From wk at gnupg.org Tue May 1 15:27:02 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 01 May 2007 15:27:02 +0200 Subject: using private key on removable media In-Reply-To: (Alex L. Mauer's message of "Sun\, 29 Apr 2007 22\:08\:51 -0500") References: Message-ID: <87y7k8r7x5.fsf@wheatstone.g10code.de> On Mon, 30 Apr 2007 05:08, hawke at hawkesnest.net said: > first, when trying to sign a key using this setup, gnupg decides by > looking only at the first keyring that 'secret key parts are not > available'. even though they are available from the second keyring. The concept of working with several keyrings will eventually be removed. This will solve your problem - although in a way you may not like ;-) Shalom-Salam, Werner From hawke at hawkesnest.net Tue May 1 17:11:04 2007 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue, 01 May 2007 10:11:04 -0500 Subject: using private key on removable media In-Reply-To: <87y7k8r7x5.fsf__9384.39568640224$1178026486$gmane$org@wheatstone.g10code.de> References: <87y7k8r7x5.fsf__9384.39568640224$1178026486$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch wrote: >> first, when trying to sign a key using this setup, gnupg decides by >> looking only at the first keyring that 'secret key parts are not >> available'. even though they are available from the second keyring. > > The concept of working with several keyrings will eventually be removed. > This will solve your problem - although in a way you may not like ;-) Let me guess -- I won't be able to keep the primary secret key offline any more? -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070501/b516d834/attachment.pgp From wk at gnupg.org Tue May 1 18:09:23 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 01 May 2007 18:09:23 +0200 Subject: using private key on removable media In-Reply-To: (Alex Mauer's message of "Tue\, 01 May 2007 10\:11\:04 -0500") References: <87y7k8r7x5.fsf__9384.39568640224$1178026486$gmane$org@wheatstone.g10code.de> Message-ID: <87r6q0plu4.fsf@wheatstone.g10code.de> On Tue, 1 May 2007 17:11, hawke at hawkesnest.net said: > Let me guess -- I won't be able to keep the primary secret key offline > any more? No, no. It is just so that the public keys will be moved to a file (called keybox) which allows to store meta data like fingerprints and such and make searching for keys far more effective. The current keyrings are actually very slow and there must be magic somewhere so that they work at all. The new format is already used by gpgsm (X.509) and as soon as it has been implemented for gpg2 trehre will be just one keybox for all kinds of public keys. Shalom-Salam, Werner From hawke at hawkesnest.net Tue May 1 23:32:46 2007 From: hawke at hawkesnest.net (Alex Mauer) Date: Tue, 01 May 2007 16:32:46 -0500 Subject: using private key on removable media In-Reply-To: <87r6q0plu4.fsf__24709.8195985474$1178035990$gmane$org@wheatstone.g10code.de> References: <87y7k8r7x5.fsf__9384.39568640224$1178026486$gmane$org@wheatstone.g10code.de> <87r6q0plu4.fsf__24709.8195985474$1178035990$gmane$org@wheatstone.g10code.de> Message-ID: Werner Koch wrote: > On Tue, 1 May 2007 17:11, hawke at hawkesnest.net said: > >> Let me guess -- I won't be able to keep the primary secret key offline >> any more? > > No, no. > > It is just so that the public keys will be moved to a file (called > keybox) which allows to store meta data like fingerprints and such and > make searching for keys far more effective. The current keyrings are > actually very slow and there must be magic somewhere so that they work > at all. I assume private keys will also use this keybox? Either way, I'm not sure that it's relevant to my initial complaint, that gpg doesn't look at all the information available to it before deciding whether an operation is possible. I hope it will help, and I look forward to the keybox format solving my complaint. -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070501/c25b9292/attachment.pgp From wk at gnupg.org Wed May 2 09:27:50 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 May 2007 09:27:50 +0200 Subject: using private key on removable media In-Reply-To: (Alex Mauer's message of "Tue\, 01 May 2007 16\:32\:46 -0500") References: <87y7k8r7x5.fsf__9384.39568640224$1178026486$gmane$org@wheatstone.g10code.de> <87r6q0plu4.fsf__24709.8195985474$1178035990$gmane$org@wheatstone.g10code.de> Message-ID: <87tzuvn0qx.fsf@wheatstone.g10code.de> On Tue, 1 May 2007 23:32, hawke at hawkesnest.net said: > I assume private keys will also use this keybox? Either way, I'm not No. Private keys will be be managed by gpg-agent. gpg2 will then ask gpg-agent whether a private key for a given public key is available for use. This also includes smart card keys and such. The whole secret-key stub stuff we currently use with gpg2 will just go away as it will be gpg-agent's business to decide whether a private (sub)key is available. Salam-Shalom, Werner From cpollock at embarqmail.com Thu May 3 00:24:40 2007 From: cpollock at embarqmail.com (Chris) Date: Wed, 2 May 2007 17:24:40 -0500 Subject: [Possible SPAM] Re: UID changes (was Key Revocation) In-Reply-To: References: <462AF1C1.6010805@securemecca.net> Message-ID: <200705021724.53286.cpollock@embarqmail.com> On Sunday 22 April 2007 1:18 am, Robert J. Hansen wrote: > > Optionally, later on you can also do a (again, you have to pick > > whether to "revuid" or "deluid) (a "#" indicates a comment): > > This will not work if you've sent your key to a keyserver, as is > recommended. It will also not work if you've sent your key on to > others; if and when you send them your new key, your old UID will > persist. > > Revocation of the UID is preferred. > > > All, apologies for the late reply, but I've been fighting with my ISP/DSL provider about some changes they've made that are causing each mail I send to be tagged as [possible spam] via the new mail server, Synacor. Embarq's contract ran out with Earhlink and they decided to go with Synacor whom it seems has no clue about running Spamassassin. So, the best thing to do is when I get everything setup the way it should be is to revoke the cpollock at earthlink.net UID. pub 1024D/98E6705C 2005-11-23 uid Chris Pollock (New email address as of 04/21/07) uid Chris Pollock Thanks for all the help, and I apologize also if this reply is tagged with Synacor's spam markup. Chris -- Chris KeyID 0xE372A7DA98E6705C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070502/b460f690/attachment.pgp From rjh at sixdemonbag.org Thu May 3 02:38:23 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 2 May 2007 19:38:23 -0500 Subject: [Possible SPAM] Re: UID changes (was Key Revocation) In-Reply-To: <200705021724.53286.cpollock@embarqmail.com> References: <462AF1C1.6010805@securemecca.net> <200705021724.53286.cpollock@embarqmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > pub 1024D/98E6705C 2005-11-23 > uid Chris Pollock (New email address as of 04/21/07) > > uid Chris Pollock No need to put the (New email...) comment in place. The rule of thumb is to assume that any UID that's (a) not been revoked and (b) is signed by someone you trust is a good one, and the others are all bad. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkY5Lv8ACgkQf2XByo0Cu7MsAQDeNt14hA+vJUsSYrDjzZ+WC9Qp 5CCi8kPEIoPP0wDdGQo1i6JyK5ak7y497pcIeHxrYPBTTyqzXItCH4kBHAQBAQgA BgUCRjku/wAKCRC3APSC/q+BCdF6B/4lxad1BP3+hMO4Z3ZfPKGRjmE0lcii2NsW ky9P4i9YU0DUDDvN51xsGIZ+wBawHUGYF6TtwnzpVJs/drXlxaTYrfNo+60EQENy G2/28o1do5x58g/tKYatrb1N8hgMj7YfRysmU+4tWuC1jq7hW9e+ky87Ydr8PAam q4M15WAzxoufcHRiH4OIuVOgt0131x5kvSxVUxAo0GXLu/VteNhr1X8L/JzgnZ6o xywi8n62Q2pMZke/6GY8fho8vUjQ1s+g5Iltv4alWaCbnFhYQAMzrx3LObl0Ktoz Pg2T4RkylBsuaF84q4mfmnkXT01c+CtKlLaiXEQoli10Tfe58jOS =68Qg -----END PGP SIGNATURE----- From TangoVu at srcp.com Thu May 3 22:10:39 2007 From: TangoVu at srcp.com (Vu, Tango) Date: Thu, 3 May 2007 15:10:39 -0500 Subject: decrypting a file with passphrase in the command as an option In-Reply-To: <87irbiw88k.fsf@wheatstone.g10code.de> Message-ID: <09198BF40D41B54BA641392D1F165684038352E5@CORPDALLMSG05.na.srcp.net> I tried to change the passphrase to blank but it keep giving me errors both in Key Manager and GPA (btw, I am using GPG for Windows). I then tried to create a new key with blank passphrase and it wont let me. How do I remove a passphrase insteading of changing it? -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Werner Koch Sent: Friday, April 27, 2007 3:08 AM To: jjabour Cc: gnupg-users at gnupg.org Subject: Re: decrypting a file with passphrase in the command as an option On Thu, 19 Apr 2007 18:11, jjabour at nshs.edu said: > > please enter passphrase> ****** > and it works > I would like to put the passphrase in the command so I wont be prompted for > it. Can this be done? Yes, the option is descriped in the man page. But before you do that you should think about it. It is in almost all cases better to remove the passphrase from the key. We have this question here every few weeks. Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users This message (including any attachments) may contain confidential or otherwise privileged information and is intended only for the individual(s) to which it is addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secured or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message or that arise as a result of e-mail transmission. If verification is required please request a hard-copy version from the sender. SOURCECORP, Incorporated www.srcp.com From wk at gnupg.org Fri May 4 13:48:43 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 May 2007 13:48:43 +0200 Subject: [Announce] Libgcrypt 1.3.0 (development) released Message-ID: <87r6pw95d0.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of Libgcrypt 1.3.0. This is the first release of a series of development versions ebentually leading to a new stable 1.4 series. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementaion of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use libgcrypt. Changes relative to 1.2.4 are: * Reading and writing the random seed file is now protected by a fcntl style file lock on systems that provide this function. * Support for SHA-224 and HMAC using SHA-384 and SHA-512. * Support for the SEED cipher. * Support for the Camellia cipher. Note that Camellia is disabled by default, and that enabling it changes the license of libgcrypt from LGPL to GPL. * Support for OFB encryption mode. * gcry_mpi_rshift does not anymore truncate the shift count. * Reserved algorithm ranges for use by applications. * Support for DSA2. * The new function gcry_md_debug should be used instead of the gcry_md_start_debug and gcry_md_stop_debug macros. * New configure option --enable-random-daemon to support a system wide random daemon. The daemon code is experimental and not yet very well working. It will eventually allow to keep a global random pool for the sake of short living processes. * Non executable stack support is now used by default on systems supporting it. * Support for Microsoft Windows. * Assembler support for the AMD64 architecture. * New configure option --enable-mpi-path for optimized builds. * Experimental support for ECDSA; should only be used for testing. * New control code GCRYCTL_PRINT_CONFIG to print the build configuration. Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signatures is: ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.3.0.tar.bz2 (922k) ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.3.0.tar.bz2.sig This file is bzip2 compressed. The SHA-1 checksum is: 38361925fef99715eccb8a1f73110ce2f3c3896a libgcrypt-1.3.0.tar.bz2 For help on developing with Libgcrypt you should send mail to the grcypt-devel mailing list [1]. Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], or by donating money. Commercial support contracts for Libgcrypt are available [3], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. Happy hacking, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . [2] Note that copyright assignments to the FSF are required. [3] See the service directory at http://www.gnupg.org/service.html . -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available Url : /pipermail/attachments/20070504/84497c9e/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From rhedlind at bigfoot.com Fri May 4 15:13:29 2007 From: rhedlind at bigfoot.com (Richard Hedlind) Date: Fri, 04 May 2007 06:13:29 -0700 Subject: Invaild Key Message-ID: <463B3179.6000106@bigfoot.com> Hi, I new to OpenPGP and GNUPG and have created myself a problem. I'm using Thunderbird 2.0.0.0 and Enigmai. I originally loaded gpg4win-1.0.9 and created a key pair successfully,key id 0xC8D5E165 pub/sec.. I deleted the program in my testing and reload gpg4win. Now my key ID is 0x2AD07B94 pub/sec. My problem now is when I go to sign or encrypt my email I get the following error. "Send operation aborted. INV_RECP 0 0xC8D5E165 gpg command line and output: C:\\program file\\gnu\\gnupg\\gpg.exe --charset utf8 --batch --no tty -- status-fd2 --comments 'using gnupg with mozilla - http://enigmail.mozdev.org' -a -t -e --trust model always --encrypt-to 0xC8D5E165 -r 0x39B0DE242AD07B94 -u 0xC8D5E165 gpg: 0xC8D5E165: skipped: public key not found gpg: [stdin]: encryption failed: public key not found I have cleaned up the registry reload gpg4win and enigmail to no avail. Also when I reload and built new keys I used the same passphase that I used originally. I would like to get back to square one and get it working. Any and all help would be greatly appreciated. From me at psmay.com Fri May 4 18:29:01 2007 From: me at psmay.com (Peter S. May) Date: Fri, 04 May 2007 12:29:01 -0400 Subject: Invaild Key In-Reply-To: <463B3179.6000106@bigfoot.com> References: <463B3179.6000106@bigfoot.com> Message-ID: <463B5F4D.40300@psmay.com> Richard Hedlind wrote: > My problem now is when I go to sign or encrypt my email I get the > following error. "Send operation aborted. INV_RECP 0 0xC8D5E165 gpg > command line and output: C:\\program file\\gnu\\gnupg\\gpg.exe > --charset utf8 --batch --no tty -- status-fd2 --comments 'using gnupg > with mozilla - http://enigmail.mozdev.org' -a -t -e --trust model always > --encrypt-to 0xC8D5E165 -r 0x39B0DE242AD07B94 -u 0xC8D5E165 gpg: > 0xC8D5E165: skipped: public key not found gpg: [stdin]: encryption > failed: public key not found Sounds to me like perhaps you forgot to change the key ID associated with your account in Enigmail. In Thunderbird 1.x (possibly slightly different in Thunderbird 2) it's a matter of going to Edit > Account Settings, then finding "OpenPGP Security" under your mail account. If my guess is correct, you'd see the "Use specific OpenPGP key ID" radio button set with your old key ID (0xC8D5E165) in the field. From there, you could select your new key with the "Select Key ..." button, or you could just hit the "Use email address of this identity to identify OpenPGP key" setting instead. If that's already set to the right key, you might just have to suck it up and look under the hood--that is, check the console application to make sure what you're trying to do works from there. Good fortune PSM -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070504/af5d529d/attachment.pgp From japnews at gmx.de Fri May 4 19:05:27 2007 From: japnews at gmx.de (Jan Jansen) Date: Fri, 04 May 2007 19:05:27 +0200 Subject: Invaild Key In-Reply-To: <463B3179.6000106@bigfoot.com> References: <463B3179.6000106@bigfoot.com> Message-ID: <463B67D7.40000@gmx.de> Hi, this might help: 1. Open the profile folder of Thunderbird. 2. Open the file pref.js with a text editor. 3. Find lines similar to : user_pref("mail.identity.id1.pgpkeyId", "0xC8D5E165"); 4. Replace "0xC8D5E165" by "0x2AD07B94". 5. Save your changes. You can get the same effect by editing the point "OpenPGP-Security" in your Email-account settings. Jan > Hi, > I new to OpenPGP and GNUPG and have created myself a problem. > > I'm using Thunderbird 2.0.0.0 and Enigmai. I originally loaded > gpg4win-1.0.9 and created a key pair successfully,key id 0xC8D5E165 > pub/sec.. I deleted the program in my testing and reload gpg4win. > Now my key ID is 0x2AD07B94 pub/sec. > > My problem now is when I go to sign or encrypt my email I get the > following error. "Send operation aborted. INV_RECP 0 0xC8D5E165 gpg > command line and output: C:\\program file\\gnu\\gnupg\\gpg.exe > --charset utf8 --batch --no tty -- status-fd2 --comments 'using gnupg > with mozilla - http://enigmail.mozdev.org' -a -t -e --trust model always > --encrypt-to 0xC8D5E165 -r 0x39B0DE242AD07B94 -u 0xC8D5E165 gpg: > 0xC8D5E165: skipped: public key not found gpg: [stdin]: encryption > failed: public key not found > > > I have cleaned up the registry reload gpg4win and enigmail to no avail. > Also when I reload and built new keys I used the same passphase that I > used originally. I would like to get back to square one and get it working. > > Any and all help would be greatly appreciated. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From vesely at tana.it Sat May 5 11:41:26 2007 From: vesely at tana.it (Alessandro Vesely) Date: Sat, 05 May 2007 11:41:26 +0200 Subject: [Announce] Libgcrypt 1.3.0 (development) released In-Reply-To: <87r6pw95d0.fsf@wheatstone.g10code.de> References: <87r6pw95d0.fsf@wheatstone.g10code.de> Message-ID: <463C5146.2070906@tana.it> Werner Koch wrote: > [...] > Libgcrypt is a general purpose library of cryptographic building > blocks. It is originally based on code used by GnuPG. It does not > provide any implementaion of OpenPGP or other protocols. Thorough > understanding of applied cryptography is required to use libgcrypt. Are there plans to extend it so as to include those protocols? Otherwise, is it planned to turn gpgme into a library, or produce a library version of gpg itself? IMHO, the above would make it easier to implement GUIs plugins. Thanks in advance Ale From piotr.firlej at gmail.com Sat May 5 15:59:07 2007 From: piotr.firlej at gmail.com (Piotr Firlej) Date: Sat, 5 May 2007 15:59:07 +0200 Subject: need a lot of entropies - help me pls :) Message-ID: <5419f2d0705050659h7b0b5972k7f0db9af0639e142@mail.gmail.com> Hi! I'm new here, have subscribed to maillist coz have spent a lot of time on google and so on and there are few things I cannot pass thru with GPG and my own set up deadline is comming ;) My problem is I need to generate a lot of keys, up to 100 / hr and machine i wanna use for it doesn't do anything except keys generation but to do that i need a lot of entropies. Possibilities I have found is: 1) run something on machine I wanna use, that will generate entropies, i.e. light/temperature checker plugged to LPT or so to provide the same stuff to /dev/random as does keyboard/mouse moves 2) run Entropy Gathering Daemon Ad1) have no time to build it and even have no idea if that would work out Ad2) have installed EGD, have started egd.pl as an server, have recompilled GPG with --enable-static-rnd=egd there was no problem at all while compilation. Now when i try to generate key i get: gpg: WARNING: unsafe ownership on homedir `/kluczegpg2/.gnupg' gpg: invalid module `/usr/local/lib/gnupg/rndegd': /usr/local/lib/gnupg/rndegd: nie mo??na otworzy? pliku obiektu dzielonego: Nie ma takiego pliku ani katalogu last info means: cannot open file shared object: there is no such file or dir and that's true, there is not, i have no idea how and where to take it from to be able to put it there. In gnupg in sources i have /cypher where i can find module, but that doesn't help when i move it there.... any ideas guys? i stucked and have no idea what else could i do... maybe some other idea instead of EGD? i just need a lot of entropies :) Ciao :) -- Best regards, Piotr Firlej From piotr.firlej at gmail.com Sat May 5 21:03:02 2007 From: piotr.firlej at gmail.com (Piotr Firlej) Date: Sat, 5 May 2007 21:03:02 +0200 Subject: need a lot of entropies - help me pls :) In-Reply-To: <200705051816.54988.pg@futureware.at> References: <5419f2d0705050659h7b0b5972k7f0db9af0639e142@mail.gmail.com> <200705051816.54988.pg@futureware.at> Message-ID: <5419f2d0705051203p76f84725x499417314e2f23a0@mail.gmail.com> On 5/5/07, Philipp G?hring wrote: > Hi, Hi, thanks for reply, > Here you have a list of random number generators that are available on the > market: > http://www.cacert.at/cgi-bin/rngresults Nice list, i have been trying to use /dev/urandom, even have compiled gnupg with changes in configure file where i have changed all /dev/random /dev/srandom to /dev/urandom, but that doesn't help at all... have no other idea how to provide entropies to gnupg the any working way :( -- Pozdrawiam serdecznie, Piotr Firlej From wk at gnupg.org Sun May 6 09:44:07 2007 From: wk at gnupg.org (Werner Koch) Date: Sun, 06 May 2007 09:44:07 +0200 Subject: [Announce] Libgcrypt 1.3.0 (development) released In-Reply-To: <463C5146.2070906@tana.it> (Alessandro Vesely's message of "Sat\, 05 May 2007 11\:41\:26 +0200") References: <87r6pw95d0.fsf@wheatstone.g10code.de> <463C5146.2070906@tana.it> Message-ID: <873b2a5rco.fsf@wheatstone.g10code.de> On Sat, 5 May 2007 11:41, vesely at tana.it said: > Are there plans to extend it so as to include those protocols? No, this is not the goal of libcgrypt. > Otherwise, is it planned to turn gpgme into a library, or produce gpgme is a library. Salam-Shalom, Werner From vesely at tana.it Sun May 6 11:00:35 2007 From: vesely at tana.it (Alessandro Vesely) Date: Sun, 06 May 2007 11:00:35 +0200 Subject: [Announce] Libgcrypt 1.3.0 (development) released In-Reply-To: <873b2a5rco.fsf@wheatstone.g10code.de> References: <87r6pw95d0.fsf@wheatstone.g10code.de> <463C5146.2070906@tana.it> <873b2a5rco.fsf@wheatstone.g10code.de> Message-ID: <463D9933.3040107@tana.it> Werner Koch wrote: > On Sat, 5 May 2007 11:41, vesely at tana.it said: >> Otherwise, is it planned to turn gpgme into a library, or produce > > gpgme is a library. Ooops, yes, of course. I apologize for my illiteracy. I think you guessed I meant a standalone library, and no plan of gpgme development matched that idea. Thank you for you response anyway Ale From alex at bofh.net.pl Sun May 6 15:11:43 2007 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Sun, 6 May 2007 15:11:43 +0200 Subject: need a lot of entropies - help me pls :) In-Reply-To: <5419f2d0705051203p76f84725x499417314e2f23a0@mail.gmail.com> References: <5419f2d0705050659h7b0b5972k7f0db9af0639e142@mail.gmail.com> <200705051816.54988.pg@futureware.at> <5419f2d0705051203p76f84725x499417314e2f23a0@mail.gmail.com> Message-ID: <20070506131143.GC24528@hell.pl> On Sat, May 05, 2007 at 09:03:02PM +0200, Piotr Firlej wrote: > On 5/5/07, Philipp G?hring wrote: > >Hi, > Hi, thanks for reply, > > >Here you have a list of random number generators that are available on the > >market: > >http://www.cacert.at/cgi-bin/rngresults > > Nice list, i have been trying to use /dev/urandom, even have compiled > gnupg with changes in configure file where i have changed all > /dev/random /dev/srandom to /dev/urandom, but that doesn't help at > all... > /dev/urandom is bad for your security we could be more helpful if you told us what you're trying to accomplish in more general terms, maybe running keygen more than once a second isn't necessary -- JID: alex at hell.pl PGP: 0x46399138 From jbruni at mac.com Sun May 6 22:33:52 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Sun, 6 May 2007 13:33:52 -0700 Subject: need a lot of entropies - help me pls :) In-Reply-To: <20070506131143.GC24528@hell.pl> References: <5419f2d0705050659h7b0b5972k7f0db9af0639e142@mail.gmail.com> <200705051816.54988.pg@futureware.at> <5419f2d0705051203p76f84725x499417314e2f23a0@mail.gmail.com> <20070506131143.GC24528@hell.pl> Message-ID: <19CE9D9E-0B38-4773-BD30-446A4C941703@mac.com> On May 6, 2007, at 6:11 AM, Janusz A. Urbanowicz wrote: > On Sat, May 05, 2007 at 09:03:02PM +0200, Piotr Firlej wrote: >> On 5/5/07, Philipp G?hring wrote: >>> Hi, >> Hi, thanks for reply, >> >>> Here you have a list of random number generators that are >>> available on the >>> market: >>> http://www.cacert.at/cgi-bin/rngresults >> >> Nice list, i have been trying to use /dev/urandom, even have compiled >> gnupg with changes in configure file where i have changed all >> /dev/random /dev/srandom to /dev/urandom, but that doesn't help at >> all... >> > > /dev/urandom is bad for your security > Not always. Here is a portion of the man page from OS X: /dev/urandom is a compatibility nod to Linux. On Linux, /dev/ urandom will produce lower quality output if the entropy pool drains, while /dev/random will prefer to block and wait for additional entropy to be collected. With Yarrow, this choice and distinction is not necessary, and the two devices behave identically. You may use either. That said, it makes sense to know the system you're building on. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2508 bytes Desc: not available Url : /pipermail/attachments/20070506/f90af131/attachment.bin From mrwchandler84 at yahoo.com Sun May 6 21:37:17 2007 From: mrwchandler84 at yahoo.com (Donald Wayne Chandler) Date: Sun, 06 May 2007 14:37:17 -0500 Subject: Gnupg error Message-ID: <463E2E6D.9000509@yahoo.com> Hi, I'm posting this on multiple forums in the hope of getting my mistake corrected. I'm running Ubuntu 7.04, Thunderbird 2.0, Enigmail 0.95. It was working fine with gpg 1.4.6 or gpg 2.0.2. I installed gpg 2.0.3 yesterday, it was working fine. Today 1.4.6 and 2.0.3 both have errored out. Enigmail key management says "loading keys" but never does. Any encrypted and/or signed message times out without displaying. Any guidance will be appreciated. Please don't sign your message(s), I need to read them! ~$ gpg --list-keys gpg: checking the trustdb gpg: waiting for lock (held by 3150 - probably dead) ... ~$ gpg2 --list-keys gpg: checking the trustdb *** stack smashing detected ***: gpg2 terminated gpg: removing stale lockfile (created by 3150)Aborted (core dumped) ~$ gpg --version gpg (GnuPG) 1.4.6 Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cypher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 ~$ gpg2 --version gpg (GnuPG) 2.0.3 Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3343 bytes Desc: S/MIME Cryptographic Signature Url : /pipermail/attachments/20070506/48ab7fe5/attachment.bin From mrwchandler84 at yahoo.com Mon May 7 00:24:50 2007 From: mrwchandler84 at yahoo.com (Donald Wayne Chandler) Date: Sun, 06 May 2007 17:24:50 -0500 Subject: Gnupg error [SOLVED] In-Reply-To: <463E2E6D.9000509@yahoo.com> References: <463E2E6D.9000509@yahoo.com> Message-ID: <463E55B2.9090805@yahoo.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Donald Wayne Chandler wrote: > Hi, I'm posting this on multiple forums in the hope of getting my > mistake corrected. > > I'm running Ubuntu 7.04, Thunderbird 2.0, Enigmail 0.95. It was working > fine with gpg 1.4.6 or gpg 2.0.2. I installed gpg 2.0.3 yesterday, it > was working fine. Today 1.4.6 and 2.0.3 both have errored out. I don't know the why, just the what. I deleted pubring.gpg.lock, secring.gpg.lock, and pubring.gpg.tmp from /.gnupg. Errors gone, I just don't know how I created them. - -=-=- ... There is no try. There is only do. Or do not. * TagZilla 0.066 * http://tagzilla.mozdev.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGPlWywJv9KA4qsBIRA+L4AKC3GcCexOdDSvrEtp/VxwqBA4UKkQCgko0Z CeFpxudEYtQK2p2YF0Bbch0= =W3Uz -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3343 bytes Desc: S/MIME Cryptographic Signature Url : /pipermail/attachments/20070506/15c16f13/attachment.bin From jharris at widomaker.com Mon May 7 04:22:02 2007 From: jharris at widomaker.com (Jason Harris) Date: Sun, 6 May 2007 22:22:02 -0400 Subject: new (2007-04-29) keyanalyze results (+sigcheck) Message-ID: <20070507022202.GA756@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-04-29/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: b1b9f153d7b6372c490ce3ac6b40817a881ea0ce 14761080 preprocess.keys 332a017366d48313b9ba21a8e1998dd2139530f6 8589800 othersets.txt e44eaabadd3623ed97c981df6e6caa04dbc24dfe 3535082 msd-sorted.txt dc586a32b7fe267eb37545fd6c673937b6cfde7b 2278 keyring_stats d76da935cf2e5ccd319bb1bd7a8b42fe2394d98e 1390239 msd-sorted.txt.bz2 9924dc3cd8e86ba8c141ccf2db5917b5f7586826 26 other.txt 393434537fd7d68242d6eee3aa1ff55dd865d431 1865983 othersets.txt.bz2 514a5a18918f8983a247a37c4ae749af0852b1e4 6016488 preprocess.keys.bz2 848d8d8f2b90b2053fd0ff0c7abf28af7e19ecb3 15302 status.txt b9b53c73579892f63c4ab3d816b951fa8feb57dc 194550 top1000table.html f9b1daa610ad2bb4ca401444a529a4ba60ef91fa 29638 top1000table.html.gz 25aa72776820f1d3fdfb8fe710ec63bb3c95c037 9783 top50table.html 2c6f44cf8045d4e5ae172ef84e1b22605251dc43 2529 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20070506/8d03e035/attachment-0001.pgp From shavital at mac.com Mon May 7 05:56:58 2007 From: shavital at mac.com (Charly Avital) Date: Mon, 07 May 2007 06:56:58 +0300 Subject: Gnupg error In-Reply-To: <463E2E6D.9000509@yahoo.com> References: <463E2E6D.9000509@yahoo.com> Message-ID: <463EA38A.90104@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Donald Wayne Chandler wrote the following on 5/6/07 10:37 PM: [...] > ~$ gpg --list-keys > gpg: checking the trustdb > gpg: waiting for lock (held by 3150 - probably dead) ... Suggest you open your ~/.gnupg directory, you should find a file named "trustdb.gpg.lock" (without the quotation marks). Delete it, it should solve that problem. > > ~$ gpg2 --list-keys > gpg: checking the trustdb > *** stack smashing detected ***: gpg2 terminated > gpg: removing stale lockfile (created by 3150)Aborted (core dumped) It seems to have solved itself "removing stale lockfile (created by 3150)... I had the same problem (twice) a couple of weeks ago, you might find more information of the list's archives, [...] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRj6jg83GMi2FW4PvAQihoAf7Bvew9OfuyaKA9ijiodENjf2Sz2KidJwG hWVP7bVjA1IswTJbCQUo5yrC2mAz33NvR9Z9EcreIGuKtXjXCzywT3dUBRGI6/4C KLPtMMosK4VUyTfGz7ujrkQqxn8X8JUnmF5z5MFFv3zkQ5ESMZgY714tpNlODYQN 1c9KynWNcZbf/0FCtUylSVU3xDflmTDVLv1VrAlJl76DQG+ktYZXH8HWPQfgoyv7 Kh2rMWIN24QC1Hwsc2v5QAuKkMYJM2MU2/M5x24UYtSF6KBjM1bATf1ym4c4i7e4 HZstw6qUzYyp6BYp7cXoOwfP7UCAgQi5wEaQffTnNQt1xY9VQyKYXQ== =W5qn -----END PGP SIGNATURE----- From berland at gmail.com Mon May 7 10:27:55 2007 From: berland at gmail.com (Jim Berland) Date: Mon, 7 May 2007 16:27:55 +0800 Subject: Extra key best solution for very insecure locations? Message-ID: Hello everybody, I'm trying to find the best solution for using GPG on a USB drive while travelling. I read the FAQ about subkeys which suggests to only use subkeys on insecure computers. As far as I understand this, though, anybody who got hold of my private subkeys would still be able to read all my previous mails. The document was obviously written with workplace computers and such in mind, rather than heavily infected Windows PCs in internet cafes. Is there a possibility to have an additional encryption subkey, that is not used until explicitly asked for by the user? That way I could ask people to encrypt to that subkey only while I'm on the road. Since I assume that this is not possible, the best solution I can think of is to have another mail alias for my domain with another key for it. It would be easy to ask people to use that email address for a while and with a helpful email program (e.g. Thunderbird + Enigmail) the key selection/download would be easy, too. I think this strategy is going to work well enough, but I still want to ask around, if there are other opinions and experiences. I am thinking about getting a smart card by the way, but I'm not sure how I feel about having to carry a card reader around. Furthermore you cannot count on having two USB ports on any computer. Thank you for any comments From dshaw at jabberwocky.com Mon May 7 15:11:06 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 7 May 2007 09:11:06 -0400 Subject: Extra key best solution for very insecure locations? In-Reply-To: References: Message-ID: <20070507131106.GB3390@jabberwocky.com> On Mon, May 07, 2007 at 04:27:55PM +0800, Jim Berland wrote: > Hello everybody, > > I'm trying to find the best solution for using GPG on a USB drive > while travelling. > > I read the FAQ about subkeys which suggests to only use subkeys on > insecure computers. As far as I understand this, though, anybody who > got hold of my private subkeys would still be able to read all my > previous mails. The document was obviously written with workplace > computers and such in mind, rather than heavily infected Windows PCs > in internet cafes. > > Is there a possibility to have an additional encryption subkey, that > is not used until explicitly asked for by the user? That way I could > ask people to encrypt to that subkey only while I'm on the road. This is certainly possible. The catch is that I suspect you'll find that people don't know how or aren't able to encrypt to a particular subkey some of the time, and a different subkey the rest of the time. GnuPG does, but not all OpenPGP programs have the ability to pick which subkey to encrypt to. David From bahamut at digital-signal.net Mon May 7 16:58:47 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Mon, 07 May 2007 09:58:47 -0500 Subject: W32 version tries to write to /dev/null Message-ID: <463F3EA7.2080800@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I used the -n switch to simulate signing and it returned an error saying that /dev/null doesn't exist. gpg -v -n -o "somefile" -s "someotherfile" returns gpg: can't create `/dev/null': No such file or directory gpg: signing failed: file create error GPG 1.4.7 (W32) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRj8+p/iOA0Bgp4/LAQMkRAf+OdKlzmR5w4nkt0CRiYW6ISoOT7LJoYrg 2y06fus00rl0/nWuBIsrVYt48TuJdhI7TDsYydn5cvfClNmCE9eyTBj/BwcmFd7h m7TVM9Hlqa2TVI5ljMZU4TrPH2d1NnYjkOMLKyfvfLF6z7IuPULUn0LJo5rsJfaN TBY4XuJcV7UEKEIA4HNhkVo10qV3ftiyNdGU17BdXrscgVHUFwSCbfj3PbsHq+Pc FpLJLaix9IGAm69Yl+AL13tczTN3F5wYTHbua0j+JMEMnDGEwIGHKdU1ERo9QxIN c5thukGCmut96YtYHHE2bYOgQSg+bdxwRlNK7GcoH4YYRb+BxKe/bA== =FcRR -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon May 7 17:54:44 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 7 May 2007 10:54:44 -0500 Subject: Extra key best solution for very insecure locations? In-Reply-To: References: Message-ID: <6483D59E-80EC-42EE-8A98-BBED9F9C8498@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I'm trying to find the best solution for using GPG on a USB drive > while travelling. The (regrettably) short version: there isn't one. Physical control of hardware is a prerequisite for the safe use of any security software. Without that physical control, you're taking some substantial risks. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkY/S8QACgkQf2XByo0Cu7NmKADfaeVfeB8vDLkJzH+h0sEtkZZR H26TcJ6sdefCRgDdEzJjQF/T83M6L5tMCNnMIW36sbPKl9eoW6nFNokBHAQBAQgA BgUCRj9LxAAKCRC3APSC/q+BCfERB/9VTYffSRQDKcvM+zPY914kxdDTYyemODud VEaAVcyEQ2qarBKNGsKSHzIqz6bx0NY+AWM6sog7rXFGnbtR3wS+twq2daf5uzBo Sa5u7Kc1IXy2sZi2Be1i7j9COh3QCxIFEzsZRCwyKTLVNtyeqvPkjxDN4biSQSEH RIK5vyDgzdo377RYQlfW65pNmQAFll3JxCF/IpiH3UymTIkcnYyu0lSiab+UA4sh VaA5Tv7yA1wVdCWmMMGBECqHrwDv3Av8Kio8xg25cfv3wKmrhf6byeytNKJA99L+ G5WXAurq2CZd4W7ZHB3re50fcEQ3Wv/JsWlR36KcG0j9UVa5nThW =ZVkZ -----END PGP SIGNATURE----- From vedaal at hush.com Mon May 7 18:15:31 2007 From: vedaal at hush.com (vedaal at hush.com) Date: Mon, 07 May 2007 12:15:31 -0400 Subject: Extra key best solution for very insecure locations? Message-ID: <20070507161536.95067C38A5@mailserver10.hushmail.com> Jim Berland berland at gmail.com wrote on Mon May 7 10:27:55 CEST 2007 >I'm trying to find the best solution for using GPG >on a USB drive while travelling. .... >insecure computers... >heavily infected Windows PCs >in internet cafes. there is a simple and relatively secure solution: [1] carry a small inexpensive laptop, but do not use it for internet, use it only to encrypt/decrypt/sign (a toshiba libretto is ideal, as it is the about the size of a videocassette, but (afaik) has been discontinued for non-Japanese markets) [2] transfer the encrypted material to the usb and e-mail it on the internet cafe computer, and transfer any encrypted replies back to the usb [3] use good anti-virus and anti-spyware programs to check your usb when you re-attach it to the laptop, ( i would recommend an inexpensive small usb (128 megs) kept wiped of all files, and used only for such transfers, it makes it easier to detect if 'anything extra' is put on the usb by the host computer) vedaal -- Click to lower your debt and consolidate your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPRP1Nic407WkGFJijx2ys0Ss/ From wk at gnupg.org Mon May 7 20:56:54 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 07 May 2007 20:56:54 +0200 Subject: W32 version tries to write to /dev/null In-Reply-To: <463F3EA7.2080800@digital-signal.net> (Andrew Berg's message of "Mon\, 07 May 2007 09\:58\:47 -0500") References: <463F3EA7.2080800@digital-signal.net> Message-ID: <87ejls5uo9.fsf@wheatstone.g10code.de> On Mon, 7 May 2007 16:58, bahamut at digital-signal.net said: > gpg: can't create `/dev/null': No such file or directory > gpg: signing failed: file create error Fixed in my working copy by using /dev/nul instead. Also for gpg2. Shalom-Salam, Werner From rjh at sixdemonbag.org Tue May 8 04:49:40 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 7 May 2007 21:49:40 -0500 Subject: PRZ hospitalized References: <01E62E43-AE04-4C73-926A-8C3440C963FA@callas.org> Message-ID: <5E811D30-2067-4E0E-AFBB-9975AF994BDB@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 According to Jon Callas, PRZ has been hospitalized for cardiac surgery. Callas says there's "no ... immediate danger, but they're pushing him into the hospital quicker than any reasonable person would like". I have no idea how to get well-wishings to him, but his email address is pretty widely known. So if you're of a mind to be kind, well, now's the time. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkY/5UQACgkQf2XByo0Cu7MGgQDggOLEi//IjlDtNVe0Pw2phhto gOTmdS44gMAAUQDfY1u1lf47Qtnr05LMC+MQ+HPJ1LHn9EV+LF1+UIkBHAQBAQgA BgUCRj/lRAAKCRC3APSC/q+BCYKcB/9ycwVtjjgpeXKPrmSwSINKmbQ3CrmoFE7+ l7Ma0hYLYEZ/rDoxGf29J++lJZSyO76kshVRwOXFsFqapkgP4wS8LMVQ78rO8WCw HApqIUwcnb+AkQdO8sRv+6cMvUi5MSvDDdhzfiNemXrWt/mJgCHKAH+LQz68vgAJ /1EVW142oVKQ4dahV4f93J2V2/caWRJRwo/4caWgYhQOdXdTKUCdR5L+1jlBrmUH 5zPwKhtkEKayEgLUeUgM0AddfxcSKhYV8+ADrBA/JvTiWvTWRHvJwyvv7+37qyrw 0ViifHkmFd5CeyRstafuAW6NuaMhP5Y99VLjtSiFnUPUGeMBBTjt =1Z3w -----END PGP SIGNATURE----- From burak.oguz at portakalteknoloji.com Tue May 8 10:38:21 2007 From: burak.oguz at portakalteknoloji.com (=?ISO-8859-9?Q?Burak_O=F0uz?=) Date: Tue, 08 May 2007 11:38:21 +0300 Subject: [gpgme+gpg-agent] How to use gpg-agent in daemon Message-ID: <464036FD.9030802@portakalteknoloji.com> Hi, I am working on a Linux daemon which will be using gpgme for crypto purposes and I need to use gpg-agent in my program. But when I start my daemon it detaches itself from the current console therefore I can not use gpg-agent. How can I make gpg-agent system wide for all users. Thanks in advance --- burak From wk at gnupg.org Tue May 8 13:35:13 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 08 May 2007 13:35:13 +0200 Subject: [gpgme+gpg-agent] How to use gpg-agent in daemon In-Reply-To: <464036FD.9030802@portakalteknoloji.com> ("Burak =?utf-8?Q?O?= =?utf-8?Q?=C4=9Fuz=22's?= message of "Tue\, 08 May 2007 11\:38\:21 +0300") References: <464036FD.9030802@portakalteknoloji.com> Message-ID: <87sla7tuoe.fsf@wheatstone.g10code.de> On Tue, 8 May 2007 10:38, burak.oguz at portakalteknoloji.com said: > purposes and I need to use gpg-agent in my program. But when I start my > daemon it detaches itself from the current console therefore I can not Well daemons keep it deep in their genes to detach themself. > use gpg-agent. How can I make gpg-agent system wide for all users. Although I doubt that this is a good idea, it is easy: chmod 777 $(echo $GPG_AGENT_INFO | cut -d: -f1) then make GPG_AGENT_INFO available to all users. Insted of 777 you should put all users into one group, chgrp the socket and chmod to 770. Salam-Shalom, Werner From bahamut at digital-signal.net Tue May 8 19:19:53 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Tue, 08 May 2007 12:19:53 -0500 Subject: W32 version tries to write to /dev/null In-Reply-To: <87ejls5uo9.fsf@wheatstone.g10code.de> References: <463F3EA7.2080800@digital-signal.net> <87ejls5uo9.fsf@wheatstone.g10code.de> Message-ID: <4640B139.7050708@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Werner Koch wrote: > On Mon, 7 May 2007 16:58, bahamut at digital-signal.net said: > >> gpg: can't create `/dev/null': No such file or directory >> gpg: signing failed: file create error > > Fixed in my working copy by using /dev/nul instead How would that help? /dev/nul can't exist on a Windows system either. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRkCxOfiOA0Bgp4/LAQM3FwgAlX296BiqMZmECGjlNcDlt4bImcfOYzXH ZVF0xV5JYuadC12VN38p7Pzi6eAJOgn/WAbaFNyN5gYdfnIEALi0RMT+Hd+4yngi jArSmJSEBqvtXqbKAlqqo+dBDIfTRufFs5Mpo+xc1V8xtJdFbOIks0s9Qz5sgE3X fC2joB5wkB2M6aU7DwF60jTwLU5ivMmleG27E+Jjlbm38zQF5NQ7ZG4lcD6hWAuO MiRy1EUajR6wNmQ/O+HqZgt3w5phDMk+cbZ69sU4Hp6B6ndd0AWe6X3NXvqOyuyQ XktuaGDkNZaJcGYLvLQDR3jIu6lWoBJrK4ADXiRT+7nuQEOn8Zt4+Q== =LJ28 -----END PGP SIGNATURE----- From alex at bofh.net.pl Tue May 8 23:25:52 2007 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Tue, 8 May 2007 23:25:52 +0200 Subject: Extra key best solution for very insecure locations? In-Reply-To: References: Message-ID: <20070508212552.GC28458@hell.pl> On Mon, May 07, 2007 at 04:27:55PM +0800, Jim Berland wrote: > Hello everybody, > > I'm trying to find the best solution for using GPG on a USB drive > while travelling. > > I read the FAQ about subkeys which suggests to only use subkeys on > insecure computers. As far as I understand this, though, anybody who > got hold of my private subkeys would still be able to read all my > previous mails. The document was obviously written with workplace > computers and such in mind, rather than heavily infected Windows PCs > in internet cafes. I suggest abandoning carrying the key, and taking a good look at hushmail.com. Alex -- JID: alex at hell.pl PGP: 0x46399138 od zwracania uwagi na detale s? lekarze, adwokaci, programi?ci i zegarmistrze -- Czerski From bahamut at digital-signal.net Wed May 9 00:01:43 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Tue, 08 May 2007 17:01:43 -0500 Subject: Extra key best solution for very insecure locations? In-Reply-To: <20070508212552.GC28458@hell.pl> References: <20070508212552.GC28458@hell.pl> Message-ID: <4640F347.9020803@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Janusz A. Urbanowicz wrote: > On Mon, May 07, 2007 at 04:27:55PM +0800, Jim Berland wrote: >> Hello everybody, >> >> I'm trying to find the best solution for using GPG on a USB drive >> while travelling. >> >> I read the FAQ about subkeys which suggests to only use subkeys on >> insecure computers. As far as I understand this, though, anybody who >> got hold of my private subkeys would still be able to read all my >> previous mails. The document was obviously written with workplace >> computers and such in mind, rather than heavily infected Windows PCs >> in internet cafes. > > I suggest abandoning carrying the key, and taking a good look at hushmail.com. Which is probably even less secure. In order to compromise a PGP-encrypted message (without breaking the encryption), one must have the private key and passphrase. In order to compromise Hushmail, one only needs the passphrase, which is easier to obtain remotely. The former requires a silent keylogger, knowledge of the key's existence, and a program that will silently copy the key. The former requires an IE data miner (not uncommon) unless the caf? owner has another browser like Firefox or Opera, or allows users to use a portable browser like Firefox Portable. A keylogger would work for the latter as well. Personally, I wouldn't take the risk on a machine that I consider insecure. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRkDzGviOA0Bgp4/LAQOHTAgApdF9UKbbhyXdU5OdLuSlYHQ2eZ+raWel vFvnjOFq9NkZIl4YOm8WuZi7Al5Xv7lRzebjcq+4nZOmRkBCY5JnD58bjPFUp4Yv /B84T/scOV9bfqN2X0BVAA5QMmmy0YQFL9LGPCguidVHO8NikgJpIVaGyBijOiHW p52AOXSgNrV6U5pLagJffRwnIWEMD+0UGu592YJ6ije9MUqUEN+v3hUQyw1HFtUf B2KWKQ+apZ3k5muoV0wPjmVPp8kHD65JVRUM90kWiZBRt9gDZzvIBfQwjGFWxhdg ciTFrn3Y9oXI9pQYsiJopHPKziQeSDLhvLpTfVq1pbfdvgkoSmgntg== =m4BO -----END PGP SIGNATURE----- From hhhobbit at securemecca.net Wed May 9 02:21:53 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Tue, 08 May 2007 18:21:53 -0600 Subject: W32 version tries to write to /dev/null In-Reply-To: References: Message-ID: <46411421.8070808@securemecca.net> Andrew Berg wrote: > Werner Koch wrote: > >>> On Mon, 7 May 2007 16:58, bahamut at digital-signal.net said: >>> >>> >>> gpg: can't create `/dev/null': No such file or directory >>> gpg: signing failed: file create error >>> >>> Fixed in my working copy by using /dev/nul instead > > How would that help? /dev/nul can't exist on a Windows > system either. But NUL (nul) does exist, at least for now: command 1> NUL 2>&1 I use it all the time in my BAT, VBS, JS and PL (PERL) script files. But almost none of those script files work properly any more with Vista because any time you wander into protected areas you need administration privileges. I am talking about NORMAL Vista accounts, nothing special. Actually, you can start an elevated shell on Vista to run the script, but that is a real pain if you made it so people could just double-click on script files to run them. Here is the article on NUL and redirection: http://support.microsoft.com/kb/110930 Just be sure if you are throwing it away, then throw it ALL away. If you don't, you will still see the message. I have NO idea whether it works the same in both scripts and inside C / C++ / C# programs. Windows is notorious for having scripting and binaries frequently behaving differently and you can't interspangle a script that calls a binary that in turn calls another script on pre-Vista Windows like you do on 'nix machines. Supposedly, the new PowerShell (PS1) scripting is going to make the mixing of binaries and scripts possible; hopefully NUL will be a first class object. BAT is gone on Vista, and PowerShell is Object shell scripting (with LOTS of gotchas). HHH From wk at gnupg.org Wed May 9 10:59:23 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 09 May 2007 10:59:23 +0200 Subject: W32 version tries to write to /dev/null In-Reply-To: <4640B139.7050708@digital-signal.net> (Andrew Berg's message of "Tue\, 08 May 2007 12\:19\:53 -0500") References: <463F3EA7.2080800@digital-signal.net> <87ejls5uo9.fsf@wheatstone.g10code.de> <4640B139.7050708@digital-signal.net> Message-ID: <87fy66cqz8.fsf@wheatstone.g10code.de> On Tue, 8 May 2007 19:19, bahamut at digital-signal.net said: > How would that help? /dev/nul can't exist on a Windows system either. Used to work with some old MSDOS version. Just checked, does not work with XP - I'll change it to just "nul". Salam-Shalom, Werner From pg at futureware.at Sat May 5 18:16:53 2007 From: pg at futureware.at (Philipp =?utf-8?q?G=C3=BChring?=) Date: Sat, 5 May 2007 18:16:53 +0200 Subject: need a lot of entropies - help me pls :) In-Reply-To: <5419f2d0705050659h7b0b5972k7f0db9af0639e142@mail.gmail.com> References: <5419f2d0705050659h7b0b5972k7f0db9af0639e142@mail.gmail.com> Message-ID: <200705051816.54988.pg@futureware.at> Hi, Here you have a list of random number generators that are available on the market: http://www.cacert.at/cgi-bin/rngresults You can filter the whole list for hardware/software and the speed you need. Best regards, Philipp G?hring From wk at gnupg.org Wed May 9 12:58:43 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 09 May 2007 12:58:43 +0200 Subject: [Announce] GnuPG 2.0.4 released Message-ID: <87lkfyb6vw.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.4 This is maintenance release with a few minor enhancements. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.7) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.4 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and ist mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.4.tar.bz2 (3491k) gnupg-2.0.4.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.3-2.0.4.diff.bz2 (237k) A patch file to upgrade a 2.0.3 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.4.tar.bz2 you would use this command: gpg --verify gnupg-2.0.4.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.4.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.4.tar.bz2 and check that the output matches the first line from the following list: cc230636bb4226f6d7ac2db9b259d8e7f5529f84 gnupg-2.0.4.tar.bz2 9f1ad40f88ef567498b07dab718defc2ac319c35 gnupg-2.0.3-2.0.4.diff.bz2 What's New =========== * The server mode key listing commands are now also working for systems without the funopen/fopencookie API. * PKCS#12 import now tries several encodings in case the passphrase was not utf-8 encoded. New option --p12-charset for gpgsm. * Improved the libgcrypt logging support in all modules. Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings most translations are not entirely complete. The Swedish, Turkish, German and Russian translations close to be complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG. In fact it has been developed along with the Kmail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and as an PDF at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. The GnuPG service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Marcus, Werner and all other contributors) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070509/6d957c08/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From yochanon at localnet.com Thu May 10 07:08:50 2007 From: yochanon at localnet.com (John B) Date: Thu, 10 May 2007 00:08:50 -0500 Subject: Second problem...gpg or kgpg? In-Reply-To: <1177698249.11212.16.camel@linux.site> References: <200704060129.38524.yochanon@localnet.com> <1177698249.11212.16.camel@linux.site> Message-ID: <200705100008.50085.yochanon@localnet.com> On Fri 27 April 07 13:24, Carl wrote: > On Fri, 2007-04-06 at 01:29 -0500, John B wrote: > > Hi again, > > > > Out of the blue, it seems kgpg doesn't see my .gnupg directory. I > > opened it up the other day just to check something, and it showed no keys > > at all. I went into the settings and all it allows is to see my /home/me > > directory which has a couple of .asc keys(?) in it but had no gpg.conf > > file until I imported the .asc keys. > > Is there a way to fix what's going on? Has this happened to anyone > > else? I did absolutely nothing with gpg or kgpg...no updates (other than > > the SuSE security update 2 or 3 months ago IIRR) to either of them. Still > > with 1.4.1 I think it is and was working fine until I happened to see it > > the other day. Sorry I'm not too good at explaining myself, but if > > there's any more info needed, it's easier if someone asks me and then > > I'll know better what needs to be said about my problem. > > Which version Suse and version of KGPG. I do wish they would Seahorse > its better than kgpg SuSE 9.3 and Kgpg 1.2.1. I've never had a problem with kgpg before, in almost 4 years now, but if I can't figure out what's wrong all of a sudden with it like this, I'm going to look hard into that Seahorse, heh. -- "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Benjamin Franklin "Those who hammer their guns into plows will plow for those who do not." Thomas Jefferson -- "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Benjamin Franklin "Those who hammer their guns into plows will plow for those who do not." Thomas Jefferson From alon.barlev at gmail.com Thu May 10 06:55:38 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Thu, 10 May 2007 07:55:38 +0300 Subject: [Announce] GnuPG 2.0.4 released In-Reply-To: <87lkfyb6vw.fsf@wheatstone.g10code.de> References: <87lkfyb6vw.fsf@wheatstone.g10code.de> Message-ID: <9e0cf0bf0705092155y8acb3dei68ef96303b992aa7@mail.gmail.com> On 5/9/07, Werner Koch wrote: > Hello! > > We are pleased to announce the availability of a new stable GnuPG-2 > release: Version 2.0.4 Hello Werner, What about some issues regarding the environment: http://bugs.gentoo.org/show_bug.cgi?id=165493 And issues regarding gpgme? https://bugs.g10code.com/gnupg/issue772 http://lists.gnupg.org/pipermail/gnupg-devel/2007-February/023676.html Regards, Alon Bar-Lev. From wk at gnupg.org Thu May 10 09:57:58 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 10 May 2007 09:57:58 +0200 Subject: [Announce] GnuPG 2.0.4 released In-Reply-To: <9e0cf0bf0705092155y8acb3dei68ef96303b992aa7@mail.gmail.com> (Alon Bar-Lev's message of "Thu\, 10 May 2007 07\:55\:38 +0300") References: <87lkfyb6vw.fsf@wheatstone.g10code.de> <9e0cf0bf0705092155y8acb3dei68ef96303b992aa7@mail.gmail.com> Message-ID: <87d519860p.fsf@wheatstone.g10code.de> On Thu, 10 May 2007 06:55, alon.barlev at gmail.com said: > What about some issues regarding the environment: > http://bugs.gentoo.org/show_bug.cgi?id=165493 I don't understand what this is about. If there is a generic problem with pinentry, please add it to our bug tracker. This seems to be gentoo problem. > And issues regarding gpgme? > https://bugs.g10code.com/gnupg/issue772 Where is the problem? It has been fixed. Salam-Shalom, Werner p.s. Your MUA does not honor the MFT header. From alon.barlev at gmail.com Thu May 10 10:10:30 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Thu, 10 May 2007 11:10:30 +0300 Subject: [Announce] GnuPG 2.0.4 released In-Reply-To: <87d519860p.fsf@wheatstone.g10code.de> References: <87lkfyb6vw.fsf@wheatstone.g10code.de> <9e0cf0bf0705092155y8acb3dei68ef96303b992aa7@mail.gmail.com> <87d519860p.fsf@wheatstone.g10code.de> Message-ID: <9e0cf0bf0705100110o6102fd80hb3ceef747b6d8063@mail.gmail.com> On 5/10/07, Werner Koch wrote: > On Thu, 10 May 2007 06:55, alon.barlev at gmail.com said: > > > What about some issues regarding the environment: > > http://bugs.gentoo.org/show_bug.cgi?id=165493 > > I don't understand what this is about. If there is a generic problem > with pinentry, please add it to our bug tracker. This seems to be > gentoo problem. I tried to... but could not find anyway I can open issue in your bug tracker. Now I see I can... Strange... It is not Gentoo problem, you have the same report at other distors: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401957 I wish developers will stop saying this one... > > And issues regarding gpgme? > > https://bugs.g10code.com/gnupg/issue772 > > Where is the problem? It has been fixed. When, in which component gpg or gpgme? Very difficult to understand something from the description. It is in testing status for a long time. Alon From wk at gnupg.org Thu May 10 12:37:00 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 10 May 2007 12:37:00 +0200 Subject: [Announce] GnuPG 2.0.4 released In-Reply-To: <9e0cf0bf0705100110o6102fd80hb3ceef747b6d8063@mail.gmail.com> (Alon Bar-Lev's message of "Thu\, 10 May 2007 11\:10\:30 +0300") References: <87lkfyb6vw.fsf@wheatstone.g10code.de> <9e0cf0bf0705092155y8acb3dei68ef96303b992aa7@mail.gmail.com> <87d519860p.fsf@wheatstone.g10code.de> <9e0cf0bf0705100110o6102fd80hb3ceef747b6d8063@mail.gmail.com> Message-ID: <874pml7ynn.fsf@wheatstone.g10code.de> On Thu, 10 May 2007 10:10, alon.barlev at gmail.com said: > I tried to... but could not find anyway I can open issue in your bug tracker. > Now I see I can... Strange... Should be possible. The first spammer actually achieved it to :-(. > It is not Gentoo problem, you have the same report at other distors: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=401957 Okay, that is a much clearer report. However, I am not able to replicate it. I am using the gtk2 pinentry for a year or so now. > When, in which component gpg or gpgme? > Very difficult to understand something from the description. > It is in testing status for a long time. gnupg/g10/ 2007-04-26 Marcus Brinkmann * passphrase.c (passphrase_to_dek): Write missing passphrase status message in case of cancellation. That's all AFAICS. Shalom-Salam, Werner From alon.barlev at gmail.com Thu May 10 12:46:31 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Thu, 10 May 2007 13:46:31 +0300 Subject: [Announce] GnuPG 2.0.4 released In-Reply-To: <874pml7ynn.fsf@wheatstone.g10code.de> References: <87lkfyb6vw.fsf@wheatstone.g10code.de> <9e0cf0bf0705092155y8acb3dei68ef96303b992aa7@mail.gmail.com> <87d519860p.fsf@wheatstone.g10code.de> <9e0cf0bf0705100110o6102fd80hb3ceef747b6d8063@mail.gmail.com> <874pml7ynn.fsf@wheatstone.g10code.de> Message-ID: <9e0cf0bf0705100346n78ab450ayf3f6117561d30c42@mail.gmail.com> On 5/10/07, Werner Koch wrote: > Okay, that is a much clearer report. However, I am not able to > replicate it. I am using the gtk2 pinentry for a year or so now. I cannot replicate it too... It seem like a race condition... Alon. From dan at linux.it Wed May 9 16:37:54 2007 From: dan at linux.it (Daniele Cortesi) Date: Wed, 9 May 2007 16:37:54 +0200 Subject: Smartcard & expiring keys Message-ID: <20070509143754.GD6057@smtp.tiscali.it> Hello everybody, I have a question about GPG & smartcard with keys expiring after a limited period of time. Please address me directly in the answers because I'm not subscribed to the list. This is the situation: I use gpg with subkeys (sign & encrypt) on a smartcard, the main key is removed and saved offline. The subkeys expire after one year and now it's time to replace them. To do this operation I took the original keyring, with my complete secret key, and created two new keys with the "addcardkey" command, as usual with a one year lifetime. After that I removed again the secret keys from the working keyring and know I correctly have the new two key stubs in my working-keyring. Everything works fine. Let's get to the point: the next year, when this new keys will expire, I will have to create new keys and to do this I'll have to replace the keys on the smartcard which are not saved elsewhere. This means that after that operation I won't be able to read past encrypted messages anymore, am I correct? The only solution that comes to my mind is to NOT create the subkeys directly on the smartcard but to create them on the PC and then save them in the "master" keyring before moving them off the working-keyring into the smartcard. This way they will be always available in the "master" keyring. Is this to proper way to operate? Is there a better way to do the same? The idea of creating the keys off-smartcard seems to me a little stupid, as the smartcard was created for that. Maybe it's better to avoid limited lifetime on smartcard-keys? Thanks for any idea. Regards, dan -- JID: dan at jabber.linux.it (http://www.jabber.org) mailto:JID-"jabber." and remember: respect is everything . . . . . . . . . . . free your mind From yonaton at localnet.com Wed May 9 19:09:17 2007 From: yonaton at localnet.com (JB2) Date: Wed, 9 May 2007 12:09:17 -0500 Subject: Second problem...gpg or kgpg? In-Reply-To: <1177698249.11212.16.camel@linux.site> References: <200704060129.38524.yochanon@localnet.com> <1177698249.11212.16.camel@linux.site> Message-ID: <200705091209.17719.yonaton@localnet.com> On Fri 27 April 07 13:24, Carl wrote: > On Fri, 2007-04-06 at 01:29 -0500, John B wrote: > > Hi again, > > > > Out of the blue, it seems kgpg doesn't see my .gnupg directory. I > > opened it up the other day just to check something, and it showed no keys > > at all. I went into the settings and all it allows is to see my /home/me > > directory which has a couple of .asc keys(?) in it but had no gpg.conf > > file until I imported the .asc keys. > > Is there a way to fix what's going on? Has this happened to anyone > > else? I did absolutely nothing with gpg or kgpg...no updates (other than > > the SuSE security update 2 or 3 months ago IIRR) to either of them. Still > > with 1.4.1 I think it is and was working fine until I happened to see it > > the other day. Sorry I'm not too good at explaining myself, but if > > there's any more info needed, it's easier if someone asks me and then > > I'll know better what needs to be said about my problem. > > Which version Suse and version of KGPG. I do wish they would Seahorse > its better than kgpg SuSE 9.3 and Kgpg 1.2.1. I've never had a problem with kgpg before, in almost 4 years now, but if I can't figure out what's wrong all of a sudden with it like this, I'm going to look hard into that Seahorse, heh. -- "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Benjamin Franklin "Those who hammer their guns into plows will plow for those who do not." Thomas Jefferson From bernhard at intevation.de Thu May 10 13:02:13 2007 From: bernhard at intevation.de (Bernhard Reiter) Date: Thu, 10 May 2007 13:02:13 +0200 Subject: gpgpgsm merging public kbx / exporting all keys Message-ID: <200705101302.16457.bernhard@intevation.de> Hi, having two machines I would want to merge my public x509 certificates from one to the other. Another use case would be backup purposes. What is the recommended way doing this? I found one and I believe this should be better documented. gpgsm --export >exported-x509-keys does not work. gpgsm: exporting more than one certificate is not possible in binary mode Oka so gpgsm --armor --export >exported-x509-keys and gpgsm --import exported-x509-keys works. While doing so I looked up the documentation "export [PATTERN]" and searching for PATTERN did not result into the section that explains how to select a user id. I suggest to add a sentence which contains "PATTERN" to this section. Also with gpg you can just gpg --import pubring.gpg which makes merging a lot easier. For the gpg trust-list there are command line options for exporting and importing. So I would suggest to add least add the example of the recommended way to the manual and textinfo documentation. I searched way to long to find this way. Best, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1310 bytes Desc: not available Url : /pipermail/attachments/20070510/fc40c213/attachment.bin From mrwchandler84 at yahoo.com Thu May 10 20:33:14 2007 From: mrwchandler84 at yahoo.com (Donald Wayne Chandler) Date: Thu, 10 May 2007 13:33:14 -0500 Subject: Smartcard not recognized Message-ID: <4643656A.90208@yahoo.com> Hi, I've been unable to access my smartcard since switching to Linux. I'm running Ubuntu 7.04, Thunderbird 2.0, Enigmail 0.95, gpg 2.0.4 and gpg 1.4.7. I know Linux will support it, and would really appreciate some ideas on where the problem lies. :~$ gpg2 --card-status scdaemon[6606]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[6606]: apdu_send_simple(0) failed: general error scdaemon[6606]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[6606]: apdu_send_simple(0) failed: general error scdaemon[6606]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[6606]: apdu_send_simple(0) failed: general error scdaemon[6606]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[6606]: apdu_send_simple(0) failed: general error scdaemon[6606]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[6606]: apdu_send_simple(0) failed: general error scdaemon[6606]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[6606]: apdu_send_simple(0) failed: general error scdaemon[6606]: pcsc_transmit failed: not transacted (0x80100016) scdaemon[6606]: apdu_send_simple(0) failed: general error scdaemon[6606]: no supported card application found: General error gpg-agent[6605]: command learn failed: General error gpg: OpenPGP card not available: General error scdaemon[6606]: updating status of slot 0 to 0x0007 scdaemon[6606]: client pid is 6605, sending signal 12 :~$ scdaemon[6606]: scdaemon (GnuPG) 2.0.4 stopped :~$ gpg --card-status gpg: detected reader `Cherry XX33 00 00' gpg: pcsc_transmit failed: not transacted (0x80100016) gpg: apdu_send_simple(0) failed: general error Please insert the card and hit return or enter 'c' to cancel: gpg: pcsc_transmit failed: not transacted (0x80100016) gpg: apdu_send_simple(0) failed: general error Please insert the card and hit return or enter 'c' to cancel: c gpg: selecting openpgp failed: general error gpg: OpenPGP card not available: general error -- Donald Wayne Chandler mrwchandler84 at yahoo.com GPG KeyID: 0x4A00352C From hawke at hawkesnest.net Thu May 10 20:03:47 2007 From: hawke at hawkesnest.net (Alex Mauer) Date: Thu, 10 May 2007 13:03:47 -0500 Subject: Smartcard & expiring keys In-Reply-To: <20070509143754.GD6057__25584.8355046057$1178813200$gmane$org@smtp.tiscali.it> References: <20070509143754.GD6057__25584.8355046057$1178813200$gmane$org@smtp.tiscali.it> Message-ID: <46435E83.5070505@hawkesnest.net> Daniele Cortesi wrote: > > Let's get to the point: the next year, when this new keys will expire, I > will have to create new keys and to do this I'll have to replace the > keys on the smartcard which are not saved elsewhere. This means that > after that operation I won't be able to read past encrypted messages > anymore, am I correct? Correct. For this reason I for one do not use an encryption key on a smartcard; I use the smartcard only for signing and authentication. This also applies to damage/loss of the smartcard: once that privkey is gone you can't read emails encrypted with it. At the very least, it's probably better to generate the key outside of the smartcard and then import it. This way in addition to still being able to decrypt messages with an expired key, you also get a backup (which is of course relatively easy to keep offline: keep it on a USB key, print it out, whatever) -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070510/d6376b76/attachment.pgp From rjh at sixdemonbag.org Fri May 11 04:56:52 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 10 May 2007 21:56:52 -0500 Subject: Callas on PRZ Message-ID: "[PRZ is] out of surgery, doing well, and the doctors say he'll be better than he's been for ten years." Jon Callas, on ietf-openpgp I have no further information. Please keep PRZ in your thoughts, prayers, and superstitions, as appropriate to your beliefs and/or lack thereof. :) From wk at gnupg.org Fri May 11 10:29:56 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 11 May 2007 10:29:56 +0200 Subject: gpgpgsm merging public kbx / exporting all keys In-Reply-To: <200705101302.16457.bernhard@intevation.de> (Bernhard Reiter's message of "Thu\, 10 May 2007 13\:02\:13 +0200") References: <200705101302.16457.bernhard@intevation.de> Message-ID: <874pmj69vf.fsf@wheatstone.g10code.de> On Thu, 10 May 2007 13:02, bernhard at intevation.de said: > gpgsm --export >exported-x509-keys > does not work. > gpgsm: exporting more than one certificate is not possible in binary mode That is because most X.509 tools will take only the first ANS.1 object and ignore any concatenated objects. This is actually correct for an ASN.1 based system. There is no widely used standard for putting severeal keys int one object, thus we better allow only for one key. > gpgsm --armor --export >exported-x509-keys > and gpgsm --import exported-x509-keys works. ...no standard except for PEM encoded certificates - thus this works. > While doing so I looked up the documentation "export [PATTERN]" > and searching for PATTERN did not result into the section that > explains how to select a user id. I suggest to add a sentence > which contains "PATTERN" to this section. Reads now: `--export [PATTERN]' Export all certificates stored in the Keybox or those specified by the optional PATTERN. Those pattern consist of a list of user ids (*note how-to-specify-a-user-id::). When used along with the `--armor' option a few informational lines are prepended before each block. There is one limitation: As there is no commonly agreed upon way to pack more than one certificate into an ASN.1 structure, the binary export (i.e. without using `armor') works only for the export of one certificate. Thus it is required to specify a PATTERN which yields exactly one certificate. > Also with gpg you can just > gpg --import pubring.gpg which makes merging a lot easier. Most people here can guess my reply: No, no, no. This is an undocumented feature which works only due to the coincidence that the external and internal format is very similar. The inetrnal format may be changed at any time. The only way to access the keyrings is by using --import and export. > For the gpg trust-list there are command line options for exporting > and importing. So I would suggest to add least add the example > of the recommended way to the manual and textinfo documentation. You mean: Howto migrate a key from one system to the other? Well, I can add a short howto. The new GnuPG manual has anyway a section with hotwos. Salam-Shalom, Werner From peter at digitalbrains.com Fri May 11 14:53:26 2007 From: peter at digitalbrains.com (Peter Lebbing) Date: Fri, 11 May 2007 14:53:26 +0200 Subject: Secure text editor? Message-ID: <46446746.4000502@digitalbrains.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, I want to have a text file with personal data in it, which I encrypt to myself, and decrypt to view and edit. However, to do that securely, I need an editor which will not leak the text in any way, so locking it's pages in memory so they won't be swapped out, and other angles of attack. In short, an editor written with security in mind, suitable for editing sensitive data. It's okay if it does that on plaintext files, I suppose, I can encrypt and wipe the original to get rid of that, or do I miss something there? My workstation runs Windows, but I think I would prefer a tool that works under Linux too (possibly under Cygwin in Windows). It would be cool if it integrated with GnuPG so I don't have to manually en- and decrypt, but it's not a demand unless, like I said, I missed some vector of attack. Does anybody know an editor that's up to the job? Regards, Peter Lebbing. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRkRnRfqr/97I5g4/AQJXvAP9Hv9W42aZ1Ej3pJHEkGVg0IdvLAeqpTOr id8zJc3RBuGdFTLEroiGX7A522/mzkzqeaphB/M63si/w2Og2TMldCU3D5mR08pA Ytq4JjiH6DKC7nabJTl+3U9BpQ0lnkRe5gxpT0BcSM2domW90B5xMTFjNtu4qyND Zphitc/eHWM= =7hRv -----END PGP SIGNATURE----- From jbruni at mac.com Fri May 11 17:39:14 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Fri, 11 May 2007 08:39:14 -0700 Subject: Secure text editor? In-Reply-To: <46446746.4000502@digitalbrains.com> References: <46446746.4000502@digitalbrains.com> Message-ID: It is a requirement that the files themselves be encrypted individually or would it suffice to use an encrypted file system? Since you are only encrypting in place and not transferring the documents to another individual, there is probably no need to use public-key encryption. Any tool that does AES-128 or the like would suffice. On Mac OS X, I have the ability to use an encrypted disk image in which to store various documents, but I'm not aware of any editors that do explicit encryption/decryption as part of their read/write functions. On May 11, 2007, at 5:53 AM, Peter Lebbing wrote: > Hello all, > > I want to have a text file with personal data in it, which I > encrypt to > myself, and decrypt to view and edit. However, to do that securely, > I need > an editor which will not leak the text in any way, so locking it's > pages in > memory so they won't be swapped out, and other angles of attack. In > short, > an editor written with security in mind, suitable for editing > sensitive > data. It's okay if it does that on plaintext files, I suppose, I > can encrypt > and wipe the original to get rid of that, or do I miss something > there? > > My workstation runs Windows, but I think I would prefer a tool that > works > under Linux too (possibly under Cygwin in Windows). It would be > cool if it > integrated with GnuPG so I don't have to manually en- and decrypt, > but it's > not a demand unless, like I said, I missed some vector of attack. > > Does anybody know an editor that's up to the job? > > Regards, > > Peter Lebbing. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2508 bytes Desc: not available Url : /pipermail/attachments/20070511/9e92deae/attachment.bin From malayter at gmail.com Fri May 11 19:47:13 2007 From: malayter at gmail.com (Ryan Malayter) Date: Fri, 11 May 2007 12:47:13 -0500 Subject: Secure text editor? In-Reply-To: References: <46446746.4000502@digitalbrains.com> Message-ID: <5d7f07420705111047y99a0887h5a8dabd2dde68f57@mail.gmail.com> On 5/11/07, Joseph Oreste Bruni wrote: > It is a requirement that the files themselves be encrypted > individually or would it suffice to use an encrypted file system? It seems you really want/need a *full-disk* encryption solution, so that any temporary files and system pagefiles are also encrypted. We use the commercial PGP solution for that, but there are other options for Windows. The solutions are very OS-specific, though; on Linux there are quite a few free choices of varying complexity and quality. Truecrypt is somewhat cross-platform, and makes good encrypted file containers, but it won't encrypt the pagefile, or your system's security databases/password files (Linux or Windows). -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From grove.jane at gmail.com Sat May 12 03:38:23 2007 From: grove.jane at gmail.com (jane grove) Date: Fri, 11 May 2007 20:38:23 -0500 Subject: Encrypt with key ID Message-ID: Hello, What is the GPG command to use a recipient's key ID to encrypt files? I tried the following command but it didn't work: gpg --batch -ea filename keyid Thanks! From JPClizbe at tx.rr.com Sat May 12 04:20:49 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Fri, 11 May 2007 21:20:49 -0500 Subject: Encrypt with key ID In-Reply-To: References: Message-ID: <46452481.4050802@tx.rr.com> jane grove wrote: > Hello, > What is the GPG command to use a recipient's key ID to encrypt files? > I tried the following command but it didn't work: > gpg --batch -ea filename keyid Almost... gpg --batch -ea -r keyid filename repeat -r as often as needed. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070511/29fb879f/attachment-0001.pgp From z.himsel at gmail.com Mon May 14 00:32:42 2007 From: z.himsel at gmail.com (Zach Himsel) Date: Sun, 13 May 2007 18:32:42 -0400 Subject: Secure text editor? In-Reply-To: <46446746.4000502@digitalbrains.com> References: <46446746.4000502@digitalbrains.com> Message-ID: <8d5f78b30705131532o5cdd4d36rdeaa9ad2d994b8d0@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/11/07, Peter Lebbing wrote: > Does anybody know an editor that's up to the job? On 5/11/07, Joseph Oreste Bruni wrote: > Since you are only encrypting in place and not transferring the > documents to another individual, there is probably no need to use > public-key encryption. Any tool that does AES-128 or the like would > suffice. There is a small program called Locknote (tinyurl.com/25q3m2). It is a Windows executable (AFAIK it does not work on Linux, unless Wine would work). It is a simple text editor that encrypts itself when you close it. I'm not sure how secure it is, but it seems alright (256-bit AES symmetric). I just wanted to put that out there if you wanted to try it. Note: the executable file saves to itself (the editor itself is the document) so i'd make a backup of the original executable to make more docs. - -- Zach Himsel |_|0|_| ----------- OpenPGP Key: 0x9A1DFCAC ----------- |_|_|0| () I support the **ASCII Ribbon Campaign** |0|0|0| /\ (against html mail & proprietary attachments) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.61 Comment: Zach Himsel iQEVAwUBRkeR/ra4sKCaHfysAQLZMwf9EBeXZSI809p/XKI7ouaQO3UgGUMmOUfu wiSiRSyssQrO6Nzgay+CXtunpGAKjwAgVxP8Qd5GPvq7Dx6U66Ajzn6uzJZN2NJ9 kImGIZl0YcXPxeBBB5x3RCvWreRjnaRDYcc8gqi/lHowEPA0ZVgI4a/FNNebJGo8 qRj7+VIafLHty6C1bMLM3th/QvhsEw1JOk8nm6EVMYhPJg6N89X8R2eJfwmWvbB+ 5+MJv2KdKcwMrNcCq/YHL3Juz1keBEgePdI0ZUu6/QJ0J2Jt+BbhkX2PLa/cMqYU YJH3YTjSGrESvfiRB/h4iyn1ct/5hEzWYHm1PGV/l5mGOe10ayHCqQ== =63jJ -----END PGP SIGNATURE----- From groups at caseyljones.net Mon May 14 10:44:51 2007 From: groups at caseyljones.net (Casey Jones) Date: Mon, 14 May 2007 01:44:51 -0700 Subject: Old PC as Hardware Security Module? Message-ID: <46482183.20004@caseyljones.net> Does anyone know of software available to make an old PC into something like a hardware security module. OpenHSM.org looks like what I want, but the site says they're still in the design phase, and the last update was in 2004. I can't stand the thought of storing my private key on my main computer. I use my main computer for things like web browsing and email, which I think puts its security in serious jeopardy. I think a separate computer which has only a single function, would be a valuable increase in security. I've been considering getting an OpenPGP Card, but there are three reasons I'm reluctant to. The main one is that I want something that will only do one signature or decryption at a time. That way if my machine is compromised, I'll only suffer one hit before I'll notice something's wrong. Can the OpenPGP Card be set to do one operation per pin entry when used with a card reader that has a keypad? This seems like such a useful feature to me that I'm surprised smart card manufacturers don't embed little buttons near the edge of the smart card. The second reason is that I generally prefer open source security software. It seems the OpenPGP Card relies on the proprietary BasicCard operating system. Finally, it looks like the OpenPGP Card costs about 26.4 Euros (about $36) shipped from Europe. That's a little high for me right now. There are two other minor issues. I'd prefer my keys be encrypted when not in use, so that if my device falls into the wrong hands, I won't have to worry too much. Does the OpenPGP Card encrypt the keys while stored on the card? Also, the OpenPGP Card appears to be from a german organization, like the one that developed the Java Anonymous Proxy, and was forced by the german government to back door the software. Does the german government still consider it legal to force programmers to back door their software? I heard they were appealing it, but I never heard how that all turned out. With governments accusing each other of stealing proprietary info and such, I think I'd like to just keep my private key private. Does anyone know if any other democratic governments consider it legal to force programmers to incorporate back doors? Thanks, Casey From email at sven-radde.de Mon May 14 12:16:21 2007 From: email at sven-radde.de (Sven Radde) Date: Mon, 14 May 2007 12:16:21 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: <46482183.20004@caseyljones.net> References: <46482183.20004@caseyljones.net> Message-ID: <464836F5.7050604@sven-radde.de> Hi! Casey Jones schrieb: > Does anyone know of software available to make an old PC into something > like a hardware security module. What about Knoppix? It supports GnuPG and you can easily have your keys on a (dedicated) USB drive while booting your (regular or dedicated) PC with Knoppix to do crypto operations. cu, Sven From thomas-ml at vollmeronline.de Mon May 14 10:31:07 2007 From: thomas-ml at vollmeronline.de (Thomas Vollmer) Date: Mon, 14 May 2007 10:31:07 +0200 Subject: Secure text editor? In-Reply-To: <46446746.4000502@digitalbrains.com> References: <46446746.4000502@digitalbrains.com> Message-ID: <200705141031.12150.thomas-ml@vollmeronline.de> On Freitag, 11. Mai 2007, Peter Lebbing wrote: > Hello all, Hi, > I want to have a text file with personal data in it, which I encrypt > to myself, and decrypt to view and edit. However, to do that securely, > I need an editor which will not leak the text in any way, so locking [...] > decrypt, but it's not a demand unless, like I said, I missed some > vector of attack. > > Does anybody know an editor that's up to the job? I use my standard text edit for this. It is vim with the gnupg plugin from Markus Braun ( http://vim.sourceforge.net/scripts/script.php?script_id=661 ) installed. Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : /pipermail/attachments/20070514/53e950a5/attachment.pgp From rjh at sixdemonbag.org Mon May 14 12:37:57 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 14 May 2007 05:37:57 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <46482183.20004@caseyljones.net> References: <46482183.20004@caseyljones.net> Message-ID: <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> > Does anyone know of software available to make an old PC into > something > like a hardware security module. What particular type of HSM do you mean? > I can't stand the thought of storing my private key on my main > computer. > I use my main computer for things like web browsing and email, which I > think puts its security in serious jeopardy. I think a separate > computer > which has only a single function, would be a valuable increase in > security. I'm assuming you're doing something incredibly high-value, like storing nuclear weapon release codes or voting data or mortgage contracts or classified material or... etc. If that's the case, then you need to talk to a professional and not the sort of more or less anonymous advice you're likely to get from a mailing list. If you're not doing these incredibly high-value things, then you may want to rethink your threat model. This appears to be excessive overkill for most threat models I can imagine. I'm certainly not going to tell you that you shouldn't be doing these things. I don't know you and I don't know what you face. All that I'm doing is asking you to sit down and think critically about your model. I hope I can do that without sounding dismissive of your concerns. > I've been considering getting an OpenPGP Card, but there are three > reasons I'm reluctant to. The main one is that I want something that > will only do one signature or decryption at a time. That way if my > machine is compromised, I'll only suffer one hit before I'll notice > something's wrong. The OpenPGP card actually gives you a substantial advantage in this situation. Let's say that you're running GnuPG on a PC and I'm able to subvert the box. I put in a keylogger and snarf your passphrase. I also copy your private keyring and mailspool off the box. I can now read your mail without ever touching it, except to copy a couple of files and install a small app. You're none the wiser. Compare this to an OpenPGP card, where I have to find you in a dark alley and have a conversation with your kneecaps to get your card and PIN. You will most probably know that something has happened to you. > There are two other minor issues. I'd prefer my keys be encrypted when > not in use, so that if my device falls into the wrong hands, I won't > have to worry too much. Does the OpenPGP Card encrypt the keys while > stored on the card? To my understanding, the OpenPGP card is tamper-resistant. That's not to say it's tamper-proof, but it would require substantial work to get access. I would not worry too much if your card fell into the wrong hands, unless those wrong hands happen to belong to a First World intelligence service, a major international corporation, or some ambitious CompSci or EE graduate students. > Also, the OpenPGP Card appears to be from a german organization, like > the one that developed the Java Anonymous Proxy, and was forced by the > german government to back door the software. Does the german > government > still consider it legal to force programmers to back door their > software? You do know that Werner Koch, one of the central developers of GnuPG, is German, right? And that GnuPG at one point took some funding (long since spent) from the German government? If you're concerned about Germany involving itself in the crypto software business, you should probably not use GnuPG. That said, I am not concerned about this. > With governments accusing each other of stealing proprietary > info and such Governments accuse each other of stealing classified material. Corporations accuse each other of stealing proprietary material. > Does anyone know if any other democratic governments consider it legal > to force programmers to incorporate back doors? Force? No, I can't think of a single one. Not even the UK's ridiculous Regulation of Investigatory Powers Act (RIPA) went that far. On the other hand, they can certainly attempt to persuade. Patriotism, vanity, greed, fear... there are many ways to motivate someone to cooperate with you. Governments are generally very good at persuasion. From rjh at sixdemonbag.org Mon May 14 13:45:32 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 14 May 2007 06:45:32 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <871whjhc1w.fsf@mocca.josefsson.org> References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> Message-ID: > What prevents the keylogger in your first example to snarf the PIN > code > for the OpenPGP card and send decryption requests to the OpenPGP card, > using the PIN code, in the background, possibly remotely controlled > over > the network? There exist cryptographic smart cards you can actually be safe against this kind of attack with. They're pretty cool. I don't know if the OpenPGP card is one of them or not, but it's at least possible with a smartcard. It's not possible with a PC-controlled setup--at least, not without a ton of specialized hardware. > I think smart cards in general are somewhat over-rated. You have no > idea what they are signing, and the authorization control (PIN > code) is > easy to get by with a trojan. My objection to smartcards is more on the basis of RSA-1024 being too short for long-term security, but hey. The question isn't whether smart cards are secure--nothing that's got that much RAM and processor power ever is--but whether smart cards are a security improvement. On that one, I think they have the potential to bring substantial amounts of win to certain kinds of environments. To other kinds of environments, they don't. C'est la vie. From groups at caseyljones.net Mon May 14 14:14:22 2007 From: groups at caseyljones.net (Casey Jones) Date: Mon, 14 May 2007 05:14:22 -0700 Subject: Old PC as Hardware Security Module? In-Reply-To: <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> Message-ID: <4648529E.9050103@caseyljones.net> Robert J. Hansen wrote: >> Does anyone know of software available to make an old PC into something >> like a hardware security module. > > What particular type of HSM do you mean? Basically I'm looking for something that does what the OpenPGP Card does, but with a button to limit signatures and decryptions. It could be implemented as just an application on a regular operating system running on a dedicated computer. I'm not willing to pay for something with intricate physical anti-tampering protection like the typical professional HSMs. I might try making a variation of the open-openpgp-card. My version might be USB or it might be like one of those homemade smart cards that are longer than a regular smart card so they can use a regular thickness microcontroller sticking out on the end. One like that would have room for a button. It would also save me having to boot a separate computer when I wanted to use it. >> I can't stand the thought of storing my private key on my main computer. >> I use my main computer for things like web browsing and email, which I >> think puts its security in serious jeopardy. I think a separate computer >> which has only a single function, would be a valuable increase in >> security. > > I'm assuming you're doing something incredibly high-value, like storing > nuclear weapon release codes or voting data or mortgage contracts or > classified material or... etc. If that's the case, then you need to > talk to a professional and not the sort of more or less anonymous advice > you're likely to get from a mailing list. > > If you're not doing these incredibly high-value things, then you may > want to rethink your threat model. This appears to be excessive > overkill for most threat models I can imagine. It seems to me that there is a very significant chance that my system could get owned some time. I don't think it takes much more than a zero day exploit in Firefox combined with a visit to the wrong site to get rooted. An exploit for Thunderbird in an email could also do it. Or worse, a buffer overflow in the tcp/ip stack like the one in OpenBSD recently. I don't know, but I'd think it would be common practice for a root kit to install a keylogger and to send off copies of the private keys. Does that threat model make me paranoid? I don't think it does, but then paranoids often can't tell. >> I've been considering getting an OpenPGP Card, but there are three >> reasons I'm reluctant to. The main one is that I want something that >> will only do one signature or decryption at a time. That way if my >> machine is compromised, I'll only suffer one hit before I'll notice >> something's wrong. > > The OpenPGP card actually gives you a substantial advantage in this > situation. > > Let's say that you're running GnuPG on a PC and I'm able to subvert the > box. I put in a keylogger and snarf your passphrase. I also copy your > private keyring and mailspool off the box. I can now read your mail > without ever touching it, except to copy a couple of files and install a > small app. You're none the wiser. > > Compare this to an OpenPGP card, where I have to find you in a dark > alley and have a conversation with your kneecaps to get your card and > PIN. You will most probably know that something has happened to you. The OpenPGP Card is a valuable addition to security. But even with the OpenPGP Card, everything encrypted to your key on your computer could be exposed, even by an automated rootkit. And if you get targeted personally, signatures could be made from your key without your authorization. >> There are two other minor issues. I'd prefer my keys be encrypted when >> not in use, so that if my device falls into the wrong hands, I won't >> have to worry too much. Does the OpenPGP Card encrypt the keys while >> stored on the card? > > To my understanding, the OpenPGP card is tamper-resistant. That's not > to say it's tamper-proof, but it would require substantial work to get > access. I would not worry too much if your card fell into the wrong > hands, unless those wrong hands happen to belong to a First World > intelligence service, a major international corporation, or some > ambitious CompSci or EE graduate students. Yes, smart cards have pretty decent tamper protection for a low security application like mine. Although when I read Kommerling and Kuhn's 1999 article http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf I was a little surprised how easily lightly-protected dies can be compromised. >> Also, the OpenPGP Card appears to be from a german organization, like >> the one that developed the Java Anonymous Proxy, and was forced by the >> german government to back door the software. Does the german government >> still consider it legal to force programmers to back door their >> software? > > You do know that Werner Koch, one of the central developers of GnuPG, is > German, right? And that GnuPG at one point took some funding (long > since spent) from the German government? I suspected by his name that he was German. I thought he might be well informed on the issue, and would comment. I'm not too worried about GnuPG because it's open source. But apparently the OpenPGP Card isn't. > If you're concerned about Germany involving itself in the crypto > software business, you should probably not use GnuPG. That said, I am > not concerned about this. What makes you think the German government won't order the OpenPGP Card to be compromised? Either by FSFE or by ZeitControl. Hopefully they've got a law, or at least court precedent against that now. >> With governments accusing each other of stealing proprietary >> info and such > > Governments accuse each other of stealing classified material. > Corporations accuse each other of stealing proprietary material. I heard the EU accused the US of using Echelon to steal designs for windmills. I wouldn't be surprised if lots of countries do such things. From simon at josefsson.org Mon May 14 14:04:46 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 14 May 2007 14:04:46 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: (Robert J. Hansen's message of "Mon\, 14 May 2007 06\:45\:32 -0500") References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> Message-ID: <87bqgnfw69.fsf@mocca.josefsson.org> "Robert J. Hansen" writes: >> What prevents the keylogger in your first example to snarf the PIN >> code >> for the OpenPGP card and send decryption requests to the OpenPGP card, >> using the PIN code, in the background, possibly remotely controlled >> over >> the network? > > There exist cryptographic smart cards you can actually be safe > against this kind of attack with. They're pretty cool. How do they work? I'd expect them to have a button, to authorize signing or decryption, but without a display, you still have no idea what you really sign or decrypt. /Simon From simon at josefsson.org Mon May 14 13:36:27 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 14 May 2007 13:36:27 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> (Robert J. Hansen's message of "Mon\, 14 May 2007 05\:37\:57 -0500") References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> Message-ID: <871whjhc1w.fsf@mocca.josefsson.org> "Robert J. Hansen" writes: >> I've been considering getting an OpenPGP Card, but there are three >> reasons I'm reluctant to. The main one is that I want something that >> will only do one signature or decryption at a time. That way if my >> machine is compromised, I'll only suffer one hit before I'll notice >> something's wrong. > > The OpenPGP card actually gives you a substantial advantage in this > situation. > > Let's say that you're running GnuPG on a PC and I'm able to subvert > the box. I put in a keylogger and snarf your passphrase. I also > copy your private keyring and mailspool off the box. I can now read > your mail without ever touching it, except to copy a couple of files > and install a small app. You're none the wiser. > > Compare this to an OpenPGP card, where I have to find you in a dark > alley and have a conversation with your kneecaps to get your card and > PIN. You will most probably know that something has happened to you. What prevents the keylogger in your first example to snarf the PIN code for the OpenPGP card and send decryption requests to the OpenPGP card, using the PIN code, in the background, possibly remotely controlled over the network? Alternatively, if you think remotely controlling the trojan is difficult, let it iterate through your mail spool and send decryption requests to collect all session keys, and then send the mail spool and the session keys to you. I think smart cards in general are somewhat over-rated. You have no idea what they are signing, and the authorization control (PIN code) is easy to get by with a trojan. To be secure with smart cards, I think you'll need a separate single-purpose device that show you what it is going to sign, and signs it only after getting some credential (e.g., PIN), using its own trusted input device. And there should be no caching of the PIN code, or at least authorization should be required when the PIN cache is accessed. The protocol to the single-purpose device would actually be quite similar to what you would use to a 'old PC acting as HSM' device. The protocol is similar to a serialized PKCS#11 interface with the What You See Is What You Sign extensions. /Simon From groups at caseyljones.net Mon May 14 14:28:40 2007 From: groups at caseyljones.net (Casey Jones) Date: Mon, 14 May 2007 05:28:40 -0700 Subject: Old PC as Hardware Security Module? In-Reply-To: <464836F5.7050604@sven-radde.de> References: <46482183.20004@caseyljones.net> <464836F5.7050604@sven-radde.de> Message-ID: <464855F8.40807@caseyljones.net> Sven Radde wrote: > Casey Jones schrieb: >> Does anyone know of software available to make an old PC into something >> like a hardware security module. > > What about Knoppix? > It supports GnuPG and you can easily have your keys on a (dedicated) USB > drive while booting your (regular or dedicated) PC with Knoppix to do > crypto operations. Yes, I'll probably do something like that for a while. It's less convenient because I'll have to be transferring files back and forth manually. But if used with a removeable drive, it would probably be more secure than having it plugged into my main computer by ethernet or serial cable. Especially if I compose and read encrypted messages on it as well. From wk at gnupg.org Mon May 14 15:04:36 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 May 2007 15:04:36 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: <46482183.20004@caseyljones.net> (Casey Jones's message of "Mon\, 14 May 2007 01\:44\:51 -0700") References: <46482183.20004@caseyljones.net> Message-ID: <87iravwo7v.fsf@wheatstone.g10code.de> On Mon, 14 May 2007 10:44, groups at caseyljones.net said: > something's wrong. Can the OpenPGP Card be set to do one operation per > pin entry when used with a card reader that has a keypad? This seems Yes, use the command "forcesig" in the --card-edit menu to toggle this feature. However it does not help you if the host has been compromised and the admin PIN is know. You can always bypass the requirement to use the keypad. With some social engineering this make it easy to get control over the card. > software. It seems the OpenPGP Card relies on the proprietary BasicCard > operating system. Finally, it looks like the OpenPGP Card costs about That is indeed very unfortunate but we have found no other way to deliver a fast card. For allmost all fast chips you need to sign an NDA which does not allow you to implement a fully free solution. Building your own chip is possible but they would be very expensive. And no, a Java Card does not help securitwise as you don't have access to the firmware. > 26.4 Euros (about $36) shipped from Europe. That's a little high for me > right now. What about an aggregated order or to figure out a company in the US to distribute the cards? > not in use, so that if my device falls into the wrong hands, I won't > have to worry too much. Does the OpenPGP Card encrypt the keys while > stored on the card? No, that does not make sense - the standard security features of the chip are employed to make probing the chip difficult and expensive. > Also, the OpenPGP Card appears to be from a german organization, like That is not correct. I have developed the specs along with Achim Peitig of a Paderborn card vendor. Achim wrote the implementation. It was done all on our own money and for our fun. Only later the BSI (The German federal IT security agency) mentioned this card as a good example of a usable smart card without vendor lock in. > the one that developed the Java Anonymous Proxy, and was forced by the > german government to back door the software. Does the german government JAP has not been backdoored but the organisations running a JAP server have the ability to log the IP addresses. The case you have in mind is that the lists of IP addresses have been handed over to the prosecution authorities. IIRC, they have not been forced to do this but did this voluntary. That is basically the same as with a TOR server: It is possible to log things to help the prosecution but no sane person wouild do this. My company is running a heavy loaded exit node (allium.gnupg.org) and we get about one request a fortnight to tell the IP address. Obviously we don't do that and usually a few minutes talk is today sufficient to explain them that this is an anoymizer server and that there is no chance to get to the IP address of the previous node. > still consider it legal to force programmers to back door their > software? I heard they were appealing it, but I never heard how that There is no way to force backdoors in software. Only ISPs (larger than about 1000 clients) are required to have that expensive wiretapping rig available - in case of a court order to set one. And well, they need to keep the client name and the assigned IP addrersses on file for too much time. But that has nothing to do with beeing forced to backdoor software. > Does anyone know if any other democratic governments consider it legal > to force programmers to incorporate back doors? Before answering that we need to agree on what countries are still democratic ;-) Shalom-Salam, Werner From groups at caseyljones.net Mon May 14 16:15:10 2007 From: groups at caseyljones.net (Casey Jones) Date: Mon, 14 May 2007 07:15:10 -0700 Subject: Old PC as Hardware Security Module? In-Reply-To: <87iravwo7v.fsf@wheatstone.g10code.de> References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> Message-ID: <46486EEE.4020209@caseyljones.net> Werner Koch wrote: > On Mon, 14 May 2007 10:44, groups at caseyljones.net said: >> something's wrong. Can the OpenPGP Card be set to do one operation per >> pin entry when used with a card reader that has a keypad? This seems > > Yes, use the command "forcesig" in the --card-edit menu to toggle this > feature. However it does not help you if the host has been compromised > and the admin PIN is know. You can always bypass the requirement to use > the keypad. With some social engineering this make it easy to get > control over the card. That sounds great. If I understand correctly, you rarely need to use the admin PIN, so it would be unlikely to be compromised. For example you could use the admin pin only after booting from a CD. >> not in use, so that if my device falls into the wrong hands, I won't >> have to worry too much. Does the OpenPGP Card encrypt the keys while >> stored on the card? > > No, that does not make sense - the standard security features of the > chip are employed to make probing the chip difficult and expensive. Why doesn't it make sense? The chip's security features make it fairly secure. But having the keys encrypted on the card would make it highly secure. As long as the passphrase hadn't been captured, like after being lost, stolen, or confiscated. >> Also, the OpenPGP Card appears to be from a german organization, like > > That is not correct. I have developed the specs along with Achim Peitig > of a Paderborn card vendor. Achim wrote the implementation. It was > done all on our own money and for our fun. Only later the BSI (The > German federal IT security agency) mentioned this card as a good example > of a usable smart card without vendor lock in. Can the person who loads the software onto the cards be given orders by the German court? >> the one that developed the Java Anonymous Proxy, and was forced by the >> german government to back door the software. Does the german government > > JAP has not been backdoored but the organisations running a JAP server > have the ability to log the IP addresses. OK, not backdoored, just compromised. > The case you have in mind is > that the lists of IP addresses have been handed over to the prosecution > authorities. IIRC, they have not been forced to do this but did this > voluntary. According to this article http://www.theregister.co.uk/2003/08/21/net_anonymity_service_backdoored/ it was mandated by the courts. ...the JAP team replied to the thread, admitting that there is now a "crime detection function" in the system mandated by the courts. But they defended their decision: "What was the alternative? Shutting down the service? The security apparatchiks would have appreciated that - anonymity in the Internet and especially AN.ON are a thorn in their side anyway." > That is basically the same as with a TOR server: It is > possible to log things to help the prosecution but no sane person wouild > do this. Are the authors of the Java Anonymous Proxy not sane? If they would do it, why not ZeitControl? > My company is running a heavy loaded exit node > (allium.gnupg.org) and we get about one request a fortnight to tell the > IP address. Obviously we don't do that and usually a few minutes talk > is today sufficient to explain them that this is an anoymizer server and > that there is no chance to get to the IP address of the previous node. What will you do if the court orders you to turn on logging, hand over the logs, and keep it secret? From bahamut at digital-signal.net Mon May 14 16:32:10 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Mon, 14 May 2007 09:32:10 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> Message-ID: <464872EA.1090901@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Robert J. Hansen wrote: >> I've been considering getting an OpenPGP Card, but there are >> three reasons I'm reluctant to. The main one is that I want >> something that will only do one signature or decryption at a >> time. That way if my machine is compromised, I'll only suffer one >> hit before I'll notice something's wrong. > > The OpenPGP card actually gives you a substantial advantage in this > situation. > > Let's say that you're running GnuPG on a PC and I'm able to subvert > the box. I put in a keylogger and snarf your passphrase. I also > copy your private keyring and mailspool off the box. I can now > read your mail without ever touching it, except to copy a couple of > files and install a small app. You're none the wiser. > > Compare this to an OpenPGP card, where I have to find you in a dark > alley and have a conversation with your kneecaps to get your card > and PIN. You will most probably know that something has happened > to you. If you have enough physical access and time to compromise a Linux box, install a stealthy keylogger and then harvest the logs at a later time, all without being caught, I think you can snoop around and find the card and compromise it. Then again, I don't see how you would have access to the mail if you get the card and its PIN, even if you don't get caught, without access to either box or the mailserver of the email provider assigned to your victim (and in the case of the latter, you'd only likely have access to new mails anyway). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRkhy6viOA0Bgp4/LAQMD1QgA0b/+0Snz4UH/7McPZ6L0jMbzOmfyTq01 FfYkrVDRSJ4bAW2J63FAedJ/gEdNisyNgu76I6rsTB1WTg3bKQ3t8NkqauRBRUEn bXnAkMH952kNCPaoNNDfLsVBkRb5buXYQTJGXqR6Cji/VY2b+IMwAMQC45bGgHBK T/N3TZ6imuwG80pmha48StRdyXdXS3YYH7m6ZswAWnzl4P8EleMSUe6nyCarPTeN 3R3g2rvPjQLLA2gIR6lxL4A//g+Un7lwvegdsSNgzoA3mIePKmpAdPwiIAESPqYL aRRozgseOjXnt5ip8Z0oBAJnt4+xaQ16NvI38LaCt0rc+eP21BNixw== =W5n1 -----END PGP SIGNATURE----- From grove.jane at gmail.com Mon May 14 17:07:39 2007 From: grove.jane at gmail.com (jane grove) Date: Mon, 14 May 2007 10:07:39 -0500 Subject: Encrypt with key ID In-Reply-To: <46452481.4050802@tx.rr.com> References: <46452481.4050802@tx.rr.com> Message-ID: Thanks, John. However, when I use the command "gpg --batch -ea -r keyid filename", I got an "encryption failed: unusable public key" error message. Interestingly, when I use the command without batch mode like "gpg -ea -r keyid filename", I'm able to encrypt the file. So the batch mode is having problems. How can I encrypt the file using recipient public keyid correctly in batch mode? Thanks, On 5/11/07, John Clizbe wrote: > jane grove wrote: > > Hello, > > What is the GPG command to use a recipient's key ID to encrypt files? > > I tried the following command but it didn't work: > > gpg --batch -ea filename keyid > > Almost... > > gpg --batch -ea -r keyid filename > > repeat -r as often as needed. > > > > -- > John P. Clizbe Inet: John (a) Mozilla-Enigmail.org > You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A > "what's the key to success?" / "two words: good decisions." > "what's the key to good decisions?" / "one word: experience." > "how do i get experience?" / "two words: bad decisions." > > "Just how do the residents of Haiku, Hawai'i hold conversations?" > > > From me at psmay.com Mon May 14 18:28:07 2007 From: me at psmay.com (Peter S. May) Date: Mon, 14 May 2007 12:28:07 -0400 Subject: Secure text editor? In-Reply-To: <46446746.4000502@digitalbrains.com> References: <46446746.4000502@digitalbrains.com> Message-ID: <46488E17.3040209@psmay.com> Peter Lebbing wrote: > I want to have a text file with personal data in it, which I encrypt to > myself, and decrypt to view and edit. However, to do that securely, I need > an editor which will not leak the text in any way, so locking it's pages in > memory so they won't be swapped out, and other angles of attack. > ... > My workstation runs Windows, but I think I would prefer a tool that works > under Linux too (possibly under Cygwin in Windows). Some of the other respondents so far seem to have missed the part where you mentioned locking pages in memory. I've been curious about this myself; is there any text editor in existence that locks itself from being paged out to the swap space? If there isn't, why not? Anyway, my guess is that no such self-contained Windows-based solution exists, since even gpg can't lock its memory in Windows. It would be a lot more _possible_ to make one for a Linux-based system, but I haven't heard of one myself. Either way, I thought I'd heard somewhere that even locked memory can get written to disk if the operator decides to enter hibernate mode... (Developers familiar with swap-locked memory: I'd appreciate at least a short explanation of how it works to someone who understands ISO C but not necessarily OS-specific APIs. Can stack memory be locked, or only heap memory? Would there be any way to load a whole, full-featured text editor, such as the 1.8MiB vim on my machine, entirely into locked RAM without screwing something up?) As one of the other readers noted, however, one way to counteract any such problem is to install a whole-disk encryption solution. That way, even if what you've got is paged out to disk, nobody can get to it while the machine is off. I can think of imperfections with this system as well, but they're not terribly significant. On Linux, swap space is its own partition, which makes it possible to do crazier things with it, such as run whole-volume encryption on the partition with a session key randomly generated at each startup--so that the moment you shut down it becomes garbage even if you don't shut down properly. I myself simply make sure I have a filesystem on my machine that's capable of causing shred -uz to work as prescribed (ext3 with no journaling) and give the swap partition an occasional stir with shred. Anyone who can get past that is fairly likely to be able to do worse things with my system. (A script I wrote and still use acts a whole lot like crontab, complete with -l and -e flags: It consults mktemp for a filename to use, decrypts to it, runs whatever is in my VISUAL/EDITOR env on it, signs and re-encrypts back to its original location, and runs shred -uz on the temp file. It's not leakproof, but it at least makes attacks nontrivial. It makes a handy password stasher and has singlehandedly broken my habit of using anything but randomly-generated passwords on most websites. :-D Needless to say, this isn't a smart thing to do unless the encrypted file is backed up regularly...) Anyway, decide how likely or unlikely an attack is before expending too much effort on this one. :-) M2C PSM -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070514/9feff17b/attachment-0001.pgp From zvrba at globalnet.hr Mon May 14 16:21:54 2007 From: zvrba at globalnet.hr (Zeljko Vrba) Date: Mon, 14 May 2007 16:21:54 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> Message-ID: <87zm471o59.fsf@globalnet.hr> "Robert J. Hansen" writes: >> >> What prevents the keylogger in your first example to snarf the PIN >> code >> for the OpenPGP card and send decryption requests to the OpenPGP card, >> using the PIN code, in the background, possibly remotely controlled >> over >> the network? > > There exist cryptographic smart cards you can actually be safe > against this kind of attack with. They're pretty cool. I don't know > Smart-card has nothing to do with it. It's the OS who has to defend against such type of attack. AFAIK, no wide-spread OS does it today. On linux, you can strace any application and see all I/O done by the program. On Windows you have even more powerful debugging/interception API. Windows is slightly better here because an administrator can revoke the "Debug Privilege" from a user account. Thus, the user can't debug its own programs, but neither the trojans can, so it makes running sensitive applications slightly safer. As long as OS allows ptrace/equivalent calls which inspect and modify data and code in another process, there's NO WAY to prevent this attack. Not even separate PIN entry device helps, because the trojan may still attach itself to (eg.) GnuPG executable and modify data (eg. to-be signed hash) in memory before it's sent to the smart-card. Intel had once a whitepaper on LaGrande technology where every application would be cryptographically protected *in hardware* from any other application. Each app would have cryptographically protected channel with I/O devices, and even memory regions. Such environment would fully protect applications like GnuPG. But, AFAIK, it remained only a whitepaper. > > The question isn't whether smart cards are secure--nothing that's got > that much RAM and processor power ever is--but whether smart cards > are a security improvement. > My personal opinion is that, at the current state of "security" in today's OS-es, smart cards give just a false sense of security in typical usage scenarios (= when used on a general-purpose, networked workstation). From rjh at sixdemonbag.org Mon May 14 18:37:21 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 14 May 2007 11:37:21 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <87bqgnfw69.fsf@mocca.josefsson.org> References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> <87bqgnfw69.fsf@mocca.josefsson.org> Message-ID: > How do they work? A (very) small display to show the hash that's being signed and an integrated PINpad. PC sends data to the smartcard unit for signing, then signals the SC unit "okay, I'm done, sign now, please". SC pauses to display to the user the hash and get the PIN directly on its own trusted hardware. If the PIN is entered, SC does the signature and tosses it back to the PC. If the operation is canceled, SC returns some kind of op-cancelled value. From email at sven-radde.de Mon May 14 19:24:04 2007 From: email at sven-radde.de (Sven Radde) Date: Mon, 14 May 2007 19:24:04 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> <87bqgnfw69.fsf@mocca.josefsson.org> Message-ID: <46489B34.5080102@sven-radde.de> Robert J. Hansen schrieb: >> How do they work? > > A (very) small display to show the hash that's being signed and an > integrated PINpad. Pointless given the attack scenario (PC subverted with a trojan to specifically attack GnuPG and its smartcard), unless you can calculate SHA-1 values in your head... What do you make of the information that you are going to sign data that has a hash value of 0xDEADBEEF? It could be the hash of "Robert J. Hansen owes Sven Radde 10.000$"... To avoid this, the card reader would have to display the actual data that is to be signed and the card would have to calculate the hash by itself. However, if you want to sign more than, say, a few hundred characters this becomes rather useless. cu, Sven From grove.jane at gmail.com Mon May 14 19:51:21 2007 From: grove.jane at gmail.com (jane grove) Date: Mon, 14 May 2007 12:51:21 -0500 Subject: Encrypt in Batch Mode with Key ID Message-ID: Hello, I tried to use the command: gpg --batch -ea -r keyid filename to encrypt a file in batch mode with a recipient public key ID. I got an "encryption failed: unusable public key" error message. Interestingly, when I use the command without batch mode like "gpg -ea -r keyid filename", I'm able to encrypt the file. So the batch mode is having problems. How can I encrypt the file using recipient public keyid correctly in batch mode? Thanks. From bahamut at digital-signal.net Mon May 14 20:23:13 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Mon, 14 May 2007 13:23:13 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <46489B34.5080102@sven-radde.de> References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> <87bqgnfw69.fsf@mocca.josefsson.org> <46489B34.5080102@sven-radde.de> Message-ID: <4648A911.9060907@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Sven Radde wrote: > unless you can calculate SHA-1 values in your head... I know it's off topic, but how hard would that be? I've never looked over the algorithm. How hard would it be to calculate MD5? MD4? CRC32? - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRkipEfiOA0Bgp4/LAQO10AgAgZ6sQ7TsaT+H2gIdt9GFqNiNoasK+UUQ jz8c+GaGcPNP08cHUAPlQHfaxoXF/OdZO6fuuPGtkwuaf+hL64VYG25cNRtClDu8 fvZXppEm1RqAzOoauEkMLm0ynpB3fE3wGyNh5GM4x12DIOwTSMM2MHquxxk5GlIW N6mm+m4i08CxlQJ8syWmGlzwd1yNpSjeu3lp7OhwjHGUh+FNavy6Y2/ligGgYU61 yGSzcjszRBXo2JaFeBrdILJKOu6wUpuE+cu/OVy+Ov+v80Qc8ohu+a/Bc8uRVtgr 2ZaitIBDkI/f5WR/lpQDeiXcabFBphrA3uAivMUX/IHerh5deCtjbQ== =3BdY -----END PGP SIGNATURE----- From wk at gnupg.org Mon May 14 21:05:14 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 May 2007 21:05:14 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: <87zm471o59.fsf@globalnet.hr> (Zeljko Vrba's message of "Mon\, 14 May 2007 16\:21\:54 +0200") References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> <87zm471o59.fsf@globalnet.hr> Message-ID: <87wszbjket.fsf@wheatstone.g10code.de> On Mon, 14 May 2007 16:21, zvrba at globalnet.hr said: > My personal opinion is that, at the current state of "security" in today's > OS-es, smart cards give just a false sense of security in typical usage > scenarios (= when used on a general-purpose, networked workstation). Smart cards have one important advantage: You can't compromise the key - you need the actual card for operation. For example the card I use to sign tarballs may be used on a comprimised computer and I sign something different than I believe to do. Eventually this will get noticed and then I can identify the packages I signed (due to the signature counter on the card). There is no need to give up on the key - just the signatures are not done correctly. For a long term key where the public part is widely deployed this is a real benefit. Salam-Shalom, Werner From wk at gnupg.org Mon May 14 21:14:31 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 May 2007 21:14:31 +0200 Subject: Secure text editor? In-Reply-To: <46488E17.3040209@psmay.com> (Peter S. May's message of "Mon\, 14 May 2007 12\:28\:07 -0400") References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> Message-ID: <87fy5zjjzc.fsf@wheatstone.g10code.de> On Mon, 14 May 2007 18:28, me at psmay.com said: > (Developers familiar with swap-locked memory: I'd appreciate at least a > short explanation of how it works to someone who understands ISO C but > not necessarily OS-specific APIs. Can stack memory be locked, or only Using mlock(2) it would be hard to lock the stack. But you can lock the entire process against swapping. gpg keeps all sensitive data on the heap and if something ends up on the stack (parts of sensitive data during computations), those variables are overwritten as soon as possible. > heap memory? Would there be any way to load a whole, full-featured text > editor, such as the 1.8MiB vim on my machine, entirely into locked RAM > without screwing something up?) mlockall(2). > such problem is to install a whole-disk encryption solution. That way, > even if what you've got is paged out to disk, nobody can get to it while Page file encryption is actually the best and easiest solution. At the time I designed gpg, this was not available on any free OS. Shalom-Salam, Werner From wk at gnupg.org Mon May 14 20:57:25 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 14 May 2007 20:57:25 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: <46486EEE.4020209@caseyljones.net> (Casey Jones's message of "Mon\, 14 May 2007 07\:15\:10 -0700") References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> <46486EEE.4020209@caseyljones.net> Message-ID: <873b1zkzca.fsf@wheatstone.g10code.de> On Mon, 14 May 2007 16:15, groups at caseyljones.net said: > Why doesn't it make sense? The chip's security features make it fairly > secure. But having the keys encrypted on the card would make it highly > secure. As long as the passphrase hadn't been captured, like after being No, you are required to remember a long passphrase and use it all the time. The advantage of a PIN is that it is easy to remember (well, even the 6 digits are too many for many people). Security is tradeoff here between usability and semi-paranoia. If on the other side you really have these strong security demands, you need to define your whole working process very tightly. The smart card will be just a very small piece of the whole story. > Can the person who loads the software onto the cards be given orders by > the German court? No, that is ridiculous. The vendor does not know who will buy the card and no court is able to a demand that all cards are to be bugged. Well, there are some politicans who try to change our political system in this regard to be simialr to the one they bought out 17 year ago. But that is another story and our supreme court won't let such laws pass. >> JAP has not been backdoored but the organisations running a JAP server >> have the ability to log the IP addresses. > > OK, not backdoored, just compromised. They say, it is by design. JAP is definitely not managened by people with a strong view on civil rights. But well, there is TOR. > According to this article > http://www.theregister.co.uk/2003/08/21/net_anonymity_service_backdoored/ > it was mandated by the courts. IIRC, the prosecution office asked for the data and not a court. For whatever reasons the JAP folks at the Dresden university decided that they want to help them. There was no actual need. I recall a private conversation with the resonsible professor where he told me: yes, I am in favor of anonymity but there needs to be a limit; child porn is enough of a reason to help the prosecution office. >> That is basically the same as with a TOR server: It is >> possible to log things to help the prosecution but no sane person wouild >> do this. > > Are the authors of the Java Anonymous Proxy not sane? If they would do > it, why not ZeitControl? Indeed, adding a logging feature and using it for more than debugging is IMHO insane. Regarding the Zeitcontrol OS used by the card: I have no idea whether they log things. But I have enough reasons to believe they don't: Where should it be saved, what subliminal channels are they using and how would they make money with such a feature. Have you also asked the card reader vendors whether they have a backdoor? Or the firmware of your old PC, or....? > What will you do if the court orders you to turn on logging, hand over > the logs, and keep it secret? I would shutdown the service of course. But they can't demand that. This is a service designed for routing packets in the Internet and as such explicitly excluded by the wiretapping laws. Shalom-Salam, Werner From rjh at sixdemonbag.org Mon May 14 21:52:37 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 14 May 2007 14:52:37 -0500 Subject: Secure text editor? In-Reply-To: <46488E17.3040209@psmay.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> Message-ID: <5B6F6B22-B68B-4DC2-852D-60E4338F4175@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > (Developers familiar with swap-locked memory: I'd appreciate at > least a > short explanation of how it works to someone who understands ISO C but > not necessarily OS-specific APIs. Can stack memory be locked, or only > heap memory? Would there be any way to load a whole, full-featured > text > editor, such as the 1.8MiB vim on my machine, entirely into locked RAM > without screwing something up?) Wildly implementation dependent. POSIX 1003.1b-1993 and 1003.1i-1995 are the canonical references, but different OSes will implement it to different extents. The mlock manpage is probably the best place to begin from. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkZIvgUACgkQf2XByo0Cu7MF0gDcD5Wh59IE6QH27hPkYW8fN7+H UUbsmg1JEjxV7gDggvxDQajFvl8tohk6CXFDuEnxfM5qLMxMPQ90cYkBHAQBAQgA BgUCRki+BQAKCRC3APSC/q+BCbtQB/wOuqH9WYOHiYILstPksNoD8nHlzhMpyJk1 cnFgPl2Cbgih3219ragxAUe1n8WsKj4Q2O/+caldEOcLEA7Ez2NA+27bw+6hYTJW ehBC6JV0N6HrhBvMKZjw8k8TCwtaigEDK58qRsXMQBiVsSIJ0bPvczfBRao/MDmk 78wJzTRqIc5uaYDMpYFq9utYBZFCF6EJbw73fqAbPxPqc3S/a0b9apBKPrsMbw5h y7pQOf2H5UFseFjygLoLJBZTuhzazJQCdVnE0Gf7wRPu0IUXLQrbAXBiL/l5T5E0 lp1lKb0rH4TBYFcoAkWYHw0vAAH1EMoBw3CvBwseMkxDJwrOMHTd =DxDE -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Mon May 14 22:23:05 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Mon, 14 May 2007 15:23:05 -0500 Subject: Encrypt with key ID In-Reply-To: References: <46452481.4050802@tx.rr.com> Message-ID: <4648C529.2090303@tx.rr.com> jane grove wrote: > Thanks, John. > > However, when I use the command "gpg --batch -ea -r keyid filename", I got > an "encryption failed: unusable public key" error message. > > Interestingly, when I use the command without batch mode like "gpg -ea > -r keyid filename", I'm able to encrypt the file. So the batch mode > is having problems. > > How can I encrypt the file using recipient public keyid correctly in > batch mode? > From the man page: --batch --no-batch Use batch mode. Never ask, do not allow interactive com- mands. --no-batch disables this option. --no-tty Make sure that the TTY (terminal) is never used for any out- put. This option is needed in some cases because GnuPG some- times prints warnings to the TTY if --batch is used. --yes Assume "yes" on most questions. --no Assume "no" on most questions. gpg -ea is only a non-interactive command as long as all recipient keys are considered trusted *and* the output filename does not already exist. --batch -ea by itself fails for a non trusted key. Along with the 'encryption failed: unusable public key' message, you should have received a 'There is no assurance this key belongs to the named user' message. --batch --yes will handle the output file already existing, but not the untrusted key. If you must use batch, the you need to add --yes if the output file name may already exist (it will be overwritten); and you need to either sign recipient keys with a trusted key or add --always-trust to the command line. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070514/67132d2b/attachment.pgp From z.himsel at gmail.com Mon May 14 21:52:08 2007 From: z.himsel at gmail.com (Zach Himsel) Date: Mon, 14 May 2007 15:52:08 -0400 Subject: Secure text editor? In-Reply-To: <46488E17.3040209@psmay.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> Message-ID: <8d5f78b30705141252s7803a8bcucacacae459e5c8df@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/14/07, Peter S. May wrote: > On Linux, swap space is its own partition I just realized something. You have the option to NOT use swap space in Linux. Does this mean that there is no memory written to disk? If so, then it might be plausible to either have a dedicated machine with no swapfile for the encryption or temporarily turn off swap for the encryption/decryption process and then re-enable it after. - -- Zach Himsel |_|0|_| ----------- OpenPGP Key: 0x9A1DFCAC ----------- |_|_|0| () I support the **ASCII Ribbon Campaign** |0|0|0| /\ (against html mail & proprietary attachments) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.61 iQEVAwUBRki9xba4sKCaHfysAQKnIQf/X0fTUHfWhjQMg3I8AJ0JtTD4IerNMFVT 2YOJv1fgqvOL2gx6se166DAlViy1YFLw3e8ZJd4aFVKE/1tz5VOZ2OJ+lV8AvauR HGVgOnvPjtD2Bywy1mpbMX50ARFX4kkArrah96IT5OAa6sHSXG+dGMUu12NMj1Cg 7RpGbMkf60Gchf2PIKyzIEvzK+ihXeHRXiuqLiYNc9rlkkc6N+G0FT2xH4Z6iXX+ Ar3w2jGPE5CSaYEuMUO9KT8rbB7oRw/yWwkPKOLe1qD3PQwSraEynaJ+o2cg/que JETJVHGlCXJoS9Nu56adcUMQDYR5fSg+o2lyThMuRFubI7yKwq6UGQ== =Z6GO -----END PGP SIGNATURE----- From z.himsel at gmail.com Mon May 14 22:52:33 2007 From: z.himsel at gmail.com (Zach Himsel) Date: Mon, 14 May 2007 16:52:33 -0400 Subject: Secure text editor? In-Reply-To: <46446746.4000502@digitalbrains.com> References: <46446746.4000502@digitalbrains.com> Message-ID: <8d5f78b30705141352u335efd45tcb47280a78c5a7bc@mail.gmail.com> On 5/11/07, Peter Lebbing wrote: > Does anybody know an editor that's up to the job? Try this: http://tinyurl.com/23pcb7 -- Zach Himsel |_|0|_| ----------- OpenPGP Key: 0x9A1DFCAC ----------- |_|_|0| () I support the **ASCII Ribbon Campaign** |0|0|0| /\ (against html mail & proprietary attachments) From malayter at gmail.com Tue May 15 00:15:05 2007 From: malayter at gmail.com (Ryan Malayter) Date: Mon, 14 May 2007 17:15:05 -0500 Subject: Secure text editor? In-Reply-To: <8d5f78b30705141252s7803a8bcucacacae459e5c8df@mail.gmail.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <8d5f78b30705141252s7803a8bcucacacae459e5c8df@mail.gmail.com> Message-ID: <5d7f07420705141515k23a4cd86xf1a49a109adef7db@mail.gmail.com> On 5/14/07, Zach Himsel wrote: > On 5/14/07, Peter S. May wrote: > > On Linux, swap space is its own partition > I just realized something. You have the option to NOT use swap > space in Linux. Does this mean that there is no memory written > to disk? If so, then it might be plausible to either have a > dedicated machine with no swapfile for the encryption or > temporarily turn off swap for the encryption/decryption process > and then re-enable it after. The same option exists in all versions of Windows NT, but you have to change the system options to run with no pagefile and then reboot. We run most of our development virtual machines this way, to decrease the size of the virtual disk files. -- RPM ========================= All problems can be solved by diplomacy, but violence and treachery are equally effective, and more fun. -Anonymous From malayter at gmail.com Tue May 15 00:11:54 2007 From: malayter at gmail.com (Ryan Malayter) Date: Mon, 14 May 2007 17:11:54 -0500 Subject: Secure text editor? In-Reply-To: <46488E17.3040209@psmay.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> Message-ID: <5d7f07420705141511q73aacd9bma9f4fcfe6639a95b@mail.gmail.com> On 5/14/07, Peter S. May wrote: > (Developers familiar with swap-locked memory: I'd appreciate at least a > short explanation of how it works to someone who understands ISO C but > not necessarily OS-specific APIs. Can stack memory be locked, or only > heap memory? Would there be any way to load a whole, full-featured text > editor, such as the 1.8MiB vim on my machine, entirely into locked RAM > without screwing something up?) I'm certainly no expert, but I can offer a link, as I was just looking into this myself. Locking seems to be page-based on Windows NT systems, so I think it is only heap memory that can be locked. There is also the complication of the nonpaged pool in Windows having a smallish fixed size (a restriction mitigated by newer versions of Windows I believe). See http://msdn2.microsoft.com/en-us/library/aa366895.aspx -- RPM From bernhard at intevation.de Mon May 14 15:07:54 2007 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 14 May 2007 15:07:54 +0200 Subject: gpgpgsm merging public kbx / exporting all keys In-Reply-To: <874pmj69vf.fsf@wheatstone.g10code.de> References: <200705101302.16457.bernhard@intevation.de> <874pmj69vf.fsf@wheatstone.g10code.de> Message-ID: <200705141507.57497.bernhard@intevation.de> On Friday 11 May 2007 10:29, Werner Koch wrote: > On Thu, 10 May 2007 13:02, bernhard at intevation.de said: > > gpgsm --export >exported-x509-keys > > does not work. > > gpgsm: exporting more than one certificate is not possible in binary mode > > That is because most X.509 tools will take only the first ANS.1 object > and ignore any concatenated objects. This is actually correct for an > ASN.1 based system. There is no widely used standard for putting > severeal keys int one object, thus we better allow only for one key. > > > gpgsm --armor --export >exported-x509-keys > > and gpgsm --import exported-x509-keys works. > > ...no standard except for PEM encoded certificates - thus this works. > > > While doing so I looked up the documentation "export [PATTERN]" > > and searching for PATTERN did not result into the section that > > explains how to select a user id. I suggest to add a sentence > > which contains "PATTERN" to this section. > > Reads now: > > `--export [PATTERN]' > Export all certificates stored in the Keybox or those specified by > the optional PATTERN. Those pattern consist of a list of user ids > (*note how-to-specify-a-user-id::). When used along with the > `--armor' option a few informational lines are prepended before > each block. There is one limitation: As there is no commonly > agreed upon way to pack more than one certificate into an ASN.1 > structure, the binary export (i.e. without using `armor') works > only for the export of one certificate. Thus it is required to > specify a PATTERN which yields exactly one certificate. Wonderful, thanks for the change! I also suggest to change the how-to-specify-a-user-id:: section to include the string "PATTERN" so that string searching would also produce that section. >> > Also with gpg you can just > > gpg --import pubring.gpg which makes merging a lot easier. > > Most people here can guess my reply: No, no, no. This is an undocumented > feature which works only due to the coincidence that the external and > internal format is very similar. The inetrnal format may be changed at > any time. The only way to access the keyrings is by using --import and > export. Okay, I did not know. :) Well as long as it works, it is quite handy, I suggest to add something in the documentation to not rely on this for anything automated because there will be no consideration of backwards compatibility. > > For the gpg trust-list there are command line options for exporting > > and importing. So I would suggest to add least add the example > > of the recommended way to the manual and textinfo documentation. > > You mean: Howto migrate a key from one system to the other? Well, I can > add a short howto. The new GnuPG manual has anyway a section with > hotwos. There is a) How to migrate a secret key b) How to merge public keys with trustlist, e.g. for backups or several machines. Best Regards, Bernhard -- Managing Director - Owner: www.intevation.net (Free Software Company) Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com. Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1310 bytes Desc: not available Url : /pipermail/attachments/20070514/c2269e71/attachment.bin From hhhobbit at securemecca.net Tue May 15 02:33:45 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Mon, 14 May 2007 18:33:45 -0600 Subject: gpg --batch -ea -r keyid filename In-Reply-To: References: Message-ID: <4648FFE9.8030802@securemecca.net> Jane Grove wrote: > Message: 4 > Date: Mon, 14 May 2007 12:51:21 -0500 > From: "jane grove" > Subject: Encrypt in Batch Mode with Key ID > To: gnupg-users at gnupg.org > Message-ID: > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hello, > > I tried to use the command: > > gpg --batch -ea -r keyid filename > > to encrypt a file in batch mode with a recipient public key ID. I got > an "encryption failed: unusable public key" error message. > > Interestingly, when I use the command without batch mode like "gpg -ea > -r keyid filename", I'm able to encrypt the file. So the batch mode > is having problems. > > How can I encrypt the file using recipient public keyid correctly in > batch mode? Try: gpg --batch -ea -r KEYID < filename > filename.asc On Windows in *.BAT, that would perhaps be best written as (name the script file pcrypt.bat and put it some place in your %PATH%). I leave it to you do add more than one argument which is best done in VBScript, not BAT. ---------------------------------------------------------- @echo off REM Add gpg.exe to the path if you did not do already REM PATH=%PATH%;%ProgramFiles%\Gnu\GnuPG if "%1" == "" goto instruct setlocal if exist %1 ( if exist %1.asc del %1.asc gpg --batch -ea -r KEYID < %1 > %1.asc ) else ( echo FILE %1 does not exist ) goto exit :instruct echo usage: pcrypt file_to_encrypt :exit endlocal ---------------------------------------------------------- You didn't say what platform you are on. If you are on some sort of Nix platform, you can use the pcrypt script file in this zipped folder to automate the encryption (it has MY KEYID, and I tested it and it WORKS - replace my KEYID with one of your choice): http://www.securemecca.com/Crypto.zip MD5: 942e18704f65f14551535c6e086128c3 SHA1: 5b17554888d7ad4fc8376ed71c4a8a92f8ff2888 Check sums were created with the "-b" option on Linux. Since ALL of files in the folder have only LF rather than CR+LF on the ends of the files (they were written with the BASH shell in mind), I suggest using GVim on Microsoft Windows since it is the only editor that I know about that can see the files (there are probably others): http://www.vim.org/download.php#pc http://www.vim.org/ I strongly suggest you get the gvim71.exe unless you are a masochist. If you don't like tilde backup files, add the following line to the start vimrc file: set nobackup If you or others want it in VBScript, let me know and I will try to add a VBScript file to do it, if I ever get back on MS-Windows. I have been on Linux for three plus weeks solid right now. My Anti-Virus program is probably so far out of date I will have to reinstall it! You may have a damaged keyring, or the particular key is munged (hopefully it isn't yours). In that case search the archives for how to clean it up. There is a lot of good advice on how to do that from quite a few people. I would try the batch encrypting with other keys, and if it works with the other keys but not the one you are mentioning, then the key is the problem. HHH From groups at caseyljones.net Tue May 15 03:48:20 2007 From: groups at caseyljones.net (Casey Jones) Date: Mon, 14 May 2007 18:48:20 -0700 Subject: Old PC as Hardware Security Module? In-Reply-To: <87zm471o59.fsf@globalnet.hr> References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> <87zm471o59.fsf@globalnet.hr> Message-ID: <46491164.7070202@caseyljones.net> Zeljko Vrba wrote: > there's NO WAY to prevent this attack. Not even > separate PIN entry device helps, The attack that I'm referring to here which the PIN pad is meant to prevent, is only the unlimited use of the smart card. An attacker can still make a signature or decrypt something, but only one for each time you enter a PIN on the PIN pad(or press the authorize button if something like that exists). Soon you would notice that what you wanted signed or decrypted wasn't getting signed or decrypted, or was done wrong. I just thought of another feature. The card could require that you enter what operation you wanted performed on the PIN pad. For example if you want a signature, you enter a one before you enter the PIN. The card could check that in fact gpg has requested a signature and not a decryption. Before a decryption enter a two. This would limit the attacker not only in the number of unauthorized uses but in the type as well. From groups at caseyljones.net Tue May 15 08:01:54 2007 From: groups at caseyljones.net (Casey Jones) Date: Mon, 14 May 2007 23:01:54 -0700 Subject: Old PC as Hardware Security Module? In-Reply-To: <873b1zkzca.fsf@wheatstone.g10code.de> References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> <46486EEE.4020209@caseyljones.net> <873b1zkzca.fsf@wheatstone.g10code.de> Message-ID: <46494CD2.10807@caseyljones.net> Werner Koch wrote: > On Mon, 14 May 2007 16:15, groups at caseyljones.net said: > >> Why doesn't it make sense? The chip's security features make it fairly >> secure. But having the keys encrypted on the card would make it highly >> secure. As long as the passphrase hadn't been captured, like after being > > No, you are required to remember a long passphrase and use it all the > time. The advantage of a PIN is that it is easy to remember (well, even > the 6 digits are too many for many people). Security is tradeoff here > between usability and semi-paranoia. I thought most people kept their private keys encrypted with a long passphrase on their hard drives anyway. Since memorizing a 128bit decimal passphrase would be impractical, I envision entering the passphrase on your keyboard, which would be sent to the card to decrypt the key, then entering a short PIN on the PIN pad as well. If someone had already rooted your computer before physically stealing your card, then you would be defeated. But it seems to me there are a small but significant possibility of situations where someone hostile might get possession of your card but not have rooted your computer. Your card might be confiscated at a border crossing for example. Or you might get arrested by mistake or for something minor, and loose possession of your card for a while. A lot of governments might be able to trivially crack smart card security. The local police might overnight it to the feds for a quick key extraction. Organized criminals might have no problem cracking it either. A pickpocket might sell it to some mobsters for industrial espionage or to ransom back to you. > If on the other side you really have these strong security demands, you > need to define your whole working process very tightly. The smart card > will be just a very small piece of the whole story. Encrypting the key on card seems to me like a minor inconvenience for a significant security enhancement. I'd say it's worthwhile even for a low security situation. >> Can the person who loads the software onto the cards be given orders by >> the German court? > > No, that is ridiculous. The vendor does not know who will buy the card > and no court is able to a demand that all cards are to be bugged. Apparently every copy of the JAP was modified. Why not every BasicCard or every OpenPGP Card, in order to target a single individual? >> According to this article >> http://www.theregister.co.uk/2003/08/21/net_anonymity_service_backdoored/ >> it was mandated by the courts. > > IIRC, the prosecution office asked for the data and not a court. For > whatever reasons the JAP folks at the Dresden university decided that > they want to help them. There was no actual need. At https://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm "the ICPP received a judicial instruction by the Local Court (Amtsgericht) Frankfurt / Main, Germany, by which the collaborators of the research project AN.ON were bound to record all access to a particular IP address" Were they forced, or did they lie, or what? How did their appeal go? >>> That is basically the same as with a TOR server: It is >>> possible to log things to help the prosecution but no sane person wouild >>> do this. >> Are the authors of the Java Anonymous Proxy not sane? If they would do >> it, why not ZeitControl? > > Indeed, adding a logging feature and using it for more than debugging is > IMHO insane. I don't think that qualifies as insane. You may have a misunderstanding of the definition of the word insane or perhaps you're just exaggerating. But even if it is insane, if the JAP developers are that insane, why not ZeitControl also? > Regarding the Zeitcontrol OS used by the card: I have no > idea whether they log things. But I have enough reasons to believe they > don't: Where should it be saved, what subliminal channels are they using The only advantage of the smart card is that it makes extraction of the private key impractical (hopefully). Therefore an embedded exploit would probably be just an alternative master PIN and a way to dump the memory. > and how would they make money with such a feature. The developers of open source privacy software are probably generally highly resistant to the compromise of their work. And if the exploit is revealed, they probably won't loose their job or company. But a company would probably be much more motivated to keep such a court order secret, for fear of having their business ruined if they should be found out. If the software is closed source, there's a good chance they could keep it secret. > Have you also asked the card reader vendors whether they have a > backdoor? Or the firmware of your old PC, or....? That's a serious concern. Especially for machines made in china and some other places. The only small comfort I used to have was that I thought governments wouldn't risk ruining their software and electronics industry by forcing them to implant such things. But amazingly Germany seems willing to do this. It's one thing for the government itself to put bugs in only the items used by their targets, but to force others to install secret compromises in every item released, casts doubt on all the products of the entire nation. I would think that the software manufacturers would insist on a law being made to say that the government couldn't force developers to participate in such secret exploits. A strong and clear ruling by the courts might be sufficient. >> What will you do if the court orders you to turn on logging, hand over >> the logs, and keep it secret? > > I would shutdown the service of course. > > But they can't demand that. This is a service designed for routing > packets in the Internet and as such explicitly excluded by the > wiretapping laws. I was wondering what you would do if the government required you to secretly log passphrases in gpg, or implant some other compromise. You say that you would go to jail before complying with the court order? I have no reason to doubt your integrity personally, I expect that you are an honorable person. But how can we be confident? Luckily gpg is open source, so we can verify for ourselves. Unfortunately the OpenPGP Card isn't. From eocsor at gmail.com Tue May 15 08:12:51 2007 From: eocsor at gmail.com (Roscoe) Date: Tue, 15 May 2007 15:42:51 +0930 Subject: Secure text editor? In-Reply-To: <8d5f78b30705141252s7803a8bcucacacae459e5c8df@mail.gmail.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <8d5f78b30705141252s7803a8bcucacacae459e5c8df@mail.gmail.com> Message-ID: Swap is indeed optional. I've been running Debian with X/e16/screen/vim/irssi/xmms/mozilla for a a while (a year? or two?) and never noticed any performance difference. I doubt anyone else would either. (DDR2-800 2048MB, 2GHz dual core Athlon, before that DDR-400 1024MB, 2GHz single core Athlon). So imho its perfectly feasible to run a desktop with a decent amount of memory without swap. On 5/15/07, Zach Himsel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 5/14/07, Peter S. May wrote: > > On Linux, swap space is its own partition > I just realized something. You have the option to NOT use swap > space in Linux. Does this mean that there is no memory written > to disk? If so, then it might be plausible to either have a > dedicated machine with no swapfile for the encryption or > temporarily turn off swap for the encryption/decryption process > and then re-enable it after. > > - -- > Zach Himsel > |_|0|_| ----------- OpenPGP Key: 0x9A1DFCAC ----------- > |_|_|0| () I support the **ASCII Ribbon Campaign** > |0|0|0| /\ (against html mail & proprietary attachments) > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.61 > > iQEVAwUBRki9xba4sKCaHfysAQKnIQf/X0fTUHfWhjQMg3I8AJ0JtTD4IerNMFVT > 2YOJv1fgqvOL2gx6se166DAlViy1YFLw3e8ZJd4aFVKE/1tz5VOZ2OJ+lV8AvauR > HGVgOnvPjtD2Bywy1mpbMX50ARFX4kkArrah96IT5OAa6sHSXG+dGMUu12NMj1Cg > 7RpGbMkf60Gchf2PIKyzIEvzK+ihXeHRXiuqLiYNc9rlkkc6N+G0FT2xH4Z6iXX+ > Ar3w2jGPE5CSaYEuMUO9KT8rbB7oRw/yWwkPKOLe1qD3PQwSraEynaJ+o2cg/que > JETJVHGlCXJoS9Nu56adcUMQDYR5fSg+o2lyThMuRFubI7yKwq6UGQ== > =Z6GO > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From eocsor at gmail.com Tue May 15 08:54:40 2007 From: eocsor at gmail.com (Roscoe) Date: Tue, 15 May 2007 16:24:40 +0930 Subject: Printing Keys and using OCR. Message-ID: Hey folks, I'm wanting to store my OpenPGP key on paper, I suspect this is something someone else has already done. The motivation behind this is that paper is the most stable backup medium I have. I have tried printing out a key, then scanning and using gocr on the result. That was unsuccessful due to the high number of errors in the OCR phase, I suspect with a carefully selected font and font size I could sigificantly cut down on that error rate. Now since even a 99.99% accuracy in the OCR phase is still going to cause a large headache when you're trying to track down what one or few characters got interpreted wrong amongst a screenfull of them, I thought some error correction would be a very good idea. (First thing that came to mind was par2+base64 but I think this might have have a few issues.). Then came the realisation that printing out english letters was a woefully inefficent way to store binary data on a piece of paper. I'm certain there must be more compact and robust ways (ie: without subtly similar symbols like 0 and O) way to store information. So...Does anyone : Know of a system that can take binary data and output an image to be printed out, that is then capable of extracting that binary data from an imperfect scan of the image. OR Have any success stories regarding printing, scanning then OCRing keys or any other data? If so how did you do it? (what did you use for error correction, what font, what size etc..) (Oh, and I'm aiming to do this with just Free/Open software.) -- Roscoe From wk at gnupg.org Tue May 15 08:53:10 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 May 2007 08:53:10 +0200 Subject: Secure text editor? In-Reply-To: <5d7f07420705141511q73aacd9bma9f4fcfe6639a95b@mail.gmail.com> (Ryan Malayter's message of "Mon\, 14 May 2007 17\:11\:54 -0500") References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <5d7f07420705141511q73aacd9bma9f4fcfe6639a95b@mail.gmail.com> Message-ID: <87y7jqinmx.fsf@wheatstone.g10code.de> On Tue, 15 May 2007 00:11, malayter at gmail.com said: > I'm certainly no expert, but I can offer a link, as I was just looking > into this myself. Locking seems to be page-based on Windows NT There has been a lot of discussion in the past about VirtualLock. First it seemed to be a viable solution, later its functionality was questioned again and another few years later some folks agreed tha it could be a solution. I guess that this quarrel was caused by different implementations of different Windows versions. Salam-Shalom, Werner From rjh at sixdemonbag.org Tue May 15 08:58:53 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 May 2007 01:58:53 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <46494CD2.10807@caseyljones.net> References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> <46486EEE.4020209@caseyljones.net> <873b1zkzca.fsf@wheatstone.g10code.de> <46494CD2.10807@caseyljones.net> Message-ID: <9994A2F7-AA47-4B4D-832C-269857E47C86@sixdemonbag.org> I apologize if I sound terse here, but this conversation has (IMO) jumped the shark. > But how can we be confident? Cf. Thompson, K. _Reflections on trusting trust_. Comm. ACM 27, 8 (Aug. 1984), 761-763. A digital version of it is currently available at http://www.acm.org/ classics/sep95/, but links tend to be ephemeral, so read it while you can. Once you've read it, decide whether you can even trust the compiler you're using to compile GnuPG. Finally, come back here and see whether that same logic can be used to decide whether to trust GnuPG. If you're chasing a neverending shadow of "well, someone might attack the system this way...", you're ultimately left hand-hacking machine instructions for a low transistor count chip whose design you have personally validated and lithographed onto a sliver of six-nines pure silicon you smelted yourself. That's what lies at the bottom of this rabbit hole. From wk at gnupg.org Tue May 15 09:18:24 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 May 2007 09:18:24 +0200 Subject: Old PC as Hardware Security Module? In-Reply-To: <9994A2F7-AA47-4B4D-832C-269857E47C86@sixdemonbag.org> (Robert J. Hansen's message of "Tue\, 15 May 2007 01\:58\:53 -0500") References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> <46486EEE.4020209@caseyljones.net> <873b1zkzca.fsf@wheatstone.g10code.de> <46494CD2.10807@caseyljones.net> <9994A2F7-AA47-4B4D-832C-269857E47C86@sixdemonbag.org> Message-ID: <87lkfqimgv.fsf@wheatstone.g10code.de> On Tue, 15 May 2007 08:58, rjh at sixdemonbag.org said: > Cf. Thompson, K. _Reflections on trusting trust_. Comm. ACM 27, 8 > (Aug. 1984), 761-763. David Wheeler recently published a paper which explains how to overcome this problem: Countering Trusting Trust through Diverse Double-Compiling http://www.dwheeler.com/trusting-trust/ Salam-Shalom, Werner From thomas-ml at vollmeronline.de Tue May 15 09:25:55 2007 From: thomas-ml at vollmeronline.de (Thomas Vollmer) Date: Tue, 15 May 2007 09:25:55 +0200 Subject: Secure text editor? In-Reply-To: <4648D5F2.5010705@securemecca.net> References: <4648D5F2.5010705@securemecca.net> Message-ID: <200705150926.00467.thomas-ml@vollmeronline.de> On Montag, 14. Mai 2007, Henry Hertz Hobbit wrote: > You wrote: > > I use my standard text edit for this. It is vim with the > > gnupg plugin from Markus Braun: > > > > http://vim.sourceforge.net/scripts/script.php?script_id=661 > > installed. Please keep the discussion in the mailing list. > THIS LOOKS EXACTLY LIKE WHAT A LOT OF PEOPLE WANT! Well, it is > what I want. But I must be missing something. Attached is a > test file named test.txt.asc. It was encrypted with the > TWOFISH symmetric cipher and password "test" (without > the quotes). > > How do I read it into gvim? I did put the gnupg.vim file into > the $HOME/.vim/plugin folder as they said, but I must be missing > something on how to do the encryption and decryption. I did > notice the default was to NOT use symmetric encryption, but only > when writing NEW files. > > g:GPGPreferSymmetric > > The main problem is that I have NEVER worked with plugins > before. But if you give me the steps to read and write the > attached file with gvim, I will summarize to the newsgroup > on how to use it with symmetric ciphers, especially with > Windows since that was what was requested (and what I want). > All I get with gvim is a: > > Messsage could not be decrypted! (Press ENTER) > > I get it whether I open the file after starting or typing > something like the following in a terminal: > > $ gvim test.txt.asc & > # or > # gvim test.txt > > # but if I type: > > $ vim test.txt.asc > > I am prompted for the password, and it works. That's just > fine for Linux / Macintosh, but getting it to work with > gvim is paramount for making it to work on Windows. There > is no "vim" on Windows, just "gvim". > > I am using gvim & vim versions 6.3.86 on Fedora Core 3 (no > snickers, I like this version of FC, and my machine really > can't run FC6 - not enough engine). I downloaded this > version of the script: > > Script > Package Version Date VIM Version > gnupg.vim 1605 2007-04-05 6.0 > > Tell me if that was the wrong one. I assume it isn't, > because it DOES work with vim. It just doesn't work with > gvim. Do You have the gpg-agent running? This is required for gvim. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : /pipermail/attachments/20070515/f1afdfd6/attachment.pgp From rjh at sixdemonbag.org Tue May 15 10:11:38 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 May 2007 03:11:38 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <87lkfqimgv.fsf@wheatstone.g10code.de> References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> <46486EEE.4020209@caseyljones.net> <873b1zkzca.fsf@wheatstone.g10code.de> <46494CD2.10807@caseyljones.net> <9994A2F7-AA47-4B4D-832C-269857E47C86@sixdemonbag.org> <87lkfqimgv.fsf@wheatstone.g10code.de> Message-ID: <02B40C54-0BDC-4B69-BCE5-843DE1F0F893@sixdemonbag.org> > David Wheeler recently published a paper which explains how to > overcome > this problem: Fascinating. I'm not sure that it overcomes the problem, but detection is probably 90% of the fight anyway. Thanks for the link! [goes off to read the paper again] From groups at caseyljones.net Tue May 15 10:24:47 2007 From: groups at caseyljones.net (Casey Jones) Date: Tue, 15 May 2007 01:24:47 -0700 Subject: Old PC as Hardware Security Module? In-Reply-To: <9994A2F7-AA47-4B4D-832C-269857E47C86@sixdemonbag.org> References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> <46486EEE.4020209@caseyljones.net> <873b1zkzca.fsf@wheatstone.g10code.de> <46494CD2.10807@caseyljones.net> <9994A2F7-AA47-4B4D-832C-269857E47C86@sixdemonbag.org> Message-ID: <46496E4F.3040106@caseyljones.net> Robert J. Hansen wrote: > I apologize if I sound terse here, but this conversation has (IMO) > jumped the shark. > >> But how can we be confident? > > Cf. Thompson, K. _Reflections on trusting trust_. Comm. ACM 27, 8 > (Aug. 1984), 761-763. > > A digital version of it is currently available at http://www.acm.org/ > classics/sep95/, but links tend to be ephemeral, so read it while you > can. > > Once you've read it, decide whether you can even trust the compiler > you're using to compile GnuPG. Finally, come back here and see > whether that same logic can be used to decide whether to trust GnuPG. > > If you're chasing a neverending shadow of "well, someone might attack > the system this way...", you're ultimately left hand-hacking machine > instructions for a low transistor count chip whose design you have > personally validated and lithographed onto a sliver of six-nines pure > silicon you smelted yourself. > > That's what lies at the bottom of this rabbit hole. But how do you know they didn't use quantum mechanics to compromise the silicon atoms? Seriously though, that's a classic paper but what are you saying? If you're using gpg then you're not trusting nothing. It would be pointless to use gpg if you haven't decided that it is worthy of at least some significant level of trust. Is it not legitimate then to discuss what level of trust it deserves and what level of trust is sufficient for what purpose? Often times it is worth it to put trust in something even if it isn't as trustworthy as you would like. The people that were using the Java Anonymous Proxy may have decided that the benefits outweighed the risks. If JAP users had known that the German government could legally compel the JAP developers to secretly compromise the system, would that be a significant factor in deciding whether to use it or use something else? If the German government can legally compel the distributors of the OpenPGP Card to secretly compromise it, would that be a significant consideration in deciding whether to use it or switch to something open source? Is it really unreasonable of me to ask such questions? From shirishag75 at gmail.com Tue May 15 08:22:58 2007 From: shirishag75 at gmail.com (shirish) Date: Tue, 15 May 2007 11:52:58 +0530 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 & how to make the key compliant with 2.0.3 Message-ID: <511f47f50705142322rbd11c8ice47e34e09f4acec@mail.gmail.com> Hi all, I made my personal key in Ubuntu 7.04 by the default gpg --gen key command. I use. Then to use it, was using firepg to sign it. Firepg kept telling me that the signature is not valid. Thinking it was an issue with the extension per-se made a post about the same in firepg & was consequently banned. Although there was no explanation given but that's another matter. http://firegpg.tuxfamily.org/forum/viewtopic.php?id=108 Fishing around my own system came to the conclusion that I was using a non-compatible version of the gnupg with the extension. gpg --version gpg (GnuPG) 1.4.6 >From the site http://www.gnupg.org/ GnuPG comes in two flavours: 1.4.7 is the well known and portable standalone version, whereas 2.0.4 is the enhanced and somewhat harder to build version. Installed the new version gnupg 2.0.3 (which is supported in Ubuntu at this point in time) . https://launchpad.net/ubuntu/feisty/+source/gnupg2 . Now my query is how can I make the key I have already made 2.0.3 compatible. Looking for easy instructions. Also looked at few mirrors and http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto.txt not just this one but all manuals which point to webber.dewinter.com are down. Lastly, https://help.ubuntu.com/community/GnuPrivacyGuardHowto is in someways my baby as I have contribute quite a large part into the doc. Feel free to point out any mistakes. Any help with the above will also be finding its way into the doc. Rest assured. -- Shirish Agarwal This email is licensed under http://creativecommons.org/licenses/by-nc/3.0/ 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 From rjh at sixdemonbag.org Tue May 15 10:42:12 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 May 2007 03:42:12 -0500 Subject: Printing Keys and using OCR. In-Reply-To: References: Message-ID: <5D02109D-9078-421D-9E76-CE71AF39C75C@sixdemonbag.org> > Know of a system that can take binary data and output an image to be > printed out, that is then capable of extracting that binary data from > an imperfect scan of the image. QR coding is pretty nice. 3kb of binary storage per bitmap, and it's an international standard: ISO/IEC 18004. There may be an open- source implementation of it already. If there's not, you could do the community a favor by writing one. :) http://en.wikipedia.org/wiki/QR_Code From rjh at sixdemonbag.org Tue May 15 11:33:17 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 15 May 2007 04:33:17 -0500 Subject: Old PC as Hardware Security Module? In-Reply-To: <46496E4F.3040106@caseyljones.net> References: <46482183.20004@caseyljones.net> <87iravwo7v.fsf@wheatstone.g10code.de> <46486EEE.4020209@caseyljones.net> <873b1zkzca.fsf@wheatstone.g10code.de> <46494CD2.10807@caseyljones.net> <9994A2F7-AA47-4B4D-832C-269857E47C86@sixdemonbag.org> <46496E4F.3040106@caseyljones.net> Message-ID: <4C90F750-DB2B-4735-A52F-D42397228D73@sixdemonbag.org> > Is it not legitimate then to discuss what level of trust it > deserves and what level of trust is sufficient for what purpose? 'Legitimate' is a bad word to use. Is it legitimate? Sure, I guess, as long as you live in a nation with strong freedom of speech laws. If you live in Cuba, you might get some inquiries from the police about your interest in cryptography. Certainly, nobody here is going to tell you that you can't talk about these subjects. But is it wise? Is it productive? Probably not. The idea that there should be a discussion about what level of trust GnuPG deserves is, frankly, absurd. It implicitly casts the discussion in terms of there being a single Platonic ideal for what GnuPG should do, and a yardstick with which to measure how well GnuPG matches the ideal. > If JAP users had known that the German government could legally > compel the JAP developers to secretly compromise the system, would > that be a significant factor in deciding whether to use it or use > something else? I don't mean to sound rude here, although I'm afraid it's going to come out that way. Please read this as if my tone is calm and sympathetic, not harsh and bitter. For you, maybe it should be. For me, maybe it shouldn't. As an example, when I was an exchange student in Germany my host father was a German state prosecutor.[*] Do you think he would be more or less likely to use JAP on the basis of his knowledge that it the JAP folks at Dresden would cooperate with law-enforcement? Should we think that his opinion is right or wrong, just because it contradicts your position? Werner already gave you this answer, more or less. What he said was: "For whatever reasons the JAP folks at the Dresden university decided that they want to help them. There was no actual need. I recall a private conversation with the resonsible professor where he told me: yes, I am in favor of anonymity but there needs to be a limit; child porn is enough of a reason to help the prosecution office." Different people will have different security policies, there's nothing you can do to change that, and the fact the policies are different doesn't say anything about whether you're right and they're wrong or vice-versa. You get to decide your security policy. You don't get to decide anyone else's. In fact, I think it's unethical to even try to influence other people's security policy. I think the most you can ethically do is calmly present information, separate the things you can prove from the things you suspect, distinguish objective fact from subjective opinion, and trust that if enough people do this, we will all be enriched. [*] You Germans on the list, you have no idea how much I envy you. I left Hildesheim in '94 and I've wanted to return ever since. It's the first city I ever found that felt like home to me. I've missed it ever since. > If the German government can legally compel the distributors of the > OpenPGP Card to secretly compromise it, would that be a significant > consideration in deciding whether to use it or switch to something > open source? Is it really unreasonable of me to ask such questions? Yes. Because why are you even bothering asking such an important question like that on the internet? You don't know me. For all you know I work for the NSA. Why would you put any stock whatsoever in my opinion? If this is the sort of question you want to ask, then find people you know, people you know to be wise, people you know to be calm, people you know to be reasonable. People you trust. Ask them, talk it over with them. You don't know me and that means you probably shouldn't trust me. Despite that, you appear to be putting an awful lot of emphasis on getting me to agree the sky is falling. This makes me think that you want to use my opinions as a drunkard uses a lamppost... for support, not for illumination. From vesely at tana.it Tue May 15 11:44:05 2007 From: vesely at tana.it (Alessandro Vesely) Date: Tue, 15 May 2007 11:44:05 +0200 Subject: Secure text editor? In-Reply-To: <46488E17.3040209@psmay.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> Message-ID: <464980E5.40100@tana.it> Peter S. May wrote: > Peter Lebbing wrote: >> an editor which will not leak the text in any way, so locking it's pages in >> memory so they won't be swapped out, and other angles of attack. > ... > > (Developers familiar with swap-locked memory: I'd appreciate at least a > short explanation of how it works to someone who understands ISO C but > not necessarily OS-specific APIs. Virtual memory is a feature that an OS can expose to apps. Memory mapped files are an example. On Linux there are both shm and mmap. Traditional SysV stuff may better suit inter-process sharing, while more recent APIs emphasize multi-threading within the same process. On Windows there is just one way to share memory. Memory locking must be understood in that context. It is meant for synchronization purposes, not for security. How to _avoid_ to share memory is a different subject. Apps don't make decisions on system resources. Using a swap file is a system decision, and it should be configured accordingly. Even if you have no swap file, you can still *debug* an app. That implies the ability for an external process to poke its nose into the app's memory, swapped or not. On Linux it is somewhat easier than on Windows to examine other processes' memory. Only the kernel can hide memory from apps. In theory, it can also hide it from device drivers, on CPUs that implement multiple rings. On Windows, it is a common habit to assume that users have no control over what software is installed or runs on their systems at any given time. Maybe, that's why Vista crypts intra-system (kernel-device) communication. However, the latter feature adds no security, from a user's perspective. On Linux it is more common to consider that a system is compromised if it contains any software that is not trusted. Other communities consider compromised a system if it is, or has ever been, connected to the Internet... Finally, for the editor, let me mention Emacs: http://www.emacswiki.org/cgi-bin/wiki/GnusPGG http://www.emacswiki.org/cgi-bin/wiki/CategoryWThirtyTwo From dave.smith at st.com Tue May 15 10:59:58 2007 From: dave.smith at st.com (David SMITH) Date: Tue, 15 May 2007 09:59:58 +0100 Subject: Old PC as Hardware Security Module? In-Reply-To: <4648A911.9060907@digital-signal.net> References: <46482183.20004@caseyljones.net> <95008D83-261C-4CC8-A1F8-2782CC33FE73@sixdemonbag.org> <871whjhc1w.fsf@mocca.josefsson.org> <87bqgnfw69.fsf@mocca.josefsson.org> <46489B34.5080102@sven-radde.de> <4648A911.9060907@digital-signal.net> Message-ID: <20070515085958.GH9642@bristol.st.com> On Mon, May 14, 2007 at 01:23:13PM -0500, Andrew Berg wrote: > Sven Radde wrote: > > unless you can calculate SHA-1 values in your head... > I know it's off topic, but how hard would that be? I've never looked > over the algorithm. As someone who has just implemented a hardware SHA-1/256 engine, "hard enough". For a piece of hardware, it's pretty simple - just lots and lots of shifts, rotates, XORs and modulo addition. The operations are not difficult to do, but you have to do them repeatedly. Realistically, you'd need a pen and paper (unless you're one of these people with incredible mathematical brainpower), and I'd guess that it'd take the average "clued up" person (i.e. someone who knows what XOR, modulo addition, etc. is) about half an hour for a small block of data. For SHA-1, you need to store five working variables (all 32-bit), plus a message schedule of sixteen 32-bit numbers. For each 64 bytes of input message, you need to do 80 iterations of the loop, each iteration contains 1 x 5-way addition, plus a two or 3-way XOR, plus some ANDing and inversion on some of the iterations. For SHA256, you've got eight working variables, and you only have 64 loop iterations per 64 bytes of data, but the operations in the loop are much more complicated. If you want more info, FIPS180-2 is the document you're after. -- David Smith | Tel: +44 (0)1454 462380 Home: +44 (0)1454 616963 STMicroelectronics | Fax: +44 (0)1454 462305 Mobile: +44 (0)7932 642724 1000 Aztec West | TINA: 065 2380 GPG Key: 0xF13192F2 Almondsbury | Work Email: Dave.Smith at st.com BRISTOL, BS32 4SQ | Home Email: David.Smith at ds-electronics.co.uk From malayter at gmail.com Tue May 15 13:35:52 2007 From: malayter at gmail.com (Ryan Malayter) Date: Tue, 15 May 2007 06:35:52 -0500 Subject: Secure text editor? In-Reply-To: <464980E5.40100@tana.it> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <464980E5.40100@tana.it> Message-ID: <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> On 5/15/07, Alessandro Vesely wrote: > Virtual memory is a feature that an OS can expose to apps. Memory mapped > files are an example. On Linux there are both shm and mmap. Traditional > SysV stuff may better suit inter-process sharing, while more recent APIs > emphasize multi-threading within the same process. On Windows there is > just one way to share memory. Memory locking must be understood in that > context. It is meant for synchronization purposes, not for security. LocalLock() and GlobalLock() do indeed seem to be for synchronization, but VirtualLock() seems a different beast entirely. It seems its purpose is for performance and/.or security. But again, I have little experience in this area, and I am just regurgitating what I read on MSDN. -- RPM From groups at caseyljones.net Tue May 15 13:39:33 2007 From: groups at caseyljones.net (Casey Jones) Date: Tue, 15 May 2007 04:39:33 -0700 Subject: Printing Keys and using OCR. In-Reply-To: References: Message-ID: <46499BF5.1030903@caseyljones.net> Roscoe wrote: >Does anyone : > > Know of a system that can take binary data and output an image to be > printed out, that is then capable of extracting that binary data from > an imperfect scan of the image. The wiki page on barcodes http://en.wikipedia.org/wiki/Barcode has a list of 2d barcodes including one proprietary one that can store 1MB of data per page. One funny application they suggested for it on their website was to print a sound file of how to pronounce your name on your business card. There appears to be an open source project going for PDF417 http://en.wikipedia.org/wiki/PDF417 From wk at gnupg.org Tue May 15 14:23:28 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 15 May 2007 14:23:28 +0200 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 & how to make the key compliant with 2.0.3 In-Reply-To: <511f47f50705142322rbd11c8ice47e34e09f4acec@mail.gmail.com> (shirishag75@gmail.com's message of "Tue\, 15 May 2007 11\:52\:58 +0530") References: <511f47f50705142322rbd11c8ice47e34e09f4acec@mail.gmail.com> Message-ID: <87wszagtrz.fsf@wheatstone.g10code.de> On Tue, 15 May 2007 08:22, shirishag75 at gmail.com said: > it. Firepg kept telling me that the signature is not valid. Thinking > it was an issue with the extension per-se made a post about the same > in firepg & was consequently banned. Although there was no explanation I don't know firepg so I can't help you here. What I can tell you is that gpg (1.4.*) and gpg2 (2.0.*) should be identical - it is actually the same code with glue to integrate into the entire gnupg-2 system. So the keys are supposed to be identical... ... but, depending on the version of libgcrypt you are using the list of suppoorted algorithms may be different. For example my gpg 1.4.7 gives me this list: Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB and gpg2 2.0.4 : Supported algorithms: Pubkey: RSA, ELG, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512 Compression: Uncompressed, ZIP, ZLIB A problem now would be the SHA224 algorithm which is not supported by gpg2 (or better, libgcrypt 1.2.4). To see why you have problems with your key, we need more details about the key and the failing signature. Shalom-Salam, Werner From thomas-ml at vollmeronline.de Tue May 15 14:21:48 2007 From: thomas-ml at vollmeronline.de (Thomas Vollmer) Date: Tue, 15 May 2007 14:21:48 +0200 Subject: Secure text editor? In-Reply-To: <4649A1CF.1030604@securemecca.net> References: <200705150926.00467.thomas-ml@vollmeronline.de> <4649A1CF.1030604@securemecca.net> Message-ID: <200705151421.54131.thomas-ml@vollmeronline.de> On Dienstag, 15. Mai 2007, Henry Hertz Hobbit wrote: > Thomas Vollmer wrote: > > > > First, at this point I am reluctant to have all of this in the > newsgroup. I am strongly in favor of giving only what works > there. I don't think most people are interested in all of the > nitty gritty details. They just want what works (actually, so > do I). I hate books that show me 15 ways of doing something > wrong before they show the correct way of doing it. Even if > somebody finally shows me the right way of doing it, I will > find some of the wrong ways of doing it myself (I just did it > right now in this instance). I was excoriated by Robert Hansen > for spamming so I am going out of group as much as possible for > now. First, this is not a newsgroup, but a mailingl list. Second, newsgroups and mailingslist are not a FAQ. They are for discussions. So everybody could help with problems while finding the solution. > > > But this is NOT an esoteric exercise. I really do need this. > But I need it on Microsoft Windows, Linux, Sun Solaris, and > Macintosh. BUT IT MUST WORK ON MICROSOFT WINDOWS! > > > Do You have the gpg-agent running? This is required for gvim. > > I do NOT have gpg-agent running, and it said NOTHING about that > on the web page: > > http://vim.sourceforge.net/scripts/script.php?script_id=661 Look at the release notes of version 1605. You find them right from the download link. There You will find: "- new plugin options to set preferences for symmetric/asymmetric and armor/binary files - fix for use with gvim. !! plugin works only in gvim if gpg-agent is available !!" > > A search with the terms: > > gpg-agent gnupg.vim > > at Google yields only three articles. That tells you how much > information is available on this (and yes, a Google search goes > into the GnuPG forum archives). In other words, we are entering > into esoteric terrritory. Contrast that with me investigating > a domain only to find that I have to add the terms -statistics > -squid -proxy to reduce the number to a manageable level of a > thousand or so entries for a domain that I am investigating for > abuse. > > I am using GnuPG 1.4.7 and that is all that will be available > on Windows as well. Do we need GnuPG 2.0.X, or can we use > GnuPG 1.4.7? Please remember that the original poster specified > that they are using Windows. I will hold off my post to the > newsgroup (which I was getting ready to do) until I can get this > all hammered out on what is required. Please keep in mind that > there are no binaries for either gpg-agent or libassuan on Windows > that are available separately. I will look at the latest version > of GPG4Win today. Up until now all I have ever installed was > GnuPG itself on Windows. I dont use gnupg on Windows boxes, so I cant tell You what package You need to get the gpg-agent. AFAIK before the Agent moved into the gnupg2 package there was a standalone package. But this should be way old now. > > The gnupg.vim people should clearly specify ALL of the requirements As I see for now, they do. > What are the requirements besides gpg-agent? I assumed that since > they mentioned vim version 6.0 and I am using 6.3.86 on FC3 Linux > and gvim 7.0 on Windows XP the requirements wouldn't be all that > stiff. Evidently, I was wrong. Please specify EVERYTHING that > is needed, since they didn't. I am assuming we also need > libassuan. Is that all that is needed or is there more? I don't > know what all of the requirements are. Keep in mind MS Windows > in this discussion. I need this to work across ALL platforms > that I am using and that is Windows, Linux, Solaris, and Macs. > > Note that I am editing only symmetric encrypted files (no OpenPGP > asymmetric encryption is being used). In other words, why should > I need gpg-agent? I can understand why it is needed for OpenPGP > (asymmetric) encryption, but not why it is needed for symmetric > encryption. I still can't see why that would cause a problem, > since it does the test for symmetric encryption first. gpg-agent only handels the mantra input. Because of this the gnupg plugin needs it f?r the GUI vim. There is no console which can be used for the input and a GUI dialog is needed. This is what gpg-agent does. > > I tried these modifications to gnupg.vim so I can edit only > symmetric encrypted files: > > --- gnupg.vim.2007May15 2007-05-15 04:29:06.000000000 -0600 > +++ gnupg.vim 2007-05-15 04:25:40.000000000 -0600 > @@ -109,15 +109,15 @@ > " check if gpg-agent is allowed > if (!exists("g:GPGUseAgent")) > - let g:GPGUseAgent = 1 > + let g:GPGUseAgent = 0 > endif > > " check if symmetric encryption is preferred > if (!exists("g:GPGPreferSymmetric")) > - let g:GPGPreferSymmetric = 0 > + let g:GPGPreferSymmetric = 1 > endif > > " check if armored files are preferred > if (!exists("g:GPGPreferArmor")) > - let g:GPGPreferArmor = 0 > + let g:GPGPreferArmor = 1 > endif > > but of course, that didn't work. > > HHH Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : /pipermail/attachments/20070515/feaa4925/attachment.pgp From peter at digitalbrains.com Tue May 15 15:39:46 2007 From: peter at digitalbrains.com (Peter Lebbing) Date: Tue, 15 May 2007 15:39:46 +0200 Subject: Secure text editor? In-Reply-To: <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <464980E5.40100@tana.it> <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> Message-ID: <4649B822.7070406@digitalbrains.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for all the helpful posts. I think I will go with just using my Linux laptop for it. I can just encrypt the swap, it's not difficult, I've played with cryptoloop before. I didn't use it for swap, but it's identical. And while I'm at it, I'll just add a file-backed cryptoloop for a small encrypted partition, which imho is easier than using the vim plugin, although I will actually be using vim :). It's my favourite editor on Linux. In that respect I have an important question: it is correct that vim only makes a swapfile in the same directory, right? No cute extra files in /tmp? :) And yes, it's perfectly possible to run without swap at all under Linux. But crypting the swap is rather trivial and it can be a useful addition. Since Linux doesn't use the swap intensively on normal use, the performance penalty is low. Windows seems to me to have a habit of overusing the swap, and an en-/decryption on every use might incur quite some performance penalty. The usual recipe involves choosing a random key on startup which is only kept in memory, so on shutdown (controlled or forced) the contents of the swap are just garbage since not even the legitimate owner still has the key. Swap doesn't need to persist over reboot. In this respect I have a nice idea, if you're worried about the swap remaining readible to root later on during uptime (when it becomes hacked). After all, some boxes stay up for years, so the swap is never wiped on reboot. It might be a bit paranoid, but the procedure is so easy that I thought I should mention it. Instead of using 1 swapspace of 512 MiB (example), you set up two partitions of 512 MiB. You only use one, crypted. After you've done something you wish to hide, you enable the other crypted swap, and disable the original crypted swap /after that/. If you assume the key for the crypted device is lost this way, your original data is scrambled, and only active pages are transferred to the new swap when you disable the first swapspace. If you're afraid the kernel might have swapped the page containing the original key to the new swapspace, you "shred" the old swapspace, but I think chances are low: a driver that handles crypting to swap will not swap it's own key out, because how is it going to unswap it? It needs the key to decrypt the key. The driver is written to keep everything needed to access the swap in main memory. The only possibility is that it keeps a second copy of the key, but I think this is unlikely. And with this procedure, you always have a minimum of 512 MiB swap, unlike when you just disable and re-enable the swap. Alessandro Vesely talked about snooping in the memory space of the process. Yes, if your computer is compromised, all activity at that moment is also compromised. The thing with swapspace though, is that the plaintext remains on disk long after you've edited the file! - From the whole discussion I get the idea that it's not that sure that Windows respects a locked page in the sense as we're talking about it here. Hibernation though is not an issue. Obviously if you hibernate, all pages are written to disk. You simply shouldn't hibernate while editing a sensitive document. Anyway, after the previous messages I'm not convident enough Windows will keep my plaintext off of the disk, not even with LockNote mentioned by Zach Himsel. So I'll just accept the extra trouble of grabbing my laptop in case I need the file. I am confident enough that Linux with crypted swap and partition will keep it safe. I don't want my Windows partition containing the literal text "Password for root access to important machine: geheim". Maybe all of it is overkill for my security needs, but it's not that much trouble. I just remember that time when my FAT root directory was wrecked, and I recovered schoolwork by searching the whole partition for a rather unique phrase I remembered having used in the document :). Thanks all, Peter. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRkm4IPqr/97I5g4/AQLi2QP+NB2iRq4btjzmCx0HZk4k5zR7SHHnEgKK IxiLGT6Y+8pKO23pWaK4y1YfxTKN2c8e70Xxzlk2u4oEdh1xiYUZk4E6CxxEE2wx eSOxHV8sYQ2l2wkvcrGyJ6X5IP7JfRbguBEoWlmaVaiwKZArgUBbk+MGq4UJ8SXA xQCFSC/5U9M= =kbph -----END PGP SIGNATURE----- From malayter at gmail.com Tue May 15 16:07:35 2007 From: malayter at gmail.com (Ryan Malayter) Date: Tue, 15 May 2007 09:07:35 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <46499BF5.1030903@caseyljones.net> References: <46499BF5.1030903@caseyljones.net> Message-ID: <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> On 5/15/07, Casey Jones wrote: > There appears to be an open source project going for PDF417 > http://en.wikipedia.org/wiki/PDF417 We've used PDF417 for conference attendee badges in the past. They work well, and there seems to be quite a bit of hardware and software out there to support them. However, using *any* secondary encoding technique mroe complex than base64 is going to make recovery of the key that much more difficult down the road. Have you ever tried to recover a 15 year old file from floppy or tape? Just figuring out what the file format *is* can be a challenge. I would suggest using plain old base64 ASCII and a large version of a font like OCR-A or OCR-B. You can include par2 information, also base64 encoded, but finding software to use that data for recovery may be difficult many years in the future. Simply printing multiple copies of the page for OCR and diffing for errors would probably be easier. Finally, consider the paper and ink/toner you use... some cheaper paper is very acid, and some toner flakes over time. Regards, -- RPM From jbruni at mac.com Tue May 15 17:45:09 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Tue, 15 May 2007 08:45:09 -0700 Subject: Printing Keys and using OCR. In-Reply-To: References: Message-ID: <6C2AC77F-0112-1000-B076-2E6739F4D6DF-Webmail-10017@mac.com> How about bar code? I don't know long it would be to hold a key though. That might exceed the capabilities of some bar-code scanners. -- PGP Fingerprint: C54A C9DD 84AD C6FC D343 67C4 5195 D63A CD55 18C7 On Tuesday, May 15, 2007, at 12:23AM, "Roscoe" wrote: >Hey folks, > > >I'm wanting to store my OpenPGP key on paper, I suspect this is >something someone else has already done. The motivation behind this is >that paper is the most stable backup medium I have. > > >I have tried printing out a key, then scanning and using gocr on the result. >That was unsuccessful due to the high number of errors in the OCR >phase, I suspect with a carefully selected font and font size I could >sigificantly cut down on that error rate. > >Now since even a 99.99% accuracy in the OCR phase is still going to >cause a large headache when you're trying to track down what one or >few characters got interpreted wrong amongst a screenfull of them, I >thought some error correction would be a very good idea. >(First thing that came to mind was par2+base64 but I think this might >have have a few issues.). > >Then came the realisation that printing out english letters was a >woefully inefficent way to store binary data on a piece of paper. I'm >certain there must be more compact and robust ways (ie: without subtly >similar symbols like 0 and O) way to store information. > > >So...Does anyone : > >Know of a system that can take binary data and output an image to be >printed out, that is then capable of extracting that binary data from >an imperfect scan of the image. > >OR Have any success stories regarding printing, scanning then OCRing >keys or any other data? >If so how did you do it? (what did you use for error correction, what >font, what size etc..) > >(Oh, and I'm aiming to do this with just Free/Open software.) > > >-- Roscoe > >_______________________________________________ >Gnupg-users mailing list >Gnupg-users at gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From shirishag75 at gmail.com Tue May 15 19:46:30 2007 From: shirishag75 at gmail.com (shirish) Date: Tue, 15 May 2007 23:16:30 +0530 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 & how to make the key compliant with 2.0.3 In-Reply-To: <87wszagtrz.fsf@wheatstone.g10code.de> References: <511f47f50705142322rbd11c8ice47e34e09f4acec@mail.gmail.com> <87wszagtrz.fsf@wheatstone.g10code.de> Message-ID: <511f47f50705151046r3cac1b2ao8be8395b6e4ffd2f@mail.gmail.com> Hi Werner, On 5/15/07, Werner Koch wrote: > On Tue, 15 May 2007 08:22, shirishag75 at gmail.com said: > > > it. Firepg kept telling me that the signature is not valid. Thinking > > it was an issue with the extension per-se made a post about the same > > in firepg & was consequently banned. Although there was no explanation > > I don't know firepg so I can't help you here. > > What I can tell you is that gpg (1.4.*) and gpg2 (2.0.*) should be > identical - it is actually the same code with glue to integrate into the > entire gnupg-2 system. So the keys are supposed to be identical... > > ... but, depending on the version of libgcrypt you are using the list of > suppoorted algorithms may be different. For example my gpg 1.4.7 gives > me this list: > > Supported algorithms: > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > Compression: Uncompressed, ZIP, ZLIB > > and gpg2 2.0.4 : > > Supported algorithms: > Pubkey: RSA, ELG, DSA, ELG > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512 > Compression: Uncompressed, ZIP, ZLIB > > A problem now would be the SHA224 algorithm which is not supported by > gpg2 (or better, libgcrypt 1.2.4). > > To see why you have problems with your key, we need more details about > the key and the failing signature. Here's a screenshot of the email I sent :- http://img253.imageshack.us/img253/7193/notvalidsignatureshotdf5.png I'd guess you would use the --export-secret-keys command line switch from 1.4.7 and then --import into 2.0.3 If you don't still have 1.4.7 installed, maybe boot from a Knoppix CD or something and make sure the key file is in the directory gpg expects ( ~/.gnupg/ I think). Also what do u guys think of Mr. Casey Jones, do u think he's right at the above. > > > > Shalom-Salam, > > Werner > > Please lemme know what you guys think of the above points, Shalom -- Shirish Agarwal This email is licensed under http://creativecommons.org/licenses/by-nc/3.0/ 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 From groups at caseyljones.net Wed May 16 07:18:45 2007 From: groups at caseyljones.net (Casey Jones) Date: Tue, 15 May 2007 22:18:45 -0700 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 & how to make the key compliant with 2.0.3 In-Reply-To: <511f47f50705151046r3cac1b2ao8be8395b6e4ffd2f@mail.gmail.com> References: <511f47f50705142322rbd11c8ice47e34e09f4acec@mail.gmail.com> <87wszagtrz.fsf@wheatstone.g10code.de> <511f47f50705151046r3cac1b2ao8be8395b6e4ffd2f@mail.gmail.com> Message-ID: <464A9435.6080808@caseyljones.net> shirish wrote: > Also what do u guys think of Mr. Casey Jones, do u think he's right > at the above. Werner posted that the keys should be identical between the versions, so I guess my suggestion shouldn't be necessary. Therefore I withdraw my suggestion. It still might be worth a try though. Just make sure your backups are good before you mess with your key. Before you do that though, try signing and encrypting a file with gpg from the command line and checking to see that it will validate. That way you'll know if the problem is gpg or firepg. First, to verify that you have your keys in an accessible place and to remind you what your key ID is: gpg --list-keys Then sign and encrypt to an ascii file using your own key ID when it asks for recipient: gpg -a -se yourloveletter.txt Then see if it works: gpg --decrypt yourloveletter.txt.asc I like to use the -a when testing like this just so it will come out in an ascii format that I can enjoy looking at instead of the default binary format. From vesely at tana.it Wed May 16 09:10:10 2007 From: vesely at tana.it (Alessandro Vesely) Date: Wed, 16 May 2007 09:10:10 +0200 Subject: Secure text editor? In-Reply-To: <4649B822.7070406@digitalbrains.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <464980E5.40100@tana.it> <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> <4649B822.7070406@digitalbrains.com> Message-ID: <464AAE52.7090108@tana.it> Peter Lebbing wrote: > Alessandro Vesely talked about snooping in the memory space of the process. > Yes, if your computer is compromised, all activity at that moment is also > compromised. The thing with swapspace though, is that the plaintext remains > on disk long after you've edited the file! Aha! Forcing oblivion for that text is a good point. The swap probably also includes any buffer used by the windowing system and the like. A system trace of any write access to the disk would provide a comprehensive list, including any "plaintext~" or similar stuff, independently of the editor used. If you are not too paranoid, a simple wrapper, a la strace, that only looks for write access by the editor and possible forks thereof, might suffice. I'd bet some tool like that exists already, but have no pointer at hand. From vesely at tana.it Wed May 16 08:47:47 2007 From: vesely at tana.it (Alessandro Vesely) Date: Wed, 16 May 2007 08:47:47 +0200 Subject: Secure text editor? In-Reply-To: <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <464980E5.40100@tana.it> <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> Message-ID: <464AA913.5080702@tana.it> Ryan Malayter wrote: > On 5/15/07, Alessandro Vesely wrote: >> On Windows there is >> just one way to share memory. Memory locking must be understood in that >> context. It is meant for synchronization purposes, not for security. > > LocalLock() and GlobalLock() do indeed seem to be for synchronization, > but VirtualLock() seems a different beast entirely. Each XyzAlloc has its corresponding XyzLock. I don't count LocalAlloc, GlobalAlloc, HeapAlloc as memory sharing functions. VirtualAlloc can be used after MapViewOfFile, more or less where one would possibly use madvise() on Linux, except that it's mandatory. About VirtualLock, MSDN says: Locks the specified region of the process's virtual address space into physical memory, ensuring that subsequent access to the region will not incur a page fault. It doesn't ensure the corresponding region on the swap file is swept. From berland at gmail.com Wed May 16 14:08:02 2007 From: berland at gmail.com (Jim Berland) Date: Wed, 16 May 2007 20:08:02 +0800 Subject: GnuPG for a small company -- Questions before I start Message-ID: Hello everybody, I am going to try to set up GPG for our small company (about 15 people) and would like to ask you guys for some help. Following I will write down my thoughts on this, that I had so far. Comments would be highly appreciated since I do not want to start this before I don't feel confident and have a complete plan. So I am thinking that each co-worker needs his/her own key (signing and encryption subkeys) with the main key held back by the company. That way they cannot sign other keys, a lost password wouldn't be a problem and all emails would still be decryptable if necessary. I understand concerns at this point, but I think it is reasonable, if employees are taught about the situation. The keys are to be used professionally only and I am going to offer my help if people become interested in having GPG for private use. We have, by the way, the means to store the main keys very safely. To have an internal Web-of-Trust there should be a main key (for the company itself) signing the employee's keys and collecting their signatures. This far, I think, this is a good system for company-internal encryption. Following are my questions that arise when I think about using GPG with the outside world. Other companies should be able to trust the signatures of our employees. I was thinking that it should be all about the main key, so that somebody can trust a new contact from our side immediately, because that new key is also signed by the trusted main key. But how to make the main key a trustworthy one? The way of spreading the key personally when representatives visit other companies is unrealistic. The best thing I could find is to join the CACert.org Web-of-Trust. A Web-of-Trust of companies, that do business with each other, is surely not desirable since their relations are going to be public on a key server. While it's easy to prevent unwanted signing on our side (crippled keys), what is the best solution (to try) to ensure, that the main key or any other of the company's keys are not signed by somebody else? There is no technical solution for this, so I wonder how others deal with this. All I can think of is a policy website. Does somebody have information or experiences with any of these problems? Thank you very much for your help P.S.: I never came into contact with certificates like the ones from Thawte or CACert.org before and I don't know anybody who uses them. Considering the problems I see with GPG for this task, though, I wonder if certificates would do the job better or easier. Is this even the way other companies are going? From bahamut at digital-signal.net Wed May 16 15:52:58 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Wed, 16 May 2007 08:52:58 -0500 Subject: Feature request: load gpg.conf from the same directory as GPG Message-ID: <464B0CBA.3020607@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 In instances where GPG is used on a portable drive and used on different machines, it is much better to have gpg.conf read from the same directory as GPG rather than read from %appdata%\gnupg or ~/.gnupg. Just to have it check the same directory, then %appdata%\gnupg or ~/.gnupg would be a big help. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRksMuviOA0Bgp4/LAQMq+wgA2h266iXjST8D8D/MqYPsoO6RL/5Pi2fB TId1EszILBksENEIOzH+ReHCWAl8B/nsVUi4z5jTiCBC/+9fkHxqd77JWk46VpA5 Mbh+uMSM/udwFISTNRzcc8cSMugfLAZTVsG87p2TWPikcLgx51gyGUTPrYZ9wff4 rNLcBYHmUPr9tHapKS3sEFw4bkuDBfzl03mxUIAdohjjZkIEoE4CnXLTyA6RrLql VOMcGAHNHsDad6IznznU/bFz2hSr9vLhvMKZPajeEPbYzqu9DYkvVo8QSiXE8gOk UYoxVc8vDnGcYMtJ6+VnI6837ZPZLclAjA4OKk/TDWH1Xdne/FKyoA== =iGHZ -----END PGP SIGNATURE----- From mwood at IUPUI.Edu Wed May 16 16:06:55 2007 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Wed, 16 May 2007 10:06:55 -0400 Subject: Printing Keys and using OCR. In-Reply-To: References: Message-ID: <20070516140655.GE2632@IUPUI.Edu> If you want reasonably accurate data from OCR of scans of fonts not specifically designed for OCR then you need to proofread the output and correct as necessary. Outside of tightly controlled circumstances, OCR is not going to be fully reliable without this step. I keep a paper copy of my revocation key in locked storage, and if I ever have to use it I figure I'll just type it by hand. It's really not very many characters. It would be more trouble (though more fun) to try to scan and OCR it than to just go the low-tech route. The barcode ideas sound interesting, but letterforms were designed for a system that has very different ways of processing information, and very different strengths and weaknesses. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Typically when a software vendor says that a product is "intuitive" he means the exact opposite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070516/4032af35/attachment.pgp From shirishag75 at gmail.com Wed May 16 19:34:27 2007 From: shirishag75 at gmail.com (shirish) Date: Wed, 16 May 2007 23:04:27 +0530 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 Message-ID: <511f47f50705161034k62c18753u7907277212a7dd7b@mail.gmail.com> Hi all, > Message: 7 > Date: Tue, 15 May 2007 22:18:45 -0700 > From: Casey Jones > Subject: Re: [Confusion] distinction between the 2 versions 1.4.6 & > 2.0.3 & how to make the key compliant with 2.0.3 > To: gnupg-users at gnupg.org > Message-ID: <464A9435.6080808 at caseyljones.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > shirish wrote: > > > Also what do u guys think of Mr. Casey Jones, do u think he's right > > at the above. > > Werner posted that the keys should be identical between the versions, so > I guess my suggestion shouldn't be necessary. Therefore I withdraw my > suggestion. It still might be worth a try though. Just make sure your > backups are good before you mess with your key. > > Before you do that though, try signing and encrypting a file with gpg > from the command line and checking to see that it will validate. That > way you'll know if the problem is gpg or firepg. > > First, to verify that you have your keys in an accessible place and to > remind you what your key ID is: > gpg --list-keys > > Then sign and encrypt to an ascii file using your own key ID when it > asks for recipient: > gpg -a -se yourloveletter.txt Casey could you give me more precise instructions please. How do I sign & encrypt to an ascii file using my key ID (public key ID perhaps? ) https://help.ubuntu.com/community/GnuPrivacyGuardHowto Let's take the e.g. there :- gpg: key D8FC66D2 marked as ultimately trusted public and secret key created and signed. pub 1024D/D8FC66D2 2005-09-08 Key fingerprint = 95BD 8377 2644 DD4F 28B5 2C37 0F6E 4CA6 D8FC 66D2 uid Dennis Kaarsemaker (Tutorial key) sub 2048g/389AA63E 2005-09-08 > Then see if it works: > gpg --decrypt yourloveletter.txt.asc > > I like to use the -a when testing like this just so it will come out in > an ascii format that I can enjoy looking at instead of the default > binary format. ------------------------------ Please lemme know how to proceed further. We can also take this off-list if you feel to be more appropriate. I don't know how the list would look at this. -- Shirish Agarwal This email is licensed under http://creativecommons.org/licenses/by-nc/3.0/ 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 From JPClizbe at tx.rr.com Wed May 16 20:00:44 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 16 May 2007 13:00:44 -0500 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 In-Reply-To: <511f47f50705161034k62c18753u7907277212a7dd7b@mail.gmail.com> References: <511f47f50705161034k62c18753u7907277212a7dd7b@mail.gmail.com> Message-ID: <464B46CC.9070605@tx.rr.com> shirish wrote: >> Then sign and encrypt to an ascii file using your own key ID when it >> asks for recipient: >> gpg -a -se yourloveletter.txt > > Casey could you give me more precise instructions please. How do I > sign & encrypt to an ascii file using my key ID (public key ID perhaps? ) > > > gpg: key D8FC66D2 marked as ultimately trusted > public and secret key created and signed. gpg -a -se -u 0xD8FC66D2 -r 0xD8FC66D2 yourloveletter.txt -u specifies the signing key (same as --local-user) -r specifies the recipient's key, ie the key to encrypt to gpg will ask for your key's passphrase in order to sign the message. -u does not need specified if you have set a default-key in gpg.conf. If default-key is not set and -u is not specified, gpg will use the first key found in the secret keyring. >> Then see if it works: >> gpg --decrypt yourloveletter.txt.asc gpg will ask for your key's passphrase in order to decrypt the message. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070516/0684d671/attachment.pgp From dshaw at jabberwocky.com Wed May 16 21:28:24 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 16 May 2007 15:28:24 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> Message-ID: <20070516192824.GA22290@jabberwocky.com> On Tue, May 15, 2007 at 09:07:35AM -0500, Ryan Malayter wrote: > I would suggest using plain old base64 ASCII and a large version of a > font like OCR-A or OCR-B. You can include par2 information, also > base64 encoded, but finding software to use that data for recovery may > be difficult many years in the future. Simply printing multiple copies > of the page for OCR and diffing for errors would probably be easier. Yes. I've actually done quite a bit of work on "paper escrow" systems like this. It tends to raise a few eyebrows, but in reality paper and ink in a dark place has wonderful archival characteristics - better than the usual CD-R, memory stick or (luckily not much used anymore) floppy. One trick that can be done when paper escrowing OpenPGP keys is to only print the part you care about. OpenPGP secret keys are heavily padded with non-secret data. In fact, the secret key contains a complete copy of the public key. Since the public key generally doesn't need to be escrowed (most people have many copies of it on various keyservers, web pages, etc, etc), it would not be hard to write a program that extracts just the secret bytes and prints that. To reconstruct, you'd re-enter those bytes (whether by hand or via OCR) and use them to transform your public key into a secret key. For example, the regular DSA+Elgamal secret key I just tested comes out to 1281 bytes. The secret parts of that (plus some minor packet structure) come to only 149 bytes. It's a lot easier to enter 149 bytes correctly. David From jbruni at mac.com Thu May 17 00:04:40 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Wed, 16 May 2007 15:04:40 -0700 Subject: Printing Keys and using OCR. In-Reply-To: <20070516192824.GA22290@jabberwocky.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> Message-ID: <419F928F-0112-1000-A2FD-99C2A25F9BF2-Webmail-10021@mac.com> Fingerprint: C54A C9DD 84AD C6FC D343 67C4 5195 D63A CD55 18C7 On Wednesday, May 16, 2007, at 12:44PM, "David Shaw" wrote: >On Tue, May 15, 2007 at 09:07:35AM -0500, Ryan Malayter wrote: > >> I would suggest using plain old base64 ASCII and a large version of a >> font like OCR-A or OCR-B. You can include par2 information, also >> base64 encoded, but finding software to use that data for recovery may >> be difficult many years in the future. Simply printing multiple copies >> of the page for OCR and diffing for errors would probably be easier. > >Yes. > >I've actually done quite a bit of work on "paper escrow" systems like >this. It tends to raise a few eyebrows, but in reality paper and ink >in a dark place has wonderful archival characteristics - better than >the usual CD-R, memory stick or (luckily not much used anymore) >floppy. > >One trick that can be done when paper escrowing OpenPGP keys is to >only print the part you care about. OpenPGP secret keys are heavily >padded with non-secret data. In fact, the secret key contains a >complete copy of the public key. Since the public key generally >doesn't need to be escrowed (most people have many copies of it on >various keyservers, web pages, etc, etc), it would not be hard to >write a program that extracts just the secret bytes and prints that. >To reconstruct, you'd re-enter those bytes (whether by hand or via >OCR) and use them to transform your public key into a secret key. > >For example, the regular DSA+Elgamal secret key I just tested comes >out to 1281 bytes. The secret parts of that (plus some minor packet >structure) come to only 149 bytes. It's a lot easier to enter 149 >bytes correctly. > >David > Does this sort of functionality exist in gpg today? This sounds like a great solution. My public key contains a small JPEG that adds about 1200 bytes. But if that is replicated in my secret key, I'd not care to hand enter it in the case of a paper-based recovery. From pete at petertodd.ca Thu May 17 03:20:18 2007 From: pete at petertodd.ca (Peter Todd) Date: Wed, 16 May 2007 21:20:18 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <20070516192824.GA22290@jabberwocky.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> Message-ID: <20070517012018.GF9678@inept> On Wed, May 16, 2007 at 03:28:24PM -0400, David Shaw wrote: > One trick that can be done when paper escrowing OpenPGP keys is to > only print the part you care about. OpenPGP secret keys are heavily > padded with non-secret data. In fact, the secret key contains a > complete copy of the public key. Since the public key generally > doesn't need to be escrowed (most people have many copies of it on > various keyservers, web pages, etc, etc), it would not be hard to > write a program that extracts just the secret bytes and prints that. > To reconstruct, you'd re-enter those bytes (whether by hand or via > OCR) and use them to transform your public key into a secret key. > > For example, the regular DSA+Elgamal secret key I just tested comes > out to 1281 bytes. The secret parts of that (plus some minor packet > structure) come to only 149 bytes. It's a lot easier to enter 149 > bytes correctly. Hmm... While this certainely depends on trusting symetrical encryption, why not simply symetrically encrypt the secret key with a long, say 30, digit randomly chosen passphrase and be done with it? Then only that passphrase needs to be securely stored and the secret key can be stored with standard backup procedures. Of course, this is really identical to a secret key with a good passphrase... Which is why I have no qualms about having my secret keys stored along side my standard backups given that my passphrases are all 15 characters long randomly generated upper/lower/number/symbols... -- http://petertodd.ca -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070516/b92cb8ea/attachment.pgp From dshaw at jabberwocky.com Thu May 17 05:31:58 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 16 May 2007 23:31:58 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <20070517012018.GF9678@inept> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> Message-ID: <20070517033158.GB22961@jabberwocky.com> On Wed, May 16, 2007 at 09:20:18PM -0400, Peter Todd wrote: > On Wed, May 16, 2007 at 03:28:24PM -0400, David Shaw wrote: > > One trick that can be done when paper escrowing OpenPGP keys is to > > only print the part you care about. OpenPGP secret keys are heavily > > padded with non-secret data. In fact, the secret key contains a > > complete copy of the public key. Since the public key generally > > doesn't need to be escrowed (most people have many copies of it on > > various keyservers, web pages, etc, etc), it would not be hard to > > write a program that extracts just the secret bytes and prints that. > > To reconstruct, you'd re-enter those bytes (whether by hand or via > > OCR) and use them to transform your public key into a secret key. > > > > For example, the regular DSA+Elgamal secret key I just tested comes > > out to 1281 bytes. The secret parts of that (plus some minor packet > > structure) come to only 149 bytes. It's a lot easier to enter 149 > > bytes correctly. > > Hmm... While this certainely depends on trusting symetrical encryption, > why not simply symetrically encrypt the secret key with a long, say 30, > digit randomly chosen passphrase and be done with it? Then only that > passphrase needs to be securely stored and the secret key can be stored > with standard backup procedures. The goal with paper is not secure storage. There are countless ways to store something securely (not least of which makes use of GnuPG itself). The goal is rather a "backup of last resort". Most of the storage media in use today do not have particularly good long-term (measured in years to decades) retention of data. If and when the CD-R and/or tape cassette and/or hard drive the secret key is stored on becomes unusable, the paper copy can be used to restore the secret key. Superencrypting the secret key and storing the passphrase doesn't solve that problem. If you have the passphrase but the secret key that it encrypted was on that bad CD-R, you have nothing. David From jbruni at mac.com Thu May 17 05:38:46 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Wed, 16 May 2007 20:38:46 -0700 Subject: GnuPG for a small company -- Questions before I start In-Reply-To: References: Message-ID: <005FF725-F545-4B64-9AC1-339AC4D3B156@mac.com> On May 16, 2007, at 5:08 AM, Jim Berland wrote: > P.S.: I never came into contact with certificates like the ones from > Thawte or CACert.org before and I don't know anybody who uses them. > Considering the problems I see with GPG for this task, though, I > wonder if certificates would do the job better or easier. Is this even > the way other companies are going? Conceptually there isn't anything really different between X.509 certificates and PGP keys with regards to encrypting email, other than the trust models typically employed by each. In the certificate model, one's certificate is issued by an implicitly trusted third party. The root certificates are pre- installed by the operating system or software vendors and they just work. Most email clients make using them quite simple. PGP supports the rooted trust model, but it also supports other models. Typically, although not exclusively, PGP uses the web of trust where you must exchange keys ahead of time, and cross sign them to establish explicit trust. In practice, however, I can get non-technical people using certificates in a lot less time then it takes to get them using PGP. On the other hand, if you are encrypting files to be distributed via HTTP or FTP, I find PGP a lot easier to work with than certificates. In reality the two technologies are almost identical, but the end- user tools need a lot of work to truly blur the current artificial distinction. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2508 bytes Desc: not available Url : /pipermail/attachments/20070516/aa0a3502/attachment.bin From cwsiv at keepandbeararms.com Wed May 16 20:52:49 2007 From: cwsiv at keepandbeararms.com (Carl Spitzer) Date: Wed, 16 May 2007 11:52:49 -0700 Subject: Second problem...gpg or kgpg? In-Reply-To: <200705100008.50085.yochanon@localnet.com> References: <200704060129.38524.yochanon@localnet.com> <1177698249.11212.16.camel@linux.site> <200705100008.50085.yochanon@localnet.com> Message-ID: <1179341569.16211.31.camel@linux.site> On Thu, 2007-05-10 at 00:08 -0500, John B wrote: > On Fri 27 April 07 13:24, Carl wrote: > > On Fri, 2007-04-06 at 01:29 -0500, John B wrote: > > > Hi again, > > > > > > Out of the blue, it seems kgpg doesn't see my .gnupg directory. I > > > opened it up the other day just to check something, and it showed no keys > > > at all. I went into the settings and all it allows is to see my /home/me > > > directory which has a couple of .asc keys(?) in it but had no gpg.conf > > > file until I imported the .asc keys. > > > Is there a way to fix what's going on? Has this happened to anyone > > > else? I did absolutely nothing with gpg or kgpg...no updates (other than > > > the SuSE security update 2 or 3 months ago IIRR) to either of them. Still > > > with 1.4.1 I think it is and was working fine until I happened to see it > > > the other day. Sorry I'm not too good at explaining myself, but if > > > there's any more info needed, it's easier if someone asks me and then > > > I'll know better what needs to be said about my problem. > > > > Which version Suse and version of KGPG. I do wish they would Seahorse > > its better than kgpg > > SuSE 9.3 and Kgpg 1.2.1. > > I've never had a problem with kgpg before, in almost 4 years now, but if I > can't figure out what's wrong all of a sudden with it like this, I'm going to > look hard into that Seahorse, heh. Seahorse is source only unless someone creates RPM. So far I find its main problem is SuSE uses different names for certain libraries so the ./compile step fails. BTW Seahorse is up to 1.x stable with 2.x beta. I have 10.0 here and 9.2 on an old PII for email. -- o _______________________________ o _____ | CWSIV at KeepAndBearArms.com | .][__n_n_|DD[ ====_____ | M A R K L I N T R A I N S | > (________|__|_[_________]_|___________________________| _/oo OOOOO oo` ooo ooo 'o!o!o o!o!o` From malayter at gmail.com Thu May 17 05:24:51 2007 From: malayter at gmail.com (Ryan Malayter) Date: Wed, 16 May 2007 22:24:51 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <20070517012018.GF9678@inept> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> Message-ID: <5d7f07420705162024j7337d787vc5f82d7838f7f9ae@mail.gmail.com> On 5/16/07, Peter Todd wrote: > Then only that > passphrase needs to be securely stored and the secret key can be stored > with standard backup procedures. I believe the originally posted question centered around long-term key storage, for which magnetic and optical media are inadequate. Popular media would require continual maintenance, such as burning to new discs every 5-10 years, or upgrading the tape format to LTO-1600 in 2013. Whether or not the private key is protected by a strong pass phrase doesn't really matter; how to store and recover a key from paper is the challenge. This discussion does raise in my mind another issue: if you're worried about being able to read CD/DVD or other media at some distant point in the future, shouldn't you also archive the GnuPG source code so you can compile a version for some future architecture for which there may be no OpenPGP software? We know ASCII, HTML, and PDF will last forever, but OpenPGP is probably not guaranteed immortality by its popularity. -- RPM From shirishag75 at gmail.com Thu May 17 06:24:34 2007 From: shirishag75 at gmail.com (shirish) Date: Thu, 17 May 2007 09:54:34 +0530 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 Message-ID: <511f47f50705162124l793df212td6847c21f9261966@mail.gmail.com> > Message: 6 > Date: Wed, 16 May 2007 23:04:27 +0530 > From: shirish > Subject: Re: [Confusion] distinction between the 2 versions 1.4.6 & > 2.0.3 > To: gnupg-users at gnupg.org > Cc: groups at caseyljones.net > Message-ID: > <511f47f50705161034k62c18753u7907277212a7dd7b at mail.gmail.com> > Content-Type: text/plain; charset=UTF-8; format=flowed > > Hi all, > > > Message: 7 > > Date: Tue, 15 May 2007 22:18:45 -0700 > > From: Casey Jones > > Subject: Re: [Confusion] distinction between the 2 versions 1.4.6 & > > 2.0.3 & how to make the key compliant with 2.0.3 > > To: gnupg-users at gnupg.org > > Message-ID: <464A9435.6080808 at caseyljones.net> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > shirish wrote: > > > > > Also what do u guys think of Mr. Casey Jones, do u think he's right > > > at the above. > > > > Werner posted that the keys should be identical between the versions, so > > I guess my suggestion shouldn't be necessary. Therefore I withdraw my > > suggestion. It still might be worth a try though. Just make sure your > > backups are good before you mess with your key. > > > > Before you do that though, try signing and encrypting a file with gpg > > from the command line and checking to see that it will validate. That > > way you'll know if the problem is gpg or firepg. > > > > First, to verify that you have your keys in an accessible place and to > > remind you what your key ID is: > > gpg --list-keys > > > > Then sign and encrypt to an ascii file using your own key ID when it > > asks for recipient: > > gpg -a -se yourloveletter.txt > > Casey could you give me more precise instructions please. How do I > sign & encrypt to an ascii file using my key ID (public key ID perhaps? ) > > https://help.ubuntu.com/community/GnuPrivacyGuardHowto > > Let's take the e.g. there :- > > gpg: key D8FC66D2 marked as ultimately trusted > public and secret key created and signed. > > pub 1024D/D8FC66D2 2005-09-08 > Key fingerprint = 95BD 8377 2644 DD4F 28B5 2C37 0F6E 4CA6 D8FC 66D2 > uid Dennis Kaarsemaker (Tutorial key) > sub 2048g/389AA63E 2005-09-08 > > > Then see if it works: > > gpg --decrypt yourloveletter.txt.asc > > > > I like to use the -a when testing like this just so it will come out in > > an ascii format that I can enjoy looking at instead of the default > > binary format. > ------------------------------ > > Please lemme know how to proceed further. We can also take this > off-list if you feel to be more appropriate. I don't know how the list > would look at this. > -- > Shirish Agarwal > This email is licensed under http://creativecommons.org/licenses/by-nc/3.0/ > > 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 > > > > ------------------------------ > > Message: 7 > Date: Wed, 16 May 2007 13:00:44 -0500 > From: John Clizbe > Subject: Re: [Confusion] distinction between the 2 versions 1.4.6 & > 2.0.3 > To: GnuPG Users > Message-ID: <464B46CC.9070605 at tx.rr.com> > Content-Type: text/plain; charset="iso-8859-1" > > shirish wrote: > > >> Then sign and encrypt to an ascii file using your own key ID when it > >> asks for recipient: > >> gpg -a -se yourloveletter.txt > > > > Casey could you give me more precise instructions please. How do I > > sign & encrypt to an ascii file using my key ID (public key ID perhaps? ) > > > > > > gpg: key D8FC66D2 marked as ultimately trusted > > public and secret key created and signed. > > gpg -a -se -u 0xD8FC66D2 -r 0xD8FC66D2 yourloveletter.txt > > -u specifies the signing key (same as --local-user) > -r specifies the recipient's key, ie the key to encrypt to > > gpg will ask for your key's passphrase in order to sign the message. > > -u does not need specified if you have set a default-key in gpg.conf. > If default-key is not set and -u is not specified, gpg will use the first key > found in the secret keyring. > > >> Then see if it works: > >> gpg --decrypt yourloveletter.txt.asc > > gpg will ask for your key's passphrase in order to decrypt the message. > > > > -- > John P. Clizbe Inet: John (a) Mozilla-Enigmail.org > You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A > "what's the key to success?" / "two words: good decisions." > "what's the key to good decisions?" / "one word: experience." > "how do i get experience?" / "two words: bad decisions." > > "Just how do the residents of Haiku, Hawai'i hold conversations?" > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 662 bytes > Desc: OpenPGP digital signature > Url : /pipermail/attachments/20070516/0684d671/attachment-0001.pgp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi John, First of all thank you for your help . I tried with my key id all the combinations gpg -a -se -u 0xD8FC66D2 -r 0xD8FC66D2 yourloveletter.txt but I get gpg: Invalid option "-a-se-u" . I tried both ways using zero (0xkeyid) as well as using alphabet O (oxkeyid) but either way I get the same error gpg: Invalid option "-a-se-u" I also tried with space between gpg and the flags -a-se-u as well as without space gpg -a-se-u (0 or Oxkeyid) as well as gpg-a-se-u which told me the former is the one to be used. Then finally hit a brainwave and did gpg -a -se -u OxD8FC66D2 -r OxD8FC66D2 myloveletter.txt With space between each flag gpg: skipped "OxD8FC66D2": secret key not available gpg: myloveletter.txt: sign+encrypt failed: secret key not available Then I get this error. Can anybody explain me what's going wrong here? I have substituted my keyid with the general keyid. Don't know if its safe to give out my keyid or not? Looking for answers. Thank you all for your time. - -- Shirish Agarwal This email is licensed under http://creativecommons.org/licenses/by-nc/3.0/ 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFGS9kHlQ1T+3KaixcRAuLBAKCNg5XnShCZyrB7XqGvGKRqzQg6UgCeNl62 g4YUxHsw5GcyYhDVYPgnTyc= =LbiK -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Thu May 17 07:12:25 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Thu, 17 May 2007 00:12:25 -0500 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 In-Reply-To: <511f47f50705162124l793df212td6847c21f9261966@mail.gmail.com> References: <511f47f50705162124l793df212td6847c21f9261966@mail.gmail.com> Message-ID: <464BE439.5050101@tx.rr.com> shirish wrote: Please trim your emails to only quote the relevant bits > > gpg -a-se-u (0 or Oxkeyid) as well as gpg-a-se-u which told me the > former is the one to be used. > > Then finally hit a brainwave and did > > gpg -a -se -u OxD8FC66D2 -r OxD8FC66D2 myloveletter.txt > > With space between each flag The difference between commands and options may be found in the man page. It would probably help you with the order of command line arguments. > gpg: skipped "OxD8FC66D2": secret key not available > gpg: myloveletter.txt: sign+encrypt failed: secret key not available > > Then I get this error. Can anybody explain me what's going wrong here? Those look to be the letter O not the numeral 0. The numeric 0 is the correct form. > I have substituted my keyid with the general keyid. Don't know if its safe to > give out my keyid or not? Unless one is forcing the use of a specific keyID, keys are usually referred to by the keyId of the public key. > Looking for answers. Thank you all for your time. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070517/bf28ab37/attachment.pgp From pete at petertodd.ca Thu May 17 08:48:13 2007 From: pete at petertodd.ca (Peter Todd) Date: Thu, 17 May 2007 02:48:13 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <5d7f07420705162024j7337d787vc5f82d7838f7f9ae@mail.gmail.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <5d7f07420705162024j7337d787vc5f82d7838f7f9ae@mail.gmail.com> Message-ID: <20070517064813.GH9678@inept> On Wed, May 16, 2007 at 10:24:51PM -0500, Ryan Malayter wrote: > On 5/16/07, Peter Todd wrote: > > Then only that > > passphrase needs to be securely stored and the secret key can be stored > > with standard backup procedures. > > I believe the originally posted question centered around long-term key > storage, for which magnetic and optical media are inadequate. Popular > media would require continual maintenance, such as burning to new > discs every 5-10 years, or upgrading the tape format to LTO-1600 in > 2013. Whether or not the private key is protected by a strong pass > phrase doesn't really matter; how to store and recover a key from > paper is the challenge. Yes, but my point is that a private key is used in association with data. So we can simply store the encrypted private key along with the data it is supposed to be used with and store on paper nothing but a relatively short (compared to the whole private key) passphrase. Having the private key stored better than the data it is to be used with is pointless. If the data is gone, generally the key isn't very usefull either. Of course this is assuming the symetric encryption is sufficiently secure... Also note that a key used for *signing* rather than encryption poses problems, but even then if you have enough faith in the symetrical encryption, and why not, then I see nothing wrong with distributing the private key alongside the data it is signing. -- http://petertodd.ca -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070517/3bbab8b5/attachment.pgp From groups at caseyljones.net Thu May 17 13:36:01 2007 From: groups at caseyljones.net (Casey Jones) Date: Thu, 17 May 2007 04:36:01 -0700 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 In-Reply-To: <511f47f50705162124l793df212td6847c21f9261966@mail.gmail.com> References: <511f47f50705162124l793df212td6847c21f9261966@mail.gmail.com> Message-ID: <464C3E21.9030900@caseyljones.net> shirish wrote: >> Please lemme know how to proceed further. We can also take this >> off-list if you feel to be more appropriate. I don't know how the list >> would look at this. This is the gnupg-users mailing list and we are discussing the basics of how to "use" gnupg so I think this is appropriate for the list. shirish wrote: > I have substituted my keyid with the general keyid. Don't know if its safe to > give out my keyid or not? ... > > 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.3 (GNU/Linux) > Comment: http://firegpg.tuxfamily.org > > iD8DBQFGS9kHlQ1T+3KaixcRAuLBAKCNg5XnShCZyrB7XqGvGKRqzQg6UgCeNl62 > g4YUxHsw5GcyYhDVYPgnTyc= > =LbiK > -----END PGP SIGNATURE----- So you've got firepg working with GnuPG v2.0.3 under Linux? There's no need to keep your key ID secret, your key ID is embedded at the end of the fingerprint above that you've made public so you cant keep it secret now anyway. Also, your public key has already been uploaded to a keyserver, so it's public now too. That's good. It looks like on the firepg forum you posted that you are using a nightly build. Nightly builds are generally not for beginners and frequently have many bugs. You're apparently still learning the basics of command line switches, so you should definitely be using only a "release" version. If it says your secret key is not available, check that your keys are available with the following command: gpg --list-secret-keys I think it should list your key with the ID 729A8B17 If it doesn't then what error does it give? Are you doing this on Windows or Ubuntu? Did you say you were trying to copy your private key from Linux to Windows? I don't know where you should put your secring.gpg file in windows. Try searching your hard drive for trustdb.gpg or pubring.gpg or gpg.conf. You should probably put your secring.gpg file in the same folder as the trustdb.gpg file. Or look in the documentation for where the files are supposed to go. If for some reason there is already a secring.gpg file on your Windows box that's different than the one on your Linux box, then don't overwrite it, just rename it to something like secring.gpg.win before putting the secring.gpg file from your Linux box into the folder on your Windows box. From alex at bofh.net.pl Thu May 17 15:10:46 2007 From: alex at bofh.net.pl (Janusz A. Urbanowicz) Date: Thu, 17 May 2007 15:10:46 +0200 Subject: GnuPG for a small company -- Questions before I start In-Reply-To: References: Message-ID: <20070517131046.GE10360@hell.pl> On Wed, May 16, 2007 at 08:08:02PM +0800, Jim Berland wrote: > Hello everybody, > > I am going to try to set up GPG for our small company (about 15 > people) and would like to ask you guys for some help. Following I will > write down my thoughts on this, that I had so far. Comments would be > highly appreciated since I do not want to start this before I don't > feel confident and have a complete plan. First, you should elaborate what is the purpose of the exercise. The business goal. There is no point of deploying crypto policy in an organization just for the sake of it, because people will see this as a unnecessary and pointless exercise. > To have an internal Web-of-Trust there should be a main key (for the > company itself) signing the employee's keys and collecting their > signatures. When I did similar things the setup was as follows: * there is one well-guarded organization key (org key) * every person involved has a key signed by the org key * people keys have designated-revoker set to org key * all OpenPGP software installation have: ** mandatory encrypt-to org key ** ultimate trust for the org key If you don't want people to sign keys, issue them encryption-only keypairs. But this is quite generic setup and we could help you more if we knew what you're trying to accomplish. Alex -- JID: alex at hell.pl PGP: 0x46399138 od zwracania uwagi na detale s? lekarze, adwokaci, programi?ci i zegarmistrze -- Czerski -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070517/8377f080/attachment.pgp From bahamut at digital-signal.net Thu May 17 16:07:13 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Thu, 17 May 2007 09:07:13 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <20070517033158.GB22961@jabberwocky.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> Message-ID: <464C6191.3050307@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 David Shaw wrote: > Most of the storage media in use today do not have particularly > good long-term (measured in years to decades) retention of data. > If and when the CD-R and/or tape cassette and/or hard drive the > secret key is stored on becomes unusable, the paper copy can be > used to restore the secret key. If you have the passphrase but the > secret key that it encrypted was on that bad CD-R, you have nothing > Aren't optical discs supposed to last for many decades if stored properly and almost never used? - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRkxhkPiOA0Bgp4/LAQNk3QgA5OVwjwAKGcm6hFf1uc2F+YTOJn6L+xDt uy45TxnA9TJkgGi44jqUdpOP9EbjHpTAvKi0P0pXQ5+LF6AY+8EPA4BhwrYb+fuc 7XLLpxonw7ANxsOSBE8yNOCD9G/K5uwQc4Ot+sbj18hgd7qW6wJdcAQWw+JYu4jL nD5Y3svWNevSOoYKEIbrl93F55H/IyD3AfQY/M7KPf+A9fBVlEOTUtVMI8Qtewif igKVK5UnobnBGSsIqMVDLD0VVUN2NkYMEiWnVJju1Jxt7sLwD8TsTo6+sIM9Pmda 88MEtOMkTYV0Doxlz4u/8F8pAvdk1VcKhXEJ0SjRbehWo/nPGQLBlA== =4ZkO -----END PGP SIGNATURE----- From malayter at gmail.com Thu May 17 16:28:32 2007 From: malayter at gmail.com (Ryan Malayter) Date: Thu, 17 May 2007 09:28:32 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <464C6191.3050307@digital-signal.net> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> Message-ID: <5d7f07420705170728t54e98ac7u2ee129434de4a5ca@mail.gmail.com> On 5/17/07, Andrew Berg wrote: > Aren't optical discs supposed to last for many decades if stored > properly and almost never used? > Theory and practice are often far apart. The price of CD media has dropped so low that quality is often an issue. CDfreaks has many articles about this topic. Also, who is to say that a CD or DVD drive will even be available decades from now to read the discs? Could you read 8" floppy media on any equipment you have or can buy today? Could you find a paper tape machine to read data archived in the 1950s? Anything but printed characters on paper will likely require some form of archive maintenance over a decade timeframe. -- RPM From malayter at gmail.com Thu May 17 16:41:33 2007 From: malayter at gmail.com (Ryan Malayter) Date: Thu, 17 May 2007 09:41:33 -0500 Subject: Secure text editor? In-Reply-To: <464C0425.80903@tana.it> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <464980E5.40100@tana.it> <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> <464AA913.5080702@tana.it> <5d7f07420705160700q268332eeh92fa77893241b362@mail.gmail.com> <464C0425.80903@tana.it> Message-ID: <5d7f07420705170741v6b7d49a1rca45719943c1d32c@mail.gmail.com> On 5/17/07, Alessandro Vesely wrote: > Not quite. That may happen as an undocumented side effect on some > (or all) OS versions, and is not what the function is meant to do. > The function keeps the page in memory. The OS is still free to back > it up whenever it thinks it is convenient to do so. The documentation clearly states: "These pages are guaranteed not to be written to the pagefile while they are locked." Assuming the documentation is accurate, VirtualLock() should be safe for security applications. -- RPM From dshaw at jabberwocky.com Thu May 17 17:24:40 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 17 May 2007 11:24:40 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <464C6191.3050307@digital-signal.net> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> Message-ID: <20070517152440.GA25727@jabberwocky.com> On Thu, May 17, 2007 at 09:07:13AM -0500, Andrew Berg wrote: > David Shaw wrote: > > Most of the storage media in use today do not have particularly > > good long-term (measured in years to decades) retention of data. > > If and when the CD-R and/or tape cassette and/or hard drive the > > secret key is stored on becomes unusable, the paper copy can be > > used to restore the secret key. If you have the passphrase but the > > secret key that it encrypted was on that bad CD-R, you have nothing > > > Aren't optical discs supposed to last for many decades if stored > properly and almost never used? They're certainly advertised to (I've seen some pretty incredible claims of 100 years or more), but in practice it doesn't really work out that way. The manufacturing of the media, the burn quality, the burner quality, the storage, etc, all have an impact on how long an optical disc will last. Some tests show that you're lucky to get 10 years. For paper to last 100 years is not even vaguely impressive. Paper regularly lasts many hundreds of years even under less than optimal conditions. Another bonus with paper is that ink on paper is readable by humans. Not all backup methods will be readable 50 years later, even if you have the backup, you can't easily buy a drive to read it. I doubt this will happen anytime soon with CD-R as there are just so many of them out there, but the storage industry is littered with old now-dead ways of storing data. I doubt I'll still be alive in 100 years - my key storage requirements fall somewhere in between optical disc longevity and paper longevity. I use paper because knowing that the paper will outlive me, I don't have to worry about reburning a disc every few years. David From tmz at pobox.com Thu May 17 17:36:51 2007 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 17 May 2007 11:36:51 -0400 Subject: Spurious warning when using pgp compatibility modes? Message-ID: <20070517153650.GB18892@psilocybe.teonanacatl.org> Hi all, With sig-keyserver-url $URL in gpg.conf: $ gpg --pgp7 --detach-sign test You need a passphrase to unlock the secret key for [...] gpg: can't put a preferred keyserver URL into v3 signatures Now, I know that I can't do that but I don't want to be told about it every time I sign something when I've explcitly enabled --pgp7. Would it be unreasonable to ignore preferred keyserver urls when pgp[67] are used? I've been using the attached patch (minus the pgp2 part which I just added) for a while to do just this and I haven't noticed any problems. (There may be cleaner ways to do this, but this was what I got working without knowing the code too well. :) If it's not appropriate to patch this out, is there a good way to silence this without losing other info? The --quiet option doesn't do it. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Hang in there, retirement is only thirty years away! -------------- next part -------------- Index: g10/gpg.c =================================================================== --- g10/gpg.c (revision 4504) +++ g10/gpg.c (working copy) @@ -2998,6 +2998,8 @@ xfree(s2k_digest_string); s2k_digest_string = xstrdup("md5"); opt.compress_algo = COMPRESS_ALGO_ZIP; + free_strlist(opt.sig_keyserver_url); + opt.sig_keyserver_url=NULL; } } else if(PGP6) @@ -3005,12 +3007,16 @@ opt.escape_from=1; opt.force_v3_sigs=1; opt.ask_sig_expire=0; + free_strlist(opt.sig_keyserver_url); + opt.sig_keyserver_url=NULL; } else if(PGP7) { opt.escape_from=1; opt.force_v3_sigs=1; opt.ask_sig_expire=0; + free_strlist(opt.sig_keyserver_url); + opt.sig_keyserver_url=NULL; } else if(PGP8) { -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available Url : /pipermail/attachments/20070517/34918bc3/attachment.pgp From jbruni at mac.com Thu May 17 18:36:00 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Thu, 17 May 2007 09:36:00 -0700 Subject: Printing Keys and using OCR. In-Reply-To: <464C6191.3050307@digital-signal.net> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> Message-ID: >David Shaw wrote: >> Most of the storage media in use today do not have particularly >> good long-term (measured in years to decades) retention of data. >> If and when the CD-R and/or tape cassette and/or hard drive the >> secret key is stored on becomes unusable, the paper copy can be >> used to restore the secret key. If you have the passphrase but the >> secret key that it encrypted was on that bad CD-R, you have nothing >> >Aren't optical discs supposed to last for many decades if stored >properly and almost never used? > Stamped aluminum disks will last a very long time. However, burnable disks might last around five years or so depending on quality. From bahamut at digital-signal.net Thu May 17 20:10:15 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Thu, 17 May 2007 13:10:15 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <5d7f07420705170728t54e98ac7u2ee129434de4a5ca@mail.gmail.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> <5d7f07420705170728t54e98ac7u2ee129434de4a5ca@mail.gmail.com> Message-ID: <464C9A87.6070902@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Ryan Malayter wrote: >> Aren't optical discs supposed to last for many decades if stored >> properly and almost never used? > Theory and practice are often far apart. The price of CD media has > dropped so low that quality is often an issue. CDfreaks has many > articles about this topic. I'll check that out. > Also, who is to say that a CD or DVD drive will even be available > decades from now to read the discs? Could you read 8" floppy media > on any equipment you have or can buy today? Could you find a paper > tape machine to read data archived in the 1950s? > > Anything but printed characters on paper will likely require some > form of archive maintenance over a decade timeframe. The last 3 generations of optical discs (CD -> DVD -> HD-DVD/Blu-Ray) have been the same size. The latest generation players support the first generation. Floppies, for example, have changed in size, and each generation didn't care about supporting the previous. Even as optical discs continue to see improved formats, previous generations will be supported. I don't see DVD or even CD support to disappear for a very, very long time. Besides, it's not like one's hardware will spontaneously upgrade from out of nowhere. I do agree, though, that an electronic storage medium won't beat paper in the long run. A piece of paper (in a locked box | out in the open) is as secure as an unencrypted disc (in that same box | out in the open). And encrypting a disc isn't worth the hassle, except in certain circumstances. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRkyaZPiOA0Bgp4/LAQNRrQgAipnZkYQ8WBQLZNm94/KiyvNGt1QDhInm ZfAFAtuYf8Pt2ml0wMNbPI5EvQTXJ8BOtaCVbxHTZKF5PUU7RE0C40n0shtah2Gk oDRXUHqSp/UZ+StWE7W3TcVaQgEZrXZ/bCPTDbR7wKy0jmyUGNQmbUlxcKTIY5Uv N0Li6fb1pIvw802iRRmJZMLmLIFKf6YbwoB0vQbK0ze6uAgGWV7OGEajQnpbUuXx yLzXisq4DbvwfJr3B/6cSyJFJf4i2bPauloQ7M2ELIRYU75ZzpvuBCwO9pJOuoxW eplVZNykOrgfYJicv9lkwgCU8atKeWcsfP4205bUaMbfX96oIF8o+w== =W5ua -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Thu May 17 20:59:43 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 17 May 2007 13:59:43 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <20070517152440.GA25727@jabberwocky.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> <20070517152440.GA25727@jabberwocky.com> Message-ID: <47464350-F342-4FEB-AA5F-D1464B9A2BE6@sixdemonbag.org> > For paper to last 100 years is not even vaguely impressive. Paper > regularly lasts many hundreds of years even under less than optimal > conditions. As an example, the modern paper ballot is about 2,200 years old. The reason why we know this is we keep finding them. They practically litter archaeological digs around Rome. That said, for paper to last so long it needs to be archival-quality paper. High fiber content, low acid, very enduring inks. But it's certainly possible to get 2,000+ years out of paper for under $1 per sheet. From shirishag75 at gmail.com Thu May 17 21:19:39 2007 From: shirishag75 at gmail.com (shirish) Date: Fri, 18 May 2007 00:49:39 +0530 Subject: [Confusion] distinction between the 2 versions 1.4.6 & 2.0.3 Message-ID: <511f47f50705171219x5ae7b2f8o722c2088e12280f2@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Lemme start at the clean slate with what has happened till now. For exercises, understanding & usage will be using the stable 2.0.3 release version in Ubuntu till I'm not clear in all the aspects. gpg --armor --sign --encrypt -u 0x729A8B17 -r 0x729A8B17 myloveletter.txt You need a passphrase to unlock the secret key for It works also with gpg --a --s --e --u 0x729A8B17 -r 0x729A8B17 myloveletter.txt which resulted in a myloveletter.txt.asc file yippy! I was also able to decrypt it ou need a passphrase to unlock the secret key for user: "shirish some phrase here " 2048-bit ELG-E key, ID some id key here, created 2007-05-05 (main key ID 729A8B17) gpg: encrypted with 2048-bit ELG-E key, ID some id key here, created 2007-05-05 "shirish some phrase here " gpg: Signature made Friday 18 May 2007 12:29:23 AM IST using DSA key ID 729A8B17 gpg: Good signature from "shirish some phrase here " ok the only thing I have changed in the decryption is ID key for ELG-E key as well as some phrase here instead of the actual phrase given. All in all things seem good till this point. Now tomorrow will be trying with gpg2 , one thing though :- Mr. Werner Koch had usefully provided the difference between 1.4.6 & 2.0.3 http://lists.gnupg.org/pipermail/gnupg-users/2007-May/031099.html Now in that 1.4.6 had been shown as using ELG-E while 2.0.3 as using ELG (I guess that's the final) hopefully shouldn't spring surprises. I am sorry if I come out as paranoid but till I don't understand how things work, I feel its best to be conservative. - -- Shirish Agarwal This email is licensed under http://creativecommons.org/licenses/by-nc/3.0/ 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFGTKrhlQ1T+3KaixcRAsASAJ9wnHc0Tng7kZabyL+FRZeCpd378QCdHpJk SW/fIoqfaWrWcAPrg3NZvl8= =3Bdr -----END PGP SIGNATURE----- From vesely at tana.it Fri May 18 09:27:55 2007 From: vesely at tana.it (Alessandro Vesely) Date: Fri, 18 May 2007 09:27:55 +0200 Subject: Secure text editor? In-Reply-To: <5d7f07420705170741v6b7d49a1rca45719943c1d32c@mail.gmail.com> References: <46446746.4000502@digitalbrains.com> <46488E17.3040209@psmay.com> <464980E5.40100@tana.it> <5d7f07420705150435v38750fc8o9c35a45e0ea4c7e4@mail.gmail.com> <464AA913.5080702@tana.it> <5d7f07420705160700q268332eeh92fa77893241b362@mail.gmail.com> <464C0425.80903@tana.it> <5d7f07420705170741v6b7d49a1rca45719943c1d32c@mail.gmail.com> Message-ID: <464D557B.50905@tana.it> Ryan Malayter wrote: > On 5/17/07, Alessandro Vesely wrote: >> Not quite. That may happen as an undocumented side effect on some >> (or all) OS versions, and is not what the function is meant to do. > > The documentation clearly states: > "These pages are guaranteed not to be written to the pagefile while > they are locked." Ooops, I hadn't noticed that. Yes, then VirtualAlloc and VirtualLock can be used to avoid leaving traces of sensitive data on the swap file in the way you described (i.e. lock before fill and sweep before unlock.) I still think that's not the kind of task that the function has been designed for. The authorization constrain you mentioned and other possible side effect tend to make it unpractical for naive usage. However, a background console app that allocates a few memory pages for storing sensitive data (e.g. a gpg agent?) should use it to increase data security. From daneshwar.mishra at wipro.com Fri May 18 11:21:58 2007 From: daneshwar.mishra at wipro.com (daneshwar.mishra at wipro.com) Date: Fri, 18 May 2007 14:51:58 +0530 Subject: Secure text editor? In-Reply-To: <464D557B.50905@tana.it> Message-ID: Hi all, We are planning to use GPG tool in our application which is JAVA Based. Could you please let me know that, how can i use GPG encryption and decryption using JAVA. below is criteria on which i have to evaluate GPG Evaluate GPG tool -- i.Invoking this tool from Java. If this is not supported some other tool ii.Storage of keys/certificated in keystore iii.Using the keys/certificates for encryption & decryption. Note: Encryption and decryption will be of a given file name at any location. Means I gon't want to pass input as string but a file name. I have already gone through GNUPG.java file which does e/d of passed string. I am looking for some API which I can directly use. iv.Encrypt and decrypt for compressed as well as other files like text, pdf, excel etc. any help will be appritiable. regards, Danesh -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Alessandro Vesely Sent: Friday, May 18, 2007 12:58 PM To: gnupg Subject: Re: Secure text editor? Ryan Malayter wrote: > On 5/17/07, Alessandro Vesely wrote: >> Not quite. That may happen as an undocumented side effect on some (or >> all) OS versions, and is not what the function is meant to do. > > The documentation clearly states: > "These pages are guaranteed not to be written to the pagefile while > they are locked." Ooops, I hadn't noticed that. Yes, then VirtualAlloc and VirtualLock can be used to avoid leaving traces of sensitive data on the swap file in the way you described (i.e. lock before fill and sweep before unlock.) I still think that's not the kind of task that the function has been designed for. The authorization constrain you mentioned and other possible side effect tend to make it unpractical for naive usage. However, a background console app that allocates a few memory pages for storing sensitive data (e.g. a gpg agent?) should use it to increase data security. _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com From rjh at sixdemonbag.org Fri May 18 13:15:28 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 18 May 2007 06:15:28 -0500 Subject: Java and GnuPG In-Reply-To: References: Message-ID: <464D8AD0.8010108@sixdemonbag.org> daneshwar.mishra at wipro.com wrote: > We are planning to use GPG tool in our application which is JAVA Based. > Could you please let me know that, how can i use GPG encryption and > decryption using JAVA. I would recommend against this if you're going to be running on Windows. See, e.g.: http://lists.gnupg.org/pipermail/gnupg-devel/2006-April/022832.html ... That bug is still unresolved. It may still be lurking for you to walk into, if you decide to write your own Java wrapper for GnuPG. If you need OpenPGP from within Java, BouncyCastle is probably the better way to go. If you absolutely need GnuPG, then (a) don't host your app on Windows and (b) just treat it like you would any other Process. E.g.: http://java.sun.com/javase/6/docs/api/java/lang/Process.html From cloos at jhcloos.com Fri May 18 00:23:27 2007 From: cloos at jhcloos.com (James Cloos) Date: Thu, 17 May 2007 18:23:27 -0400 Subject: Printing Keys and using OCR. In-Reply-To: (Roscoe's message of "Tue, 15 May 2007 16:24:40 +0930") References: Message-ID: >>>>> "Roscoe" == Roscoe writes: Roscoe> I have tried printing out a key, then scanning and using gocr on Roscoe> the result. That was unsuccessful due to the high number of Roscoe> errors in the OCR phase, Use the OCRA font. I did that in the past scaled so that the key used up most of a single letter sized sheet of paper. I probably used mpage? or enscript? to do the conversion to PostScript (it has been a while :). OCRA was designed to be scanned first and read by humans second, so it should give the best performance for this purpose. And you can follow along to confirm or type in the key if necessary. OCRB would be the second choice, but I'd go for OCRA. CTAN has metafont versions of OCRA and OCRB if you use TeX. You can get Type1 and TTF versions of OCRA from the ocr-a-font? project on sourceforge. 1) http://www.mesa.nl/ 2) http://www.gnu.org/software/enscript/enscript.html 3) http://sourceforge.net/projects/ocr-a-font -JimC -- James Cloos OpenPGP: 1024D/ED7DAEA6 From mwood at IUPUI.Edu Fri May 18 15:54:54 2007 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Fri, 18 May 2007 09:54:54 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <47464350-F342-4FEB-AA5F-D1464B9A2BE6@sixdemonbag.org> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> <20070517152440.GA25727@jabberwocky.com> <47464350-F342-4FEB-AA5F-D1464B9A2BE6@sixdemonbag.org> Message-ID: <20070518135453.GD4790@IUPUI.Edu> Of course, paper can also be eaten by bugs or mildew, which wouldn't be interested in polycarbonate or Mylar. The lesson here is that, regardless what medium you choose, let the rated lifetime guide you in developing maintenance procedures but DO NOT depend on it; take each volume out of the vault every year or so and check it. The manufacturer will cheerfully refund your purchase price if their product fails, but how will you get your information back? Anything that absoultely MUST be readable after umpty-ump years should be replicated, all replicas tested frequently for readability, and recopied as needed. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Typically when a software vendor says that a product is "intuitive" he means the exact opposite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070518/8313ba8f/attachment.pgp From groups at caseyljones.net Fri May 18 19:29:59 2007 From: groups at caseyljones.net (Casey Jones) Date: Fri, 18 May 2007 10:29:59 -0700 Subject: Printing Keys and using OCR. In-Reply-To: References: Message-ID: <464DE297.5020905@caseyljones.net> James Cloos wrote: > Use the OCRA font. I did that in the past scaled so that the key used > up most of a single letter sized sheet of paper. I probably used mpage? > or enscript? to do the conversion to PostScript (it has been a while :). > CTAN has metafont versions of OCRA and OCRB if you use TeX. > > You can get Type1 and TTF versions of OCRA from the ocr-a-font? project > on sourceforge. > > 3) http://sourceforge.net/projects/ocr-a-font I got the the OCRA.ttf font from this link but it doesn't have the + - / and = characters used it the ascii ouptput of gpg. Do the fonts from CTAN have those chars. OCRA.ttf has a few other symbols. We could replace the + - / and = chars with the symbols in the OCRA.ttf font before printing. Perhaps also replace the lowercase L and the one and the zero and the uppercase O. At first I was thinking that printing the keys in an ascii format would be superior to a barcode because it would be human readable(at least readable enough to retype), but then I realized that it wouldn't take much damage to the paper to render it unrecoverable. Barcodes are more resilient. But they're not human readable. Maybe the way to go is to use both. Or maybe we should create something like base64 but with error correction chars in both the horizontal and vertical direction. Or maybe we should just print multiple copies. Or maybe print in base16, though we'd still need/want error correction. From benjamin at py-soft.co.uk Fri May 18 20:41:06 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Fri, 18 May 2007 19:41:06 +0100 Subject: Printing Keys and using OCR. In-Reply-To: <20070517152440.GA25727@jabberwocky.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> <20070517152440.GA25727@jabberwocky.com> Message-ID: <464DF342.9020503@py-soft.co.uk> David Shaw wrote: > For paper to last 100 years is not even vaguely impressive. Paper > regularly lasts many hundreds of years even under less than optimal > conditions. All seems rather academic to me as I would expect the current encryption algorithms to be rendered useless by then. Ben From bahamut at digital-signal.net Fri May 18 21:09:24 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Fri, 18 May 2007 14:09:24 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <464DF342.9020503@py-soft.co.uk> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> <20070517152440.GA25727@jabberwocky.com> <464DF342.9020503@py-soft.co.uk> Message-ID: <464DF9E4.7090207@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Benjamin Donnachie wrote: > David Shaw wrote: >> For paper to last 100 years is not even vaguely impressive. Paper >> regularly lasts many hundreds of years even under less than optimal >> conditions. > > All seems rather academic to me as I would expect the current encryption > algorithms to be rendered useless by then. Computing machines do have physical limits, though. Just because the last few decades have shown an exponential growth in computing power doesn't mean the next few will. Perhaps RSA and DSA/El-Gamal keys will be breakable, maybe they won't. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRk354/iOA0Bgp4/LAQPadAgArBwwxEj3+N4LG87Z8oh7k4N/NIMyQrmf 5AXRo5OBL3CIM5zeDe+mAUVktA1nZQw/qa6X2x9A4tFQIik6QEf7MWvt/+0Tor2r zK0pVKh39xMQ3zztHI5CQMghn93eCNIcMZIWrqMhWntZzIQdpr6knHfdpqgXLGx4 P1q+Gy8oRu9MrzQlgNHE1vyJ6rgFc1clMS1YbcCZiMz2HvFilXZl6QAXbVyZQuDx ZzwpJWROCLCPPUmA9zNd3JRJ0QKe6ioEeTPL4lH2Y17A/VLEjLeOFawdSizKkMqr kXqAEDvdnPUYbCzIq5M2dmhN3aW7kgrDVsSIhD/QqxW5umAI3QcubQ== =m5FK -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri May 18 21:14:06 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 18 May 2007 15:14:06 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <464DF342.9020503@py-soft.co.uk> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> <20070517152440.GA25727@jabberwocky.com> <464DF342.9020503@py-soft.co.uk> Message-ID: <20070518191406.GA31770@jabberwocky.com> On Fri, May 18, 2007 at 07:41:06PM +0100, Benjamin Donnachie wrote: > David Shaw wrote: > > For paper to last 100 years is not even vaguely impressive. Paper > > regularly lasts many hundreds of years even under less than optimal > > conditions. > > All seems rather academic to me as I would expect the current encryption > algorithms to be rendered useless by then. Your point does not follow. There are many "useless" algorithms that are still vastly stronger than the attack that most people can bring to bear. Let's say that I printed a DES (1970s era single DES) key on paper. DES is "useless" today, but unless I wanted to invest significant money and time in key cracking (even though it would eventually succeed), I should really keep that paper around and not rely on DES being useless. Even so, you snipped part of my comment in your reply. The point is not only that paper lasts effectively "forever", but also that optical disc doesn't last long enough. For many key-on-paper uses, it doesn't matter much if paper lasts 100 years or 1000 years. It only matters that it lasts longer than I need it to last (e.g. will it last longer than I will). Optical disc doesn't last that long. David From olav at mozilla-enigmail.org Fri May 18 19:38:57 2007 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Fri, 18 May 2007 19:38:57 +0200 Subject: Two SmartCards simultanously? Message-ID: <464DE4B1.7090604@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear List, I intend to share one computer with a person I trust. We both have an OpenPGP SmartCard. My question is whether it is (or will be) possible to install card readers / cards in such a way that we both can sign and decrypt using our respectible card *without* having to change cards in the one reader recognized first. Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRk3krP3SdHpORjpqAQK1IAP+IcLylQaNCAW+P7WYp2dgi0ZADWjLJSew yQ8Gg5bMNAx/G3X4oO6hDcvR9LyN5EV3vzKJ32CrcsD6vaWIw/pMV1XLCAu+e6x2 FUbT1v+uUu4UHoHA7bFBboTdySkGXtNfH9KLsp0FuoELdLCuHrEZ3qYV7Us0hplH upW34LWDOls= =UCJ7 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri May 18 22:37:59 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 18 May 2007 15:37:59 -0500 Subject: Printing Keys and using OCR. In-Reply-To: <464DF342.9020503@py-soft.co.uk> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <20070517012018.GF9678@inept> <20070517033158.GB22961@jabberwocky.com> <464C6191.3050307@digital-signal.net> <20070517152440.GA25727@jabberwocky.com> <464DF342.9020503@py-soft.co.uk> Message-ID: <79E44F88-85F5-4E45-805B-6CB58707BFAF@sixdemonbag.org> > All seems rather academic to me as I would expect the current > encryption > algorithms to be rendered useless by then. Not academic at all. If we know that paper will last for >2000 years assuming just basic precautions, then we know that the lifetime of our media will not be the limiting factor on the lifetime of our private communication. There's something to be said for the knowledge that one part of your system is that phenomenally overdesigned. -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson From johanw at vulcan.xs4all.nl Sat May 19 19:55:55 2007 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Sat, 19 May 2007 19:55:55 +0200 (MET DST) Subject: Printing Keys and using OCR. In-Reply-To: <20070517152440.GA25727@jabberwocky.com> Message-ID: <200705191755.l4JHtt1R031599@vulcan.xs4all.nl> David Shaw wrote: >They're certainly advertised to (I've seen some pretty incredible >claims of 100 years or more), but in practice it doesn't really work >out that way. The manufacturing of the media, the burn quality, the >burner quality, the storage, etc, all have an impact on how long an >optical disc will last. Some tests show that you're lucky to get 10 >years. Well, I'm able to do some tests now with old backup CD's. All my old backups are still perfectly readable, the oldest being from February 1998. I'll keep testing. With modern equipment, not burning discs with maximum speed seems to help. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From jharris at widomaker.com Sun May 20 01:24:58 2007 From: jharris at widomaker.com (Jason Harris) Date: Sat, 19 May 2007 19:24:58 -0400 Subject: new (2007-05-13) keyanalyze results (+sigcheck) Message-ID: <20070519232458.GA2645@wilma.widomaker.com> New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-05-13/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the "permanent" files: 6a8fa7e9c100bc2f85e37b689461bc4e2c19028f 14794434 preprocess.keys 0dbd791d1fbdce69d3ab133bab57910a7cb9e0f6 8609272 othersets.txt 97d1f32de77a872392066451c63a0926240ec127 3543310 msd-sorted.txt 549096e2c81de2a786520e4939df394a3955f504 2278 keyring_stats d5deafa2e5eeca24eb629aece2ff6fe4f741c2b2 1393694 msd-sorted.txt.bz2 ea464636f2aaaa3360f57d72021c160875a36587 26 other.txt f7d8d297d7f02f44fdfd38dcd7b694afa0d3fb98 1870208 othersets.txt.bz2 ee92830ed0c6f406b71b8d5b2f66ca6c54e1ffef 6030649 preprocess.keys.bz2 f47b9ff7b1e3409ef896e42f3792625e48483001 15060 status.txt 367abc7cda9a5ad34fe79bc729c7b7a347d68874 194554 top1000table.html 3d91c96d001cea928312b6c00385069c6acd0ceb 29669 top1000table.html.gz 34cdd07ae84b2a4514b9ff5efb7bf40f3bb1a65c 9785 top50table.html bcc7aa2e0e46d1b08bf2324d54f9de7b64826f9a 2529 D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20070519/c1276c12/attachment.pgp From eocsor at gmail.com Sun May 20 08:58:03 2007 From: eocsor at gmail.com (Roscoe) Date: Sun, 20 May 2007 16:28:03 +0930 Subject: Printing Keys and using OCR. In-Reply-To: <464DE297.5020905@caseyljones.net> References: <464DE297.5020905@caseyljones.net> Message-ID: Thanks for all the replies :) I just tried OCR-A but with limited success. Will add in par2 and see how things go with that. 2D barcode seems alot more suited to the problem, will report back on how well that goes :) And yes, the ctan ocr package does have +=-/ http://www.ctan.org/tex-archive/macros/latex/contrib/ocr-latex/ > I got the the OCRA.ttf font from this link but it doesn't have the + - / > and = characters used it the ascii ouptput of gpg. Do the fonts from > CTAN have those chars. OCRA.ttf has a few other symbols. We could > replace the + - / and = chars with the symbols in the OCRA.ttf font > before printing. Perhaps also replace the lowercase L and the one and > the zero and the uppercase O. > At first I was thinking that printing the keys in an ascii format would > be superior to a barcode because it would be human readable(at least > readable enough to retype), but then I realized that it wouldn't take > much damage to the paper to render it unrecoverable. Barcodes are more > resilient. But they're not human readable. Maybe the way to go is to use > both. Or maybe we should create something like base64 but with error > correction chars in both the horizontal and vertical direction. Or maybe > we should just print multiple copies. Or maybe print in base16, though > we'd still need/want error correction. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From robbat2 at gentoo.org Sun May 20 08:10:14 2007 From: robbat2 at gentoo.org (Robin H. Johnson) Date: Sat, 19 May 2007 23:10:14 -0700 Subject: Printing Keys and using OCR. In-Reply-To: <200705191755.l4JHtt1R031599@vulcan.xs4all.nl> References: <20070517152440.GA25727@jabberwocky.com> <200705191755.l4JHtt1R031599@vulcan.xs4all.nl> Message-ID: <20070520061014.GY17511@curie-int.orbis-terrarum.net> On Sat, May 19, 2007 at 07:55:55PM +0200, Johan Wevers wrote: > Well, I'm able to do some tests now with old backup CD's. All my old > backups are still perfectly readable, the oldest being from February > 1998. I'll keep testing. > > With modern equipment, not burning discs with maximum speed seems to > help. To chime in for a moment, I have CDR backups starting in mid-1995 (doing backups once a month approximately). Of those earliest 10 discs, all of them are still readable, but the media is visibly degrading in 50% of them. - 2 discs (both Dysan, with a gold-looking surface) have the surface foil flaking off around the edges - 3 discs (various) show imperfections in the coloured layer, blotchy. The burner that I had would only reliably burn the first ~500Mb of the discs, so the foil and other problems around the edges have not impacted my data yet. An interesting twist on this, is that some of my newer drives fail to read the old discs properly. The older drives work fine however. -- Robin Hugh Johnson Gentoo Linux Developer & Council Member E-Mail : robbat2 at gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 321 bytes Desc: not available Url : /pipermail/attachments/20070519/d32ff6d7/attachment.pgp From berland at gmail.com Sun May 20 14:50:27 2007 From: berland at gmail.com (Jim Berland) Date: Sun, 20 May 2007 20:50:27 +0800 Subject: GnuPG for a small company -- Questions before I start In-Reply-To: <20070517131046.GE10360@hell.pl> References: <20070517131046.GE10360@hell.pl> Message-ID: Hi Alex On 5/17/07, Janusz A. Urbanowicz wrote: > > Hello everybody, > > > > I am going to try to set up GPG for our small company (about 15 > > people) and would like to ask you guys for some help. Following I will > > write down my thoughts on this, that I had so far. Comments would be > > highly appreciated since I do not want to start this before I don't > > feel confident and have a complete plan. > > First, you should elaborate what is the purpose of the exercise. The > business goal. There is no point of deploying crypto policy in an > organization just for the sake of it, because people will see this as > a unnecessary and pointless exercise. > The main goal is to prevent employees from eavesdropping on each other, since we had cases of stolen information. But even without a motivation like that, I think encrypted email should be set up where possible. There are other flaws in the computer system that would have to be addressed (a secretary has root access to the server to let her start the daily backup process after work), but I'm not in charge of that. I only want to offer my help for a GPG solution, that would help a lot in that enviroment. I might ask some questions related to smartcards soon, that I believe to be a good idea there, if I cannot figure everything out by myself. I am going through the mailing list archives right now. So the goal is to secure email communication between our employees and I think I am able to set this up now. The setup you describe is very similar to what I'm thinking of and thus confirms my ideas. Since I'm going through the trouble of setting everything up and teaching our employees, though, it would be great to also use GPG with business partners. I don't think it's really going to happen, but being ready for it would be a good idea. Especially since we could use GPG to sign emails and maybe raise some interest. In the case of communication with others, I want to use GPG to encrypt and sign messages to proof the identity of the sender. > > To have an internal Web-of-Trust there should be a main key (for the > > company itself) signing the employee's keys and collecting their > > signatures. > > When I did similar things the setup was as follows: > > * there is one well-guarded organization key (org key) > * every person involved has a key signed by the org key > * people keys have designated-revoker set to org key > * all OpenPGP software installation have: > ** mandatory encrypt-to org key > ** ultimate trust for the org key > > If you don't want people to sign keys, issue them encryption-only keypairs. > It would be nice if you could write something about how GPG was used with outsiders in those cases. For example: Do you sign the other company's employee's keys and exchange them or do you only local sign them? In case the other company has an org key, too, do you sign and exchange it or only lsign it? Do you publish the org key to enable others to set a trust level, that allows them to automatically trust the employee's keys signed by it? > But this is quite generic setup and we could help you more if we knew > what you're trying to accomplish. > I didn't tell you much new in this email, I'm afraid, but I really don't know what else to mention. Sorry for that. Thank you very much for your help! From zvrba at globalnet.hr Sun May 20 18:56:00 2007 From: zvrba at globalnet.hr (Zeljko Vrba) Date: Sun, 20 May 2007 18:56:00 +0200 Subject: GnuPG for a small company -- Questions before I start In-Reply-To: References: <20070517131046.GE10360@hell.pl> Message-ID: <87wsz35t9b.fsf@globalnet.hr> "Jim Berland" writes: > > There are other flaws in the computer system that would have to be > addressed (a secretary has root access to the server to let her start > the daily backup process after work), but I'm not in charge of that. I > Huh? That requires only a single suid-root command. > > Since I'm going through the trouble of setting everything up and > teaching our employees, though, it would be great to also use GPG with > business partners. I don't think it's really going to happen, but > If you want secure communication with your partners, you might have better luck with X.509 certificates. They "just work" under windows. The only needed initial setup is import of the root certificate. Free certificates are available from www.cacert.org The advantage of X.509 is that it's rooted trust model, ie. a key cannot have multiple signatures (you expressed that as a concern earlier; signatures can be used to infer relationships). If you and you partners use a common neutral CA, such as cacert.org, no such relationship can be inferred. Plus, X.509 certificates have capabilities (KeyUsage field, such as signature and encryption) which distinguish normal signing and key signing. User certificates do not have the "KeySign" capability turned on. Yes, an employee can still use "normal" (w/o KeySign capability) certificate to issue another certificate. However, standard-conforming software such as OpenSSL will a) not allow such issuance to be made [in effect, one has to code own CA which disregards key usage policies], and b) trust chain will be rejected by standard software [eg OpenSSL and Windows CryptoAPI; these are much harder to "convince" in alternate verification strategies, if possible at all with CryptoAPI]. From groups at caseyljones.net Mon May 21 02:10:24 2007 From: groups at caseyljones.net (Casey Jones) Date: Sun, 20 May 2007 17:10:24 -0700 Subject: Printing Keys and using OCR. In-Reply-To: References: <464DE297.5020905@caseyljones.net> Message-ID: <4650E370.6000308@caseyljones.net> Roscoe wrote: > I just tried OCR-A but with limited success. Will add in par2 and see > how things go with that. That should be interesting. I'm now leaning even more towards hex (base16) rather than base64. There would be less opportunity for confusion for the OCR. I was thinking it would be too inefficient but then I realized that hex gets four bits per char and base64 only gets six, so hex is only 50% bigger. If the error rate was sufficiently low, you might be able to get away with a much smaller font as well. A font half the size would store four times as much per page. I'm thinking about writing a small simple script to print the hex with parity or checksum or a simple error correction value at the side of each row and the bottom of each column. The script that checks the parity could mark the rows and columns with errors, thereby allowing you to do human OCR to correct the errors if the characters hadn't been obliterated and if there weren't too many errors. As long as one is doing such a script one might as well pick 16 chars that are more distinct than the usual 0-9A-F. A short sentence could be put at the bottom of the page to tell how to decode it, or the script itself might be included on another page. From dshaw at jabberwocky.com Mon May 21 03:47:09 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 20 May 2007 21:47:09 -0400 Subject: Printing Keys and using OCR. In-Reply-To: <419F928F-0112-1000-A2FD-99C2A25F9BF2-Webmail-10021@mac.com> References: <46499BF5.1030903@caseyljones.net> <5d7f07420705150707s6f1503e5ibdac8d70c6c54f53@mail.gmail.com> <20070516192824.GA22290@jabberwocky.com> <419F928F-0112-1000-A2FD-99C2A25F9BF2-Webmail-10021@mac.com> Message-ID: <20070521014709.GA3159@jabberwocky.com> On Wed, May 16, 2007 at 03:04:40PM -0700, Joseph Oreste Bruni wrote: > >For example, the regular DSA+Elgamal secret key I just tested comes > >out to 1281 bytes. The secret parts of that (plus some minor packet > >structure) come to only 149 bytes. It's a lot easier to enter 149 > >bytes correctly. > > > >David > > > > Does this sort of functionality exist in gpg today? This sounds like > a great solution. My public key contains a small JPEG that adds > about 1200 bytes. But if that is replicated in my secret key, I'd > not care to hand enter it in the case of a paper-based recovery. It doesn't currently exist, but I'll see what I can put together. Something that prints out the necessary bytes with a checksum would be useful to have. David From james at freecharity.org.uk Tue May 22 12:11:58 2007 From: james at freecharity.org.uk (James Davis) Date: Tue, 22 May 2007 11:11:58 +0100 Subject: Problems using SCR335 and gnupgp Message-ID: <4652C1EE.8000000@freecharity.org.uk> I've recently bought a SCR335 card reader and gnupg smartcard. I'm having difficulties getting the card reader working on my Debian 4.0 system with gnupg 1.4.6 I've followed the instructions at http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto.html but running --card-status gives the following error. # gpg --card-status winscard_clnt.c:3232:SCardCheckDaemonAvailability() PCSC Not Running gpg: pcsc_establish_context failed: no service (0x8010001d) gpg: card reader not available gpg: OpenPGP card not available: general error dmesg gives the following on unplugging and replugging in the reader usb 5-3.2: USB disconnect, address 7 usb 5-3.2: new full speed USB device using ehci_hcd and address 8 usb 5-3.2: configuration #1 chosen from 1 choice and lsusb correctly shows the reader cressida:~# lsusb Bus 005 Device 008: ID 04e6:5115 SCM Microsystems, Inc. SCR335 SmartCard Reader Any idea on where I should be looking to solve my problem? Thanks, James -- http://www.freecharity.org.uk/ - Free IT services for charities http://www.freecharity.org.uk/wiki/ - The VCSWiki From me at psmay.com Tue May 22 15:33:51 2007 From: me at psmay.com (Peter S. May) Date: Tue, 22 May 2007 09:33:51 -0400 Subject: Feature request: load gpg.conf from the same directory as GPG In-Reply-To: <464B0CBA.3020607@digital-signal.net> References: <464B0CBA.3020607@digital-signal.net> Message-ID: <4652F13F.2090503@psmay.com> Andrew Berg wrote: > In instances where GPG is used on a portable drive and used on > different machines, it is much better to have gpg.conf read from the > same directory as GPG rather than read from %appdata%\gnupg or > ~/.gnupg. Just to have it check the same directory, then > %appdata%\gnupg or ~/.gnupg would be a big help. There's been plenty of discussion on this channel concerning whether or not you even should use this stuff on computers that aren't your own. Assuming it's an okay idea, set either --options or --homedir, or set $GNUPGHOME in your env. PSM -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070522/556b33d4/attachment.pgp From james at freecharity.org.uk Tue May 22 15:28:09 2007 From: james at freecharity.org.uk (James Davis) Date: Tue, 22 May 2007 14:28:09 +0100 Subject: Problems using SCR335 and gnupgp In-Reply-To: <4652C1EE.8000000@freecharity.org.uk> References: <4652C1EE.8000000@freecharity.org.uk> Message-ID: <4652EFE9.7080308@freecharity.org.uk> Please ignore my last message. Some other software was stealing away the reader :-) It's now working fine. James -- http://www.freecharity.org.uk/ - Free IT services for charities http://www.freecharity.org.uk/wiki/ - The VCSWiki From cwsiv_2nd at hotpop.com Mon May 21 04:18:36 2007 From: cwsiv_2nd at hotpop.com (Carl) Date: Mon, 21 May 2007 02:18:36 -0000 Subject: Second problem...gpg or kgpg? In-Reply-To: <200704060129.38524.yochanon@localnet.com> References: <200704060129.38524.yochanon@localnet.com> Message-ID: <1177698249.11212.16.camel@linux.site> On Fri, 2007-04-06 at 01:29 -0500, John B wrote: > Hi again, > > Out of the blue, it seems kgpg doesn't see my .gnupg directory. I opened it > up the other day just to check something, and it showed no keys at all. I > went into the settings and all it allows is to see my /home/me directory > which has a couple of .asc keys(?) in it but had no gpg.conf file until I > imported the .asc keys. > Is there a way to fix what's going on? Has this happened to anyone else? I > did absolutely nothing with gpg or kgpg...no updates (other than the SuSE > security update 2 or 3 months ago IIRR) to either of them. Still with 1.4.1 I > think it is and was working fine until I happened to see it the other day. > Sorry I'm not too good at explaining myself, but if there's any more info > needed, it's easier if someone asks me and then I'll know better what needs > to be said about my problem. Which version Suse and version of KGPG. I do wish they would Seahorse its better than kgpg -- ______ ____ __ ____ _______. __ ____ ____ / |\ \ / \ / / / || | \ \ / / | ,----' \ \/ \/ / | (----`| | \ \/ / | | \ / \ \ | | \ / | `----. \ /\ / .----) | | | \ / \______| \__/ \__/ |_______/ |__| \__/ From hhhobbit at securemecca.net Tue May 22 20:17:52 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Tue, 22 May 2007 12:17:52 -0600 Subject: In-Reply-To: References: Message-ID: <465333D0.3020506@securemecca.net> Zeljko Vrba writes: > > "Jim Berland" writes: > >> >> There are other flaws in the computer system that would have >> to be addressed (a secretary has root access to the server to >> let her start the daily backup process after work), but I'm >> not in charge of that. >> > > Huh? That requires only a single suid-root command. > You said "root" so I assume Unix. Better yet, that requires nobody at all unless you need somebody to change the media. Just use cron to do automated backups. For Fedora / RedHat / OpenSuse / Novell the default crond chkconfig setting enables it (I can't speak for other versions of Linux or Macs): crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off On older style Unix systems, they MUST have cron running. That is what is used to trim the logs, etc. For MS Windows you also have software to do backups for you in an automated fashion. Your "not in charge" makes me worry about the politics of what you are doing. >> >> Since I'm going through the trouble of setting everything up and >> teaching our employees, though, it would be great to also use GPG >> with business partners. I don't think it's really going to happen, >> but >> > > If you want secure communication with your partners, you might > have better luck with X.509 certificates. They "just work" > under windows. The only needed initial setup is import of the > root certificate. Free certificates are available from > www.cacert.org ... All of the things Zeljko said here (why repeat it?) are true. More to the point, X.509 are what most other MS Windows oriented companies will be using. They may not be using the free certificates though. Everybody I have heard wants a middle company doing some sort of investigation of both parties. It gives them that warm fuzzy feeling. It's not that the companies don't trust the OpenPGP WOT model; they don't even know about it. There are cases where other companies will specify OpenPGP, and there is one case in the GnuPG archives for you to look at. The posters were using a Sun Solaris system on their end but I can't remember what the people on the other end were using other than it was also a Unix system. Look around your shop. If it is almost all Microsoft Windows then lean towards X.509. If it is all Linux, then lean towards OpenPGP. But when it comes to other companies other than your own, ASK THEM. Ask all the other companies you deal with what they want you to use. Zimmerman made the statement to the effect that it isn't so much "big brother" that will be doing the spying as it is other companies that will be spying on your company to gain a competitive advantage. You have already alluded to the loss of confidential information. In other words, you need SOME sort of encryption. But more to the point, you need the blessing of those that are in charge to implement it, at least on a trial basis in those areas where your company is having problems. Since you have already had cases of stolen information, that should be an easy sell. But sometimes it isn't. There an awful lot of Paris Hilton's out there (people that don't secure their data). Worse, they don't see any reason for securing their data either. HHH From groups at caseyljones.net Tue May 22 21:21:20 2007 From: groups at caseyljones.net (Casey Jones) Date: Tue, 22 May 2007 12:21:20 -0700 Subject: Old PC as Hardware Security Module? In-Reply-To: <200705190150.55184.pg@futureware.at> References: <46482183.20004@caseyljones.net> <200705142316.01289.pg@futureware.at> <46495FBE.1010809@caseyljones.net> <200705190150.55184.pg@futureware.at> Message-ID: <465342B0.7070809@caseyljones.net> Philipp G?hring wrote: >>>> Does anyone know of software available to make an old PC into something >>>> like a hardware security module. >>> Yes, I developed exactly such software. >> Great. What is it called? Is it available? > > It?s called CommModule. It isn?t publically available yet, but it could be > made available upon reasonable demand. All I can say is that I'm probably not the only one who would be greatful if you would grant freedom to that program. > Yes, and how do you use your pocket calculator or paper and pencil to verify > that the thing where you expect a signature doesn?t actually have one? All I meant was that if for example, you signed an email, you could look at the email and see if it had a signature before you sent it. Of course if you do this simple inspection on a compromised computer you are vulnerable to the following attack. >> The attacker could sign something else and put a fake >> signature on what you wanted to sign. > > Or it could could tell you that the signing didn?t work because of a random > error. Good point. I guess you would have to keep in mind that an error could be an indication of compromise. A counter on your HSM could tell you if the operation was completed, and if so, more careful investigation might be warranted. Maybe the HSM should have a light that blinks in a distinctive manner to indicate that the signature had been successfully transmitted back to the computer. Maybe the HSM should store the last few hashes that it signed so you could boot to a live CD and verify that the hash that the HSM signed was the right one for the document you wanted signed. If the HSM signed the wrong document, which presumably the attacker wouldn't let you find, then that would be a strong indication of compromise. You could also pull your network cable before doing any decryptions so you would have time to investigate errors before the data leaked out. >> But then if anyone checked the >> signature, it wouldn't verify. > > Yes, but what if it is too late then? Having limited signatures or decryptions in your HSM doesn't make you invulnerable, it's just significantly better than unlimited. > The question is, whether your application is that critical (and time > critical). I'd say it's worth it even for low security situations. It may not be worth it if you have to boot a separate computer. I would prefer the device to be small and quick to activate like a smart card is. >> Are there some other major weaknesses in the one operation limit that I >> haven't thought of? > > Secret-Key leakage with algorithms like DSS How does secret-key leakage by DSS relate to limiting your HSM to one signature or decryption per button press? > Well, there are several big questions from my point of view: > * Does the HSM actually know what it is doing? Does it know, what it is > signing? Or does it just sign a hash, and doesn?t know what the hash stands > for? The HSM doesn't know what it's signing. For high security applications I would suggest taking whatever measures are necessary to secure the workstation sufficiently to be trustworthy so you know what you're signing. It's home computers which are used for high risk activities like web browsing and reading email that would benefit most from an HSM, because they don't have expensive security arrangements. From bahamut at digital-signal.net Tue May 22 22:35:48 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Tue, 22 May 2007 15:35:48 -0500 Subject: Feature request: load gpg.conf from the same directory as GPG In-Reply-To: <4652F13F.2090503@psmay.com> References: <464B0CBA.3020607@digital-signal.net> <4652F13F.2090503@psmay.com> Message-ID: <46535424.6080902@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Peter S. May wrote: > Andrew Berg wrote: >> In instances where GPG is used on a portable drive and used on >> different machines, it is much better to have gpg.conf read from the >> same directory as GPG rather than read from %appdata%\gnupg or >> ~/.gnupg. Just to have it check the same directory, then >> %appdata%\gnupg or ~/.gnupg would be a big help. > > There's been plenty of discussion on this channel concerning whether or > not you even should use this stuff on computers that aren't your own. It's a shared home machine, and I'd rather not even use the user-specific directory on my own machine. > Assuming it's an okay idea, set either --options or --homedir, or set > $GNUPGHOME in your env. I'm not entirely sure how to do that. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRlNUJPiOA0Bgp4/LAQNstQgAs07YlX9D1rm/ayGtXY8fFaYY918jKFTZ az9g/sVXLM+l4DO6SyZ90fKmy1OJ7zyCHTMWuyPj0Js5DgTvcbHS+wyNm1JrM8f2 hWxUP4t8pNgVJOQBijXAp8gKgJy+Tu2HeLqPYy11eVBsPyI18j4lKlL5Dx8+Eu/6 Mfpu52ebSWtMUTm4z/Uyio4dtukpTh83jIMHTk5dXFJmLrIKDimNVOv/2XFRd+5q dsQOmdOBGaIjQ0uTlFrzEeTlaQOqOFVrrp8R8YPFrmcR1M4YjWq0ihjPsgNecdpi QSP0AMNqj/HF7kCRgZsu5NiLHmf1XJVhoTpFBKyo6n/tzjSEOuPoig== =BvC4 -----END PGP SIGNATURE----- From JPClizbe at tx.rr.com Wed May 23 06:20:43 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Tue, 22 May 2007 23:20:43 -0500 Subject: Feature request: load gpg.conf from the same directory as GPG In-Reply-To: <46535424.6080902@digital-signal.net> References: <464B0CBA.3020607@digital-signal.net> <4652F13F.2090503@psmay.com> <46535424.6080902@digital-signal.net> Message-ID: <4653C11B.6070500@tx.rr.com> Andrew Berg wrote: > Peter S. May wrote: >> Andrew Berg wrote: >>> In instances where GPG is used on a portable drive and used on >>> different machines, it is much better to have gpg.conf read from the >>> same directory as GPG rather than read from %appdata%\gnupg or >>> ~/.gnupg. Just to have it check the same directory, then >>> %appdata%\gnupg or ~/.gnupg would be a big help. I can easily think of two ways of overriding the default HomeDir location, $GNUPGHOME (%GNUPGHOME% on windows) and --homedir. FWIW, the "look for gpg.conf in same directory as executable" idea, falls apart if you ever need to have additional copies of GnuPG in the case of different OS or CPUs. Storing user data together with programs is generally considered a "BAD Idea?". Just for reference, here's a relevant chunk of docs\README.W32 (README-W32.txt) which the installer includes with the binaries: Home directory: =============== GnuPG makes use of a per user home directory to store its keys as well as configuration files. The default home directory is a directory named "gnupg" below the application data directory of the user. This directory will be created if it does not exist. Being only a default, it may be changed by setting the name of the home directory into the Registry under the key HKEY_CURRENT_USER\Software\GNU\GnuPG using the name "HomeDir". If an environment variable "GNUPGHOME" exists, this even overrides the registry setting. The command line option "--homedir" may be used to override all other settings of the home directory. and the file NEWS (docs\NEWS.txt) in the section for 1.4.1 gives the search algorithm: * [W32] The algorithm for the default home directory changed: First we look at the environment variable GNUPGHOME, if this one is not set, we check whether the registry entry {HKCU,HKLM}\Software\GNU\GnuPG:HomeDir has been set. If this fails we use a GnuPG directory below the standard application data directory (APPDATA) of the current user. Only in the case that this directory cannot be determined, the old default of c:\gnupg will be used. The option --homedir still overrides all of them. >> There's been plenty of discussion on this channel concerning whether or >> not you even should use this stuff on computers that aren't your own. > It's a shared home machine, and I'd rather not even use the > user-specific directory on my own machine. It would be just as valid to leave gpg.conf in its default location and redirect GnuPG to the keyring files. There's really nothing 'security sensitive' in gpg.conf. I do things that way so I can move my keys to machines running different operating systems without worrying about file access semantics in gpg.conf. >> Assuming it's an okay idea, set either --options or --homedir, or set >> $GNUPGHOME in your env. > I'm not entirely sure how to do that. For illustration, I'll use the location I use for my keyrings. If only using GnuPG in a command window... SET GNUPGHOME=O:\GnuPG If you only need to use GnuPG with Enigmail within Thunderbird, you can do this using Enigmail's preferences. From Thunderbird's menu bar, OpenPGP --> Preferences. If the 'Display expert settings' box is unchecked, check it now. Now click on the Advanced tab. In the box labeled 'Additional parameters for GnuPG', add '--homedir O:\GnuPG' (without the quotes and changing to whatever path you are using). To set it for all your applications, you can define an environment variable using Control Panel. Control Panel --> System --> Advanced --> 'Environment Variables' button. Under 'User variables' at the top of the panel, click the 'New' button. For Variable Name, enter GNUPGHOME For Variable Value, enter the location you are using, eg O:\GnuPG Click OK three times to close the applet. BTW, right-clicking the desktop's My Computer icon and selecting Properties is equivalent to Control Panel-->System. (Start --> Run --> sysdm.cpl [OK] also will work.) If you have not already done so, you should make sure that the PATH entry in the same set of user variables contains the location of the gpg binary you are using. In this example, I'd add O:\GnuPG; to the beginning of the string (don't forget the semicolon). Changes to user environment variables show up for any newly created process, so you may need to restart Thunderbird - I don't recall if Enigmail's exec of gpg creates a new process environment or inherits its environment from Thunderbird. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070522/c446ec01/attachment-0001.pgp From bahamut at digital-signal.net Wed May 23 15:27:11 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Wed, 23 May 2007 08:27:11 -0500 Subject: Feature request: load gpg.conf from the same directory as GPG In-Reply-To: <4653C11B.6070500@tx.rr.com> References: <464B0CBA.3020607@digital-signal.net> <4652F13F.2090503@psmay.com> <46535424.6080902@digital-signal.net> <4653C11B.6070500@tx.rr.com> Message-ID: <4654412F.2000605@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 John Clizbe wrote: > FWIW, the "look for gpg.conf > in same directory as executable" idea, falls apart if you ever need to have > additional copies of GnuPG in the case of different OS or CPUs. There's not really a directory that W32, Mac, and*nix versions will share without tinkering, so everything would "fall apart" in that case, wouldn't it? > Storing user data together with programs is generally considered a "BAD Idea?". Only if there are other users. >> It's a shared home machine, and I'd rather not even use the >> user-specific directory on my own machine. > It would be just as valid to leave gpg.conf in its default location and redirect > GnuPG to the keyring files. There's really nothing 'security sensitive' in > gpg.conf. I know that. I just don't like having things in %appdata%. >> I'm not entirely sure how to do that. > > For illustration, I'll use the location I use for my keyrings. > > If only using GnuPG in a command window... > > SET GNUPGHOME=O:\GnuPG > > If you only need to use GnuPG with Enigmail within Thunderbird, you can do this > using Enigmail's preferences. From Thunderbird's menu bar, OpenPGP --> > Preferences. If the 'Display expert settings' box is unchecked, check it now. > Now click on the Advanced tab. In the box labeled 'Additional parameters for > GnuPG', add '--homedir O:\GnuPG' (without the quotes and changing to whatever > path you are using). > > To set it for all your applications, you can define an environment variable > using Control Panel. > > Control Panel --> System --> Advanced --> 'Environment Variables' button. Under > 'User variables' at the top of the panel, click the 'New' button. > For Variable Name, enter GNUPGHOME > For Variable Value, enter the location you are using, eg O:\GnuPG > > Click OK three times to close the applet. BTW, right-clicking the desktop's My > Computer icon and selecting Properties is equivalent to Control Panel-->System. > (Start --> Run --> sysdm.cpl [OK] also will work.) For some reason setting the variable via CP didn't work, but the set command did. This is especially strange since I set another variable via CP, and it has worked the whole time. I was familiar with setting such variables, but I did not know that GPG would pick up on %gnupghome%. Of all the docs I read to try to solve this problem, I just had to overlook readme.w32 and news.txt. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRlRBLviOA0Bgp4/LAQOJXggA0BJibQenFCblksl9Y2cbJCzXMKdRN43q yjLNUxkegsws74LBdxeUGmEiRDIZ1mn4TE5DSqPzlzO9mSrtDPaJot8kldK4pQd0 Smp7goV3h7QMX3mb8oqSNJSzhw3BlwyvrunVJwqIrvz+hRe/PP5OYBeY/1Wz3HWQ NYkv5/mdMI8b3K/3owx2tS/F8bNWk9jSSDIAFU16bAKB/EGOvovzE60pEja36TQa idmgqZWIT182wcAI6N0MnXTsiLTkTbOvuKNoHdwUT01g5WSlv3VmXKokONostagN OI44Uy5dTKXhvOGy33L08ntZeB+HvG/eI7eggGEvaAwak8nRwogq9w== =NdqC -----END PGP SIGNATURE----- From imacat at mail.imacat.idv.tw Wed May 23 22:01:35 2007 From: imacat at mail.imacat.idv.tw (imacat) Date: Thu, 24 May 2007 04:01:35 +0800 Subject: Advice Upgrading to GnuPG 2 Message-ID: <20070524040126.4615.IMACAT@mail.imacat.idv.tw> Dear all, Hi. This is imacat from Taiwan. I'm currently running GnuPG 1.4.7. It works nicely. I'm wondering if I should upgrade to GnuPG 2. I'm thinking about that, even if I installed, I may never use it. I'm used to the binary name "gpg", but not "gpg2". And most environments I'm working on are servers, not desktops. I use GnuPG from console mostly to check software package signatures, but not sign and encrypt information. I do not need gpg-agent at all in such cases. Can someone give me an advice whether I should upgrade to GnuPG 2 in my case? Will there be any security benefit upgrading it or not? Thank you very much in advance. -- Best regards, imacat ^_*' PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt <> News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20070524/138c6334/attachment.pgp From engage at n0sq.us Thu May 24 01:21:38 2007 From: engage at n0sq.us (engage) Date: Wed, 23 May 2007 17:21:38 -0600 Subject: decryption not possible? Message-ID: <200705231721.39196.engage@n0sq.us> I wasn't prompted for a passphrase! gnupg2-1.9.22-2.2mdv2007.0 gnupg-1.4.7-0.2mdv2007.0 kdepim-kmail-3.5.4-12mdv2007.0 From rjh at sixdemonbag.org Thu May 24 04:46:53 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 23 May 2007 21:46:53 -0500 Subject: decryption not possible? In-Reply-To: <200705231721.39196.engage@n0sq.us> References: <200705231721.39196.engage@n0sq.us> Message-ID: > I wasn't prompted for a passphrase! Without more information, it's impossible to tell you anything useful. We need to know a lot more than this. -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson From wk at gnupg.org Thu May 24 10:59:50 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 24 May 2007 10:59:50 +0200 Subject: Advice Upgrading to GnuPG 2 In-Reply-To: <20070524040126.4615.IMACAT@mail.imacat.idv.tw> (imacat@mail.imacat.idv.tw's message of "Thu, 24 May 2007 04:01:35 +0800") References: <20070524040126.4615.IMACAT@mail.imacat.idv.tw> Message-ID: <878xbea96h.fsf@wheatstone.g10code.de> On Wed, 23 May 2007 22:01, imacat at mail.imacat.idv.tw said: > I'm thinking about that, even if I installed, I may never use it. > I'm used to the binary name "gpg", but not "gpg2". And most > environments I'm working on are servers, not desktops. I use GnuPG from 1.4.7 is better for servers. Shalom-Salam, Werner From imacat at mail.imacat.idv.tw Thu May 24 16:51:22 2007 From: imacat at mail.imacat.idv.tw (imacat) Date: Thu, 24 May 2007 22:51:22 +0800 Subject: Advice Upgrading to GnuPG 2 In-Reply-To: <878xbea96h.fsf@wheatstone.g10code.de> References: <20070524040126.4615.IMACAT@mail.imacat.idv.tw> <878xbea96h.fsf@wheatstone.g10code.de> Message-ID: <20070524225109.117F.IMACAT@mail.imacat.idv.tw> On Thu, 24 May 2007 10:59:50 +0200 Werner Koch wrote: > On Wed, 23 May 2007 22:01, imacat at mail.imacat.idv.tw said: > > I'm thinking about that, even if I installed, I may never use it. > > I'm used to the binary name "gpg", but not "gpg2". And most > > environments I'm working on are servers, not desktops. I use GnuPG from > 1.4.7 is better for servers. Thank you. I shall stick with my GnuPG 1.4.7. -- Best regards, imacat ^_*' PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt <> News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20070524/28ec9d8d/attachment.pgp From peter_z_g at yahoo.co.uk Thu May 24 07:50:20 2007 From: peter_z_g at yahoo.co.uk (ptr) Date: Wed, 23 May 2007 22:50:20 -0700 (PDT) Subject: easy way to confirm email validity Message-ID: <10777804.post@talk.nabble.com> Hi, I'm looking at easy way for my email recipients to validate that email sent from me is actually from me. I was thinking about some web way, ie: they could copy and paste email body to verify it. Is there some secure provider of such service? Are there maybe better ways to do it? Thanx Peter -- View this message in context: http://www.nabble.com/easy-way-to-confirm-email-validity-tf3808131.html#a10777804 Sent from the GnuPG - User mailing list archive at Nabble.com. From jbruni at mac.com Thu May 24 17:42:34 2007 From: jbruni at mac.com (Joseph Oreste Bruni) Date: Thu, 24 May 2007 08:42:34 -0700 Subject: easy way to confirm email validity In-Reply-To: <10777804.post@talk.nabble.com> References: <10777804.post@talk.nabble.com> Message-ID: <14427A97-EA47-4531-95A3-BD374AC6EC88@mac.com> Securing normal email can be done using either an OpenPGP-compliant email client and/or one that support S/MIME using X.509 certificates. Trying to secure webmail is a lot more tedious since you'd need to prepare the email in a local text-editor, sign it using GnuPG, and paste the resulting text into your browser. The recipient would copy the received text and use GnuPG to validate the signature. This is a very tedious process. If you want easy, you should use a local email program (POP3, IMAP, SMTP). On May 23, 2007, at 10:50 PM, ptr wrote: > > Hi, > I'm looking at easy way for my email recipients to validate that > email sent > from me is actually from me. > I was thinking about some web way, ie: they could copy and paste > email body > to verify it. > Is there some secure provider of such service? > Are there maybe better ways to do it? > > Thanx > Peter > > -- > View this message in context: http://www.nabble.com/easy-way-to- > confirm-email-validity-tf3808131.html#a10777804 > Sent from the GnuPG - User mailing list archive at Nabble.com. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From rjh at sixdemonbag.org Thu May 24 17:47:16 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 24 May 2007 11:47:16 -0400 Subject: easy way to confirm email validity In-Reply-To: <10777804.post@talk.nabble.com> References: <10777804.post@talk.nabble.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I'm looking at easy way for my email recipients to validate that > email sent > from me is actually from me. The obvious way is to suggest they use an OpenPGP application, such as GnuPG or PGP, to verify your signature. > Is there some secure provider of such service? It all depends on whom you're willing to trust, and how much you're willing to trust them. > Are there maybe better ways to do it? If they need to validate your email, OpenPGP is one of the best ways to do it. S/MIME would also work well for the task. (Given that this is the GnuPG-Users mailing list, any further comments I make on this will be GnuPG only. However, honesty required that I point out alternatives.) - -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkZVs4UACgkQf2XByo0Cu7NnUQDfdaBLcoMSLiHXTvNyTlQTTGDT aZt49Ng4momhywDeM+JQYQc+hxcRPWAg/3KEpobPL4/vR6n8vbZPj4kBHAQBAQgA BgUCRlWzhQAKCRC3APSC/q+BCU2PB/9vgEFPRAH9XK5FokZyW/DOq74sn+md4UsT 9bcsXJVW85k/uLPPZUJ9stSKrqVQ+j2HVVKTRbEvmPSo+GET4PF2jp3R2yzgz5IF 2eChS5xgqubMedg0DHSWHapXL3eFYU7E18dESQVh5qR5wE3XVOLLUaKdC9bJS/fN hLWyBaLNW5SGJKsWueoqRGT8yF7DWz6gxlkwGRrD8px23uNMR3y8avDUPTuC9l7l RLBxnH6GGEE0uLJgsm2jnTw67+/j89aiEdV3b72w6sk/uCVVn9ZBuVRagI0OcTFO qk/5a5640xbybW4EjobzK0l8PTzV/hstEmzWMhNWnr+c9R0FcLLP =1MeM -----END PGP SIGNATURE----- From sadam at clemson.edu Thu May 24 18:16:24 2007 From: sadam at clemson.edu (Adam Schreiber) Date: Thu, 24 May 2007 12:16:24 -0400 Subject: easy way to confirm email validity In-Reply-To: <14427A97-EA47-4531-95A3-BD374AC6EC88@mac.com> References: <10777804.post@talk.nabble.com> <14427A97-EA47-4531-95A3-BD374AC6EC88@mac.com> Message-ID: <8298be230705240916w9a766ffg572db3079a51840b@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/24/07, Joseph Oreste Bruni wrote: > Trying to secure webmail is a lot more tedious since you'd need to > prepare the email in a local text-editor, sign it using GnuPG, and > paste the resulting text into your browser. The recipient would copy > the received text and use GnuPG to validate the signature. This is a > very tedious process. Seahorse for GNOME provides an extension for Epiphany that allows a user to encrypt/sign/decrypt/verify any text field. I've been using it with the Encryption Applet that Seahorse provides and Gmail quite handily. The only issue is that sometimes Gmail likes to insert its own CRs that mess with verification. Cheers, Adam Schreiber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGVbq/jU1oaHEI4wgRAhrTAJwOABfzejMWSC6V6NgTpH3x8jvsBgCfbCnf KydW3ZNWI0mvxbtvKfthGEE= =0+uG -----END PGP SIGNATURE----- From sadam at clemson.edu Thu May 24 18:50:38 2007 From: sadam at clemson.edu (Adam Schreiber) Date: Thu, 24 May 2007 12:50:38 -0400 Subject: easy way to confirm email validity In-Reply-To: References: <10777804.post@talk.nabble.com> <14427A97-EA47-4531-95A3-BD374AC6EC88@mac.com> <8298be230705240916w9a766ffg572db3079a51840b@mail.gmail.com> Message-ID: <8298be230705240950y7bb4d7a2hca50f834f1b2c7c2@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/24/07, Hardeep Singh wrote: > Can you provide more info on this? Can windows users use this with Cygwin or > something? what is Seahorse? Seahorse[1] is a password and encryption key manager for the GNOME desktop. Additionally, it provides plugins and extensions to other programs to allow them to integrate OpenPGP encryption into their functionality. We've received build patches for Cygwin, so I assume it's able to be built and installed. What level of functionality/integration it then affords is unknown to me. Cheers, Adam [1] http://projects.gnome.org/seahorse -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGVcLOjU1oaHEI4wgRAu8nAKCYbPg98FjhU2inWgpRFiNAQM16vgCglNNx mgVHLoHNlhpQ2iYfdiMyp4s= =av8W -----END PGP SIGNATURE----- From peter_z_g at yahoo.co.uk Thu May 24 19:29:11 2007 From: peter_z_g at yahoo.co.uk (ptr) Date: Thu, 24 May 2007 10:29:11 -0700 (PDT) Subject: easy way to confirm email validity In-Reply-To: References: <10777804.post@talk.nabble.com> Message-ID: <10788851.post@talk.nabble.com> I cannot "force" my recipients to install any PGP software so I was thinking about creating signature verification form on my website. If someone wanted to check if the email is really from me, he/she could paste the signed email part on the form, then the server-side script would verify that. I'm quite new to PGP, so correct me if I'm wrong and don't laugh too much :) ; would this be achievable? I know I'd need to have my public key accessible to the validation script. While writting this response I've actually stumbled across a page that I think does what I need (http://www.sin-online.nl/ds/) Actual coding of the script should be v.easy, I'm just not sure if the concept is correct. Thanx in advance Peter Robert J. Hansen-3 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> I'm looking at easy way for my email recipients to validate that >> email sent >> from me is actually from me. > > The obvious way is to suggest they use an OpenPGP application, such > as GnuPG or PGP, to verify your signature. > >> Is there some secure provider of such service? > > It all depends on whom you're willing to trust, and how much you're > willing to trust them. > >> Are there maybe better ways to do it? > > If they need to validate your email, OpenPGP is one of the best ways > to do it. S/MIME would also work well for the task. > > (Given that this is the GnuPG-Users mailing list, any further > comments I make on this will be GnuPG only. However, honesty > required that I point out alternatives.) > > > > - -- > Robert J. Hansen > > "Most people are never thought about after they're gone. 'I wonder > where Rob got the plutonium?' is better than most get." -- Phil Munson > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > > iFYEAREIAAYFAkZVs4UACgkQf2XByo0Cu7NnUQDfdaBLcoMSLiHXTvNyTlQTTGDT > aZt49Ng4momhywDeM+JQYQc+hxcRPWAg/3KEpobPL4/vR6n8vbZPj4kBHAQBAQgA > BgUCRlWzhQAKCRC3APSC/q+BCU2PB/9vgEFPRAH9XK5FokZyW/DOq74sn+md4UsT > 9bcsXJVW85k/uLPPZUJ9stSKrqVQ+j2HVVKTRbEvmPSo+GET4PF2jp3R2yzgz5IF > 2eChS5xgqubMedg0DHSWHapXL3eFYU7E18dESQVh5qR5wE3XVOLLUaKdC9bJS/fN > hLWyBaLNW5SGJKsWueoqRGT8yF7DWz6gxlkwGRrD8px23uNMR3y8avDUPTuC9l7l > RLBxnH6GGEE0uLJgsm2jnTw67+/j89aiEdV3b72w6sk/uCVVn9ZBuVRagI0OcTFO > qk/5a5640xbybW4EjobzK0l8PTzV/hstEmzWMhNWnr+c9R0FcLLP > =1MeM > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://www.nabble.com/easy-way-to-confirm-email-validity-tf3808131.html#a10788851 Sent from the GnuPG - User mailing list archive at Nabble.com. From eray.aslan at caf.com.tr Thu May 24 18:01:35 2007 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Thu, 24 May 2007 19:01:35 +0300 Subject: GnuPG for a small company -- Questions before I start In-Reply-To: <20070517131046.GE10360@hell.pl> References: <20070517131046.GE10360@hell.pl> Message-ID: <4655B6DF.8030809@caf.com.tr> On 17.05.2007 16:10, Janusz A. Urbanowicz wrote: [...] > When I did similar things the setup was as follows: > > * there is one well-guarded organization key (org key) > * every person involved has a key signed by the org key > * people keys have designated-revoker set to org key > * all OpenPGP software installation have: > ** mandatory encrypt-to org key Which option is that in gpg.conf? > ** ultimate trust for the org key How does one deal with people quitting or people getting hired? You can revoke the keys for those that quit. But how do you inform coworkers that someone's key is revoked? Or similarly distribute the new public key to existing employees for someone who has been just hired? In-house keyserver? Thank you -- Eray From pete at petertodd.ca Thu May 24 19:43:13 2007 From: pete at petertodd.ca (Peter Todd) Date: Thu, 24 May 2007 13:43:13 -0400 Subject: easy way to confirm email validity In-Reply-To: <10788851.post@talk.nabble.com> References: <10777804.post@talk.nabble.com> <10788851.post@talk.nabble.com> Message-ID: <20070524174313.GC25473@inept> On Thu, May 24, 2007 at 10:29:11AM -0700, ptr wrote: > > I cannot "force" my recipients to install any PGP software so I was thinking > about creating signature verification form on my website. If someone wanted > to check if the email is really from me, he/she could paste the signed email > part on the form, then the server-side script would verify that. > > I'm quite new to PGP, so correct me if I'm wrong and don't laugh too much :) > ; would this be achievable? > I know I'd need to have my public key accessible to the validation script. > > > While writting this response I've actually stumbled across a page that I > think does what I need (http://www.sin-online.nl/ds/) > > Actual coding of the script should be v.easy, I'm just not sure if the > concept is correct. A big problem with the idea is what your telling your recipients, IE that by going to a completely untrusted site you can somehow trust an email. I suspect that a recipient with enough technical know how to properly use such a verifier, IE type in the url themselves and make sure the site is ssl encrypted with a trusted certificate, wouldn't find it that much harder to simply install PGP software. For instance the page you mentioned is vulnerable to dns poisoning attacks as it's not SSL encrypted. Theoretical? Sure, but forged email messages aren't all that much less theoretical if your recipients know how to look at headers. -- http://petertodd.ca -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070524/cb10e341/attachment.pgp From kloecker at kde.org Thu May 24 19:54:05 2007 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu, 24 May 2007 19:54:05 +0200 Subject: decryption not possible? In-Reply-To: <200705231721.39196.engage@n0sq.us> References: <200705231721.39196.engage@n0sq.us> Message-ID: <200705241954.07321@erwin.ingo-kloecker.de> On Thursday 24 May 2007 01:21, engage wrote: > I wasn't prompted for a passphrase! > > gnupg2-1.9.22-2.2mdv2007.0 > gnupg-1.4.7-0.2mdv2007.0 > kdepim-kmail-3.5.4-12mdv2007.0 That's just a wild guess, but the usual reason for this behavior is that gpg-agent is not setup correctly. I suggest you read http://kontact.kde.org/kmail/kmail-pgpmime-howto.php and there in particular the section http://kontact.kde.org/kmail/kmail-pgpmime-howto.php#gnupg Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070524/954c12df/attachment.pgp From bahamut at digital-signal.net Thu May 24 20:28:03 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Thu, 24 May 2007 13:28:03 -0500 Subject: decryption not possible? In-Reply-To: <200705231721.39196.engage@n0sq.us> References: <200705231721.39196.engage@n0sq.us> Message-ID: <4655D933.6000207@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 engage wrote: > I wasn't prompted for a passphrase! Perhaps the message was only ASCII-armored. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRlXZHPiOA0Bgp4/LAQNfYQgAlcaXIDdrGl/3+6F76EBQsfEUeUcmX916 p+ve9bi1bbD9AFiDRLLvRnQ8rHaNc7+opl0A+u3EBH3waSf1F7ikyo+2lSh2eiqK a3cmkG+KDV7KI8etYLXKA03Ys68Ri6bh8X8O4fX7LTJP89PiAzaOvg+l0HowCmjZ 2qT72WLRvFaP6oYgklhjzotYpR6oAIzApWVK95t5oVjQiykH8Y1/GkzxZ7y67VR9 yM2eLTSQBmls8+fAuhUZxXAR22ukCsC1wsGUFdrdqBfQsWzTqiEWFr0GaG4+EEm9 Q55wtoprXF5htbsKUjfhBc2s6DpNW3s8n0nAXVsmRauTEPgagLpyLA== =iViR -----END PGP SIGNATURE----- From peter_z_g at yahoo.co.uk Thu May 24 20:37:09 2007 From: peter_z_g at yahoo.co.uk (ptr) Date: Thu, 24 May 2007 11:37:09 -0700 (PDT) Subject: easy way to confirm email validity In-Reply-To: <20070524174313.GC25473@inept> References: <10777804.post@talk.nabble.com> <10788851.post@talk.nabble.com> <20070524174313.GC25473@inept> Message-ID: <10789992.post@talk.nabble.com> Agree with the DNS poisoning, my form would need to be SSL'ed with my private certificate. In terms of educating my recipients - yes, it may be tricky, that is probably the weakest point of my concept, will need to think how to approach it. The solution should be both easy for the recipient, but also somehow spam/hack proof. Errrr... Just one more question: What parameters are used to create the hash? well, apart the message itself and my private key. Thanks Peter Peter Todd wrote: > > On Thu, May 24, 2007 at 10:29:11AM -0700, ptr wrote: >> >> I cannot "force" my recipients to install any PGP software so I was >> thinking >> about creating signature verification form on my website. If someone >> wanted >> to check if the email is really from me, he/she could paste the signed >> email >> part on the form, then the server-side script would verify that. >> >> I'm quite new to PGP, so correct me if I'm wrong and don't laugh too much >> :) >> ; would this be achievable? >> I know I'd need to have my public key accessible to the validation >> script. >> >> >> While writting this response I've actually stumbled across a page that I >> think does what I need (http://www.sin-online.nl/ds/) >> >> Actual coding of the script should be v.easy, I'm just not sure if the >> concept is correct. > > A big problem with the idea is what your telling your recipients, IE > that by going to a completely untrusted site you can somehow trust an > email. I suspect that a recipient with enough technical know how to > properly use such a verifier, IE type in the url themselves and make > sure the site is ssl encrypted with a trusted certificate, wouldn't find > it that much harder to simply install PGP software. > > For instance the page you mentioned is vulnerable to dns poisoning > attacks as it's not SSL encrypted. Theoretical? Sure, but forged email > messages aren't all that much less theoretical if your recipients know > how to look at headers. > > -- > http://petertodd.ca > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://www.nabble.com/easy-way-to-confirm-email-validity-tf3808131.html#a10789992 Sent from the GnuPG - User mailing list archive at Nabble.com. From hhhobbit at securemecca.net Thu May 24 20:47:15 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Thu, 24 May 2007 12:47:15 -0600 Subject: easy way to confirm email validity In-Reply-To: References: Message-ID: <4655DDB3.8040605@securemecca.net> ptr wrote: > Hi, > > I'm looking at easy way for my email recipients to validate > that email sent from me is actually from me. I was thinking > about some web way, ie: they could copy and paste email body > to verify it. Is there some secure provider of such service? > Are there maybe better ways to do it? You heard the others answers. They are all good and valid with one exception: browser based mail. Looking at your email address, you CAN slip in the FireGPG plug-in into Firefox: http://firegpg.tuxfamily.org/ But to use it you need to install GnuPG, create keys, have your friends create keys, import their public keys and you import their public keys, etcetera. FireGPG verifies OR signs (but not both simultaneously) but it only handles INLINE properly sent from a POP mail account if the message is signed (no friends who are using GnuPG in Evolution or Mac Mail or similar apps that only do OpenPGP/MIME). Strangely, it decrypts messages that are encrypted in OpenPGP/MIME format. I have only tested it SENDING from GMail so far (had to bring all my browsers, email programs and plugins all up to date for valid tests). I have tested it successfully with GMail (where it works best) and Yahoo WebMail. It will NOT work with AOL because you have to select the text, and they have that stupid pop-up you are reading the message in that doesn't give you access to the FireGPG menu. I have yet to test it with HotMail, but I see no reason for why it will not also work there. It is just that HotMail is a pain to test because I have to wait a LONG time (sometimes hours) for the message to arrive. That makes it very difficult for testing. I say it works best in GMail. That is because in it you get buttons for signing OR encrypting when sending. However, there is no reason you can't select and use the FireGPG menu in Yahoo for example. I am still spelunking it and can give you a fuller report later on if you want it. I can say FireGPG is VERY PROMISING! Color me impressed. Just realize it is brand new and you will have some gotchas, but you can always copy and paste the message into something else (WinPT on Windows) for verification. Can you make your requirements a little more specific? By specific I mean what OS you have (Windows, Linux, Mac), what type of mail (POP / IMAP / WebMail), what everybody else you want this to work with are using, etc. X.509 works great in Outlook on Windows for example, but I don't know how it would work in WebMail. I don't think it will work at all in WebMail on Linux (haven't checked for plugins to the browser yet). HHH From pete at petertodd.ca Thu May 24 20:54:57 2007 From: pete at petertodd.ca (Peter Todd) Date: Thu, 24 May 2007 14:54:57 -0400 Subject: easy way to confirm email validity In-Reply-To: <10789992.post@talk.nabble.com> References: <10777804.post@talk.nabble.com> <10788851.post@talk.nabble.com> <20070524174313.GC25473@inept> <10789992.post@talk.nabble.com> Message-ID: <20070524185457.GD25473@inept> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, May 24, 2007 at 11:37:09AM -0700, ptr wrote: > > Agree with the DNS poisoning, my form would need to be SSL'ed with my private > certificate. > > In terms of educating my recipients - yes, it may be tricky, that is > probably the weakest point of my concept, will need to think how to approach > it. > The solution should be both easy for the recipient, but also somehow > spam/hack proof. > Errrr... And when you think about it, if the user has to go to your site to validate the email, why not just put the message on your site in the first place? > Just one more question: > What parameters are used to create the hash? well, apart the message itself > and my private key. That's it. As an example this email, signed by me, is using an inline PGP signature. The *only* thing included in the hash is what is between the START and END bits, that's it, no headers no nothing. I'm not positive, but I belive the MIME based PGP is pretty similar. Of course, this means that you can fake the headers without invalidating the signature... Of course, it's also why it's so trivial to handle, just feed the message to gpg --verify and check the result. Trivial. - -- http://petertodd.ca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGVd+B3bMhDbI9xWQRAr1HAJsEKu/CPZsz6JMTRiAHNx4GWQgTzgCgjkwo +wbmfNOugtlIIyoIKvxwEhU= =G6h6 -----END PGP SIGNATURE----- From hhhobbit at securemecca.net Fri May 25 00:30:40 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Thu, 24 May 2007 16:30:40 -0600 Subject: easy way to confirm email validity In-Reply-To: References: Message-ID: <46561210.5010504@securemecca.net> Henry Hertz Hobbit wrote: As an aside, if you are concerned about DNS cache server poisoning, then take the IP address and stick it into the hosts file (make sure hosts come before DNS in the nsswitch.conf file in nix machines). If nothing else it stops the chatter happy Zone Alarm firewall from querying for its IP address every five seconds. The host / domain name has more than one IP address? randomly pick one of them. Check back that they are the same but not every five seconds. Try every six hours for a week or so until all the DNS TTLs have timed out. djbdns anybody? I am interpreting your statement as saying all of the people you will be sending to are only moderately interested in verification rather than paranoid, and that they will all be using Windows. Correct me if I am wrong. If the conditions are not these, the next statement has NO meaning. Now that we know a little better what you want to do (just one way verification of emails with them verifying you but not vice versa) you MAY be best served by using X.509. I really don't like the idea of that web verification scheme. Once you look at X.509 you will see that is better. I have had mail redirects in the past week from several universities, and one of them was from MIT! It is just too easy for Mallory to say "click on this link" to verify, and back we go to phishing 101. In other words, there is no substitute but for the people who are getting your messages to assume some of the responsibility for verification themselves. One of the key things in Bruce Schneier's security service are people monitoring what is going on. The people receiving your messages need to assume some of the responsibility themselves. HHH From bahamut at digital-signal.net Fri May 25 01:14:30 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Thu, 24 May 2007 18:14:30 -0500 Subject: easy way to confirm email validity In-Reply-To: <20070524185457.GD25473@inept> References: <10777804.post@talk.nabble.com> <10788851.post@talk.nabble.com> <20070524174313.GC25473@inept> <10789992.post@talk.nabble.com> <20070524185457.GD25473@inept> Message-ID: <46561C56.6030305@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Peter Todd wrote: > The *only* thing included in the hash is what is between the START > and END bits, that's it, no headers no nothing. I'm not positive, > but I belive the MIME based PGP is pretty similar. Of course, this > means that you can fake the headers without invalidating the > signature... Can that really do any harm? Besides, of course, confusing a novice recipient. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRlYcVviOA0Bgp4/LAQPUVwf/boZj//EEsRnK96O9D+Uot/gLW52S6t5M tqw4u0CdCcyZj+7iTETgHRsVdqkXUNfkEc1UN0Jo0RteAajnVIpgthE+IeoJlKO7 CaX6Ux+0fvl0QILno0jrkm0XSeAKCypU7FGwcEpfXavltkwWaOlpGc0sEv25vb+8 O19I3QVXZQuVnrzUr2VH2fX7D9boRj1zDfLWJDPbjXYVVTmAH4UCBfC1mkjcCTIQ xyiWLvdi6M2qiBOKY9CxF8h7Fs0dhE//jnKbkCCyELpv9g/93174EvMMw7vGCeKD 5GD6NskVeEySlFSDEgJkf69w0dSSyxZ/mcQ3vn6mme/Ow1pM5RxwOQ== =s4o7 -----END PGP SIGNATURE----- From engage at n0sq.us Fri May 25 05:09:17 2007 From: engage at n0sq.us (engage) Date: Thu, 24 May 2007 21:09:17 -0600 Subject: decryption not possible? In-Reply-To: <200705241954.07321@erwin.ingo-kloecker.de> References: <200705231721.39196.engage@n0sq.us> <200705241954.07321@erwin.ingo-kloecker.de> Message-ID: <200705242109.17923.engage@n0sq.us> On Thursday 24 May 2007 11:54, Ingo Kl?cker wrote: > On Thursday 24 May 2007 01:21, engage wrote: > > I wasn't prompted for a passphrase! > > > > gnupg2-1.9.22-2.2mdv2007.0 > > gnupg-1.4.7-0.2mdv2007.0 > > kdepim-kmail-3.5.4-12mdv2007.0 > > That's just a wild guess, but the usual reason for this behavior is that > gpg-agent is not setup correctly. I suggest you read > http://kontact.kde.org/kmail/kmail-pgpmime-howto.php > and there in particular the section > http://kontact.kde.org/kmail/kmail-pgpmime-howto.php#gnupg > > Regards, > > Ingo Thanks. That got things working. I guess it's not possible for the package manager to automate the process. From peter_z_g at yahoo.co.uk Fri May 25 09:38:21 2007 From: peter_z_g at yahoo.co.uk (ptr) Date: Fri, 25 May 2007 00:38:21 -0700 (PDT) Subject: easy way to confirm email validity In-Reply-To: <10777804.post@talk.nabble.com> References: <10777804.post@talk.nabble.com> Message-ID: <10798422.post@talk.nabble.com> I'd like to thank you everyone for the valuable input. After considering all pros and cons of PGP based solutions I have decided that it will be easier to go X.509 certificate way with gateway-type installation, so all our email accounts are included. Regards, Peter -- View this message in context: http://www.nabble.com/easy-way-to-confirm-email-validity-tf3808131.html#a10798422 Sent from the GnuPG - User mailing list archive at Nabble.com. From vesely at tana.it Fri May 25 11:26:34 2007 From: vesely at tana.it (Alessandro Vesely) Date: Fri, 25 May 2007 11:26:34 +0200 Subject: easy way to confirm email validity In-Reply-To: <14427A97-EA47-4531-95A3-BD374AC6EC88@mac.com> References: <10777804.post@talk.nabble.com> <14427A97-EA47-4531-95A3-BD374AC6EC88@mac.com> Message-ID: <4656ABCA.2030404@tana.it> Joseph Oreste Bruni wrote: > Trying to secure webmail is a lot more tedious since you'd need to > prepare the email in a local text-editor, sign it using GnuPG, and > paste the resulting text into your browser. There are webmail servers that can do that. The security is weaker, as one has to trust the server and upload a key. http://www.courier-mta.jp/documents/readme/gpglib/README.html http://www.courier-mta.org/mimegpg.html From kloecker at kde.org Fri May 25 20:54:49 2007 From: kloecker at kde.org (Ingo =?utf-8?q?Kl=C3=B6cker?=) Date: Fri, 25 May 2007 20:54:49 +0200 Subject: decryption not possible? In-Reply-To: <200705242109.17923.engage@n0sq.us> References: <200705231721.39196.engage@n0sq.us> <200705241954.07321@erwin.ingo-kloecker.de> <200705242109.17923.engage@n0sq.us> Message-ID: <200705252054.51891@erwin.ingo-kloecker.de> On Friday 25 May 2007 05:09, engage wrote: > On Thursday 24 May 2007 11:54, Ingo Kl?cker wrote: > > On Thursday 24 May 2007 01:21, engage wrote: > > > I wasn't prompted for a passphrase! > > > > > > gnupg2-1.9.22-2.2mdv2007.0 > > > gnupg-1.4.7-0.2mdv2007.0 > > > kdepim-kmail-3.5.4-12mdv2007.0 > > > > That's just a wild guess, but the usual reason for this behavior is > > that gpg-agent is not setup correctly. I suggest you read > > http://kontact.kde.org/kmail/kmail-pgpmime-howto.php > > and there in particular the section > > http://kontact.kde.org/kmail/kmail-pgpmime-howto.php#gnupg > > > > Regards, > > > > Ingo > > Thanks. That got things working. I guess it's not possible for the > package manager to automate the process. I don't see why this should not be possible. In fact, in OpenSUSE this seems to work out-of-the-box. They start the gpg-agent in /etc/X11/xdm/sys.xsession. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20070525/4ee92495/attachment.pgp From moses.mason at gmail.com Sun May 27 09:22:10 2007 From: moses.mason at gmail.com (Moses) Date: Sun, 27 May 2007 15:22:10 +0800 Subject: Can't run GPG --recv-keys under Windows Vista. Message-ID: <87bcf3800705270022u787f94fbl9a8d4fe78180e63c@mail.gmail.com> Hi, I've installed gpg on Windows Vista recently, but seems not all the functions work well when I try to receive keys from keyserver. Here is the command I typed: gpg --keyserver subkeys.pgp.net --recv-keys xxxxxxxx After hit RETURN, I got errors immediately like this: gpgkeys: hkp fetch error 1: unsupported protocol The same command works well on Windows XP. I've checked the environment variables %PATH%, and gpg's directory is in it. Any ideas? From rjh at sixdemonbag.org Sun May 27 10:02:29 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 May 2007 04:02:29 -0400 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <87bcf3800705270022u787f94fbl9a8d4fe78180e63c@mail.gmail.com> References: <87bcf3800705270022u787f94fbl9a8d4fe78180e63c@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > I've installed gpg on Windows Vista recently, but seems not all the > functions work well when I try to receive keys from keyserver. Here is > the command I typed: This is probably because of how Windows Vista has changed how programs may call other programs. It is a (semi-)known compatibility issue with Windows Vista; an awful lot of programs are suffering from some of Vista's 'improvements'. For time being, it's best to consider GnuPG on Vista to be unsupported and not recommended. - -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkZZOxUACgkQf2XByo0Cu7NXogDfeFD7qqUIThDsH8AKch/nCOev PawLT2e6e1fFbADglUU6uOZPuHFeCc5EJQCqvf+ucMSYjSIDERZekIkBHAQBAQgA BgUCRlk7FQAKCRC3APSC/q+BCTVvB/4gSOkc4ezJaFZzNHAaDfLtJvR9h7UMAekC YlSTr+QRQjb807kLl9MqVb6/ZmlvRrr8EGBkcp23NbUh4skrUCTj7Y7rSkWV3LZo o1aZvoQonRDzMWr4RbRVSo+Sg+spWDIevvW3TSrwrvPneiEqsxm4q8cW38lOV+VN 5/Nf2wco86QvyIWCtajW/tvjZTjYOD+SlL/R8bo2iUPm/fZIh50J9sPVhrjssITP /uLC2ljrnVWl4PjHke0lj/ZavuaKd+hMg/fxS3V4sXxqUKjbMaceq66pAmUdNj6M J/WayUQxIMfDwWz92kicchjqFPjMF/SxMplOn5Dc/C/oOjnioWAc =FFt5 -----END PGP SIGNATURE----- From pete at petertodd.ca Sun May 27 09:12:59 2007 From: pete at petertodd.ca (Peter Todd) Date: Sun, 27 May 2007 03:12:59 -0400 Subject: easy way to confirm email validity In-Reply-To: <46561C56.6030305@digital-signal.net> References: <10777804.post@talk.nabble.com> <10788851.post@talk.nabble.com> <20070524174313.GC25473@inept> <10789992.post@talk.nabble.com> <20070524185457.GD25473@inept> <46561C56.6030305@digital-signal.net> Message-ID: <20070527071259.GA21760@inept> On Thu, May 24, 2007 at 06:14:30PM -0500, Andrew Berg wrote: > Peter Todd wrote: > > The *only* thing included in the hash is what is between the START > > and END bits, that's it, no headers no nothing. I'm not positive, > > but I belive the MIME based PGP is pretty similar. Of course, this > > means that you can fake the headers without invalidating the > > signature... > Can that really do any harm? Besides, of course, confusing a novice > recipient. Depends. I have a little system setup on my email that allows me to create a specially formatted email that will trigger a procmail script that appends the email to a file. In my case I rely completely on security by obscurity, if the email is formatted correctly, anyone can append to that file. But suppose I considered it important for only me to be able to trigger that script. So I decide to reply on digital signatures. A naive setup, that simply appended anything that verified correctly, could allow the attacker to easilly disrupt the setup with tonnes of bogus messages. A basic replay attack. And besides, confusing a novice is the source of the highly disrupting worms and trojans that are allowing spammers to operate so freely... -- http://petertodd.ca -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : /pipermail/attachments/20070527/2cd8ee31/attachment-0001.pgp From patrick at mozilla-enigmail.org Sun May 27 18:04:10 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Sun, 27 May 2007 18:04:10 +0200 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <87bcf3800705270022u787f94fbl9a8d4fe78180e63c__23379.7576897361$1180252521$gmane$org@mail.gmail.com> References: <87bcf3800705270022u787f94fbl9a8d4fe78180e63c__23379.7576897361$1180252521$gmane$org@mail.gmail.com> Message-ID: <4659ABFA.3040400@mozilla-enigmail.org> Moses wrote: > Hi, > > I've installed gpg on Windows Vista recently, but seems not all the > functions work well when I try to receive keys from keyserver. Here is > the command I typed: > > gpg --keyserver subkeys.pgp.net --recv-keys xxxxxxxx > > After hit RETURN, I got errors immediately like this: > > gpgkeys: hkp fetch error 1: unsupported protocol > > The same command works well on Windows XP. > > I've checked the environment variables %PATH%, and gpg's directory is in it. > > Any ideas? This is a well-known issue on Vista. See e.g. here for the solution: http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030595.html -Patrick From moses.mason at gmail.com Sun May 27 18:24:08 2007 From: moses.mason at gmail.com (Moses) Date: Mon, 28 May 2007 00:24:08 +0800 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <4659ABFA.3040400@mozilla-enigmail.org> References: <87bcf3800705270022u787f94fbl9a8d4fe78180e63c__23379.7576897361$1180252521$gmane$org@mail.gmail.com> <4659ABFA.3040400@mozilla-enigmail.org> Message-ID: <87bcf3800705270924h7827deddj35e03a76dbdd0f28@mail.gmail.com> Patrick, Thank you so much, it's works. :-) On 5/28/07, Patrick Brunschwig wrote: > Moses wrote: > > Hi, > > > > I've installed gpg on Windows Vista recently, but seems not all the > > functions work well when I try to receive keys from keyserver. Here is > > the command I typed: > > > > gpg --keyserver subkeys.pgp.net --recv-keys xxxxxxxx > > > > After hit RETURN, I got errors immediately like this: > > > > gpgkeys: hkp fetch error 1: unsupported protocol > > > > The same command works well on Windows XP. > > > > I've checked the environment variables %PATH%, and gpg's directory is in it. > > > > Any ideas? > > This is a well-known issue on Vista. See e.g. here for the solution: > http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030595.html > > -Patrick > From hhhobbit at securemecca.net Sun May 27 21:52:06 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Sun, 27 May 2007 13:52:06 -0600 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: References: Message-ID: <4659E166.5060704@securemecca.net> "Robert J. Hansen" wrote: > This is probably because of how Windows Vista has changed how > programs may call other programs. It is a (semi-)known compatibility > issue with Windows Vista; an awful lot of programs are suffering > from some of Vista's 'improvements'. I think you are being charitable. In reality, you are going to have to scrap almost all your old Windows programs since they will not work with Vista. The people providing binary programs for Vista are going to have to pay the $1000 annual fee for the Microsoft certification to make their program run on Vista. There is a work-around ... but I have only used it for scripts and stand-alone binaries. You run them from a Command Prompt which is running in elevated status: http://www.petri.co.il/vista_command_prompt.htm Follow the link at the bottom for "Quickly open a Command Prompt with elevated credentials in Windows Vista". If you have already done this (actually, I assume you have), then that would be nice to know because that means that any executable that was messaged into existence by another executable even though the first one was running with elevated privileges will be running in lower level capacity (you don't really fork() on Windows). It would be nice to know if you are already using this "trick". So far all I have been dealing with are scripts and stand-alone binary programs (they don't message other binaries into running) which so far the RunAs method makes them continue to work. > For time being, it's best to consider GnuPG on Vista to be > unsupported and not recommended. Again, it isn't GnuPG that isn't recommended. It is VISTA that is unsupported and not recommended! Scamper back to XP if you can. Moses, what you should have considered was a Dell preloaded with Ubuntu Linux. People are missing the whole significance of that move. What that means is that ALL Dell machines and that means even those running Windows Vista are capable of running Ubuntu Linux out of the box. Forget about an embedded sound chip that won't work with Linux (especial significance for laptops). Dell isn't going to have a one-off run of hardware only for Linux. That means that the vendors supplying hardware for all Dell machines have made a commitment of providing their middle-ware (drivers if you prefer) for both Vista and Ubuntu Linux. Let us know if you have tried the RunAs work-around and that it has failed. BTW, this shift by Microsoft hasn't stopped the hackers in Russia and elsewhere - their programs are now certified, and still semi-encrypted to evade detection, and they have began infecting Windows Vista systems. If you ask me, Vista is nothing more than an effort to gouge developers for $1000 per year. I am NOT going to pay that much for some people to run some of my scripts. For large vendors like Symantec, McAfee and others that fee is so low it isn't even pocket change. But for the end user that means scrapping almost all of your existing programs and replacing them with programs that have the certificate to run on Vista. HHH -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070527/85a2efca/attachment.pgp From j.lysdal at gmail.com Sun May 27 23:45:52 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Sun, 27 May 2007 23:45:52 +0200 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <4659E166.5060704@securemecca.net> References: <4659E166.5060704@securemecca.net> Message-ID: <4659FC10.1080205@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Henry Hertz Hobbit skrev: > I think you are being charitable. In reality, you are going > to have to scrap almost all your old Windows programs since they > will not work with Vista. Just turn UAC off ffs! Its just there to bother you.. > The people providing binary programs for > Vista are going to have to pay the $1000 annual fee for the Microsoft > certification to make their program run on Vista. That is so not true.. > BTW, this shift by Microsoft hasn't stopped the > hackers in Russia and elsewhere - their programs are now certified, > and still semi-encrypted to evade detection, and they have began > infecting Windows Vista systems. And all other windows systems in use, dont forget that... > If you ask me, Vista is nothing > more than an effort to gouge developers for $1000 per year. I am > NOT going to pay that much for some people to run some of my > scripts. For large vendors like Symantec, McAfee and others that > fee is so low it isn't even pocket change. But for the end user > that means scrapping almost all of your existing programs and > replacing them with programs that have the certificate to run > on Vista. If you where an openpgp key, you shuld revoke yourself!! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRln8DbpC2iy07rfKAQLoswQAsHz3uw44BADDK6krgpPvNOfUiyGkPy8X gh/p5/93LxRRS1XsCXXOi1pZD0VwEoVf8gKlU1tEGOOO8WJykbkvVHT6fedYmZlX 4CRE1JbBbnEBVnKxiOSc3gzUwEOGmpyCcKkVbTL6zEkGMjVA3R0uB6OChJMCAHrD OjPZbJlIUuk= =IOUo -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Mon May 28 01:20:56 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 27 May 2007 19:20:56 -0400 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <4659FC10.1080205@gmail.com> References: <4659E166.5060704@securemecca.net> <4659FC10.1080205@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Just turn UAC off ffs! Its just there to bother you.. Turning off UAC is definitely not recommended practice, according to Microsoft. Microsoft strongly advises UAC be left on, and they have some good reasons for it. Any discussion of whether to leave UAC on or off should at least make mention of Microsoft's advice. > If you where an openpgp key, you shuld revoke yourself!! Please try to practice courtesy. This mailing list has a very high signal to noise ratio. Let's all do our best to keep it that way. ...in the long run, the "minor" virtues are the only ones that matter. Politeness is more reliable than the moist virtues of compassion, charity, and sincerity; just as fair play is more important than the abstraction of justice. The major virtues tend to disintegrate under the pressures of convenient rationalization. But good form is good form, and it stands immutable in the storm of circumstance. -- Trevanian, _Shibumi_ - -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkZaElgACgkQf2XByo0Cu7NGqwDdHu8iH3ON/imaWJMcUsctb0Bv OIIeGMF5BpOdpQDfQSHKpvc6Y/EZswsX7vpI2WATrU4QLcX43DRnD4kBHAQBAQgA BgUCRloSWAAKCRC3APSC/q+BCZjCCACU/Gvb/RBpzelNZafuvoTL7eaCoF7JxCYD QZWP7HmAHH1hIs3U40tQLNtiyoCaswLUblyFSdpGe0Pof/VFlWA8G2edBCGD7caG Ws0feg/h1FsMVkGQkBzOeSNrsjxKilLo2j9hQqAQcBPxVphyiYAD5D0ycna68XW2 2aWGCmdSSpYQ3trORw/sp8hVM28LulRlwLzLxUkuMR8TQmML4j77DVl6qkdwpTgC DJzu+BKVN9A/AraIW0FSRBmAnEitELg7+1X6z3PD5oxdate1gOVk73BJAiOg3Ls0 0mWEJwf/EGPzlh/nTFDB7y2bbvBe9yTMRVUtLKjnQsPaCz2PxYwn =ozIY -----END PGP SIGNATURE----- From j.lysdal at gmail.com Mon May 28 11:01:48 2007 From: j.lysdal at gmail.com (=?ISO-8859-1?Q?J=F8rgen_Christiansen_Lysdal?=) Date: Mon, 28 May 2007 11:01:48 +0200 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: References: <4659E166.5060704@securemecca.net> <4659FC10.1080205@gmail.com> Message-ID: <465A9A7C.6030806@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen revokes: >> Just turn UAC off ffs! Its just there to bother you.. > > Turning off UAC is definitely not recommended practice, according to > Microsoft. Microsoft strongly advises UAC be left on, and they have > some good reasons for it. Any discussion of whether to leave UAC on or > off should at least make mention of Microsoft's advice. If i understand it right, UAC is mostly, just an extra layer of protection. Turning this "firs generation" of UAC, that does not work really well anyway, off will be the best temporarily solution, at least for me. Regarding Henry?s post. If anyone wants to hate Microsoft, they should hate them for the right reasons, and not post completely invalid statements, telling people, why not to use windows. Does anyone disagree with that? oOo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRlqab7pC2iy07rfKAQL3ywQAl2Eyqp0jTKcP2H5OGzuUY7UWQpjdAJNc 8vlvLbUy8Gl30gaI5miP/LWjqoJR6PUM323KYecoRuLIMHAHQo6nNoPIzZ1D36uz XfrlRy3TliHZUTjyeYrgmkee1V0ChA+pS1/9UNIfFdxLHnxAVXlWWFuqkqJNGlK2 sFMgeAfw1xo= =hCJ8 -----END PGP SIGNATURE----- From yochanon at localnet.com Mon May 28 11:03:37 2007 From: yochanon at localnet.com (John B) Date: Mon, 28 May 2007 04:03:37 -0500 Subject: Having trouble building rpm of 1.4.7 Message-ID: <200705280403.37227.yochanon@localnet.com> Hi gang, I figured I'd try to upgrade and build an rpm myself in krpmbuilder. I've done it before with a few apps, so it's not 'too hard' for me, but with gnupg 1.4.7 I keep getting the error(s) at the end that read thus: RPM build errors: File not found: /var/tmp/build-root-gnupg/opt/kde3/share/man/man1/gpg.1.gz File not found: /var/tmp/build-root-gnupg/opt/kde3/share/man/man1/gpgv.1.gz File not found: /var/tmp/build-root-gnupg/opt/kde3/share/man/man1/gpg.ru.1.gz File not found: /var/tmp/build-root-gnupg/opt/kde3/share/man/man7/gnupg.7.gz This is on a SuSE 9.3 system. I don't know where to look or what to do to try and fix this problem. Anyone have any ideas that are simple for me to try as a simpleton? From berland at gmail.com Mon May 28 11:46:54 2007 From: berland at gmail.com (Jim Berland) Date: Mon, 28 May 2007 17:46:54 +0800 Subject: Several questions about SmartCards Message-ID: Hi everybody, I tried to research most of my questions concerning the use of smartcards, but I have a few things that I want to make sure. _About smart cards:_ I understand that OpenPGP is a smart card specification that is not very common among smart cards, so I should stick with the ones from kernel concepts. It is similar with the card readers. Is it correct, that this limitation changed with Gnupg2? I read that I could use other cards now, but it wasn't clear enough (for me), which ones those are. It's about PGP/MIME that is making it possible to use other cards or something. What would be the benefits of non-OpenPGP cards? Longer Keys? Different keys? _About card readers:_ Did I understand it correctly, that card readers with a pin-pad don't add extra security when used with GPG? I read that the benefit of the pin-pad readers used with some applications is, that the pin never reaches the computer and thus cannot be sniffed. Used with GPG this doesn't apply though. Or is a pin-pad card reader used with GPG(2) still a possible counter-measure to a keylogger attack? Now assuming that pin-pad card readers don't add extra security, isn't the number-only passphrase, that you would use with them, even riskier than a simple card reader and a good passphrase? Could I buy pin-pad readers, but ignore the pin-pad and use them like simple card readers? To make life not too hard for our people I would like to either have long passphrase caching times with the gpg-agent (thinking of 4 hours) or have them enter a shorter pin on the key-pad each time it's needed. Which solution would you prefer? I guess you are now going to ask me what the threat model is and I'm afraid that I can't give a perfectly precise answer. Anyhow, the computers are running MS Windows and are networked. I can definitely see people opening email attachments to let a virus or whatever strike. For that reason I liked the pin-pad readers, if they did what they promise. The smart cards might be stored in a company safe or actually taken home by everybody. I don't know yet. Storing the cards, that are only to be used as an employee of the company, at the company sounds reasonable to me and considering who has access to the safe a short pin would (in my opinion) still be good enough. Please don't get caught up trying to get this threat model perfectly right, but rather concentrate on the other questions. I can figure this out by myself, I believe. _About other uses of the cards:_ To do something else with the smart cards other than using it for GPG is not important, but might be very interesting. For example, would it be possible to use it to authenticate for a Windows Remote Desktop session? _At last, a possible technical problem:_ I read on the Microsoft website that it is possible to use smart cards (readers) in a Remote Desktop session. Does this apply for the OpenPGP card and an appropriate card reader? This is a requirement, because all the work is done on a terminal server. The employee's computers are complete computers and not thin-clients, although they don't do more than a thin client would, I think. Thank you very much for your help From rjh at sixdemonbag.org Mon May 28 11:59:29 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 28 May 2007 05:59:29 -0400 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <465A9A7C.6030806@gmail.com> References: <4659E166.5060704@securemecca.net> <4659FC10.1080205@gmail.com> <465A9A7C.6030806@gmail.com> Message-ID: <5C1ABA8B-B289-4408-83CB-28C067D43A15@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > If i understand it right, UAC is mostly, just an extra layer of > protection. Turning this "firs generation" of UAC, that does not work > really well anyway, off will be the best temporarily solution, at > least > for me. UAC is Microsoft's answer to 'sudo'. If you want to call UAC an extra layer of protection, then you should also call sudo an extra layer of protection. With respect to it not working very well, from a user interface perspective it's a nightmare. From a technical side it's probably one of the better improvements in Vista. > If anyone wants to hate Microsoft, they should > hate them for the right reasons, and not post completely invalid > statements, telling people, why not to use windows. If you want to give reasoned, factual corrections, please go right ahead. But there's no reason to be rude or mean. - -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iFYEAREIAAYFAkZaqAIACgkQf2XByo0Cu7OrWADfWG56aAX0XmLGFGlub3X/A8aC onpnR9jX3nxuvgDeNIUw5s+182FKGM8SBxdEQQ0i5s1kfwMUMBIvlokBHAQBAQgA BgUCRlqoAgAKCRC3APSC/q+BCf+TCACkrF9w6e6ydNuk+0Bx09rmZVY6AtXn2Lq+ 26qcfCh7Rpy+mn/R88eRn4aSD5fbmXiLkgeAB3TqlkufGkOhsWE2SrkwHxrzY7Rt YGN//92VDlOqGweg+Sn6BZ4MyadGrisiekux6eNFBPY6YDM/P8kuyMwfRxi0Foi7 02xMv2V0AHoGsvzzeUMPFht9C9km5aru5WVAO4gVOLOPcl/ko4BIYMSZ0YG8qMp8 XejSi/VBeVdh6AIkrvt7Pcng/Ijvq+AQHsQN3SM/CO/zITTLzT4PDUc0+SmXhdKs vWrdTASBKdU9PPyrbdXs8kcLiQe8S1CTiY7lRPq34Zw+iLy05IrE =IMZQ -----END PGP SIGNATURE----- From me at psmay.com Mon May 28 18:35:55 2007 From: me at psmay.com (Peter S. May) Date: Mon, 28 May 2007 12:35:55 -0400 Subject: Proofreadable base64 (was Re: Printing Keys and using OCR.) In-Reply-To: <4650E370.6000308@caseyljones.net> References: <464DE297.5020905@caseyljones.net> <4650E370.6000308@caseyljones.net> Message-ID: <465B04EB.7080904@psmay.com> Not meaning to kick a dead thread, but this whole conversation has gotten me thinking about how to produce an effective variant of base64 for paper storage. Base64 is an interesting solution because it fully encodes raw data into what is effectively printable characters. It was yet obviously not designed for data on paper, at least initially, because of possible ambiguities in the glyphs it does use. To correct this wouldn't be the first time this sort of thing were done. For some reason the first example that jumps to mind is 8-to-10 coding as used in Serial ATA. I'm no electrical engineer, but by some intuition the encoding of an 8-bit word into an exactly equivalent 10-bit word with superior signal characteristics makes sense to me. That said, the recipe for base64 is already well-known--each character represents its 6-bit index in the string "A-Za-z0-9+/". I really don't think anyone wants to do too much messing with this elegant formula. I've come up with something which I haven't yet tried to implement but which I think would be interesting to try. Let's call it "proofreadable base64". It's not terribly efficient, but we're going for recoverability more than efficiency. It goes something like this: We can assume that each line of our medium is capable of relaying 76 relatively legible characters. The first 32 are data in normal base64. Then, there is a space and a CRC-24 as specified in OpenPGP. Then, there are two spaces. After this, the first part of the line is repeated, except it is as if it were filtered through the command: tr 'A-Za-z0-9+/=' '0-9A-Z+/=a-z' That is, for every "REGNADKCIN" that appears on the left side, there is a "H46D03A28D" on the right side. The output should be printed using a legible, fixed-width font in order to preserve column alignment. For our 137.5% increase in size, we've gotten a great deal of correctability. Firstly, every base64 character has effectively become a less ambiguous digraph in this encoding. It's probably easy for OCR to confuse 0, O, o, and Q in base64, but the pairs 0/n, O/E, o/b, Q/G are far less ambiguous. Secondly, an equivalently disambiguated CRC-24 on each line can tell a program which lines need to be reexamined in the first place. Combined with the first property, this could go a long way in helping the computer correct its own errors. For example, if the CRC came up incorrect, and an o/n pair appeared in the input, it would definitely try converting the error to a 0/n pair. Finally, in the event that this relatively simple checking mechanism is forgotten, we can cover up the last three columns of the paper, scan it, and try to read it in as plain base64. (That said, we could really also prepend the source of a checking program to the printed output. :-) What does everyone think? Thanks PSM -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070528/dfd9fef0/attachment.pgp From alon.barlev at gmail.com Mon May 28 19:42:38 2007 From: alon.barlev at gmail.com (Alon Bar-Lev) Date: Mon, 28 May 2007 20:42:38 +0300 Subject: Several questions about SmartCards In-Reply-To: References: Message-ID: <9e0cf0bf0705281042t6b793f4bt1ee702df1a6f1598@mail.gmail.com> You can review the optional PKCS#11 support. http://gnupg-pkcs11.sourceforge.net/ On 5/28/07, Jim Berland wrote: > Hi everybody, > > I tried to research most of my questions concerning the use of > smartcards, but I have a few things that I want to make sure. > > > _About smart cards:_ > > I understand that OpenPGP is a smart card specification that is not > very common among smart cards, so I should stick with the ones from > kernel concepts. It is similar with the card readers. > > Is it correct, that this limitation changed with Gnupg2? I read that I > could use other cards now, but it wasn't clear enough (for me), which > ones those are. It's about PGP/MIME that is making it possible to use > other cards or something. > > What would be the benefits of non-OpenPGP cards? Longer Keys? Different keys? > > > _About card readers:_ > > Did I understand it correctly, that card readers with a pin-pad don't > add extra security when used with GPG? I read that the benefit of the > pin-pad readers used with some applications is, that the pin never > reaches the computer and thus cannot be sniffed. Used with GPG this > doesn't apply though. Or is a pin-pad card reader used with GPG(2) > still a possible counter-measure to a keylogger attack? > > Now assuming that pin-pad card readers don't add extra security, isn't > the number-only passphrase, that you would use with them, even riskier > than a simple card reader and a good passphrase? > > Could I buy pin-pad readers, but ignore the pin-pad and use them like > simple card readers? > > To make life not too hard for our people I would like to either have > long passphrase caching times with the gpg-agent (thinking of 4 hours) > or have them enter a shorter pin on the key-pad each time it's needed. > Which solution would you prefer? > > I guess you are now going to ask me what the threat model is and I'm > afraid that I can't give a perfectly precise answer. Anyhow, the > computers are running MS Windows and are networked. I can definitely > see people opening email attachments to let a virus or whatever > strike. For that reason I liked the pin-pad readers, if they did what > they promise. The smart cards might be stored in a company safe or > actually taken home by everybody. I don't know yet. Storing the cards, > that are only to be used as an employee of the company, at the company > sounds reasonable to me and considering who has access to the safe a > short pin would (in my opinion) still be good enough. Please don't get > caught up trying to get this threat model perfectly right, but rather > concentrate on the other questions. I can figure this out by myself, I > believe. > > > _About other uses of the cards:_ > > To do something else with the smart cards other than using it for GPG > is not important, but might be very interesting. For example, would it > be possible to use it to authenticate for a Windows Remote Desktop > session? > > > _At last, a possible technical problem:_ > > I read on the Microsoft website that it is possible to use smart cards > (readers) in a Remote Desktop session. Does this apply for the OpenPGP > card and an appropriate card reader? This is a requirement, because > all the work is done on a terminal server. The employee's computers > are complete computers and not thin-clients, although they don't do > more than a thin client would, I think. > > > Thank you very much for your help > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From groups at caseyljones.net Tue May 29 13:01:55 2007 From: groups at caseyljones.net (Casey Jones) Date: Tue, 29 May 2007 04:01:55 -0700 Subject: Proofreadable base64 (was Re: Printing Keys and using OCR.) In-Reply-To: <465B04EB.7080904@psmay.com> References: <464DE297.5020905@caseyljones.net> <4650E370.6000308@caseyljones.net> <465B04EB.7080904@psmay.com> Message-ID: <465C0823.6040601@caseyljones.net> Peter S. May wrote: > After this, the first part of the > line is repeated, except it is as if it were filtered > through the command: > > tr 'A-Za-z0-9+/=' '0-9A-Z+/=a-z' > > That is, for every "REGNADKCIN" that appears > on the left side, there is > a "H46D03A28D" on the right side. That's a clever way of dramatically increasing the "uniqueness" of each character to reduce the ambiguity of the OCR. It would be useful for both error detection and error correction. If it could be integrated into the OCR engine itself, it would be even more effective. Although Gallager or Turbo Codes would give much better error correction for a given storage space, your method would be way easier to implement. I'm leaning strongly against base64. There are just too many characters that can be easily confused. Base32 would be nearly as dense (5 bits instead of 6, per char) and would allow many tough characters to be left out. A simple conversion chart for base32 chars could take up just one line at the bottom of the page. The conversion to base32 and back would be very easy. Selecting the unambiguous 32 characters to use as the symbol set would require some care. Maybe some testing to find out which symbols the OCR programs get wrong most often. > ...this wouldn't be the first time this sort of thing were done. The only thing I've found similar is the Centinel Data Archiving Project. http://www.cedarcreek.umn.edu/tools/t1003.html The pdf file is a much clearer explanation than the other two. Centinel seems to be just an error detecting code at the beginning of each line. This might be good enough, but I'm starting to think that some error correction would be highly desirable. Even a little error correction could be a huge advantage over just error detection. > For some reason the first example that jumps to mind is 8-to-10 coding > as used in Serial ATA. I'm no electrical engineer, but by some > intuition the encoding of an 8-bit word into an exactly equivalent > 10-bit word with superior signal characteristics makes sense to me. I think most error correction codes mix the code bits with the data bits. I'd like to keep the data in separate blocks to make it easy for humans to separate and decode it. Unfortunately separating the error correction bits probably makes the code less robust. If we want to intermix the error correction code maybe we could include a note at the bottom that says "the third,sixth,ninth,etc columns and rows are error correction data". We also don't need the feature of hard drives and some signaling methods that make sure there are a good mixture of ones and zeros in order to keep the signal oscillating. We can have all zeros or all ones on paper if we want, with no signal detection problems. I was thinking about just using a normal typewriter size font. But then I realized that if we use a font half the size, it would not only improve data density, but we could include extra error correction. A small font with more error correction would probably be more reliable than a large font with less error correction. From me at psmay.com Tue May 29 16:24:26 2007 From: me at psmay.com (Peter S. May) Date: Tue, 29 May 2007 10:24:26 -0400 Subject: Proofreadable base64 (was Re: Printing Keys and using OCR.) In-Reply-To: <465C0823.6040601@caseyljones.net> References: <464DE297.5020905@caseyljones.net> <4650E370.6000308@caseyljones.net> <465B04EB.7080904@psmay.com> <465C0823.6040601@caseyljones.net> Message-ID: <465C379A.5060005@psmay.com> Casey Jones wrote: > That's a clever way of dramatically increasing the "uniqueness" of each > character to reduce the ambiguity of the OCR. It would be useful for > both error detection and error correction. If it could be integrated > into the OCR engine itself, it would be even more effective. Although > Gallager or Turbo Codes would give much better error correction for a > given storage space, your method would be way easier to implement. > > I'm leaning strongly against base64. There are just too many characters > that can be easily confused. Base32 would be nearly as dense (5 bits > instead of 6, per char) and would allow many tough characters to be left > out. A simple conversion chart for base32 chars could take up just one > line at the bottom of the page. The conversion to base32 and back would > be very easy. Selecting the unambiguous 32 characters to use as the > symbol set would require some care. Maybe some testing to find out which > symbols the OCR programs get wrong most often. Information density isn't the goal here. My general strategy, to lay out my context, is to encrypt my big .tar nightlies and offsite them--the survivability of the media the big stuff is on is effectively someone else's problem. (Not perfect, but good enough, and if you keep everything redundant, there's no real issue.) But you can't reasonably offsite the private key in the same way...otherwise, how do you open everything when the time comes? Via the system I've concocted, secring.gpg can be printed in under 300 lines. I peg that at around 4 one-sided pages of recoverable text--a small price to pay to maintain control of a key. Actually, the draw of this idea as far as I'm concerned is that it's highly translucent: I'm very interested in ideas like PDF417 and QR, but there's a lot of support software involved that might not be so readily available--or compilable--in a pinch. Base64, on the other hand, fits in my head with very little effort. This means that, even in the outright absence of software that will actually handle base64, I could MacGyver something up without too much trouble in nearly any programming language that makes sense (I'm generally YAPH, but I've been messing with awk a lot lately, considering that it's ubiquitous on any platform with an X in its name. But b64 is simple enough to do in C, or even VB if you must, or perhaps INTERCAL/brainf*ck/... if you enjoy an insane challenge). It must be noted that there's often a much easier way, though--base64 can be jimmied into a .eml-format file by using a mail client to create an e-mail with a dummy attachment, then changing the contents with a text editor and re-opening. (This trick has actually gotten me through some jams before!) In this way, it helps that base64 also happens to be extremely ubiquitous; there's almost doubtlessly an implementation already on your machine. Getting base64 data into a machine isn't trivial, but it can again be argued that you have most or all of what you need at any workstation (unless you're blind, but even then it's not out of the question). Barcodes and data matrix standards may wax and wane, but we can hopefully agree that OCR isn't leaving anytime soon. Besides, even if by some freak accident OCR were to drop off the face of the Earth, there are still human eyes, human minds, and possibly even administrative assistants willing to take dictation. ;-) The translated digraph base64 in the third column would probably be easy enough to figure out even without the translation key via some simple "cryptanalysis" (I'm not suggesting the tr step is a cipher, but it does act like one); if the message is clear enough to be human readable, it itself would provide a more or less complete ciphertext-to-plaintext mapping. I haven't done a great deal of research into how valuable the mapping I chose (tr 'A-Za-z0-9+/=' '0-9A-Z+/=a-z') actually is, but it's not an entirely random choice. In particular, it makes sure that A-Z and a-z aren't adjacent, so that, for example, S and s don't map to an equivalently similar upper/lower-case pair. It probably merits more investigation, but I want to implement the original thing first and do some live testing to verify that there's even any problem to correct. Probably the only complicated part is the CRC-24; you might have to be just slightly hardcore just to memorize the XORing polynomial involved (though the rest isn't that hard; I'm just not the "digits of pi" type). But that's mostly a tool for auto-correction anyway; you could get a long way with just the first and third columns. By the way, last night I decided to try to implement CRC-24 in awk. It seems to have worked. It's not terribly efficient; I tried to stick to POSIX rules for portability, and POSIX awk has no XOR operator. Implementing XOR using substr is a rather humorous farce, I must say... So, long and short, stay tuned. I'm close to a first implementation and test messages will be passed. :-) Thanks PSM -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070529/b572c987/attachment.pgp From johanw at vulcan.xs4all.nl Tue May 29 21:40:55 2007 From: johanw at vulcan.xs4all.nl (Johan Wevers) Date: Tue, 29 May 2007 21:40:55 +0200 (MET DST) Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: Message-ID: <200705291940.l4TJeu9Y009069@vulcan.xs4all.nl> Robert J. Hansen wrote: >Turning off UAC is definitely not recommended practice, according to >Microsoft. As if I care what is recommended by Microsoft. I run my windows installations (win2000 on a server and XP on a laptop, both are dual boot machines with Linux) always from an account with admin priviliges because windows is unworkable otherwise. Most windows programs are not designed for multi-user setups. My internet connection is behind a hardware NAT router, which is sufficient to have still 0 virus of malware infections. Ad-Aware only finds tracking cookies, and I get those on Linux too. >Microsoft strongly advises UAC be left on, They also recommend to leave WGA on, and they say they have good reasons too. However, good for them does not mean good for me. It started with XP, and with Vista it is stronger, that you have to hack your own system to counter the DRM shit it's equiped with. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html From rjh at sixdemonbag.org Tue May 29 22:15:49 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 29 May 2007 16:15:49 -0400 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <200705291940.l4TJeu9Y009069@vulcan.xs4all.nl> References: <200705291940.l4TJeu9Y009069@vulcan.xs4all.nl> Message-ID: > As if I care what is recommended by Microsoft. Anyone who casually dismisses vendor documentation and recommendations probably does not have much of a future as a sysadmin. That's not to say the vendor should always be obeyed, of course. But the vendor's recommendations should be read, considered and understood before deciding whether to throw them away. > They also recommend to leave WGA on, and they say they have good > reasons too. However, good for them does not mean good for me. > > It started with XP, and with Vista it is stronger, that you have to > hack your own system to counter the DRM shit it's equiped with. Discussion about how to get GnuPG working with Vista is probably fine, but Windows bashing seems a bit off-topic. -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson From hhhobbit at securemecca.net Wed May 30 06:52:09 2007 From: hhhobbit at securemecca.net (Henry Hertz Hobbit) Date: Tue, 29 May 2007 22:52:09 -0600 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: References: Message-ID: <465D02F9.7000204@securemecca.net> All: This seems to be going out of the realm of GnuPG. What I was attempting to point out was the problems may be far deeper than just the internal code changes you have already made in GnuPG. I hope the new install program of both GnuPG and GPG4Win have that patch in place - most Windows users don't have development systems. I assumed the patches were in place, which makes the initial question that started all this even more baffling. If they were using the patched version of GnuPG, then why are they still having problems? Firefox and many other programs had to be recompiled for Vista and in addition to the reasons you have found (code changes), here are the reasons why the other programs had to be remade. The major reason is that the new Vista programs needed that expensive certification from Microsoft. You will also have to replace almost all of the programs you use when you move to Vista for these same reasons. In other words, the problem is not just peculiar to GnuPG. Here are some of the reasons for the why software that used to run on Windows won't run on Vista: 1. Vista considers the %ProgramFiles% area as semi-protected. Since GnuPG is installing into this area, it is a reason for concern. Even such programs as Firefox couldn't be installed on Vista for a while. The reason why it is only semi-protected is because if it is fully protected, it causes problems for anti-virus, anti-spyware, firewalls, and other security programs that need to be updated. 2. Vista considers the %Windir% as a protected area. 3. Vista considers certain areas of the registry (HKLM primarily) as protected areas. 5. There are some other areas that Vista considers protected areas, but I gave you the three major areas. 4. Any program or script that begins to access (not just modify) the protected areas frequently needs to be licensed by Microsoft. The only way I have observed of getting around it is to run that elevated Command Prompt and run the program from there. That is the only way my ckdupe.exe program I provided on the back end for other people that make blocking hosts files will run. When they saw my ckdupe program checks their files for duplicates and does it in less than 1/4 of a second (the heapsort is the key to the speed) they all started using it. Vista broke the running of that program. The only way it runs any more is in that elevated privileges Command Prompt. There was no tricky code in it that would have caused a problem either. And checking a hosts file some place else other than in the protected file system areas doesn't help either. So the code changes you are making to GnuPG are in addition to this new way of running programs on Vista. You need to understand our blocking hosts file is smack dab in the middle of one of their protected areas. It is also why I installed both Homer and our PAC filter at the top of the drive (they are in unprotected file space). It doesn't help because Vista still blocks the scripts unless run from an elevated privilege Command Prompt. There were things being blocked on Vista that still leave me baffled. They weren't going into any of the protected areas and they were still having problems. Now any changes to GnuPG code in either installer or the run programs is on top of this new way of doing things which is different from previous versions of Windows. As a test, you could TRY to install my blocked cookie list into Firefox (a binary is included). You SHOULD have no problems on any version of Windows including Vista: - Microsoft Windows Version http://securemecca.com/Firefox.msw.zip - Unix version (you must compile it yourself) http://securemecca.com/Firefox.unx.tar.gz But I will wager that you will have problems running it on Vista (report in group if you choose but also tell me directly if you use Vista and either had or didn't have problems - you may not be able to get it to work at all) unless you run the program that installs the domains not allowed to set cookies in that elevated privileges Command Prompt. BTW, the add2ffox.exe only runs in a Command Prompt anyway. If you use SpyWareBlaster or similar programs I would run the program each time after you run their updates since they may remove what I have identified are the most prevalent tracking cookie domains on the Internet. The only thing that should be in the blocked cookie list are those domains you hit most of the time. That is all it does too, blocks cookies. If you want to restrict domains, your only option in Firefox is NoScript. PAC filters, blocking hosts files, and Ad Blockers BLOCK entirely, not just restrict. So what does all of this have to do with GnuPG? I think any changes or attempts to make GnuPG work on Vista need to have these things kept in mind. Vista is not just a minor twist in the way of doing things coming out of Redmond. It is entirely new in many ways. It is why I finally abandoned the idea of Vista. Others upgraded and after seeing the headaches they had I am staying with XP Pro, XP Home, and 2003 server. It makes it impossible for me to test anything with Vista, but those are the breaks. Once support for XP is abandoned by Microsoft I may not be working with Microsoft Windows any more. I am NOT going to install Vista! We have had too many problems with it. I am also not going to pay Microsoft approximately $1500 year ($1000 for the certificate, and approximately one version of the build software for $500 which needs to upgraded at least once per year) for some programs that I am giving away free. Microsoft must believe the rest of us are all millionaires like they are. There are going to be more changes in Vista as time goes on. I think you can count on every one of them affecting you adversely. I can't believe that one simple patch of the software has fixed all the problems you have when I have had so many more with other programs. In exasperation I told somebody else nothing but Microsoft programs run on Vista. That isn't true, but it illustrates the depth of the problem. If you have handled all of this, please ignore me. HHH -- Why hack in when you can drive in on Hwys. 80, 110, 194, 220, 443, 993, 994 & 995? From vesely at tana.it Wed May 30 09:49:16 2007 From: vesely at tana.it (Alessandro Vesely) Date: Wed, 30 May 2007 09:49:16 +0200 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <465D02F9.7000204@securemecca.net> References: <465D02F9.7000204@securemecca.net> Message-ID: <465D2C7C.7030607@tana.it> Henry Hertz Hobbit wrote: > 1. Vista considers the %ProgramFiles% area as semi-protected. Since > GnuPG is installing into this area, it is a reason for concern. Next question is "Why is GnuPG installing into this area?" From patrick at mozilla-enigmail.org Wed May 30 16:56:24 2007 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed, 30 May 2007 16:56:24 +0200 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <465D2C7C.7030607__19589.1005838805$1180513489$gmane$org@tana.it> References: <465D02F9.7000204@securemecca.net> <465D2C7C.7030607__19589.1005838805$1180513489$gmane$org@tana.it> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro Vesely wrote: > Henry Hertz Hobbit wrote: >> 1. Vista considers the %ProgramFiles% area as semi-protected. Since >> GnuPG is installing into this area, it is a reason for concern. > > Next question is "Why is GnuPG installing into this area?" According to Microsoft's recommendations (for those who care ;-) ) %ProgramFiles% is the place where executable programs should be installed to. That's the place where *any* software should be installed, such that programs and user data are separate. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRl2QlXcOpHodsOiwAQJrAggAg5VeykM3WuMIKJ1ucNfaJtRA6TJNtYEn ERg5lH2ZMHSf7EGDaIJHAGqkeMZQcF5Ovcbxd+QVEbDx86aGbRBhCHQnxlCF7jDX P6uO5fMSp274sSolWerNWsuDs7c9b6hLJt6HF9UwGQhoEbOGv2duietZWQLQlIt0 JIWeVK1Dl3E9Wx+Al6pFJEOU6TDlmNB4yccZuEzc/IYhGrzkIFuR2A/LEazz84jf FTR7LZMY+C5cGLEszHb8S77wBvjfJxE0q+k8w2dQDmDcsbv5ykrUAYVIfFwcUE1S B3dH42K4jQvspeDxCiZJaw3xUl/egGjUTE5zKaQDc6eQ9merieWIbQ== =olgf -----END PGP SIGNATURE----- From arshab at workforce.co.za Tue May 29 10:26:15 2007 From: arshab at workforce.co.za (Arsha Bertie) Date: 29 May 2007 10:26:15 +0200 Subject: gpg and crpn Message-ID: <1180427173.2959.5.camel@arsha.workforce.co.za> Hi, i have been trying to run a script which encrypts and transfers files between 2 branches, i am using gpg for encryption, i have written a bash script and the script is working perfectly fine, but when i run it off a cron it doesnt want to work. i have written a small bash script for testing to run off cron, #!/bin/sh gpg --output /backup/cronsuccess.gpg --recipient greg --encrypt /backup/file The cron tab looks like this SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly 30 * * * * root /backup/encrypt.sh > /tmp/ab.log ~ Thr log file /tmp/ab.log is created after the cron executes but it is an empty file. /var/log/cron also says that the cron is running, but the script is not executed and the encryption doesnot take place. I am using Rehat9 and i am runnig the cron as root, i dont know what else to do to run this script, please can anyone tell me how to get gpg running from cron i have been batteling with this for days.... If it is not possible to run it off a cron is there some other possible way to get this done. Thanks in advance From hidekis at gmail.com Wed May 30 20:14:39 2007 From: hidekis at gmail.com (Hideki Saito) Date: Wed, 30 May 2007 11:14:39 -0700 Subject: Windows commandline abnormality Message-ID: <465DBF0F.3070704@gmail.com> This is something I started observing on gpg4win 1.1.0. It seems like somehow, it is not handling interactive sessions. For example; C:\>gpg --edit-key hideki C:\>gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC trust: ultimate validity: ultimate sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E [ultimate] (1). ***** Invalid command (try "help") Invalid command (try "help") Invalid command (try "help") Command> and keep entering causes. C:\> pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC trust: ultimate validity: ultimate sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E [ultimate] (1). ***** Command> C:\> pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC trust: ultimate validity: ultimate sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E [ultimate] (1). ***** Command> C:\> Type in "exit" can pass that entry to the shell can cause shell to end instead of exiting out of key edit mode. If I do gpg --version, this is what I get. Notice some how it is returning to shell once the command is issued. C:\ prompt followed by verson information does not get displayed until I press enter. C:\>gpg --version C:\>gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: **** Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 C:\> This is perhaps another weird problem, but I see C:\>gpg -sea C:\>gpg: conflicting commands C:\> This always worked for me before. This is fresh reinstallation of the operating system so I doubt if there are any third party interference causing this. And there's nothing specified in gpg.conf. Anyone has idea what might be causing this, and is there any workaround I can do? Thank you. Hideki From hidekis at gmail.com Wed May 30 23:11:10 2007 From: hidekis at gmail.com (Hideki Saito) Date: Wed, 30 May 2007 14:11:10 -0700 Subject: Update: Windows commandline abnormality In-Reply-To: <465DBF0F.3070704@gmail.com> References: <465DBF0F.3070704@gmail.com> Message-ID: <465DE86E.2060702@gmail.com> Just so I can make it clear, let me annotate where I pressed enter. (where [enter] is shown) > This is something I started observing on gpg4win 1.1.0. > > > It seems like somehow, it is not handling interactive sessions. > For example; > > C:\>gpg --edit-key hideki [enter] > > C:\>gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. > This program comes with ABSOLUTELY NO WARRANTY. > This is free software, and you are welcome to redistribute it > under certain conditions. See the file COPYING for details. > > Secret key is available. > > pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC > trust: ultimate validity: ultimate > sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E > [ultimate] (1). ***** > > > Invalid command (try "help") > > > Invalid command (try "help") > > > Invalid command (try "help") > > Command> > > > and keep entering causes. > > C:\> [enter] > > pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC > trust: ultimate validity: ultimate > sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E > [ultimate] (1). ***** > > > Command> [enter] > C:\> [enter] > > pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC > trust: ultimate validity: ultimate > sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E > [ultimate] (1). ***** > > > Command> [enter] > C:\> [enter] > > Type in "exit" can pass that entry to the shell can cause shell to end > instead of exiting out of key edit mode. > > If I do gpg --version, this is what I get. > Notice some how it is returning to shell once the command is issued. C:\ > prompt followed by verson information does not get displayed until I > press enter. > > C:\>gpg --version [enter] > > C:\>gpg (GnuPG) 1.4.7 > Copyright (C) 2006 Free Software Foundation, Inc. > This program comes with ABSOLUTELY NO WARRANTY. > This is free software, and you are welcome to redistribute it > under certain conditions. See the file COPYING for details. > > Home: **** > Supported algorithms: > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH > Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > Compression: Uncompressed, ZIP, ZLIB, BZIP2 > [enter] > C:\> > > This is perhaps another weird problem, but I see > C:\>gpg -sea [enter] > > C:\>gpg: conflicting commands > [enter] > C:\> > > This always worked for me before. > > This is fresh reinstallation of the operating system so I doubt if there > are any third party interference causing this. And there's nothing > specified in gpg.conf. > Anyone has idea what might be causing this, and is there any workaround > I can do? > > Thank you. > Hideki > > From hidekis at gmail.com Thu May 31 00:58:32 2007 From: hidekis at gmail.com (Hideki Saito) Date: Wed, 30 May 2007 15:58:32 -0700 Subject: Update: Windows commandline abnormality In-Reply-To: <465DE86E.2060702@gmail.com> References: <465DBF0F.3070704@gmail.com> <465DE86E.2060702@gmail.com> Message-ID: <465E0198.9060007@gmail.com> I found the problem. The path as installed by gpg4win specifies c:\program files\gnu\gnupg\pub, and that binary somehow shows that behavior. Changing the path to c:\program files\gnu\gnupg\ solved that problem. (Copying the message to the gpg4win list, as well...) > Just so I can make it clear, let me annotate where I pressed enter. > (where [enter] is shown) > >> This is something I started observing on gpg4win 1.1.0. >> >> >> It seems like somehow, it is not handling interactive sessions. >> For example; >> >> C:\>gpg --edit-key hideki [enter] >> >> C:\>gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. >> This program comes with ABSOLUTELY NO WARRANTY. >> This is free software, and you are welcome to redistribute it >> under certain conditions. See the file COPYING for details. >> >> Secret key is available. >> >> pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC >> trust: ultimate validity: ultimate >> sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E >> [ultimate] (1). ***** >> >> >> Invalid command (try "help") >> >> >> Invalid command (try "help") >> >> >> Invalid command (try "help") >> >> Command> >> >> >> and keep entering causes. >> >> C:\> [enter] >> >> pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC >> trust: ultimate validity: ultimate >> sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E >> [ultimate] (1). ***** >> >> >> Command> [enter] >> C:\> [enter] >> >> pub 1024D/******** created: 2007-05-30 expires: 2007-06-02 usage: SC >> trust: ultimate validity: ultimate >> sub 2048g/******** created: 2007-05-30 expires: 2007-06-02 usage: E >> [ultimate] (1). ***** >> >> >> Command> [enter] >> C:\> [enter] >> >> Type in "exit" can pass that entry to the shell can cause shell to end >> instead of exiting out of key edit mode. >> >> If I do gpg --version, this is what I get. >> Notice some how it is returning to shell once the command is issued. C:\ >> prompt followed by verson information does not get displayed until I >> press enter. >> >> C:\>gpg --version [enter] >> >> C:\>gpg (GnuPG) 1.4.7 >> Copyright (C) 2006 Free Software Foundation, Inc. >> This program comes with ABSOLUTELY NO WARRANTY. >> This is free software, and you are welcome to redistribute it >> under certain conditions. See the file COPYING for details. >> >> Home: **** >> Supported algorithms: >> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA >> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH >> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 >> Compression: Uncompressed, ZIP, ZLIB, BZIP2 >> [enter] >> C:\> >> >> This is perhaps another weird problem, but I see >> C:\>gpg -sea [enter] >> >> C:\>gpg: conflicting commands >> [enter] >> C:\> >> >> This always worked for me before. >> >> This is fresh reinstallation of the operating system so I doubt if there >> are any third party interference causing this. And there's nothing >> specified in gpg.conf. >> Anyone has idea what might be causing this, and is there any workaround >> I can do? >> >> Thank you. >> Hideki >> >> >> > > > From me at psmay.com Thu May 31 01:04:07 2007 From: me at psmay.com (Peter S. May) Date: Wed, 30 May 2007 19:04:07 -0400 Subject: gpg and crpn In-Reply-To: <1180427173.2959.5.camel@arsha.workforce.co.za> References: <1180427173.2959.5.camel@arsha.workforce.co.za> Message-ID: <465E02E7.1000001@psmay.com> Arsha Bertie wrote: > i have been trying to run a script which encrypts and transfers files > between 2 branches, i am using gpg for encryption, i have written a bash > script and the script is working perfectly fine, but when i run it off a > cron it doesnt want to work. Are you also testing the command manually as root? If not, you'll probably want to run the task from your own user instead (you can edit your own user's cron tasks by doing "crontab -e"). > 30 * * * * root /backup/encrypt.sh > /tmp/ab.log > ~ > > > Thr log file /tmp/ab.log is created after the cron executes but it is an If you're trying to get the errors, you need to redirect stderr (i.e. "2>"), not stdout (i.e., ">"). Try: /backup/encrypt.sh 2> /tmp/ab.log Good fortune PSM -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070530/123c82d9/attachment.pgp From bahamut at digital-signal.net Thu May 31 16:10:27 2007 From: bahamut at digital-signal.net (Andrew Berg) Date: Thu, 31 May 2007 09:10:27 -0500 Subject: Can't run GPG --recv-keys under Windows Vista. In-Reply-To: <465D2C7C.7030607@tana.it> References: <465D02F9.7000204@securemecca.net> <465D2C7C.7030607@tana.it> Message-ID: <465ED753.2000404@digital-signal.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Henry Hertz Hobbit wrote: >> 1. Vista considers the %ProgramFiles% area as semi-protected. >> Since GnuPG is installing into this area, it is a reason for >> concern. IIRC, NT 5 and higher (and probably 9x) treat %programfiles% that way. But, since I have never used Vista, I can't know what you mean exactly. I know for sure that %programfiles%, %windir%, and %windir%\system(32) are special in at least NT 5 and higher. I am interested in how Vista treats these directories, though. If you feel it's too off-topic for the list, email me directly. - -- Windows NT 5.1.2600 | Thunderbird 2.0.0.0 | Enigmail 0.95.0 | GPG 1.4.7 Key ID: 0x60A78FCB - available on major keyservers and upon request Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRl7XU/iOA0Bgp4/LAQNkrwf+PLitsHAxn2N0pHj8h6M2ZAoPKge+rvG/ sCHzYNA4x+G9d2r9UFT/VIOA45gxSAKc1ohQJM5Wl4K4NtPxNcqaCX8d5h2tiR48 C/wOh0MFwF8iYq2u5iMKMmKAHsRK7ZOCdGTAbaHsPEarNVEGrX8E0gPAjLhQE+NU ALUWsoC5/F2Dc/pdo0r6GjM4ge8Oiio3LdXKZ3tBXf04jauZbbeHgUDuJksUxgyM oDU2ey7KlkGW+C5Q8oXz+VyMXLKTQdBoSb/Y6ELWdF2hleyOM9uGZTxqONi8oOJm jyIX9tj8QqI5k9Z1nYFby6juvZ4EUXFJ+gb4QCmGiFytjsrCj+sEnA== =1GiY -----END PGP SIGNATURE----- From eemaestro at gmail.com Thu May 31 16:52:32 2007 From: eemaestro at gmail.com (eemaestro at gmail.com) Date: Thu, 31 May 2007 10:52:32 -0400 Subject: Re-establish keys Message-ID: <356ca3c00705310752i127127fejf0208a1c98522055@mail.gmail.com> Hi, I am in the process of reformatting my hard drive (ext3). I copied my user files from the hard drive onto backup medium, but I forgot to copy the .gnupg/ contents. My public key is on the MIT PGP server. I know my passphrase. So how do I reestablish my keys on the newly reformatted hard drive, in order to decrypt my files? Thanks in advance, Alan From benjamin at py-soft.co.uk Thu May 31 20:40:30 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 31 May 2007 19:40:30 +0100 Subject: Re-establish keys In-Reply-To: <356ca3c00705310752i127127fejf0208a1c98522055@mail.gmail.com> References: <356ca3c00705310752i127127fejf0208a1c98522055@mail.gmail.com> Message-ID: <465F169E.4030000@py-soft.co.uk> eemaestro at gmail.com wrote: > My public key is on the MIT PGP server. I know my passphrase. So > how do I reestablish my keys on the newly reformatted hard drive, in > order to decrypt my files? Without the secret key, you can't I'm afraid. Ben From dshaw at jabberwocky.com Thu May 31 21:09:53 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 31 May 2007 15:09:53 -0400 Subject: Re-establish keys In-Reply-To: <356ca3c00705310752i127127fejf0208a1c98522055@mail.gmail.com> References: <356ca3c00705310752i127127fejf0208a1c98522055@mail.gmail.com> Message-ID: <20070531190953.GA23877@jabberwocky.com> On Thu, May 31, 2007 at 10:52:32AM -0400, eemaestro at gmail.com wrote: > Hi, > > I am in the process of reformatting my hard drive (ext3). I copied > my user files from the hard drive onto backup medium, but I forgot to > copy the .gnupg/ contents. > > My public key is on the MIT PGP server. I know my passphrase. So > how do I reestablish my keys on the newly reformatted hard drive, in > order to decrypt my files? Without the secret key, you cannot decrypt. If you no longer have it, you're stuck. Sorry. David From rjh at sixdemonbag.org Thu May 31 20:40:40 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 31 May 2007 14:40:40 -0400 Subject: Re-establish keys In-Reply-To: <356ca3c00705310752i127127fejf0208a1c98522055@mail.gmail.com> References: <356ca3c00705310752i127127fejf0208a1c98522055@mail.gmail.com> Message-ID: <1474EEC1-AD4A-43B7-B6D0-A682CF42017E@sixdemonbag.org> > My public key is on the MIT PGP server. I know my passphrase. So > how do I reestablish my keys on the newly reformatted hard drive, in > order to decrypt my files? You don't. It is computationally infeasible to recover a private key from only a public key. The key server has half your keypair. To derive the other half would require radical breakthroughs in mathematics and computer science, and/or access to time and energy on a truly cosmic scale. -- Robert J. Hansen "Most people are never thought about after they're gone. 'I wonder where Rob got the plutonium?' is better than most get." -- Phil Munson