From olaf.gellert at intrusion-lab.net Fri Mar 2 09:41:18 2007 From: olaf.gellert at intrusion-lab.net (Olaf Gellert) Date: Fri, 02 Mar 2007 09:41:18 +0100 Subject: Error with encrypting: unusable public key Message-ID: <45E7E32E.4090105@intrusion-lab.net> Hi all, I keep getting an error trying to encrypt to the key 0xCC21E10F. The key is self-signed, gpg --check-sigs does not complain, but still when I try to encrypt I get: gpg: 0xCC21E10F: skipped: unusable public key I am using gpg 1.4.5 on a Linux box (SuSE 10.2). Could this be a matter of algorithms? The key is available on the keyservers. Thanks for help, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services olaf.gellert at intrusion-lab.net From twoaday at gmx.net Fri Mar 2 09:57:50 2007 From: twoaday at gmx.net (Timo Schulz) Date: Fri, 02 Mar 2007 09:57:50 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7E32E.4090105@intrusion-lab.net> References: <45E7E32E.4090105@intrusion-lab.net> Message-ID: <45E7E70E.8080107@gmx.net> Olaf Gellert wrote: > 0xCC21E10F. The key is self-signed, gpg --check-sigs > does not complain, but still when I try to encrypt > I get: > > gpg: 0xCC21E10F: skipped: unusable public key pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC This is the information given in --edit-key. And the usage is the solution for your problem. It has *no* capability to encrypt data. Timo From olaf.gellert at intrusion-lab.net Fri Mar 2 10:43:28 2007 From: olaf.gellert at intrusion-lab.net (Olaf Gellert) Date: Fri, 02 Mar 2007 10:43:28 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7E70E.8080107@gmx.net> References: <45E7E32E.4090105@intrusion-lab.net> <45E7E70E.8080107@gmx.net> Message-ID: <45E7F1C0.8010000@intrusion-lab.net> Timo Schulz wrote: > pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC > > This is the information given in --edit-key. And the usage > is the solution for your problem. > It has *no* capability to encrypt data. Thanx, I missed that. So this is one of the "sign only" keys and to enable encryption, one would add an encryption only subkey? Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services olaf.gellert at intrusion-lab.net From twoaday at gmx.net Fri Mar 2 10:57:58 2007 From: twoaday at gmx.net (Timo Schulz) Date: Fri, 02 Mar 2007 10:57:58 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7F1C0.8010000@intrusion-lab.net> References: <45E7E32E.4090105@intrusion-lab.net> <45E7E70E.8080107@gmx.net> <45E7F1C0.8010000@intrusion-lab.net> Message-ID: <45E7F526.8010500@gmx.net> Olaf Gellert wrote: > keys and to enable encryption, one would add an encryption > only subkey? IIRC, it is not possible to change the capabilities of an existing key with GPG. Somebody might correct me if I'm wrong. And yes, the only way to encrypt to this key is to add an encryption subkey to it. It is also possible that people have separate keys for certifying/signing and encryption. Timo From laurent.jumet at skynet.be Fri Mar 2 11:05:48 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 02 Mar 2007 11:05:48 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E7F1C0.8010000@intrusion-lab.net> Message-ID: Hello Olaf ! Olaf Gellert wrote: >> pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC >> >> This is the information given in --edit-key. And the usage >> is the solution for your problem. >> It has *no* capability to encrypt data. > Thanx, I missed that. So this is one of the "sign only" > keys and to enable encryption, one would add an encryption > only subkey? Not on that one, it's a RSA key. -- Laurent Jumet KeyID: 0xCFAF704C From twoaday at gmx.net Fri Mar 2 13:54:59 2007 From: twoaday at gmx.net (Timo Schulz) Date: Fri, 02 Mar 2007 13:54:59 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: References: Message-ID: <45E81EA3.50904@gmx.net> Laurent Jumet wrote: >> Thanx, I missed that. So this is one of the "sign only" >> keys and to enable encryption, one would add an encryption >> only subkey? > > Not on that one, it's a RSA key. But if I see it correctly, it's _no_ v3 key so you can add a subkey to this key even if it is RSA (which is no limitation in OpenPGP). Timo From dshaw at jabberwocky.com Fri Mar 2 13:58:08 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 2 Mar 2007 07:58:08 -0500 Subject: Error with encrypting: unusable public key In-Reply-To: References: <45E7F1C0.8010000@intrusion-lab.net> Message-ID: <20070302125808.GB3189@jabberwocky.com> On Fri, Mar 02, 2007 at 11:05:48AM +0100, Laurent Jumet wrote: > > Hello Olaf ! > > Olaf Gellert wrote: > > >> pub 2048R/CC21E10F created: 2006-11-21 expires: never usage: SC > >> > >> This is the information given in --edit-key. And the usage > >> is the solution for your problem. > >> It has *no* capability to encrypt data. > > > Thanx, I missed that. So this is one of the "sign only" > > keys and to enable encryption, one would add an encryption > > only subkey? > > Not on that one, it's a RSA key. It's okay - this is the new sort (i.e. OpenPGP or V4) of RSA key. You can add subkeys and do anything you'd do with any other OpenPGP key. Only the old PGP 2.x (V3) RSA keys cannot carry subkeys. David From laurent.jumet at skynet.be Fri Mar 2 14:49:03 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 02 Mar 2007 14:49:03 +0100 Subject: Error with encrypting: unusable public key In-Reply-To: <45E81EA3.50904@gmx.net> Message-ID: Hello Timo ! Timo Schulz wrote: >>> Thanx, I missed that. So this is one of the "sign only" >>> keys and to enable encryption, one would add an encryption >>> only subkey? >> >> Not on that one, it's a RSA key. > But if I see it correctly, it's _no_ v3 key so you can > add a subkey to this key even if it is RSA (which is > no limitation in OpenPGP). I was (wrongly) thinking that a RSA key wasn't able to hold subkeys. This one is v4: === Begin Windows Clipboard === :public key packet: version 4, algo 1, created 1164120402, expires 0 pkey[0]: [2048 bits] pkey[1]: [17 bits] :user ID packet: "David A. Mundie (Dodo Magnifico) " :signature packet: algo 1, keyid 09F096B7CC21E10F version 4, created 1164120402, md5len 0, sigclass 13 digest algo 2, begin of digest 17 3f hashed subpkt 2 len 4 (sig created 2006-11-21) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 3 (pref-hash-algos: 2 8 3) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (key server preferences: 80) subpkt 16 len 8 (issuer key ID 09F096B7CC21E10F) data: [2045 bits] === End Windows Clipboard === -- Laurent Jumet KeyID: 0xCFAF704C From vedaal at hush.com Fri Mar 2 16:57:15 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Fri, 02 Mar 2007 10:57:15 -0500 Subject: Error with encrypting: unusable public key Message-ID: <20070302155716.1D4F522847@mailserver9.hushmail.com> David Shaw dshaw at jabberwocky.com Fri Mar 2 13:58:08 CET 2007 wrote: >Only the old PGP 2.x (V3) RSA keys cannot carry subkeys. and all v3 rsa keys are both sign and encrypt, but, if anyone prefers not to have subkeys, gnupg allows v4 rsa keys to be generate as a single key with both sign and encrypt functions, similar to v3 keys (but with the capability of adding a subkey at any time) vedaal -- Click to consolidate debt and lower month expenses http://tagline.hushmail.com/fc/CAaCXv1QPxfCRYmrIndXP0tJiSe86TKc/ From sven at radde.name Fri Mar 2 16:32:38 2007 From: sven at radde.name (Sven Radde) Date: Fri, 02 Mar 2007 16:32:38 +0100 Subject: OpenPGP card's RNG Message-ID: <45E84396.90908@radde.name> Hallo! Does GnuPG (1.4.6 / WinXP) use the internal random number generator of the OpenPGP smart card? In other words: Is it useful to keep the card in the reader when running GnuPG even when I am not using the card directly (i.e. encrypt only)? I'm just curious because I noticed the "GET CHALLENGE" command while reading through the card spec... Have fun, Sven Radde From erikvanderhasselt at yahoo.com Fri Mar 2 18:45:21 2007 From: erikvanderhasselt at yahoo.com (Goya) Date: Fri, 2 Mar 2007 09:45:21 -0800 (PST) Subject: GnuPG and libksba-1.0.1 Message-ID: <9274053.post@talk.nabble.com> Hello, I am installing for the first time GnuPG on FreeBSD. I've downloaded GnuGP and all the required libraries and compiled those. I've set the environment variables to (as instructed in the message I got after compiling the libpth library) LD_LIBRARY_PATH /usr/local/lib LD_RUN_PATH /usr/local/lib When I ran the GnuPG configure file and it went all the way to the end but one message caught my eye. It told that libksba-1.0.1 wasn't correct installed. Can anyone tell me what this means? When I installed libksba library I ran configure, make and make install and it gave no messages. Did I do anything wrong? Regards, Goya -- View this message in context: http://www.nabble.com/GnuPG-and-libksba-1.0.1-tf3334911.html#a9274053 Sent from the GnuPG - User mailing list archive at Nabble.com. From wk at gnupg.org Mon Mar 5 12:58:31 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 05 Mar 2007 12:58:31 +0100 Subject: OpenPGP card's RNG In-Reply-To: <45E84396.90908@radde.name> (Sven Radde's message of "Fri\, 02 Mar 2007 16\:32\:38 +0100") References: <45E84396.90908@radde.name> Message-ID: <874pozgavs.fsf@wheatstone.g10code.de> On Fri, 2 Mar 2007 16:32, sven at radde.name said: > Does GnuPG (1.4.6 / WinXP) use the internal random number generator of > the OpenPGP smart card? No, it does not use the card's RNG, Shalom-Salam, Werner From dougb at dougbarton.us Mon Mar 5 23:57:07 2007 From: dougb at dougbarton.us (Doug Barton) Date: Mon, 05 Mar 2007 14:57:07 -0800 Subject: GnuPG and libksba-1.0.1 In-Reply-To: <9274053.post@talk.nabble.com> References: <9274053.post@talk.nabble.com> Message-ID: <45ECA043.4010805@dougbarton.us> Goya wrote: > Hello, > > I am installing for the first time GnuPG on FreeBSD. I've downloaded GnuGP > and all the required libraries and compiled those. Is there any reason you're not using the ports system? It would handle all these issues for you. Doug -- If you're never wrong, you're not trying hard enough From wk at gnupg.org Tue Mar 6 09:02:45 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Mar 2007 09:02:45 +0100 Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME Message-ID: <873b4ibxzu.fsf@wheatstone.g10code.de> Multiple Messages Problem in GnuPG and GPGME ============================================== 2007-03-05 Summary ======= Gerardo Richarte from Core Security Technologies identified a problem when using GnuPG in streaming mode. The problem is actually a variant of a well known problem in the way signed material is presented in a MUA. It is possible to insert additional text before or after a signed (or signed and encrypted) OpenPGP message and make the user believe that this additional text is also covered by the signature. The Core Security advisory describes several variants of the attack; they all boil down to the fact that it might not be possible to identify which part of a message is actually signed if gpg is not used correctly. [ Please do not send private mail in response to this message. The mailing list gnupg-devel is the best place to discuss this problem (please subscribe first so you don't need moderator approval [1]). ] Impact ====== All applications using GnuPG without properly using the status interface to verify signed or signed and encrypted messages. All GPGME versions up to and including 1.1.3. Starting with version 1.4.7 and 2.0.3, GnuPG implements an additional and sufficient protection against this common usage problem. Detached signatures are in no way affected by this problem. Description =========== When using gpg (or gpg2) in a pipeline or with redirected input and output additional data may be inserted into a message. This allows to forge a signed message by prefixing it with arbitrary material. A way to create such a message is: echo "This is my sneaky plaintext message" > foobar.txt gpg -z0 --output prefix.gpg --store foobar.txt cat prefix.gpg original-signed-message.gpg > forged.gpg Using gpg naively this results in: $ gpg " [...] and thus gives the impression that the sneaky message is part of the signed Groucho quote. The correct way to use gpg with redirection is by taking care of the status interface: $ gpg --status-fd 1 gpg: Good signature from "Alfa Test (demo key) " [...] Here the PLAINTEXT status lines clearly identify the start of a new message. Note, that using gpg on the command line is in almost all cases not done with redirection but by letting gpg save the the signed message. In this case gpg will save the message to different files or in case the file names are identical, prompt the over to overwrite the first one again. Because the problem of identifying the actual signed content when mixing the signed data and the signature is very common, the long standing suggestion for all digital signatures is to use a detached signature. A detached signature allows to clearly identify what is signed and what is the signature. This is also the reason why PGP/MIME signed messages are in general to be preferred over the old style clear signed messages. Solution ======== Given that there are many applications in use which are subject to the described problem, we have decided to change GnuPG so that such forged OpenPGP messages are detected and the signature verification will fail. GnuPG 1.4.7 has been released today and is available from the usual places [2]. If you don't want to update, a minimal patch against GnuPG 1.4.6 is available at ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch Many applications are using the library GPGME which implements an easy way to process OpenPGP messages using gpg. We have updated GPGME to make it immune against this problem even if an old version of gpg is being used. GPGME 1.1.4 is available from the usual places [2]. A patch (against version 1.1.3 or 1.1.2) is available at ftp://ftp.gnupg.org/gcrypt/gpgme/patches/gpgme-1.1.3-multiple-message.patch Please note that - after applying one of these patches - some vulnerable applications (mainly MUAs) may fail to handle certain messages which are composed of several OpenPGP messages. To continue the support of such messages fixing the application is required as there is no way for GnuPG to do it. Support ======= g10 Code GmbH [3], a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. Support contracts or other financial backing will greatly help us to improve the quality of GnuPG. Thanks ====== Gerardo Richarte found this problem. David Shaw greatly helped to analyse and describe the core of the problem. [1] See http://lists.gnupg.org/mailman/listinfo/gnupg-devel [2] See http://www.gnupg.org/download/ [3] See http://www.gnupg.org/service.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070306/ce639d51/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From rjh at sixdemonbag.org Tue Mar 6 16:06:55 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 6 Mar 2007 09:06:55 -0600 Subject: 1.4.7 packages for OS X Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize to Benjamin if I'm stepping on his toes here; by my recollection, he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) They haven't been tested broadly, but so far they've worked on every system I've thrown them at (five machines, a smattering of Intel and PowerPC). Please note that these packages include IDEA support, which may (depending on your jurisdiction) give you some patent troubles. Please be responsible and download in accordance with your region's laws and the GNU GPL, and please only use IDEA for reading existing messages and not for creating new ones. Packages: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Signatures for the two packages can be found at: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Clearly, GnuPG.org is the appropriate site to refer people to for source code. However, to keep everything according to Hoyle, source code is also available from: http://rjhansen.cs.uiowa.edu/~rjh/gnupg-1.4.7.tar.bz2 http://rjhansen.cs.uiowa.edu/~rjh/idea.c.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7YOPAAoJELcA9IL+r4EJDuoIAOP5dZnUCcXg62rqMcMyoOkS RCiGIy3NGy5q4Y3nTalvScrdI08sjcP3+tlTFIu8+EMnd9iZMhdc1BEH7Pe6tADL jVt34j4sloYVYfa5o58/gaKG3Y/3d9g/yMrfEhIq3pMC/khGiEAXboOg5LkA8dDG b2WeplsiUWXfKKi1vZ7cwiQ7dyqV5AAltqM8JJ8rliIobthcAXHIE8BeNA8dDmhD HAp+O7QF/vf2uMSSVuWQ7g6W30EVzp7UXbJf2YrXdrGQ/JFx5DzH6+gpCvJW5abV mI8Ym9PT2hWjKMEgXTvyUdP/QEh9i4MKam+CTcA0BjYWwd7zAC5N2+VaCXT/oLQ= =Ev4J -----END PGP SIGNATURE----- From svt at teris.de Tue Mar 6 20:26:38 2007 From: svt at teris.de (Sebastian von Thadden) Date: Tue, 06 Mar 2007 20:26:38 +0100 Subject: Restore Smart-Card-Manuel Message-ID: <45EDC06E.1030006@teris.de> Hi, since 2 years, I'm using pgp. It's very nice. Today I've got 2 pgp-smartcards. The frist one works very good. Everything works good. Now, I want to test, what happens when I lost this card or it's broken. I've both cards, the public key and an .pgp-file. I searched google for over 2 hours, but I only found an entry in this lists. But the user did not complete the restore. (http://marc.theaimsgroup.com/?l=gnupg-users&m=115027667302076&w=2) Is here any expert than can post a step-by-step guide to get my backup-card working ? This restore-procedure should be published on any smartcard-howto. Thanks from Germany Bye, Sebastian From johanw at vulcan.xs4all.nl Wed Mar 7 00:44:56 2007 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Wed, 7 Mar 2007 00:44:56 +0100 (MET) Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME In-Reply-To: <873b4ibxzu.fsf@wheatstone.g10code.de> Message-ID: <200703062344.l26Niugw018096@vulcan.xs4all.nl> Werner Koch wrote: >GnuPG 1.4.7 has been released today and is available from the >usual places [2]. Compiles and runs OK on Slackware Linux 10.0 with kernel 2.6.17.6. One small point: vulcan:~> gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. [...] The 2006 needs to be updated to 2007. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From reynt0 at cs.albany.edu Wed Mar 7 02:51:10 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Tue, 6 Mar 2007 20:51:10 -0500 (EST) Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: With full appreciation for your and everyone's work, could I ask that, when posting, people be specific which OSX they are talking about? I'm still looking for an easy way to get the latest gnupg but for OS 10.3.9, not OS 10.4.x. That is, a way which doesn't involve having to install extraneous software with its extra level of trust (eg Fink); and which also avoids the Apple trend to asserting Micro$oft-like control over users' computers (cf eg and the links there, about 10.4, and one fears, 10.5 too); and which also I can summarize in a "HowTo" recipe that I can then use to distribute to academic and scientific users who need to start using encryption and IMHO should be encouraged to use open source. Sorry for being wordy. On Tue, 6 Mar 2007, Robert J. Hansen wrote: > I've taken the liberty of packaging up 1.4.7 for OS X. (I apologize > to Benjamin if I'm stepping on his toes here; by my recollection, > he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) . . . From rjh at sixdemonbag.org Wed Mar 7 05:17:43 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 6 Mar 2007 22:17:43 -0600 Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: <2BE66C3E-4755-4E34-A05E-8213C39B2CAA@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > With full appreciation for your and everyone's work, > could I ask that, when posting, people be specific > which OSX they are talking about? Tiger has been out for two years now; I think it's reasonable to think that, unless specified otherwise, software will be targeting Tiger. > I'm still looking for an easy way to get the latest > gnupg but for OS 10.3.9, not OS 10.4.x. Unfortunately, I can't help you. I would also recommend switching to one of the free Unices if you don't want to upgrade to 10.4 or 10.5. Once 10.5 comes out, 10.3 will probably be EOLed and there will be no further security updates. Please give serious thought to either (a) migrating to a free UNIX or (b) upgrading to 10.4/10.5. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7jznAAoJELcA9IL+r4EJqYoH/170XHe+wl4PrrhBBi3cXm8R XbWsjDqABTPh5yA7qfchaYFVj7jxzp6mv1G7m471qfIWGNdVsfvT+8bxP9MiL96h guC2C6uv45vRDsOSif54F5LQIwJ1zx9Agaiu3C/k5OpuyALlTrpqJKYwQueTWX82 BneejqLUwYbTGDPOxZR7V0Q3mvBV50PyIPUmfoqRPMo5uJ/eH3iyalImNkCxmzns ZrOD1t6IwZGyLQgOGOYYejrvk2yt9RPcgAHXGpsBkacfpHRtpLW9e+CzpV6EEgaV BEkHobo51GsOiXympmnBwyfty4jG/VNS1wDIOtuvdWK+1zumGrjL8XC1qbh8CvE= =JbXx -----END PGP SIGNATURE----- From wk at gnupg.org Wed Mar 7 09:59:02 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 07 Mar 2007 09:59:02 +0100 Subject: [Announce] Multiple Messages Problem in GnuPG and GPGME In-Reply-To: <200703062344.l26Niugw018096@vulcan.xs4all.nl> (Johan Wevers's message of "Wed\, 7 Mar 2007 00\:44\:56 +0100 \(MET\)") References: <200703062344.l26Niugw018096@vulcan.xs4all.nl> Message-ID: <87ejo14eg9.fsf@wheatstone.g10code.de> On Wed, 7 Mar 2007 00:44, johanw at vulcan.xs4all.nl said: > The 2006 needs to be updated to 2007. Thanks for noting. We can do that, although it is not very important. The term for the copyright is getting longer and longer thanks to Mickey Mouse et al. Shalom-Salam, Werner From shavital at mac.com Wed Mar 7 11:55:28 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Mar 2007 12:55:28 +0200 Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: <45EE9A20.8050009@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 reynt0 wrote the following on 3/7/07 3:51 AM: [...] > I'm still looking > for an easy way to get the latest gnupg but for > OS 10.3.9, not OS 10.4.x. [...] At , please scroll down to 'Files" where you will find: For Mac OS X 10.3.x 1.4.1, MD5: f4eb3c7d233e18fd1bf56d6bb576bbd9 Detached Sig GnuPG 1.4.1 can be downloaded from the hyperlink as a .dmg binary installer. I can't remember whether or which security problems 1.4.1 comported, but you will find complementary information in that site. All the above, until or if you decide to upgrade from 10.3.9. Charly Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRe6aHM3GMi2FW4PvAQjIuwf/VzglXbC0/gg5I3EGU4//8RHn/PZh42lA i2P0fuTvYK4XMb1KEBz+tBdDbXRFin98w2SRoWkyDtUCrvY2DdflRtvmcwUGSt5l CWIyIw4B1ijRYQIFenEppug63R+Wq1XZRM1lPLHDYeq/wWFAwzZP7iar9tKEjOtv fl90YByeQw5DSllJVXD1R+QueVaBPlQA1/CkBCIBqYB771TsLsXQPFSkPBgg6s+W D7R3irNcsvsqZbvJ0gIIlZnygLmA9MhhqQCv1I1LTUzMIjgM4EyhdJHdSbRvt9uN gS7dEvi1fAzUHgciNXZzQwbNP0RJuNBjdTtKW/0xKAUdVk5f5hFCtg== =KqVh -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Wed Mar 7 12:11:09 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 11:11:09 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: References: Message-ID: <45EE9DCD.6020000@py-soft.co.uk> Robert J. Hansen wrote: > I've taken the liberty of packaging up 1.4.7 for OS X. Take a look at the macgpg project at http://macgpg.sourceforge.net/ > (I apologize to Benjamin if I'm stepping on his toes here; by my recollection, > he's doing packages for 2.0.x, not 1.4.x, so I _should_ be safe.) I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 done asap, but you may have saved me the trouble! :) As for the 2.x branch, there hasn't been enough interest for me to devote considerable amounts of my time to getting it packaged up. > Packages: > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Join macgpg and we'll show you how to make universal binaries. Ben From swelter at mus.ch Wed Mar 7 15:11:05 2007 From: swelter at mus.ch (Sascha Welter) Date: Wed, 7 Mar 2007 15:11:05 +0100 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EE9A20.8050009@mac.com> References: <45EE9A20.8050009@mac.com> Message-ID: <20070307141105.GB6173@betabug.ch> (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse: > I can't remember whether or which security problems 1.4.1 comported, but > you will find complementary information in that site. Since we've just had a security related update to 1.4.6 and a security related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1. > All the above, until or if you decide to upgrade from 10.3.9. There are Macs that can't upgrade beyond 10.3.9 and that will still work fine with that system for many years to come. Myself I tend to compile gnupg anyway, which IIRC never was much of a problem on 10.3.9 anyway. But I understand that some people don't have the knowledge or confidence to do that. Regards, Sascha From rjh at sixdemonbag.org Wed Mar 7 18:29:22 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 7 Mar 2007 11:29:22 -0600 Subject: 1.4.7 packages for OS X In-Reply-To: <45EE9DCD.6020000@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> Message-ID: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 done > asap, but you may have saved me the trouble! :) Thank you for being gracious. :) I updated the packages (very slightly) to install into /usr/local, instead of /usr. It seems to be a tradeoff--while I know a few OS X users who have (for reasons inscrutable to me) elected to remove /usr/ local from their PATH, there are a fair number of OS X crypto apps hardwired to expect it in /usr/local. Mulberry, GPGMail, etc. The original links still work; they point to non-IDEA-enabled builds. For completeness' sake, the links are all listed here: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg Signatures are available at: http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg.asc http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg.asc Warning: these packages still have not been extensively tested. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7vZzAAoJELcA9IL+r4EJe8wH/35U9JN32iHDdGRX9Z6I1LOy Yeelk1QHPD/QAGMMC+4FTg3v442v4vFQxapYjVAcBJsD0hoBzpKVSQEAH1JqzVc7 1VkAcDGrdCRSYKGovOXhcv/T4bltsGUOV0NlbBX8rz1vX75Pt1UCOZsLUo0TAD7a EtqrpSN7WlD1MjbxJXrlvJ4lWKaLUL0inmD6IG8v/XPhK6N+K2MMpbslwvorsA5d q1+8ic5M5g1kaQDwzkFs0r5CBP2QA8F4zIW6VPNAJFswWtbHTuUR4hL5K8mtCNRN m1Gi/An4P7h2eKurKwcmuGqdCtXl9E5zpatOGuLnsLPXq5uybMDN63dhRWtd9UI= =3E8Y -----END PGP SIGNATURE----- From shavital at mac.com Wed Mar 7 18:35:57 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Mar 2007 19:35:57 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307141105.GB6173@betabug.ch> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> Message-ID: <45EEF7FD.8040200@mac.com> Sascha Welter wrote the following on 3/7/07 4:11 PM: > (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse: >> I can't remember whether or which security problems 1.4.1 comported, but >> you will find complementary information in that site. > > Since we've just had a security related update to 1.4.6 and a security > related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1. Quite, but later versions of gnupg, as far as I have read, are not compatible with OS X 10.3.9. See MacGPG's web site , where different versions of GnuPG are posted for OS 10.1.x, 10.2.x, 10.3.x, and now 10.4.x. Apparently the "last" GnuPG version for 10.3.9 is 1.4.1. For better or for worse. > >> All the above, until or if you decide to upgrade from 10.3.9. > > There are Macs that can't upgrade beyond 10.3.9 and that will still work > fine with that system for many years to come. I also have a G3 iMac, running 10.3.9, works fine. I have even a venerable 1998 vintage Wallstreet, where I succeeded to install Panther, but that was a long time ago. > > Myself I tend to compile gnupg anyway, which IIRC never was much of a > problem on 10.3.9 anyway. But I understand that some people don't have > the knowledge or confidence to do that. Till now, I have compiled gnupg from source. I don't have the knowledge, I follow the instructions set in MacGPG's web site. If or when something goes wrong, I ask questions, get answers (most of the time), and try to remedy. Call that confidence? I don't know. I only know it has worked till now, including GnuPG 2.0.2 Charly From rjh at sixdemonbag.org Wed Mar 7 18:50:50 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 7 Mar 2007 11:50:50 -0600 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> Message-ID: <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Why isn't this application packaged like normal OS X apps in an > application bundle? Why the Unix(Linux) bundling and installing? Usually, these "normal" OS X apps are Cocoa apps. If it has a nifty- keen GUI on it, odds are good that it's a Cocoa app and is thus packaged as a .app. But otherwise, odds are good that it's a regular UNIX utility and will be packaged like a regular UNIX utility. For instance, the Apple Developer Tools are packaged both like .apps and like regular UNIX utilities. XCode is a Cocoa apps, and as such, it's packaged as a .app. But Apple's C compiler is a regular UNIX utility, and as such, it's packaged as /usr/bin/gcc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF7vt6AAoJELcA9IL+r4EJmokIAMxwltRifxUIuVfQ7IKcKmiQ uZaIetXMFswVDupBqI5QvCj1tapyQYIdyfrnTaB8vWrJmsDlQsPA3MrZE8OhRbVW lrqmOhbWD4wSTd4+7FqI+K5VEhmaSCo4Rf9F6iXdOiKB0p4FKodgWOsdUvNsCLFk sVpuIzr7XYynqX03rtN30pQRZXl8yVhic9gBQx34S+7y50e8GriHmshAJYaMe779 bIesznJNxNRX4bQ8XjsRGuAZV6aqI2OCKvwlNqge1xJVrWu4tLtn6eCjEvUGj650 2cxMEWXCLw+9x5SwzwKCK4j7MeIlU/6cPvXySSvF4fowv2mB4HLMM2zni03RGvM= =OW5W -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Mar 7 19:08:52 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 7 Mar 2007 13:08:52 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EEF7FD.8040200@mac.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> Message-ID: <20070307180852.GA26993@jabberwocky.com> On Wed, Mar 07, 2007 at 07:35:57PM +0200, Charly Avital wrote: > Sascha Welter wrote the following on 3/7/07 4:11 PM: > > (Wed, Mar 07, 2007 at 12:55:28PM +0200) Charly Avital wrote/schrieb/egrapse: > >> I can't remember whether or which security problems 1.4.1 comported, but > >> you will find complementary information in that site. > > > > Since we've just had a security related update to 1.4.6 and a security > > related update to 1.4.7, I'd be hesitant to use or recommend 1.4.1. > > Quite, but later versions of gnupg, as far as I have read, are not > compatible with OS X 10.3.9. Do you mean binary releases from somewhere or building your own? If you're building your own, this is not the case, or at least, should not be the case. If compiling 1.4.7 on Panther doesn't work, report it as a bug. I will fix it. David From shavital at mac.com Wed Mar 7 21:21:22 2007 From: shavital at mac.com (Charly Avital) Date: Wed, 07 Mar 2007 22:21:22 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307180852.GA26993@jabberwocky.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> Message-ID: <45EF1EC2.4010404@mac.com> David Shaw wrote the following on 3/7/07 8:08 PM: [...] > Do you mean binary releases from somewhere or building your own? If > you're building your own, this is not the case, or at least, should > not be the case. If compiling 1.4.7 on Panther doesn't work, report > it as a bug. I will fix it. > > David Maybe I misunderstood the indications in . I shall try to compile 1.4.7 on Panther (not just right now), and report back. Charly From breen.mullins at gmail.com Wed Mar 7 21:32:33 2007 From: breen.mullins at gmail.com (Breen Mullins) Date: Wed, 7 Mar 2007 12:32:33 -0800 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307180852.GA26993@jabberwocky.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> Message-ID: On 3/7/07, David Shaw wrote: > > Do you mean binary releases from somewhere or building your own? If > you're building your own, this is not the case, or at least, should > not be the case. If compiling 1.4.7 on Panther doesn't work, report > it as a bug. I will fix it. It worked for me. I didn't report success because I didn't think it was an issue. Breen -- Breen Mullins Menlo Park, Calif. From benjamin at py-soft.co.uk Thu Mar 8 00:03:00 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:03:00 +0000 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> Message-ID: <45EF44A4.20508@py-soft.co.uk> Ryan R. LaMothe wrote: > How difficult would be it be to package this application as a .app > bundle instead of all over the filesystem like the typical Unix > application (which makes installing/uninstalling/upgrading a pita)? There's nothing stopping you doing it and making the result available to all. Ben From benjamin at py-soft.co.uk Thu Mar 8 00:05:09 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:05:09 +0000 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF1EC2.4010404@mac.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> Message-ID: <45EF4525.90304@py-soft.co.uk> Charly Avital wrote: > Maybe I misunderstood the indications in . My understanding is that the macgpg team decided to stop supporting old versions of Mac OS. However, the recent version of gnupg should (touch wood!) compile from source without any (real) problems. Ben From benjamin at py-soft.co.uk Thu Mar 8 00:12:22 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:12:22 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> Message-ID: <45EF46D6.40406@py-soft.co.uk> Robert J. Hansen wrote: > I updated the packages (very slightly) to install into /usr/local, > instead of /usr. Um, macgpg should install to /usr/local. > Warning: these packages still have not been extensively tested. I haven't had chance to look at them yet. When I get time I'll finish out the macgpg packaging instructions, which includes details on universal binaries. Take care, Ben From dshaw at jabberwocky.com Thu Mar 8 00:21:47 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 7 Mar 2007 18:21:47 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF4525.90304@py-soft.co.uk> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> Message-ID: <20070307232147.GC26993@jabberwocky.com> On Wed, Mar 07, 2007 at 11:05:09PM +0000, Benjamin Donnachie wrote: > Charly Avital wrote: > > Maybe I misunderstood the indications in . > > My understanding is that the macgpg team decided to stop supporting old > versions of Mac OS. > > However, the recent version of gnupg should (touch wood!) compile from > source without any (real) problems. Yes indeed. Let me reiterate: as far as I'm concerned, if the current GPG doesn't build on a particular version of OSX, that's a bug. And I'll do my best to fix GPG so it does build. David From benjamin at py-soft.co.uk Thu Mar 8 00:40:49 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Wed, 07 Mar 2007 23:40:49 +0000 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF46D6.40406@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <45EF46D6.40406@py-soft.co.uk> Message-ID: <45EF4D81.5090907@py-soft.co.uk> Benjamin Donnachie wrote: >> Warning: these packages still have not been extensively tested. > I haven't had chance to look at them yet. I've just had a quick look at your installer and I'm afraid that it wouldn't meet the standards set by the macgpg team. Take a look at the documents I've sent you which should hopefully explain all. Take care, Ben From benjamin at py-soft.co.uk Thu Mar 8 02:14:33 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 08 Mar 2007 01:14:33 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> Message-ID: <45EF6379.6040909@py-soft.co.uk> Robert J. Hansen wrote: > The original links still work; they point to non-IDEA-enabled builds. > For completeness' sake, the links are all listed here: IDEA is generally best implemented as a module. That way you don't need to worry about any patent / copyright issues. GnuPG 1.4.7 universal binaries from the macgpg team are now available on the website - see http://macgpg.sourceforge.net/ Ben From rjh at sixdemonbag.org Thu Mar 8 02:39:50 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 7 Mar 2007 19:39:50 -0600 Subject: 1.4.7 packages for OS X In-Reply-To: <45EF6379.6040909@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <45EF6379.6040909@py-soft.co.uk> Message-ID: <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > IDEA is generally best implemented as a module. That way you don't > need > to worry about any patent / copyright issues. I don't see any real difference between the two, really. If it's not legal to distribute the single binary with IDEA, then it's not legal to distribute the module. And going the module way, you wind up getting a large number of support requests saying "I downloaded the module, but I still can't read IDEA traffic", since people tend not to be all that familiar with editing gpg.conf. I should also point out, while I'm at it, that I don't recommend using IDEA. But the old RSA/IDEA legacy is unlikely to go away anytime soon, not as long as there's a ton of poorly-written anonymity software that depends on PGP 2.6. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQEcBAEBCAAGBQJF72lnAAoJELcA9IL+r4EJfdcH/jTDTWS69AXWA+IduP/gL5G6 QMWsgkRQF/tI0vyG+6jhDsdwbmRUDiFtoL+6Fp2omzq5fuzpEine2E/e/rfwhRRz rdjkrXhpo18qTGMFEDqBw01mzGi6Oz8ZDBeNZeRUCaZzDpYTTRvw7ZbBvNDbWcTF sq98hKUhTsiG6LXko5O7tcoDSgoatfga+HQeZn7hXPENjGWNS1vZhwRX0DoCY99X ov5xv5QRpSlJoziOs5JZRlnCErMIW7x+dfd1SCXqbLYSa/n3UOC0fVL/XYgkdpCQ UY87yrCuhZBVhdqK+EUd0l/J1qSJZ3wZqCPcd8xuHUEj/VQltbagq8yf6DTw8GY= =Xuyh -----END PGP SIGNATURE----- From shavital at mac.com Thu Mar 8 06:21:31 2007 From: shavital at mac.com (Charly Avital) Date: Thu, 8 Mar 2007 07:21:31 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <20070307232147.GC26993@jabberwocky.com> References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 At 6:21 PM -0500 3/7/07, David Shaw wrote: [...] >Yes indeed. > >Let me reiterate: as far as I'm concerned, if the current GPG doesn't >build on a particular version of OSX, that's a bug. And I'll do my >best to fix GPG so it does build. > >David On an iMac CPU Type: PowerPC 750 (22.14) running MacOS 10.3.9 (code named "Pahther"), compiling from source with idea.c copied to 'Cipher': - ---------------------------- ./configure: [...] Version info: gnupg 1.4.7 Configured for: Darwin (powerpc-apple-darwin7.9.0). All 27 tests passed. % gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 - --------------------------- Therefore, GnuPG 1.4.7 builds correctly under Mac OS 10.3.9. I misunderstood the indications in MacGPG's web site. Thank you David for your feedback. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: GnuPG for Privacy iQEVAwUBRe+dRM3GMi2FW4PvAQjV5QgArePI9tr5+nHHQGwGtE27xJEvzeozlVWc VB9lAc2D/312om6+CBaaL9dTvIIBLh08DG2jJ7PWMWoasLmxy/LaplCPwGnr283C HEkGy0z0sqOTVxfqXE4jua6+LOsBwQE+d/FHphyPq09nMHZD5Iw0U0w6a72uYG5v 0xVwBNE3WoEX0Pr9apRv0DeqCvE81WRqMFK0QjZtor85STG05xXIcqnsVBs9NjWb ccYk98oQqXLLsXrPT5l53BsxoUURYCKdwZWo7oXnqFvSKIDZKeVFbiacOdat4q9f tmuI8SrqaOqQJgNrfMd5aEkuDTnG9rmnT8Tt7vgl9xE3JLhBiG1jdQ== =Hvtf -----END PGP SIGNATURE----- From benjamin at py-soft.co.uk Thu Mar 8 10:13:26 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 08 Mar 2007 09:13:26 +0000 Subject: 1.4.7 packages for OS X In-Reply-To: <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <45EF6379.6040909@py-soft.co.uk> <382D8729-5643-49B5-B294-49B29D2E68C8@sixdemonbag.org> Message-ID: <45EFD3B6.8000005@py-soft.co.uk> Robert J. Hansen wrote: > I don't see any real difference between the two, really. If it's not > legal to distribute the single binary with IDEA, then it's not legal to > distribute the module. And going the module way, you wind up getting a > large number of support requests saying "I downloaded the module, but I > still can't read IDEA traffic", since people tend not to be all that > familiar with editing gpg.conf. Put simply, the module route ensures that any patent / copyright issues are firmly the users "problem". As I understand it, the licence is not compatible with the GPL and therefore should not be distributed with GnuPG. Ben From wk at gnupg.org Thu Mar 8 15:36:30 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 08 Mar 2007 15:36:30 +0100 Subject: [Announce] GnuPG 2.0.3 released Message-ID: <87tzwvvm35.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.3 This is bug fix release. There are also some minor enhancements. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.6) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.3 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and ist mirrors you should find the following files in the *gnupg* directory: gnupg-2.0.3.tar.bz2 (3.8M) gnupg-2.0.3.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.3-2.0.3.diff.bz2 (29k) A patch file to upgrade a 2.0.2 GnuPG source. The patch file does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.3.tar.bz2 you would use this command: gpg --verify gnupg-2.0.3.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.3.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.3.tar.bz2 and check that the output matches the first line from the following list: 4680bcb96873191b331252ae40b35e39589c58ca gnupg-2.0.3.tar.bz2 901b8d9fe430e12c14d16365a08d50389c305f9a gnupg-2.0.2-2.0.3.diff.bz2 What's New =========== * By default, do not allow processing multiple plaintexts in a single stream. Many programs that called GnuPG were assuming that GnuPG did not permit this, and were thus not using the plaintext boundary status tags that GnuPG provides. This change makes GnuPG reject such messages by default which makes those programs safe again. --allow-multiple-messages returns to the old behavior. * New --verify-option show-primary-uid-only. * gpgconf may now reads a global configuration file to select which options are changeable by a frontend. The new applygnupgdefaults tool may be used by an admin to set default options for all users. * The PIN pad of the Cherry XX44 keyboard is now supported. The DINSIG and the NKS applications are now also aware of PIN pads. Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings most translations are not entirely complete. The Swedish, Turkish, German and Russian translations should be complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG. In fact it has been developed along with the Kmail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and as an PDF at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. A service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Marcus, Werner and all other contributors) -- Werner Koch The GnuPG Experts http://g10code.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070308/12872c7f/attachment-0001.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From reynt0 at cs.albany.edu Thu Mar 8 17:59:40 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Thu, 8 Mar 2007 11:59:40 -0500 (EST) Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: I apologize if I am wasting the time of some busy and appreciated people, but I'd like to ask for clarification: The latest macgpg.sourceforge.net "HowTo", v4.16, says gcc 4.0.1 is needed. That gcc seems to be Apple-natively available only with OS 10.4, and not installable in 10.3.9 (with reliable result) from currently available XCode; gcc 3.3 seems to be the highest in XCode for 10.3. So..., what gcc do you have and how did you get it? (If the answer is simple, and I'm stupid, that makes me happiest because it is least trouble for me to fix.) On Thu, 8 Mar 2007, Charly Avital wrote: . . . > On an iMac CPU Type: PowerPC 750 (22.14) running MacOS 10.3.9 (code named > "Pahther"), compiling from source with idea.c copied to 'Cipher': . . . > Therefore, GnuPG 1.4.7 builds correctly under Mac OS 10.3.9. > I misunderstood the indications in MacGPG's web site. . . . From wk at gnupg.org Thu Mar 8 19:09:50 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 08 Mar 2007 19:09:50 +0100 Subject: external pinpad, gnupg, SPR532 PinPad SmartCard Reader In-Reply-To: (Alex Mauer's message of "Mon\, 12 Feb 2007 11\:18\:31 -0600") References: <200702111544.37742.MichaelParker@gmx.de> <87d54faach.fsf__14086.0900086865$1171287201$gmane$org@wheatstone.g10code.de> Message-ID: <87lki7txn5.fsf@wheatstone.g10code.de> On Mon, 12 Feb 2007 18:18, hawke at hawkesnest.net said: >> There is no support for PIN pads when using pcscd. > > Is this a limitation of pcscd or of GnuPG? The standard for accessing pinpads using PC/SC is relativley new. However, we won't support it in GnuPG becuase scdaemon is the way we go. Salam-Shalom, Werner From dshaw at jabberwocky.com Thu Mar 8 19:17:24 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 8 Mar 2007 13:17:24 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: <20070308181724.GA338@jabberwocky.com> On Thu, Mar 08, 2007 at 11:59:40AM -0500, reynt0 wrote: > I apologize if I am wasting the time of some busy > and appreciated people, but I'd like to ask for > clarification: > > The latest macgpg.sourceforge.net "HowTo", v4.16, > says gcc 4.0.1 is needed. That gcc seems to be > Apple-natively available only with OS 10.4, and not > installable in 10.3.9 (with reliable result) from > currently available XCode; gcc 3.3 seems to be > the highest in XCode for 10.3. So..., what gcc do > you have and how did you get it? (If the answer is > simple, and I'm stupid, that makes me happiest > because it is least trouble for me to fix.) gcc 4.0.1 is not needed to build GnuPG. You should be able to build it with whatever version is on your Panther box. If it doesn't work, tell me, and I'll make it work. David From shavital at mac.com Thu Mar 8 20:53:45 2007 From: shavital at mac.com (Charly Avital) Date: Thu, 8 Mar 2007 21:53:45 +0200 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: At 11:59 AM -0500 3/8/07, reynt0 wrote: >I apologize if I am wasting the time of some busy >and appreciated people, but I'd like to ask for >clarification: Not that busy, let's try to sort out this issue. > >The latest macgpg.sourceforge.net "HowTo", v4.16, >says gcc 4.0.1 is needed. You are right, that's what the HOWTO indicates: ----- This document describes how to build GnuPG on Mac OS X 10.2+. Please keep in mind that you need to have XCode 2.21 or the latest Developer Tools with gcc 4.0.1 or later as well as the BSD Subsystem installed. Check this by typing 'gcc -v' into the Terminal. -------- I am not sure what happened here; maybe, and I wish to stress 'maybe' an editing error when updating Gordon Worley's instructions. The facts are as follows: 1. On this iMac running OS 10.3.9, I have: Xcode 1.5, and gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1666) As I informed in a previous e-mail, I have compiled GnuPG 1.4.7 on this computer, without any problem. [...] I have included Mr. Alexander Nouak in the distribution of this answer, hoping he will be able to clarify this matter. I know Mr. Nouak will get this message also via macgpg-users, and I apologize for this double posting. Charly From nouak at zeitform.de Fri Mar 9 15:06:31 2007 From: nouak at zeitform.de (Alexander Nouak) Date: Fri, 9 Mar 2007 15:06:31 +0100 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9A20.8050009@mac.com> <20070307141105.GB6173@betabug.ch> <45EEF7FD.8040200@mac.com> <20070307180852.GA26993@jabberwocky.com> <45EF1EC2.4010404@mac.com> <45EF4525.90304@py-soft.co.uk> <20070307232147.GC26993@jabberwocky.com> Message-ID: <75C64B4D-68DA-4F86-9938-A5327F91434F@zeitform.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Am 08.03.2007 um 20:53 schrieb Charly Avital: > Please keep in mind that you need to have XCode 2.21 or the latest > Developer > Tools with gcc 4.0.1 or later as well as the BSD Subsystem > installed. Check > this by typing 'gcc -v' into the Terminal. > -------- > > I have included Mr. Alexander Nouak in the distribution of this > answer, > hoping he will be able to clarify this matter. I know Mr. Nouak > will get > this message also via macgpg-users, and I apologize for this double > posting. may I kindly confirm that I am the right person to be blamed for that and I am terribly sorry for having caused this confusion. I will correct that as soon as possible. It is correct that you can compile gnupg on any Mac OS X >= 10.2 with its appropriate Developer Tools installed. To compile it on an Intel Mac or to receive Universal Binaries you will however need to use gcc 4.0.1 or later which you may find with XCode 2.21 or in the Developer Tools for Mac OS X 10.4 HTH Servus Alexander MacGPG Project Admin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFF8Wnn0HWns9BC0+sRAi0oAKCQy6SjHRoOWit0DCtj69a8zlJITwCguEwL NBrIFwQqd4unitpliKq80Is= =0uFn -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Fri Mar 9 17:25:35 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 09 Mar 2007 17:25:35 +0100 Subject: no-force-v3-sigs Message-ID: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.7 (MingW32) owNCWmg2MUFZJlNZdJmIEgAAe3///nJoRmAH/Niv/3AAf///6gBYUQJIRKgCBAGA EDAAMkCwANlIioNAGmgAAyAAAaA0aAAB6hoaA0YhwaNGgaDQGTEBkaGQABppkAAA wQAGqZNBPFTbVPQnqaBoNGgZNMZQG1AAG1NAPUNo0IVjWWSuyM1TmmqY8NR90zKy 12jrMdhEbD0z16J17Xgxg4pkASOuseqqEE7yFL5TI0IRut11ZSQlwrO5yqFlRiWI oY3zLE4RvcHjpHWA5AQG3yxrwPgstSoX0dgQSpQbHiPy1Cnr8fbsuCJPXTOehj0Z HY7dPzuHCGoCRUIP72fFyI84UC2j0fkC6L6ds7QadpOXxi5MgNxpy4WHp689ua4Z dcig5SYaqfS4eS3xgx/u8ixjEslqSWAVBKMHlHwHf9KQIGTHAtOgciCS9I1P+LuS KcKEg6TMQJA= =WqE0 -----END PGP MESSAGE----- From dshaw at jabberwocky.com Sat Mar 10 02:10:30 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 9 Mar 2007 20:10:30 -0500 Subject: no-force-v3-sigs In-Reply-To: References: Message-ID: <20070310011030.GB8916@jabberwocky.com> On Fri, Mar 09, 2007 at 05:25:35PM +0100, Laurent Jumet wrote: > Hello ! > > May we assume that no-force-v3-sigs is the default in 1.4.7 ? It is not the default. It should be made the default eventually, but it's not yet. David From laurent.jumet at skynet.be Sat Mar 10 05:13:23 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 05:13:23 +0100 Subject: Armor bis... Message-ID: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.7 (MingW32) owNCWmg2MUFZJlNZ7oQR9wAA6v///nJhSmCnx5xv/FgAv//faoFA0ojgE8kVIwDA QACgkwQwAU1BBqjT1E1PaJinqAaepoPUZA0AyaAA0AyA9IA9Q2k80ocAA0GhoNAB pkGhkDTQAAGQAZAZAAiYgp6nppEwmR6mhkANAANADQ0NGhkAAAApqqmdGPct1Dqt un6INh4lgErWJRfWsJ7LSSef40GcDvpWZQwlSasmCIUVsmUFZm0e1pCGRdMZAAq4 p7EpqkRqUQmdeMtQwSSBLpl1hETl72NtL4rAUnGLXsVxWcKUH2lQ/CbgG/eWoHkc ki4nHCyE9rKVRdUIg4NZ020LjbKfEk3lL/ZpheWCBogtpnhpxTs4WoWzaAlAsYHE EYhERQQYNQ4IY8Z6wa4jQ0VY1eQkOhcAgxLgcYk4rGbRtqaMtdkJdKFgnwc8iW5j M4kXCwyq0EQTI8ltCUQhORXCsbJk4SRbswWvYQrWkBPYhXeCqjQRbOgn+QG8IUgU ICMlCQppvRN4v5Ei99yuPJFJRLjLJTEuS03KeZgZlUxTfvyaDLplGSusg/hD5LBh PIbrCeQeUBW3C9POj/QRQzfEehHXFMXbmn+Sj7ii/UTHlyZAUkKKiECOfNN/i7ki nChId0II+4A= =2oJ6 -----END PGP MESSAGE----- From laurent.jumet at skynet.be Sat Mar 10 05:09:08 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 05:09:08 +0100 Subject: Armor... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello ! If you see an armored message here, don't assume it's crypted, it's only armored may be. Run GPG against it first, and delete after; and not the contrary. :-) ClearSign signatures may be altered through internet because of LineLenght and Charset translations. Armored, never. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iHsEAREDADsFAkXyMFY0GGh0dHA6Ly91c2Vycy5za3luZXQuYmUvbGF1cmVudC5q dW1ldC8weENGQUY3MDRDLmFzYwAKCRD1HW2gz69wTF07AKDIkySA2wBokc6xA/c1 7qCvuHQekACg0IXdoyel2lQxvbZu8YlmpXx9xj0= =GloY -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Sat Mar 10 05:02:44 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 05:02:44 +0100 Subject: no-force-v3-sigs In-Reply-To: <20070310011030.GB8916@jabberwocky.com> Message-ID: Hello David ! David Shaw wrote: >> May we assume that no-force-v3-sigs is the default in 1.4.7 ? > It is not the default. It should be made the default eventually, but > it's not yet. I was thinking about expiration date of subkeys: should we assume that all people who stamped one were using --no-force-v3-sigs in their gpg.conf? Is --no-force-v3-sigs enough compatible actually to be used as default? -- Laurent Jumet KeyID: 0xCFAF704C From dshaw at jabberwocky.com Sat Mar 10 06:00:45 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 10 Mar 2007 00:00:45 -0500 Subject: no-force-v3-sigs In-Reply-To: References: <20070310011030.GB8916@jabberwocky.com> Message-ID: <20070310050045.GC8916@jabberwocky.com> On Sat, Mar 10, 2007 at 05:02:44AM +0100, Laurent Jumet wrote: > > Hello David ! > > David Shaw wrote: > > >> May we assume that no-force-v3-sigs is the default in 1.4.7 ? > > > It is not the default. It should be made the default eventually, but > > it's not yet. > > I was thinking about expiration date of subkeys: should we assume > that all people who stamped one were using --no-force-v3-sigs in > their gpg.conf? Subkeys get certs, not sigs. force-v3-sigs only applies to data signatures, and never to keys or subkeys. > Is --no-force-v3-sigs enough compatible actually to be used as default? Eventually. David From dshaw at jabberwocky.com Sat Mar 10 06:02:11 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 10 Mar 2007 00:02:11 -0500 Subject: Armor bis... In-Reply-To: References: Message-ID: <20070310050211.GD8916@jabberwocky.com> On Sat, Mar 10, 2007 at 05:13:23AM +0100, Laurent Jumet wrote: > -----BEGIN PGP MESSAGE----- > Version: GnuPG v1.4.7 (MingW32) > > owNCWmg2MUFZJlNZ7oQR9wAA6v///nJhSmCnx5xv/FgAv//faoFA0ojgE8kVIwDA > QACgkwQwAU1BBqjT1E1PaJinqAaepoPUZA0AyaAA0AyA9IA9Q2k80ocAA0GhoNAB > pkGhkDTQAAGQAZAZAAiYgp6nppEwmR6mhkANAANADQ0NGhkAAAApqqmdGPct1Dqt > un6INh4lgErWJRfWsJ7LSSef40GcDvpWZQwlSasmCIUVsmUFZm0e1pCGRdMZAAq4 > p7EpqkRqUQmdeMtQwSSBLpl1hETl72NtL4rAUnGLXsVxWcKUH2lQ/CbgG/eWoHkc > ki4nHCyE9rKVRdUIg4NZ020LjbKfEk3lL/ZpheWCBogtpnhpxTs4WoWzaAlAsYHE > EYhERQQYNQ4IY8Z6wa4jQ0VY1eQkOhcAgxLgcYk4rGbRtqaMtdkJdKFgnwc8iW5j > M4kXCwyq0EQTI8ltCUQhORXCsbJk4SRbswWvYQrWkBPYhXeCqjQRbOgn+QG8IUgU > ICMlCQppvRN4v5Ei99yuPJFJRLjLJTEuS03KeZgZlUxTfvyaDLplGSusg/hD5LBh > PIbrCeQeUBW3C9POj/QRQzfEehHXFMXbmn+Sj7ii/UTHlyZAUkKKiECOfNN/i7ki > nChId0II+4A= > =2oJ6 > -----END PGP MESSAGE----- Please do not send messages like this. Among the various problems it causes, it renders the list archive on the web useless, and that list archive is important for people to find information. This is what this looks like on the web: http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030547.html David From laurent.jumet at skynet.be Sat Mar 10 09:24:57 2007 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Sat, 10 Mar 2007 09:24:57 +0100 Subject: Armor bis... In-Reply-To: <20070310050211.GD8916@jabberwocky.com> Message-ID: Hello David ! David Shaw wrote: > Please do not send messages like this. Among the various problems it > causes, it renders the list archive on the web useless, and that list > archive is important for people to find information. This is what > this looks like on the web: OK. -- Laurent Jumet KeyID: 0xCFAF704C From engage at n0sq.us Sat Mar 10 17:27:36 2007 From: engage at n0sq.us (engage) Date: Sat, 10 Mar 2007 09:27:36 -0700 Subject: Armor bis... In-Reply-To: References: Message-ID: <200703100927.36463.engage@n0sq.us> Looks altered to me. On Friday 09 March 2007 21:13, Laurent Jumet wrote: > Hello ! > > If you see an armored message here, don't assume it's crypted, it's > only armored > may be. Run GPG against it first, and delete after; and not the contrary. > :-) ClearSign signatures may be altered through internet because of > LineLenght and > Charset translations. Armored, never. > > -- > Laurent Jumet > KeyID: 0xCFAF704C > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From bahamut at madhatt.com Sat Mar 10 22:18:18 2007 From: bahamut at madhatt.com (Andrew Berg) Date: Sat, 10 Mar 2007 15:18:18 -0600 Subject: no-force-v3-sigs In-Reply-To: References: Message-ID: <45F3209A.8020705@madhatt.com> Laurent Jumet wrote: > Hello Andrew ! > > Andrew Berg wrote: > >>> owNCWmg2MUFZJlNZdJmIEgAAe3///nJoRmAH/Niv/3AAf///6gBYUQJIRKgCBAGA >>> EDAAMkCwANlIioNAGmgAAyAAAaA0aAAB6hoaA0YhwaNGgaDQGTEBkaGQABppkAAA >>> wQAGqZNBPFTbVPQnqaBoNGgZNMZQG1AAG1NAPUNo0IVjWWSuyM1TmmqY8NR90zKy >>> 12jrMdhEbD0z16J17Xgxg4pkASOuseqqEE7yFL5TI0IRut11ZSQlwrO5yqFlRiWI >>> oY3zLE4RvcHjpHWA5AQG3yxrwPgstSoX0dgQSpQbHiPy1Cnr8fbsuCJPXTOehj0Z >>> HY7dPzuHCGoCRUIP72fFyI84UC2j0fkC6L6ds7QadpOXxi5MgNxpy4WHp689ua4Z >>> dcig5SYaqfS4eS3xgx/u8ixjEslqSWAVBKMHlHwHf9KQIGTHAtOgciCS9I1P+LuS >>> KcKEg6TMQJA= >>> =WqE0 > >> No one can read messages if you encrypt them to another's key. ;) > > It's not encrypted, only armored ! > ClearSign signatures not always work, charset problems I suppose. > > Before deciding you can't read a file, just run GPG against it and see. > How was I to know? (I always forget that gnupg-users messages show the original sender and not gnupg-users at gnupg.org or gnupg-users-bounces at gnupg.org as the sender) From jharris at widomaker.com Sun Mar 11 00:43:31 2007 From: jharris at widomaker.com (Jason Harris) Date: Sat, 10 Mar 2007 18:43:31 -0500 Subject: new (2007-03-04) keyanalyze results (+sigcheck) Message-ID: <20070310234331.GA21271@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-03-04/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: ac7e90bbddb67fc93da2fd0dd08ca05f8df3e2e0 14572584 preprocess.keys a0331c0495134854d2772b800ed4827294b8a221 8518083 othersets.txt d85856f699143168fad96ff71d85a059b54b2e9f 3503768 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f 1450 index.html 1d03047862a50c1096baeffb910c45bb6ccaf899 2278 keyring_stats 20041ca7f218a8a647c9a556e3c0ddd75104c680 1378724 msd-sorted.txt.bz2 c75c7bc9b3bc74fcab19df58afea2fb1e8c4c326 26 other.txt fd3d04aecfb2102b06a8edadb0cbc5b37308da59 1849064 othersets.txt.bz2 fbe406e70323704ab5ddbff3dc7f4646c227a77e 5927878 preprocess.keys.bz2 289ae4babebe3dc517e656ffc7ef94bdc7d6e368 14968 status.txt 82bef87a351447412a5381990503a744dae21eb9 194476 top1000table.html 24fd44baa56b935bb2e161133d9f41ff3c70144a 29653 top1000table.html.gz 2dfdcc48bf337724c3de823706c8bdb5d3a53f9b 9785 top50table.html fddf52c615f22c8dccb9161215e76b989c42b48f 2529 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20070310/7d31b1cb/attachment.pgp From wk at gnupg.org Mon Mar 12 13:57:38 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 12 Mar 2007 13:57:38 +0100 Subject: gpgsm and multiple messages Message-ID: <87mz2ivcu5.fsf@wheatstone.g10code.de> Hi, I have been asked how the multiple messages problem, published last week, relates to gpgsm and thus S/MIME messages. Well, there is no problem because S/MIME is based on CMS (formerly known as pkcs#7) and CMS is different from OpenPGP concerning the structure of its messages: * CMS is not packet based but a large binary block completely defined by an ASN.1 specification. Prefixing this data with another CMS message won't give a valid CMS message and more important, gpgsm will only process the first of these messages. * gpgsm needs to be called explicitly for decryption and verification so that the caller needs to take care of passing the decrypted message a second time to gpgsm for signature verification. * gpgsm uses an explicit state machine for processing of CMS data and there is no way to restart this machine to process a second message. Shalom-Salam, Werner From ryan.lamothe at quantumworx.com Wed Mar 7 19:09:03 2007 From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe) Date: Wed, 7 Mar 2007 13:09:03 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> Message-ID: <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you for your reply. Although not all .app bundles are Cocoa apps, Eclipse is a good example. How difficult would be it be to package this application as a .app bundle instead of all over the filesystem like the typical Unix application (which makes installing/uninstalling/upgrading a pita)? Thanks! On Mar 7, 2007, at 12:50 PM, Robert J. Hansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> Why isn't this application packaged like normal OS X apps in an >> application bundle? Why the Unix(Linux) bundling and installing? > > Usually, these "normal" OS X apps are Cocoa apps. If it has a > nifty-keen GUI on it, odds are good that it's a Cocoa app and is > thus packaged as a .app. But otherwise, odds are good that it's a > regular UNIX utility and will be packaged like a regular UNIX utility. > > For instance, the Apple Developer Tools are packaged both > like .apps and like regular UNIX utilities. XCode is a Cocoa apps, > and as such, it's packaged as a .app. But Apple's C compiler is a > regular UNIX utility, and as such, it's packaged as /usr/bin/gcc. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > > iQEcBAEBCAAGBQJF7vt6AAoJELcA9IL+r4EJmokIAMxwltRifxUIuVfQ7IKcKmiQ > uZaIetXMFswVDupBqI5QvCj1tapyQYIdyfrnTaB8vWrJmsDlQsPA3MrZE8OhRbVW > lrqmOhbWD4wSTd4+7FqI+K5VEhmaSCo4Rf9F6iXdOiKB0p4FKodgWOsdUvNsCLFk > sVpuIzr7XYynqX03rtN30pQRZXl8yVhic9gBQx34S+7y50e8GriHmshAJYaMe779 > bIesznJNxNRX4bQ8XjsRGuAZV6aqI2OCKvwlNqge1xJVrWu4tLtn6eCjEvUGj650 > 2cxMEWXCLw+9x5SwzwKCK4j7MeIlU/6cPvXySSvF4fowv2mB4HLMM2zni03RGvM= > =OW5W > -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF7v+/zTrtVKxWL8MRAobJAJ9PwwUUddaLmYmWzLKdQcidnUZJvACg329N 1BF0JCgj7lSK/XAbo5VTtCA= =k8+v -----END PGP SIGNATURE----- From ryan.lamothe at quantumworx.com Wed Mar 7 18:36:51 2007 From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe) Date: Wed, 7 Mar 2007 12:36:51 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> Message-ID: <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Why isn't this application packaged like normal OS X apps in an application bundle? Why the Unix(Linux) bundling and installing? On Mar 7, 2007, at 12:29 PM, Robert J. Hansen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> I've packaged up 1.4.5 and 1.4.6 and was looking at getting 1.4.7 >> done >> asap, but you may have saved me the trouble! :) > > Thank you for being gracious. :) > > I updated the packages (very slightly) to install into /usr/local, > instead of /usr. It seems to be a tradeoff--while I know a few OS X > users who have (for reasons inscrutable to me) elected to remove /usr/ > local from their PATH, there are a fair number of OS X crypto apps > hardwired to expect it in /usr/local. Mulberry, GPGMail, etc. > > The original links still work; they point to non-IDEA-enabled > builds. For completeness' sake, the links are all listed here: > > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg > > Signatures are available at: > > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC-IDEA.dmg.asc > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-PowerPC.dmg.asc > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386-IDEA.dmg.asc > http://rjhansen.cs.uiowa.edu/~rjh/GnuPG-1.4.7-i386.dmg.asc > > Warning: these packages still have not been extensively tested. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > > iQEcBAEBCAAGBQJF7vZzAAoJELcA9IL+r4EJe8wH/35U9JN32iHDdGRX9Z6I1LOy > Yeelk1QHPD/QAGMMC+4FTg3v442v4vFQxapYjVAcBJsD0hoBzpKVSQEAH1JqzVc7 > 1VkAcDGrdCRSYKGovOXhcv/T4bltsGUOV0NlbBX8rz1vX75Pt1UCOZsLUo0TAD7a > EtqrpSN7WlD1MjbxJXrlvJ4lWKaLUL0inmD6IG8v/XPhK6N+K2MMpbslwvorsA5d > q1+8ic5M5g1kaQDwzkFs0r5CBP2QA8F4zIW6VPNAJFswWtbHTuUR4hL5K8mtCNRN > m1Gi/An4P7h2eKurKwcmuGqdCtXl9E5zpatOGuLnsLPXq5uybMDN63dhRWtd9UI= > =3E8Y > -----END PGP SIGNATURE----- > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Macgpg-users mailing list > Macgpg-users at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/macgpg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF7vgzzTrtVKxWL8MRAlFXAJ94/QozVsI+arEPj/kuDYCV3OdF8gCcCY4s i86T1JTseNZJVVCSnErM2ms= =9Yhv -----END PGP SIGNATURE----- From ryan.lamothe at quantumworx.com Thu Mar 8 00:24:00 2007 From: ryan.lamothe at quantumworx.com (Ryan R. LaMothe) Date: Wed, 7 Mar 2007 18:24:00 -0500 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: <45EF44A4.20508@py-soft.co.uk> References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> <45EF44A4.20508@py-soft.co.uk> Message-ID: It's not a matter of "why not do it yourself" but a matter of "why isn't it being done" kind of question. A graphical installer and uninstaller for the entire suite would be nice. Maybe I will find time to work on it, maybe someone else can too. It is the same kind of question I ask the Mono and MonoDevelop people, who not only did not write MonoDevelop using Windows Forms (they used GTK), but an installation of "MonoDevelop for OS X" requires a plethora of Fink/DarwinPorts Linux libs installed in order to even begin using the entire package. But that is another story for another list. On Mar 7, 2007, at 6:03 PM, Benjamin Donnachie wrote: > Ryan R. LaMothe wrote: >> How difficult would be it be to package this application as a .app >> bundle instead of all over the filesystem like the typical Unix >> application (which makes installing/uninstalling/upgrading a pita)? > > There's nothing stopping you doing it and making the result > available to > all. > > Ben > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Macgpg-users mailing list > Macgpg-users at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/macgpg-users From jbruni at mac.com Mon Mar 12 20:48:36 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Mon, 12 Mar 2007 12:48:36 -0700 Subject: [Macgpg-users] 1.4.7 packages for OS X In-Reply-To: References: <45EE9DCD.6020000@py-soft.co.uk> <9B711196-3A86-4802-9C85-1738BF1ADAED@sixdemonbag.org> <3EBC47E8-D7BB-4AE8-82C6-B1763BE161E3@quantumworx.com> <9980C060-B931-41EE-BE22-1609B22F04BF@sixdemonbag.org> <8B742FC7-E0A6-462B-9A4A-4B32B9B9C893@quantumworx.com> <45EF44A4.20508@py-soft.co.uk> Message-ID: <11726E4D-4FB9-466F-9ABD-8F9E0B26EDDD@mac.com> It wouldn't make sense to try to package GPG using a .app bundle since GPG itself will most often be used from the command line. As such, you would need to update your PATH environment variable to include a deep reference to something like "/Applications/GnuPG/ Content/MacOS/gpg" instead of the normal location for user-installed tools (/usr/local). In addition, if you did run it by double-clicking what would that give you since there is no graphical user interface and using the tool is done via command-line options? If you really need a GUI to use GPG, trying installing one of the many interfaces referenced from http://macgpg.sourceforge.net/. Those are packaged as .app bundles and make sense to run via the Finder. -Joe PS: I noticed this message thread was being cross-posted to both macgpg-users and gnupg-users. I'm not sure that's good etiquette, but I'm replying to both for continuity. On Mar 7, 2007, at 4:24 PM, Ryan R. LaMothe wrote: > It's not a matter of "why not do it yourself" but a matter of "why > isn't it being done" kind of question. > > A graphical installer and uninstaller for the entire suite would be > nice. Maybe I will find time to work on it, maybe someone else can > too. > > It is the same kind of question I ask the Mono and MonoDevelop > people, who not only did not write MonoDevelop using Windows Forms > (they used GTK), but an installation of "MonoDevelop for OS X" > requires a plethora of Fink/DarwinPorts Linux libs installed in order > to even begin using the entire package. But that is another story > for another list. > > > On Mar 7, 2007, at 6:03 PM, Benjamin Donnachie wrote: > >> Ryan R. LaMothe wrote: >>> How difficult would be it be to package this application as a .app >>> bundle instead of all over the filesystem like the typical Unix >>> application (which makes installing/uninstalling/upgrading a pita)? >> >> There's nothing stopping you doing it and making the result >> available to >> all. >> >> Ben >> >> --------------------------------------------------------------------- >> - >> --- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Macgpg-users mailing list >> Macgpg-users at lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/macgpg-users > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From j.lysdal at gmail.com Mon Mar 12 23:47:37 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Mon, 12 Mar 2007 23:47:37 +0100 Subject: display bug Message-ID: <45F5D889.6000402@gmail.com> When i verify a data signature, isent gpg supposed to show keyserver url with the result when i have "verify-options show-keyserver-urls" in gpg.conf? -- J?rgen Ch. Lysdal -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 368 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070312/e4c5e440/attachment.pgp From svt at teris.de Tue Mar 13 03:39:30 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 03:39:30 +0100 Subject: GnuPG incompatible with windows-vista ? Message-ID: <45F60EE2.4080809@teris.de> Hi, today I've made some tests with gnupg and vista. Everything works fine, but at the moment, gnupg has to communicate with any external keyserver, I get this result: gpg: searching for "svt at teris.de" from hkp server subkeys.pgp.net gpgkeys: this keyserver type only supports key retrieval gpg: keyserver communications error: Dateilesefehler gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler When using the --debug all option, I get the same output (firstline is config-dir, the rest is the same). This error comes very fast. GnuPG does not search for hostnames or any other external recource. While these tests, the firewall was disabled. The same commands on a winXP-System are working correct. Can somebody verify this problem or know how I can solve it ? I know, some people here hates Vista, me to, but as software-developer I have to use it...:-( Thanks Bye, Sebastian From dshaw at jabberwocky.com Tue Mar 13 05:13:36 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 00:13:36 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F60EE2.4080809@teris.de> References: <45F60EE2.4080809@teris.de> Message-ID: <20070313041336.GB24706@jabberwocky.com> On Tue, Mar 13, 2007 at 03:39:30AM +0100, Sebsatian von Thadden wrote: > Hi, > > today I've made some tests with gnupg and vista. > > Everything works fine, but at the moment, gnupg has to communicate with > any external keyserver, I get this result: > > gpg: searching for "svt at teris.de" from hkp server subkeys.pgp.net > gpgkeys: this keyserver type only supports key retrieval > gpg: keyserver communications error: Dateilesefehler > gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler > > When using the --debug all option, I get the same output (firstline is > config-dir, the rest is the same). > > This error comes very fast. GnuPG does not search for hostnames or any > other external recource. > > While these tests, the firewall was disabled. > > The same commands on a winXP-System are working correct. > > Can somebody verify this problem or know how I can solve it ? You are either missing gpgkeys_hkp.exe or GPG can't find it (not in your path). David From dshaw at jabberwocky.com Tue Mar 13 05:02:18 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 00:02:18 -0400 Subject: display bug In-Reply-To: <45F5D889.6000402@gmail.com> References: <45F5D889.6000402@gmail.com> Message-ID: <20070313040218.GA24706@jabberwocky.com> On Mon, Mar 12, 2007 at 11:47:37PM +0100, J?rgen Christiansen Lysdal wrote: > When i verify a data signature, isent gpg supposed to show > keyserver url with the result when i have "verify-options > show-keyserver-urls" in gpg.conf? If there is a keyserver URL in the signature. David From j.lysdal at gmail.com Tue Mar 13 13:37:13 2007 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Tue, 13 Mar 2007 13:37:13 +0100 Subject: display bug In-Reply-To: <20070313040218.GA24706@jabberwocky.com> References: <45F5D889.6000402@gmail.com> <20070313040218.GA24706@jabberwocky.com> Message-ID: <9afe34fe0703130537m5f95ea53oe452278fed738027@mail.gmail.com> 2007/3/13, David Shaw : > > If there is a keyserver URL in the signature. > > David arh, i thought it was ment to display keyserver url from the public key used to verify the signature. Dident know i could store a keyserver url with a signature, but it makes sense. -- J?rgen Ch. Lysdal From svt at teris.de Tue Mar 13 13:44:29 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 13:44:29 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313041336.GB24706@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> Message-ID: <45F69CAD.7080308@teris.de> Hi David, > > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > your path). > The gpgkeys_hkp.exe is in the same directory as the other files. Here is my directory-listing: 13.03.2007 02:40 Doc 13.03.2007 02:40 gnupg.nls 05.03.2007 11:53 865.792 gpg.exe 05.03.2007 11:53 59.392 gpgkeys_curl.exe 05.03.2007 11:53 51.712 gpgkeys_finger.exe 05.03.2007 11:53 63.488 gpgkeys_hkp.exe 05.03.2007 11:53 33.280 gpgkeys_ldap.exe 05.03.2007 11:53 107.520 gpgsplit.exe 05.03.2007 11:53 371.200 gpgv.exe 14.01.2004 01:56 892.928 iconv.dll 13.03.2007 02:40 Src 13.03.2007 02:40 70.380 uninst-gnupg.exe Can I set the path to this file in the config-file or set any global_system_var to help gpg to find this file ? Thanks Bye, Sebastian From j.lysdal at gmail.com Tue Mar 13 13:42:03 2007 From: j.lysdal at gmail.com (=?UTF-8?Q?J=C3=B8rgen_Lysdal?=) Date: Tue, 13 Mar 2007 13:42:03 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313041336.GB24706@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> Message-ID: <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> 2007/3/13, David Shaw : > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > your path). > > David > Anyway, even if gpg can find it, it will still not work. Gives me a "socket error" something.. The message flashes for a very short time so i dont have time enough to rest of it. -- J?rgen Ch. Lysdal From dshaw at jabberwocky.com Tue Mar 13 14:36:48 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 09:36:48 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> Message-ID: <20070313133648.GB28721@jabberwocky.com> On Tue, Mar 13, 2007 at 01:42:03PM +0100, J?rgen Lysdal wrote: > 2007/3/13, David Shaw : > > > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > > your path). > > > > David > > > > Anyway, even if gpg can find it, it will still not work. Gives me a > "socket error" something.. > The message flashes for a very short time so i dont have time enough > to rest of it. What did you do so GPG would find it? David From dshaw at jabberwocky.com Tue Mar 13 14:29:35 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 09:29:35 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F69CAD.7080308@teris.de> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> Message-ID: <20070313132935.GA28721@jabberwocky.com> On Tue, Mar 13, 2007 at 01:44:29PM +0100, Sebsatian von Thadden wrote: > Hi David, > > > > > You are either missing gpgkeys_hkp.exe or GPG can't find it (not in > > your path). > > > > The gpgkeys_hkp.exe is in the same directory as the other files. Here is > my directory-listing: > > 13.03.2007 02:40 Doc > 13.03.2007 02:40 gnupg.nls > 05.03.2007 11:53 865.792 gpg.exe > 05.03.2007 11:53 59.392 gpgkeys_curl.exe > 05.03.2007 11:53 51.712 gpgkeys_finger.exe > 05.03.2007 11:53 63.488 gpgkeys_hkp.exe > 05.03.2007 11:53 33.280 gpgkeys_ldap.exe > 05.03.2007 11:53 107.520 gpgsplit.exe > 05.03.2007 11:53 371.200 gpgv.exe > 14.01.2004 01:56 892.928 iconv.dll > 13.03.2007 02:40 Src > 13.03.2007 02:40 70.380 uninst-gnupg.exe > > > Can I set the path to this file in the config-file or set any > global_system_var to help gpg to find this file ? Interesting that GPG was able to find gpgkeys_curl.exe but not gpgkeys_hkp.exe. Hmm. What version of GPG is this? Can you send the output of your keyserver request with "--debug 1024" added? David From j.lysdal at gmail.com Tue Mar 13 16:27:31 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Tue, 13 Mar 2007 16:27:31 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313133648.GB28721@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> Message-ID: <45F6C2E3.9040404@gmail.com> David Shaw skrev: > > What did you do so GPG would find it? > > David > Hmm, dident do anything.. Maybe it is because i have User Account Control turned off? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 368 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070313/87748b94/attachment.pgp From svt at teris.de Tue Mar 13 17:54:18 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 17:54:18 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313132935.GA28721@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> Message-ID: <45F6D73A.7020601@teris.de> Hi David, here is the output of gpg --debug 1024 --search-key --keyserver subkeys.pgp.net test" gpg: Optionen werden aus 'C:/Users/Sebsatian/AppData/Roaming/gnupg\gpg.conf' gel esen gpg: DBG: expanding string "C:\gnupg\gpgkeys_curl.exe -o "%O" "%I"" gpg: DBG: args expanded to "C:\gnupg\gpgkeys_curl.exe -o "C:\Users\SEBSAT~1\AppD ata\Local\Temp\gpg-53654A\tempout.txt" "C:\Users\SEBSAT~1\AppData\Local\Temp\gpg -53654A\tempin.txt"", use 1, keep 1 gpg: DBG: using temp file `C:\Users\SEBSAT~1\AppData\Local\Temp\gpg-53654A\tempi n.txt' gpg: searching for "test" from hkp server subkeys.pgp.net gpg: DBG: system() command is C:\gnupg\gpgkeys_curl.exe -o "C:\Users\SEBSAT~1\Ap pData\Local\Temp\gpg-53654A\tempout.txt" "C:\Users\SEBSAT~1\AppData\Local\Temp\g pg-53654A\tempin.txt" gpgkeys: this keyserver type only supports key retrieval gpg: keyserver communications error: Dateilesefehler gpg: Suche auf dem Schl?sselserver fehlgeschlagen: Dateilesefehler secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 I set this in config keyserver-options keep-temp-files to keep the files: tempin.txt --> # This is a GnuPG 1.4.7 keyserver communications file VERSION 1 PROGRAM 1.4.7 SCHEME hkp HOST subkeys.pgp.net PATH / COMMAND SEARCH test --> tempout.txt is empty (0bytes) I hope you can help. Bye, Sebastian David Shaw schrieb: > On Tue, Mar 13, 2007 at 01:44:29PM +0100, Sebsatian von Thadden wrote: >> Hi David, >> >>> You are either missing gpgkeys_hkp.exe or GPG can't find it (not in >>> your path). >>> >> The gpgkeys_hkp.exe is in the same directory as the other files. Here is >> my directory-listing: >> >> 13.03.2007 02:40 Doc >> 13.03.2007 02:40 gnupg.nls >> 05.03.2007 11:53 865.792 gpg.exe >> 05.03.2007 11:53 59.392 gpgkeys_curl.exe >> 05.03.2007 11:53 51.712 gpgkeys_finger.exe >> 05.03.2007 11:53 63.488 gpgkeys_hkp.exe >> 05.03.2007 11:53 33.280 gpgkeys_ldap.exe >> 05.03.2007 11:53 107.520 gpgsplit.exe >> 05.03.2007 11:53 371.200 gpgv.exe >> 14.01.2004 01:56 892.928 iconv.dll >> 13.03.2007 02:40 Src >> 13.03.2007 02:40 70.380 uninst-gnupg.exe >> >> >> Can I set the path to this file in the config-file or set any >> global_system_var to help gpg to find this file ? > > Interesting that GPG was able to find gpgkeys_curl.exe but not > gpgkeys_hkp.exe. Hmm. What version of GPG is this? > > Can you send the output of your keyserver request with "--debug 1024" > added? > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From bahamut at madhatt.com Tue Mar 13 18:12:58 2007 From: bahamut at madhatt.com (Andrew Berg) Date: Tue, 13 Mar 2007 11:12:58 -0600 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6C2E3.9040404@gmail.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> Message-ID: <45F6DB9A.3030300@madhatt.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I think that this problem came up before, and that one has to rename gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I can't remember). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9tuZQkZZy5xsw6MRA4WBAKCRy9wV7k3r9HadSFSMS3QtGv7hTACgtCT7 BxNDJ4e8ZLe4UeIXAaxx6ks= =w9Ee -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Mar 13 19:35:04 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 14:35:04 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6D73A.7020601@teris.de> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> Message-ID: <20070313183504.GB29210@jabberwocky.com> On Tue, Mar 13, 2007 at 05:54:18PM +0100, Sebsatian von Thadden wrote: > Hi David, > > here is the output of > > gpg --debug 1024 --search-key --keyserver subkeys.pgp.net test" > > gpg: Optionen werden aus > 'C:/Users/Sebsatian/AppData/Roaming/gnupg\gpg.conf' gel > esen > gpg: DBG: expanding string "C:\gnupg\gpgkeys_curl.exe -o "%O" "%I"" Interesting. Can you tell me the settings of these values in config.h when you compiled: HAVE_DRIVE_LETTERS DISABLE_KEYSERVER_PATH HAVE_W32_SYSTEM Also, do note that I don't think anyone has done a strong check of the random number code on Vista yet, so be warned about that. I'm just debugging the keyserver access stuff here. David From j.lysdal at gmail.com Tue Mar 13 19:49:17 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Tue, 13 Mar 2007 19:49:17 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6DB9A.3030300@madhatt.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com> Message-ID: <45F6F22D.8010007@gmail.com> Andrew Berg skrev: > I think that this problem came up before, and that one has to rename > gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > can't remember). Renaming gpgkeys_hkp.exe to gpgkeys_curl.exe seems to be working. Thanks for the tip. What is the difference between the two? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 368 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070313/3d1b931e/attachment.pgp From dshaw at jabberwocky.com Tue Mar 13 19:59:31 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 14:59:31 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6DB9A.3030300@madhatt.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com> Message-ID: <20070313185931.GC29210@jabberwocky.com> On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > I think that this problem came up before, and that one has to rename > gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > can't remember). This will fix HKP, but remove the ability to use HTTP. Better to fix the bug here. David From rjh at sixdemonbag.org Tue Mar 13 20:51:56 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 13 Mar 2007 14:51:56 -0500 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313183504.GB29210@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> Message-ID: <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org> > Interesting. Can you tell me the settings of these values in config.h > when you compiled: For what it's worth, Vista appears to have major problems with any program which depends on there being a libexec prefix. Whenever using a program that uses libexec helper programs, you're going to have problems--at least, I always did. I had Vista installed for a few weeks (work-related development) and ultimately said to hell with it, based on the incredible difficulties I faced in getting Cygwin, MinGW, GnuPG, etc., to work. For an example of this affecting MinGW, please see: http://www.qtforum.org/article/19748/QT-422-Opensource-on-Vista.html ... For now, I think it would be prudent to say that GnuPG on Vista is unsupported and not recommended. From dshaw at jabberwocky.com Tue Mar 13 21:12:56 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 16:12:56 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> <920C1548-A4C8-45F7-90E5-CFC91FE8B95A@sixdemonbag.org> Message-ID: <20070313201256.GD29210@jabberwocky.com> On Tue, Mar 13, 2007 at 02:51:56PM -0500, Robert J. Hansen wrote: > > Interesting. Can you tell me the settings of these values in config.h > > when you compiled: > > For what it's worth, Vista appears to have major problems with any > program which depends on there being a libexec prefix. Whenever > using a program that uses libexec helper programs, you're going to > have problems--at least, I always did. > > I had Vista installed for a few weeks (work-related development) and > ultimately said to hell with it, based on the incredible difficulties > I faced in getting Cygwin, MinGW, GnuPG, etc., to work. > > For an example of this affecting MinGW, please see: > > http://www.qtforum.org/article/19748/QT-422-Opensource-on-Vista.html > > > > ... For now, I think it would be prudent to say that GnuPG on Vista > is unsupported and not recommended. I don't disagree, but we're going to have to get this working on Vista eventually. The only way it's going to get supported and usable is to fix the problems. David From svt at teris.de Tue Mar 13 22:34:23 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 22:34:23 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313183504.GB29210@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> Message-ID: <45F718DF.9000408@teris.de> Hi David, > Interesting. Can you tell me the settings of these values in config.h > when you compiled: > > HAVE_DRIVE_LETTERS > DISABLE_KEYSERVER_PATH > HAVE_W32_SYSTEM > > Also, do note that I don't think anyone has done a strong check of the > random number code on Vista yet, so be warned about that. I'm just > debugging the keyserver access stuff here. > I don't have any enviroment on this system, to compile gnupg. So I can't tell you these informations. Bye, Sebastian From dshaw at jabberwocky.com Tue Mar 13 22:46:14 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 17:46:14 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F718DF.9000408@teris.de> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> <45F718DF.9000408@teris.de> Message-ID: <20070313214614.GE29210@jabberwocky.com> On Tue, Mar 13, 2007 at 10:34:23PM +0100, Sebsatian von Thadden wrote: > Hi David, > > > Interesting. Can you tell me the settings of these values in config.h > > when you compiled: > > > > HAVE_DRIVE_LETTERS > > DISABLE_KEYSERVER_PATH > > HAVE_W32_SYSTEM > > > > Also, do note that I don't think anyone has done a strong check of the > > random number code on Vista yet, so be warned about that. I'm just > > debugging the keyserver access stuff here. > > > > I don't have any enviroment on this system, to compile gnupg. So I can't > tell you these informations. Oh, you're using the precompiled Windows binary. David From svt at teris.de Tue Mar 13 22:46:58 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 22:46:58 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F6F22D.8010007@gmail.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <9afe34fe0703130542m21eb6626s334d9aeaca1ee739@mail.gmail.com> <20070313133648.GB28721@jabberwocky.com> <45F6C2E3.9040404@gmail.com> <45F6DB9A.3030300@madhatt.com> <45F6F22D.8010007@gmail.com> Message-ID: <45F71BD2.1040308@teris.de> Hi J?rgen, > Renaming gpgkeys_hkp.exe to gpgkeys_curl.exe seems to be working. > Thanks for the tip. > What is the difference between the two? yes, it seems to work for me. But I hope I can help to fix the problem completely. In the next month there will be thousands of users with new hardware, where vista is preinstalled. Bye, Sebastian From svt at teris.de Tue Mar 13 22:53:00 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Tue, 13 Mar 2007 22:53:00 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070313214614.GE29210@jabberwocky.com> References: <45F60EE2.4080809@teris.de> <20070313041336.GB24706@jabberwocky.com> <45F69CAD.7080308@teris.de> <20070313132935.GA28721@jabberwocky.com> <45F6D73A.7020601@teris.de> <20070313183504.GB29210@jabberwocky.com> <45F718DF.9000408@teris.de> <20070313214614.GE29210@jabberwocky.com> Message-ID: <45F71D3C.4060302@teris.de> Hi, > Oh, you're using the precompiled Windows binary. I hope, I'm not the noob of the year, but yes, I've just downloaded the 1.4.7 in installed it. Bye, Sebastian From hhhobbit at securemecca.net Wed Mar 14 00:50:29 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Tue, 13 Mar 2007 17:50:29 -0600 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: References: Message-ID: <45F738C5.1080708@securemecca.net> David Shaw wrote: > > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > >>>I think that this problem came up before, and that one has to rename >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I >>can't remember). > > > This will fix HKP, but remove the ability to use HTTP. Better to > fix the bug here. I don't know whether that is so much of a bug as a %PATH% problem. Try adding the following to your %PATH% variable: REM ADD THIS TO YOUR %PATH% HKLM entry (copy & paste): ;%ProgramFiles%\GNU\GnuPG Getting to where to do it (just hope Vista is same): Start -> Control Panel -> System (double click) {Advanced} (tab) [Environment Variables] (button) Select PATH in the System variables and tack the addition suggested on to the end of it and see if that works. The fine points of these instructions go for W2K, XP, and 2003 Server. Vista may have changed how to get to things. It will NOT change the fact that adding stuff to the %PATH% cures LOTS of problems. If you do that, and the problem still isn't fixed, THEN we have a bug. A lot of people have been saying this or that won't work with Vista. The appropriate additions to the %PATH% or the setting of other environment variables usually fixes their problem. OTOH, I haven't seen their changes to the Registry. I am still using REG4 *.reg files (which will work up through 2003 Server) if that tells you anything. HHH From me at psmay.com Tue Mar 13 23:41:36 2007 From: me at psmay.com (Peter S. May) Date: Tue, 13 Mar 2007 18:41:36 -0400 Subject: gpgsm doesn't recognize certs are related to secret keys Message-ID: <45F728A0.4010002@psmay.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 (This message is a dupe of one sent earlier under the wrong address; admins, please deny the previous version.) I've extracted some Thawte and CAcert keys and certs from my browser and imported them into gpgsm (from gnupg-2.0.3, with it and all of its dependencies downloaded and compiled in their latest versions over the weekend). ls -l ~/.gnupg/private-keys-v1.d/ lists the three private keys that I imported, and all of the corresponding certs show up in - --list-keys: $ gpgsm --list-keys psmay /home/psmay/.gnupg/pubring.kbx - ---------------------------- Serial number: 067A86EB7BA000EF5E6F6341D8070D7E Issuer: /CN=Thawte Personal Freemail Issuing CA/O=Thawte Consulting (Pty) Ltd./C=ZA Subject: /CN=Peter Samuel May/EMail=psmay at halfgeek.org/GN=Peter Samuel/SN=May aka: psmay at halfgeek.org validity: 2006-10-09 18:39:01 through 2007-10-09 18:39:01 key type: 2048 bit RSA fingerprint: 96:D2:E8:44:1D:7B:31:8B:C8:CC:07:ED:E3:A0:C2:73:41:A3:56:E9 Serial number: 02C4AD Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org Subject: /EMail=me at psmay.com/EMail=psmay at halfgeek.org aka: psmay at halfgeek.org aka: me at psmay.com validity: 2006-10-12 14:24:50 through 2007-10-12 14:24:50 key type: 2048 bit RSA fingerprint: 43:F3:E6:0B:1B:25:4E:BA:3A:69:DA:56:8E:F8:35:08:CD:4B:A7:52 Serial number: 02C5B0 Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org Subject: /CN=Peter Samuel May/EMail=me at psmay.com/EMail=psmay at halfgeek.org aka: psmay at halfgeek.org aka: me at psmay.com validity: 2006-10-13 05:52:09 through 2007-10-13 05:52:09 key type: 2048 bit RSA fingerprint: 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 (The CAs' certs also show up when I don't qualify this with my name.) However, it doesn't seem to realize that it has the secret keys for these certs: $ gpgsm --list-secret-keys /home/psmay/.gnupg/pubring.kbx - ---------------------------- $ And since it doesn't, I also can't use the private keys: $ gpgsm --local-user 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 --sign somefile gpgsm: can't sign using `26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8': No secret key Anyone have any ideas? Thanks PSM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9yieei6R+3iF2vwRCsVGAKCLrGNyodcF8MkKdfdp7z/F/CsjJACfZFOM ayzMVgX+QgKbz1p0UqgBjTk= =JhYa -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Wed Mar 14 03:41:29 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 22:41:29 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070314015211.GB30707@jabberwocky.com> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> Message-ID: <20070314024129.GC30707@jabberwocky.com> On Tue, Mar 13, 2007 at 09:52:11PM -0400, David Shaw wrote: > On Tue, Mar 13, 2007 at 05:50:29PM -0600, Henry Hertz Hobbit wrote: > > David Shaw wrote: > > > > > > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > > > > > >>>I think that this problem came up before, and that one has to rename > > >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > > >>can't remember). > > > > > > > > > This will fix HKP, but remove the ability to use HTTP. Better to > > > fix the bug here. > > > > I don't know whether that is so much of a bug as a %PATH% problem. > > Try adding the following to your %PATH% variable: > > I doubt this is a path problem. gpgkeys_hkp.exe and gpgkeys_curl.exe > are in the same directory. If it was a path problem, both wouldn't > work. > > It's an access() problem. I'm not sure exactly what I want to do > about it though. If anyone is building on Vista (or building elsewhere but using it on Vista), try this patch. David -------------- next part -------------- Index: keyserver.c =================================================================== --- keyserver.c (revision 4459) +++ keyserver.c (working copy) @@ -41,6 +41,14 @@ #include "keyserver-internal.h" #include "util.h" +#ifdef HAVE_W32_SYSTEM +/* It seems Vista doesn't grok X_OK and so fails access() tests. + Previous versions interpreted X_OK as F_OK anyway, so we'll just + use F_OK directly. */ +#undef X_OK +#define X_OK F_OK +#endif /* HAVE_W32_SYSTEM */ + struct keyrec { KEYDB_SEARCH_DESC desc; From lfittl at ubuntu.com Wed Mar 14 02:26:52 2007 From: lfittl at ubuntu.com (Lukas Fittl) Date: Wed, 14 Mar 2007 02:26:52 +0100 Subject: Pinpad problem with SCM SPR532 Message-ID: <1173835612.4606.9.camel@tenjin> I recently bought an SCM SPR532 for testing purposes, and "gpg --card-status" works (without pcscd running), but when pinentry asks me to enter the PIN on the pinpad (tested with decryption, signing, and verify pin) it gives the following error in the log file of scdaemon, in the case of signing: 2007-03-14 02:20:11 scdaemon[4455] DBG: send apdu: c=00 i=CA p0=00 p1=7A lc=-1 le=256 2007-03-14 02:20:11 scdaemon[4455] DBG: APDU_data: 00 CA 00 7A 00 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 6F 09 00 00 00 00 11 04 00 00 00 40 05 00 CA 00 7A 00 F5 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: status: 00 error: 00 octet[9]: 04 data: 00 40 07 93 03 00 04 69 90 00 2A 2007-03-14 02:20:11 scdaemon[4455] DBG: response: sw=9000 datalen=5 2007-03-14 02:20:11 scdaemon[4455] DBG: dump: 93 03 00 04 69 2007-03-14 02:20:11 scdaemon[4455] signatures created so far: 1129 2007-03-14 02:20:11 scdaemon[4455] DBG: prompting for keypad entry '|| Please enter your PIN at the reader's keypad%0A[sigs done: 1129]' 2007-03-14 02:20:11 scdaemon[4455] DBG: send apdu: c=00 i=20 p0=00 p1=81 lc=0 le=-1 2007-03-14 02:20:11 scdaemon[4455] DBG: APDU_data: 00 20 00 81 00 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending escape sequence to switch to a case 1 APDU 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 6B 03 00 00 00 00 12 00 00 00 80 02 00 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: status: 00 error: 00 octet[9]: 00 data: 2007-03-14 02:20:11 scdaemon[4455] DBG: ccid-driver: sending 69 13 00 00 00 00 13 00 00 00 00 00 82 00 00 19 06 02 FF 04 09 00 00 00 00 00 20 00 81 2007-03-14 02:20:16 scdaemon[4455] DBG: ccid-driver: status: 40 error: EF octet[9]: 00 data: 2007-03-14 02:20:16 scdaemon[4455] DBG: ccid-driver: CCID command failed: PIN cancelled 2007-03-14 02:20:16 scdaemon[4455] ccid_transceive failed: (0x1000d) 2007-03-14 02:20:16 scdaemon[4455] apdu_send_simple(0) failed: aborted 2007-03-14 02:20:16 scdaemon[4455] DBG: dismiss keypad entry prompt 2007-03-14 02:20:16 scdaemon[4455] verify CHV1 failed: Operation cancelled 2007-03-14 02:20:16 scdaemon[4455] operation sign result: Operation cancelled 2007-03-14 02:20:16 scdaemon[4455] card_sign failed: Operation cancelled gpg output: gpg: sending command `SCD PKSIGN' to agent failed: ec=6.99 gpg: signing failed: general error gpg: file.txt: clearsign failed: general error gpg version is 1.4.6, gpg2 version is 2.0.3, OS is Debian on i386. Full scdaemon.log can be found at http://www.ixios-software.com/~lfittl/misc/scdaemon.log Thanks, Lukas -- Lukas Fittl -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : /pipermail/attachments/20070314/7f13f3d0/attachment.pgp From dshaw at jabberwocky.com Wed Mar 14 02:52:11 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 13 Mar 2007 21:52:11 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F738C5.1080708@securemecca.net> References: <45F738C5.1080708@securemecca.net> Message-ID: <20070314015211.GB30707@jabberwocky.com> On Tue, Mar 13, 2007 at 05:50:29PM -0600, Henry Hertz Hobbit wrote: > David Shaw wrote: > > > > On Tue, Mar 13, 2007 at 11:12:58AM -0600, Andrew Berg wrote: > > > >>>I think that this problem came up before, and that one has to rename > >>>gpgkeys_hkp.exe to gpgkeys_curl.exe (or was it the other way around?; I > >>can't remember). > > > > > > This will fix HKP, but remove the ability to use HTTP. Better to > > fix the bug here. > > I don't know whether that is so much of a bug as a %PATH% problem. > Try adding the following to your %PATH% variable: I doubt this is a path problem. gpgkeys_hkp.exe and gpgkeys_curl.exe are in the same directory. If it was a path problem, both wouldn't work. It's an access() problem. I'm not sure exactly what I want to do about it though. David From svt at teris.de Wed Mar 14 04:46:26 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Wed, 14 Mar 2007 04:46:26 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F738C5.1080708@securemecca.net> References: <45F738C5.1080708@securemecca.net> Message-ID: <45F77012.2080000@teris.de> Hi Henry, > REM ADD THIS TO YOUR %PATH% HKLM entry (copy & paste): > > ;%ProgramFiles%\GNU\GnuPG > > Getting to where to do it (just hope Vista is same): > > Start -> Control Panel -> System (double click) > {Advanced} (tab) > [Environment Variables] (button) > > Select PATH in the System variables and tack the addition suggested > on to the end of it and see if that works. The fine points of these > instructions go for W2K, XP, and 2003 Server. Vista may have > changed how to get to things. It will NOT change the fact that > adding stuff to the %PATH% cures LOTS of problems. > > If you do that, and the problem still isn't fixed, THEN we have a bug. > A lot of people have been saying this or that won't work with Vista. > The appropriate additions to the %PATH% or the setting of other > environment variables usually fixes their problem. OTOH, I haven't > seen their changes to the Registry. I am still using REG4 *.reg > files (which will work up through 2003 Server) if that tells you > anything. > I had already added the gnupg-directory to my path-variables and I've tested it. The path-variable works correct. I think, gpg can find the program correct, because "gpg: DBG: system() command is C:\gnupg\gpgkeys_curl.exe" is in the output. I've installed gpg in this dir, to test, if the vista-roaming-function make problems (The auto-roaming of vista does only work in system-dirs like program_files or windows, but not in other dirs on a partition. To analyse the problem, I've tried to change the props of the exe-files in vista: Run as admin, win2000 compatibility, winxpSP2 compatibility... All of these probs don't have any positive effect. Thanks for your idea! Bye, Sebastian From svt at teris.de Wed Mar 14 05:03:28 2007 From: svt at teris.de (Sebsatian von Thadden) Date: Wed, 14 Mar 2007 05:03:28 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070314024129.GC30707@jabberwocky.com> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> Message-ID: <45F77410.4090008@teris.de> Hi David, I can't build it now, because, I don't have installed the software to build it. If you know a website, where I can find out, how to build the package, I will try it. I've some experience in building packages like apache, php... on a linux system. Under windows, I've never built anything. - But, I can learn it:-) > If anyone is building on Vista (or building elsewhere but using it on > Vista), try this patch. Thanks a lot for your very fast work. I hope, you and the gpg-community can solve it. Bye, Sebastian From jmoore3rd at bellsouth.net Wed Mar 14 05:57:04 2007 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 14 Mar 2007 00:57:04 -0400 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F77410.4090008@teris.de> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> <45F77410.4090008@teris.de> Message-ID: <45F780A0.6000606@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sebsatian von Thadden wrote: > Under windows, I've never built anything. - But, I can learn it:-) > > >> If anyone is building on Vista (or building elsewhere but using it on >> Vista), try this patch. > > Thanks a lot for your very fast work. I hope, you and the gpg-community > can solve it. I cannot guarantee a Vista Build; but I am going to send You an Invite to My Y! Group where Compiling is discussed and assisted. This would also be an excellent Forum in which to discuss Your desires and receive some assistance from those who have gone before. :) JOHN 8-) Timestamp: Wednesday 14 Mar 2007, 00:55 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8-svn4459: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: My Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJF94CaAAoJEBCGy9eAtCsPsr8IAJgA2Bh+/hhKyYafHroxqsi6 GpO12JUnpDI7pd/42pPFGKZUoses7Cm06xX7KyMbymPJTuQvn9I/XSZgN7ufpGZo EomnLRMXqKMB8JAnUWkj/aq5bhWvdLkZpYJxRAUs0kHxcGFugeXAaED51L5++4CE 1O7RwE81O51VJ7XS1TTE9QzPNiRUIfIkkyn4IfYHAXciwhgfVA+ZW6mYGrHBhi+S qh5pdgFRA2fONwjj+53DBvM8cf5JVn9nvpQb1nKw6KbvgSi0xO3dRK63W3SiVHlu u5ObOyvmlqS8ProDtc27kKlIM0s6MKY65BIDxpGZx7CvZKtWO3RyWrbtuSjogbg= =TPh6 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Mar 14 05:47:35 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 13 Mar 2007 23:47:35 -0500 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <45F77410.4090008@teris.de> References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> <45F77410.4090008@teris.de> Message-ID: > I can't build it now, because, I don't have installed the software to > build it. The software needed to build it doesn't exist for Vista. Either Cygwin or the MinGW compilers are needed, and neither of them work with Vista at this point. (MinGW fails with the same problem that's afflicting GnuPG, it appears.) It's possible to build trivial apps with Cygwin/MinGW on Vista. It's not possible to do serious work. For now, the only real solution is to cross-compile for Vista or else mangle the GnuPG source enough to make it work with MSVC2005. Neither solution appears optimal. > If you know a website, where I can find out, how to build the > package, I > will try it. I think John Moore's the go-to guy for building GnuPG on Windows XP. I don't know if he has any insights into compiling GnuPG on Vista, however. From wk at gnupg.org Wed Mar 14 09:05:28 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 09:05:28 +0100 Subject: GnuPG incompatible with windows-vista ? In-Reply-To: <20070314024129.GC30707@jabberwocky.com> (David Shaw's message of "Tue\, 13 Mar 2007 22\:41\:29 -0400") References: <45F738C5.1080708@securemecca.net> <20070314015211.GB30707@jabberwocky.com> <20070314024129.GC30707@jabberwocky.com> Message-ID: <873b48jlmf.fsf@wheatstone.g10code.de> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070314/9de3a1ad/attachment.pgp From wk at gnupg.org Wed Mar 14 09:20:27 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Mar 2007 09:20:27 +0100 Subject: gpgsm doesn't recognize certs are related to secret keys In-Reply-To: <45F728A0.4010002@psmay.com> (Peter S. May's message of "Tue\, 13 Mar 2007 18\:41\:36 -0400") References: <45F728A0.4010002@psmay.com> Message-ID: <87y7m0i6d0.fsf@wheatstone.g10code.de> On Tue, 13 Mar 2007 23:41, me at psmay.com said: > > $ gpgsm --list-secret-keys > /hom