or
read on.
Developers who want to *build an installer* need to get the following
files from http://wald.intevation.org/projects/gpg4win/ :
gpg4win-1.1.1.tar.bz2 (4.3M)
gpg4win-1.1.1.tar.bz2.sig
The second file is a digital signature of the the first file. Either
check that this signature is fine or compare with the checksums given
below. (see also http://www.gnupg.org/download/integrity_check.html)
The *ready to use installer* is available at:
http://ftp.gpg4win.org/gpg4win-1.1.1.exe (9.0M)
http://ftp.gpg4win.org/gpg4win-1.1.1.exe.sig
Or using the ftp protocol at:
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.0.exe (9.0M)
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.0.exe.sig
SHA1 and MD5 checksums for these files are given below.
If you don't need the manuals or the GnuPG2 command line tools for
S/MIME, you might alternatively download the "light" version of the
installer:
http://ftp.gpg4win.org/gpg4win-light-1.1.1.exe (5.7M)
http://ftp.gpg4win.org/gpg4win-light-1.1.1.exe.sig
or using FTP at:
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.1.exe (5.7M)
ftp://ftp.gpg4win.org/gpg4win/gpg4win-1.1.1.exe.sig
A separate installer with the the sources used to build the above
installer is available at:
ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.1.1.exe (57M)
ftp://ftp.gpg4win.org/gpg4win/gpg4win-src-1.1.1.exe.sig
Most people don't need this source installer; it is merely stored on
that server to satisfy the conditions of the GPL. In general it is
better to get the gpg4win builder tarball (see above) and follow the
instructions in the README to build new installers; building the
installer is not possible on Windows machines and works best on
current Debian GNU/Linux systems (we use the mingw32 package from
Sid).
SHA1 checksums are:
14ce65038cc6814649bf17be136271da7dd6bbeb gpg4win-1.1.1.exe
7bc5dea3eb3b1f90898dc881fbc882fb04aa44af gpg4win-light-1.1.1.exe
6ce77994eb181cca823d9c28444cd7b95f0c1af3 gpg4win-src-1.1.1.exe
8ffcaac64751f4df6e4e8f42be682845ee7da579 gpg4win-1.1.1.tar.bz2
MD5 checksums are:
b7d78ac0fadf49725dcb99e764a99bd3 gpg4win-1.1.1.exe
bb80feedfeb8bd5187bd43d53bfdf4d5 gpg4win-light-1.1.1.exe
9e565ffd67eeb66fed78fada3c92260d gpg4win-src-1.1.1.exe
b6c4fb52319b1d10b0fde01b71297218 gpg4win-1.1.1.tar.bz2
If you have problems downloading the above files, you may try the mirror
server http://ftp.no.gpg4win.org/pub/gpg4win/ .
We like to thank the authors of the included packages, the NSIS authors,
all other contributors and first of all, those folks who stayed with us
and tested the early releases of gpg4win.
To help furthering this project, please consider to sponsor the
development. See http://www.gpg4win.org .
Happy hacking,
The Gpg4win hackers
--
g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459
H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch
D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : /pipermail/attachments/20070710/ac700c15/attachment.pgp
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From wk at gnupg.org Tue Jul 10 17:48:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Tue, 10 Jul 2007 17:48:45 +0200
Subject: gpgsm - "middle"-certificates
In-Reply-To: <200707101047.50545.danielkaminsky@web.de> (Daniel Kaminsky's
message of "Tue, 10 Jul 2007 10:47:49 +0200")
References: <200707101047.50545.danielkaminsky@web.de>
Message-ID: <87fy3w5kf6.fsf@wheatstone.g10code.de>
On Tue, 10 Jul 2007 10:47, danielkaminsky at web.de said:
> I am able to sign and or encrpyt my mails. To do this, I have ordered an
> demonstration certificate from GlobalSign. Their root certificate is
> installed in most browsers and mail readers.
> The problem I have, is that the "middle"-certificates, i.e. the certificates
> in the chain between my user certificate and the root certificate, are not
> sent along. This results in complaints about not being able to verify my
> signature.
They should install these certificates or you can end them along; Kmail
has an option in the crypto backend for this which is actually
@item --include-certs @var{n}
@opindex include-certs
Using @var{n} of -2 includes all certificate except for the root cert,
-1 includes all certs, 0 does not include any certs, 1 includes only
the signers cert (this is the default) and all other positive
values include up to @var{n} certificates starting with the signer cert.
So might want to set this to 2.
Salam-Shalom,
Werner
From dara.parsavand at boeing.com Tue Jul 10 23:21:15 2007
From: dara.parsavand at boeing.com (Parsavand, Dara)
Date: Tue, 10 Jul 2007 14:21:15 -0700
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
Message-ID: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
I tried searching this list and found a few others having problems with
key generation, but I haven't figured out the solution for me. I've
tried downloading GnuPG for windows by itself (gnupg-w32cli-1.4.7.exe)
as well as part of the latest gpg4win package. Trying to generate a new
key by using GPA gives the following feedback:
The GPGME library returned an unexpected error. The error was:
General error
This is probably a bug in GPA. GPA will now try to recover from this
error.
When I run at a Command Prompt gpg --gen-key, I get (after a bunch of
+^.> characters and two messages saying to type to generate random
bytes):
gpg: [don't know]: invalid packet (ctb=2d)
I only want to install GnuPG, generate a private key, import a few
public keys, and use gpgee to encrypt and decrypt a few files - I don't
need Outlook integration or anything fancy. I was a bit surprised to be
shut down so fast. I have administrator rights (or I couldn't have
installed). Anything I could be missing?
Thanks,
Dara
From danielkaminsky at web.de Wed Jul 11 07:56:27 2007
From: danielkaminsky at web.de (Daniel Kaminsky)
Date: Wed, 11 Jul 2007 07:56:27 +0200
Subject: gpgsm - "middle"-certificates
In-Reply-To: <87fy3w5kf6.fsf@wheatstone.g10code.de>
References: <200707101047.50545.danielkaminsky@web.de>
<87fy3w5kf6.fsf@wheatstone.g10code.de>
Message-ID: <200707110756.28588.danielkaminsky@web.de>
Hello,
Thanks for your reply.
> They should install these certificates
That's right, but I want to avoid this. This is also the reason why I have
chosen a CA whose certificates are pre-installed.
> or you can end them along; Kmail
> has an option in the crypto backend for this which is actually
>
> @item --include-certs @var{n}
> @opindex include-certs
> Using @var{n} of -2 includes all certificate except for the root cert,
> -1 includes all certs, 0 does not include any certs, 1 includes only
> the signers cert (this is the default) and all other positive
> values include up to @var{n} certificates starting with the signer cert.
>
> So might want to set this to 2.
This is just the option I needed. Unfortunately I cannot set it in KMail, as I
am not able to find it there. (Ubuntu with KDE 3.5.6 and KMail 1.9.6).
But setting the option directly in gpgsm.conf works perfectly.
Regards, Daniel
From Charles.Thomas at pfpc.com Fri Jul 6 18:17:29 2007
From: Charles.Thomas at pfpc.com (Charles.Thomas at pfpc.com)
Date: Fri, 6 Jul 2007 12:17:29 -0400
Subject: Strange experience with diskperf
Message-ID:
We have had a strange experience with gnupg and diskperf. It seems right
that it should be publicized.
We installed gnupg in our development and QA environments and all went
well. When we went to promote the application and supporting code to
production we had a rude awakening. We found that we could not encrypt.
gnupg would hang in the encryption phase.
QA and production are identical windows servers running Windows Servers OS,
Version 5.2.3790.
Eventually we noticed that diskperf was off in the QA environment, but
active in production. We turned it off in production, and the problem
went away. We turned it back on, but the problem stayed away (for now?).
It is not clear if this is a Windows or a gnupg bug. Either way it does
not give one a warm a cosy feeling. Has anyone else had a similar
experience? Should it be brought to the attention of developers?
Thanks,
Chip Thomas
The contents of this email are the property of the sender. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender.
From dshaw at jabberwocky.com Wed Jul 11 17:30:11 2007
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 11 Jul 2007 11:30:11 -0400
Subject: Strange experience with diskperf
In-Reply-To:
References:
Message-ID: <20070711153011.GA10876@jabberwocky.com>
On Fri, Jul 06, 2007 at 12:17:29PM -0400, Charles.Thomas at pfpc.com wrote:
>
> We have had a strange experience with gnupg and diskperf. It seems right
> that it should be publicized.
>
> We installed gnupg in our development and QA environments and all went
> well. When we went to promote the application and supporting code to
> production we had a rude awakening. We found that we could not encrypt.
> gnupg would hang in the encryption phase.
>
> QA and production are identical windows servers running Windows Servers OS,
> Version 5.2.3790.
>
> Eventually we noticed that diskperf was off in the QA environment, but
> active in production. We turned it off in production, and the problem
> went away. We turned it back on, but the problem stayed away (for now?).
>
> It is not clear if this is a Windows or a gnupg bug. Either way it does
> not give one a warm a cosy feeling. Has anyone else had a similar
> experience? Should it be brought to the attention of developers?
Consider it brought to their attention.
What you are seeing is probably related to the fact that GnuPG can use
diskperf as one of its random number sources.
Can you give more information - specifically what version of GnuPG?
Also, on your system without diskperf, do you get a message like
"NOTE: you should run 'diskperf -y' to enable the disk statistics" ?
David
From wk at gnupg.org Wed Jul 11 08:27:36 2007
From: wk at gnupg.org (Werner Koch)
Date: Wed, 11 Jul 2007 08:27:36 +0200
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
In-Reply-To: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
(Dara Parsavand's message of "Tue, 10 Jul 2007 14:21:15 -0700")
References: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
Message-ID: <87k5t7v4iv.fsf@wheatstone.g10code.de>
On Tue, 10 Jul 2007 23:21, dara.parsavand at boeing.com said:
> When I run at a Command Prompt gpg --gen-key, I get (after a bunch of
> +^.> characters and two messages saying to type to generate random
> bytes):
>
> gpg: [don't know]: invalid packet (ctb=2d)
Please check your pubring.gpg and secring.gpg. You find these files in
the home directory as printed by "gpg --version".
I guess that these files are ASCII armored key files taken from
somewhere else. Make a backup of these files, delete them and try
again (best on the command line).
Salam-Shalom,
Werner
From dara.parsavand at boeing.com Wed Jul 11 20:27:19 2007
From: dara.parsavand at boeing.com (Parsavand, Dara)
Date: Wed, 11 Jul 2007 11:27:19 -0700
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
In-Reply-To: <87k5t7v4iv.fsf@wheatstone.g10code.de>
References: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
<87k5t7v4iv.fsf@wheatstone.g10code.de>
Message-ID: <3E613C6ECD7A144F87E077F5EEA1BF8B072BADA4@XCH-SW-40.sw.nos.boeing.com>
Thanks Werner,
That was exactly the issue - after moving pubring.gpg and secring.gpg to
a backup directory, key generation works fine. Would it be worth
modifying the code so that it checks for existence of these files and
asks for permission to overwrite them or simply exits with a message
saying that these files must be deleted in order to generate new keys?
(Perhaps GnuPG 2.05 already does this - I haven't had a chance to try it
on Windows yet).
Dara
From guillaume.yziquel at free.fr Thu Jul 12 10:31:00 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Thu, 12 Jul 2007 10:31:00 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4691FEDA.7060008@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
Message-ID: <4695E6C4.6030403@free.fr>
Guillaume Yziquel a ?crit :
> Guillaume Yziquel a ?crit :
>> Hello list.
>>
>> I'm into trouble again. I'm still on this svn+ssh+gpg-agent+smartcard
>> problem. I'm not using pcscd any more, but scdaemon, which used to work
>> fine. I do not recall having done anything special that might have
>> broken things up.
>
> Sorry. Made a mistake. Everything is now fine. The smartcard was not
> correctly inserted, and even plugging out and back in, it was
> incorrectly inserted in the smartcard reader. False negatives...
Well, no. In fact, I'm still having a problem...
Everything's working, but after a while, everything fails again. I get
these kind of messages from the smartcard daemon. And unplugging and
replugging everything does not change the result.
> 2007-07-12 10:23:07 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:09 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:11 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:13 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:15 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:17 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:19 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:21 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:23 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:25 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:27 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:29 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:31 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:33 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:35 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:37 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> scdaemon[7546.0] DBG: <- SERIALNO openpgp
> scdaemon[7546.0] DBG: -> S SERIALNO D2760001240101010001000007180000 0
> scdaemon[7546.0] DBG: -> OK
> scdaemon[7546.0] DBG: <- SETDATA 470E49C4E9044608AEE2C7994415DA21859FD0DD
> scdaemon[7546.0] DBG: -> OK
> scdaemon[7546.0] DBG: <- PKSIGN D2760001240101010001000007180000/4FA306335A235A0F6333A8511D09F46540EC28AA
> 2007-07-12 10:23:38 scdaemon[7546] DBG: ccid-driver: sending 6F 09 00 00 00 00 11 04 00 00 00 40 05 00 CA 00 6E 00 E1
> 2007-07-12 10:23:38 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:38 scdaemon[7546] ccid_transceive failed: (0x1000a)
> 2007-07-12 10:23:38 scdaemon[7546] apdu_send_simple(0) failed: card I/O error
> 2007-07-12 10:23:38 scdaemon[7546] error reading application data
> 2007-07-12 10:23:38 scdaemon[7546] operation sign result: Erreur g?nerale
> 2007-07-12 10:23:38 scdaemon[7546] card_sign failed: Erreur g?nerale
> scdaemon[7546.0] DBG: -> ERR 100663297 Erreur g?nerale
> scdaemon[7546.0] DBG: <- RESTART
> scdaemon[7546.0] DBG: -> OK
> 2007-07-12 10:23:39 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:41 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:43 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:45 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:47 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:49 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:51 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:53 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:55 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:57 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:23:59 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:24:01 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:24:03 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
> 2007-07-12 10:24:05 scdaemon[7546] DBG: ccid-driver: usb_bulk_write failed: -19
I'd appreciate comments, and I'd like to understand what this log could
mean.
Guillaume Yziquel.
From lofi at freebsd.org Wed Jul 11 13:10:15 2007
From: lofi at freebsd.org (Michael Nottebrock)
Date: Wed, 11 Jul 2007 13:10:15 +0200
Subject: How to change passphrase for ssh-keys?
Message-ID: <200707111310.16217.lofi@freebsd.org>
I'm using the ssh-agent function of gpg-agent. When I recently changed all the
passwords on my system, I noticed that gpg-agent uses its own passphrase to
protect the ssh-keys added to it - however, I couldn't find a way to change
that passphrase in the documentation.
What is the recommended way to do this? Note well, I'm not talking about the
passphrase protecting the ssh-keys themselves, I'm talking about the
passphrase that gpg-agent uses to protect them *after* they have been added
to gpg-agent through ssh-add.
Cheers,
--
,_, | Michael Nottebrock | lofi at freebsd.org
(/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
\u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : /pipermail/attachments/20070711/6ddcd532/attachment.pgp
From wk at gnupg.org Thu Jul 12 12:41:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 12:41:45 +0200
Subject: gpg --gen-key fails with "invalid packet (c2b=2d)" using
gpg4win-1.1.1 and XP Pro
In-Reply-To: <3E613C6ECD7A144F87E077F5EEA1BF8B072BADA4@XCH-SW-40.sw.nos.boeing.com>
(Dara Parsavand's message of "Wed, 11 Jul 2007 11:27:19 -0700")
References: <3E613C6ECD7A144F87E077F5EEA1BF8B072BAD9A@XCH-SW-40.sw.nos.boeing.com>
<87k5t7v4iv.fsf@wheatstone.g10code.de>
<3E613C6ECD7A144F87E077F5EEA1BF8B072BADA4@XCH-SW-40.sw.nos.boeing.com>
Message-ID: <87644p52fq.fsf@wheatstone.g10code.de>
On Wed, 11 Jul 2007 20:27, dara.parsavand at boeing.com said:
> That was exactly the issue - after moving pubring.gpg and secring.gpg to
> a backup directory, key generation works fine. Would it be worth
> modifying the code so that it checks for existence of these files and
> asks for permission to overwrite them or simply exits with a message
> saying that these files must be deleted in order to generate new keys?
No that does not make sense. These files make up the key database used
to store all keys. In general you don't want to delete them. Your
system was messed up for some reason.
From wk at gnupg.org Thu Jul 12 12:49:45 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 12:49:45 +0200
Subject: How to change passphrase for ssh-keys?
In-Reply-To: <200707111310.16217.lofi@freebsd.org> (Michael Nottebrock's
message of "Wed, 11 Jul 2007 13:10:15 +0200")
References: <200707111310.16217.lofi@freebsd.org>
Message-ID: <871wfd522e.fsf@wheatstone.g10code.de>
On Wed, 11 Jul 2007 13:10, lofi at freebsd.org said:
> What is the recommended way to do this? Note well, I'm not talking about the
I just realized that there is no tool for this. However there is a way:
Look into the ~/.gnupg/sshcontrol file. There you find the keygrip of
all allowed ssh keys. Take that keygrip (actually a SHA-1 hash) and run
echo passwd 11223344556677889900 | gpg-connect-agent
The pinentry then pops up and asks for the old and the new passphrase.
You can use this command for any key stored by gpg-agent.
Shalom-Salam,
Werner
From wk at gnupg.org Thu Jul 12 12:53:38 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 12:53:38 +0200
Subject: gpgsm - "middle"-certificates
In-Reply-To: <200707110756.28588.danielkaminsky@web.de> (Daniel Kaminsky's
message of "Wed, 11 Jul 2007 07:56:27 +0200")
References: <200707101047.50545.danielkaminsky@web.de>
<87fy3w5kf6.fsf@wheatstone.g10code.de>
<200707110756.28588.danielkaminsky@web.de>
Message-ID: <87sl7t3nbh.fsf@wheatstone.g10code.de>
On Wed, 11 Jul 2007 07:56, danielkaminsky at web.de said:
> This is just the option I needed. Unfortunately I cannot set it in KMail, as I
> am not able to find it there. (Ubuntu with KDE 3.5.6 and KMail 1.9.6).
Just check it and indeed kmail does not list it. It should actually
list that as gpgconf clearly knows about it:
$ gpgconf --list-options gpgsm | grep include-certs
include-certs:16:2:number of certificates to include:2:2:N:1::
Salam-Shalom,
Werner
From alon.barlev at gmail.com Thu Jul 12 17:05:06 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Thu, 12 Jul 2007 18:05:06 +0300
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4695E6C4.6030403@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
Message-ID: <9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
On 7/12/07, Guillaume Yziquel wrote:
> Well, no. In fact, I'm still having a problem...
If you have PKCS#11 enabled token, you can use:
http://gnupg-pkcs11.sourceforge.net/
Alon.
From wk at gnupg.org Thu Jul 12 21:15:49 2007
From: wk at gnupg.org (Werner Koch)
Date: Thu, 12 Jul 2007 21:15:49 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <4695E6C4.6030403@free.fr> (Guillaume Yziquel's message of "Thu,
12 Jul 2007 10:31:00 +0200")
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
Message-ID: <87ejjdzb4q.fsf@wheatstone.g10code.de>
On Thu, 12 Jul 2007 10:31, guillaume.yziquel at free.fr said:
> Everything's working, but after a while, everything fails again. I get
> these kind of messages from the smartcard daemon. And unplugging and
> replugging everything does not change the result.
There are some weird things going on. Are you still in Zurich? You
might want to ask Georg, what's going on. My guess is that either your
reader is broken or some hotplug stuff covertly changes the permission.
Shalom-Salam,
Werner
From guillaume.yziquel at free.fr Thu Jul 12 22:34:16 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Thu, 12 Jul 2007 22:34:16 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
Message-ID: <46969048.4090902@free.fr>
Alon Bar-Lev a ?crit :
> On 7/12/07, Guillaume Yziquel wrote:
>> Well, no. In fact, I'm still having a problem...
>
> If you have PKCS#11 enabled token, you can use:
> http://gnupg-pkcs11.sourceforge.net/
>
> Alon.
No.
http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031409.html
Guillaume.
From guillaume.yziquel at free.fr Thu Jul 12 22:21:05 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Thu, 12 Jul 2007 22:21:05 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <87ejjdzb4q.fsf@wheatstone.g10code.de>
References: <4691FC5E.1010803@free.fr>
<4691FEDA.7060008@free.fr> <4695E6C4.6030403@free.fr>
<87ejjdzb4q.fsf@wheatstone.g10code.de>
Message-ID: <46968D31.106@free.fr>
> There are some weird things going on. Are you still in Zurich? You
> might want to ask Georg, what's going on. My guess is that either your
> reader is broken or some hotplug stuff covertly changes the permission.
>
> Shalom-Salam,
>
> Werner
Hi, Werner.
Georg is quite busy... I'll ask. But what worries me is that I seem
somehow to get in the same kind of problem that made me change from
pcscd to scdaemon.
http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031391.html
I'm afraid I'll have to revert to pcscd.
Therefore, one small question: Should I use pcscd or scdaemon. What are
the major pros and cons between these two solutions?
And how does one usually attempt to localise the "bug" in this situation?
Thanks, Werner.
Guillaume.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070712/d639273e/attachment.pgp
From alon.barlev at gmail.com Fri Jul 13 08:06:29 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 13 Jul 2007 09:06:29 +0300
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46969048.4090902@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
Message-ID: <9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
On 7/12/07, Guillaume Yziquel wrote:
> No.
>
> http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031409.html
>
> Guillaume.
>
Hmm... maybe if you switch to one all your problems will be gone :)
Selecting the right card to use is a key factor in peace of mine.
Alon.
From wk at gnupg.org Fri Jul 13 10:00:03 2007
From: wk at gnupg.org (Werner Koch)
Date: Fri, 13 Jul 2007 10:00:03 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46968D31.106@free.fr> (Guillaume Yziquel's message of "Thu, 12
Jul 2007 22:21:05 +0200")
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr> <87ejjdzb4q.fsf@wheatstone.g10code.de>
<46968D31.106@free.fr>
Message-ID: <87lkdkybr0.fsf@wheatstone.g10code.de>
On Thu, 12 Jul 2007 22:21, guillaume.yziquel at free.fr said:
> somehow to get in the same kind of problem that made me change from
> pcscd to scdaemon.
This is not related. scdaemon uses either its internal driver of pcscd.
If you are working _without gpg-agent_ than scdaemon does not come into
the game; gpg then uses either its internal driver or pcscd. The code
is more or less identical.
> Therefore, one small question: Should I use pcscd or scdaemon. What are
> the major pros and cons between these two solutions?
With the internal driver (i.e. without pcscd running) everything works.
pcscd has sometimes problem for long runnging operations like key
generation.
> And how does one usually attempt to localise the "bug" in this situation?
In a seperate xterms you may run
strace -p | less
to watch the interaction between scdaemon and the kernel.
Salam-Shalom,
Werner
From guillaume.yziquel at free.fr Fri Jul 13 10:47:58 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Fri, 13 Jul 2007 10:47:58 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
<9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
Message-ID: <46973C3E.6060300@free.fr>
Alon Bar-Lev a ?crit :
> On 7/12/07, Guillaume Yziquel wrote:
>> No.
>>
>> http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031409.html
>>
>> Guillaume.
>
> Hmm... maybe if you switch to one all your problems will be gone :)
> Selecting the right card to use is a key factor in peace of mine.
>
> Alon.
And to what extent is your solution free software and free hardware?
Guillaume.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 370 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070713/cdf0f908/attachment.pgp
From alon.barlev at gmail.com Fri Jul 13 11:08:24 2007
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Fri, 13 Jul 2007 12:08:24 +0300
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <46973C3E.6060300@free.fr>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
<9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
<46973C3E.6060300@free.fr>
Message-ID: <9e0cf0bf0707130208u3ff652fbq1eae869c4cec7e51@mail.gmail.com>
On 7/13/07, Guillaume Yziquel wrote:
> > Hmm... maybe if you switch to one all your problems will be gone :)
> > Selecting the right card to use is a key factor in peace of mine.
> >
> > Alon.
>
> And to what extent is your solution free software and free hardware?
There is no such thing as free hardware!
There are many types of card supported by MUSCLE, OpenSC and CoolKey
all with free opened source licenses.
Alon.
From guillaume.yziquel at free.fr Fri Jul 13 11:21:21 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Fri, 13 Jul 2007 11:21:21 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <9e0cf0bf0707130208u3ff652fbq1eae869c4cec7e51@mail.gmail.com>
References: <4691FC5E.1010803@free.fr> <4691FEDA.7060008@free.fr>
<4695E6C4.6030403@free.fr>
<9e0cf0bf0707120805r1bf51d12td805a7d0417c7d71@mail.gmail.com>
<46969048.4090902@free.fr>
<9e0cf0bf0707122306i51358ea1mda02d87f369bb78a@mail.gmail.com>
<46973C3E.6060300@free.fr>
<9e0cf0bf0707130208u3ff652fbq1eae869c4cec7e51@mail.gmail.com>
Message-ID: <46974411.304@free.fr>
Alon Bar-Lev a ?crit :
> On 7/13/07, Guillaume Yziquel wrote:
>> > Hmm... maybe if you switch to one all your problems will be gone :)
>> > Selecting the right card to use is a key factor in peace of mine.
>> >
>> > Alon.
>>
>> And to what extent is your solution free software and free hardware?
>
> There is no such thing as free hardware!
That's one point of view...
> There are many types of card supported by MUSCLE, OpenSC and CoolKey
> all with free opened source licenses.
>
> Alon.
I'm afraid I do not see an answer to my question, here.
Guillaume.
From guillaume.yziquel at free.fr Sat Jul 14 05:00:09 2007
From: guillaume.yziquel at free.fr (Guillaume Yziquel)
Date: Sat, 14 Jul 2007 05:00:09 +0200
Subject: Pin fails with svn & ssh & gnupg-agent & smartcard.
In-Reply-To: <87lkdkybr0.fsf@wheatstone.g10code.de>
References: <4691FC5E.1010803@free.fr>
<4691FEDA.7060008@free.fr> <4695E6C4.6030403@free.fr>
<87ejjdzb4q.fsf@wheatstone.g10code.de> <46968D31.106@free.fr>
<87lkdkybr0.fsf@wheatstone.g10code.de>
Message-ID: <46983C39.1060608@free.fr>
Werner Koch a ?crit :
> On Thu, 12 Jul 2007 22:21, guillaume.yziquel at free.fr said:
>
> With the internal driver (i.e. without pcscd running) everything works.
> pcscd has sometimes problem for long runnging operations like key
> generation.
Well, I followed the following howto:
http://www.fsfe.org/en/fellows/tyrael/fsfe_card_complete_how_to_ubuntu_feisty
and it now works fine. Quite stable.
A few comments on the howto:
- This howto is not really the first thing that pops up when you
search for things on the smartcard, unfortunately.
- poldi's documentation is rather hard to find on the web. For now, I
found it only in the source of the poldi, and in the the source itself
was not that easy to find. It's here:
ftp://ftp.gnupg.org/gcrypt/alpha/poldi/
- in gpg-agent.conf, the line write-env-file
/home/tyrael/.gpg-agent-info may perhaps work on Ubuntu, but on my
Debian distribution, with a rather standard setup, this file looks more
like ~/.gnupg/.gpg-agent-info-.
- there's a confusion between the documentation of poldi and the
output of gpg --card-status concerning the expressions "serial number"
and "application ID". The wording should be consistent