From sriharivijayaraghavan at yahoo.com.au Mon Oct 1 08:48:58 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Mon, 1 Oct 2007 16:48:58 +1000 (EST) Subject: GPG, card reader & udev Message-ID: <464862.25412.qm@web52603.mail.re2.yahoo.com> Looking at the Installation of Card Reader page at: http://www.gnupg.org/(en)/howtos/card-howto/en/ch02s03.html I'm unable to download gnupg-ccid from that page (cos it points to a broken link or something). I've downloaded the gnupg-ccid.rules files perfectly fine though. Could somebody give me a copy of this file? (or provide a working link on that document) Thanks PS: Looks like it's needed to get the shiny new card reader & OpenPGP card going. Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. http://au.docs.yahoo.com/mail/unlimitedstorage.html From grahamtodd2 at googlemail.com Mon Oct 1 09:29:24 2007 From: grahamtodd2 at googlemail.com (Graham) Date: Mon, 1 Oct 2007 08:29:24 +0100 Subject: GPG, card reader & udev In-Reply-To: <464862.25412.qm@web52603.mail.re2.yahoo.com> References: <464862.25412.qm@web52603.mail.re2.yahoo.com> Message-ID: <20071001082924.662304b4@graham-desktop> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 1 Oct 2007 16:48:58 +1000 (EST) Srihari Vijayaraghavan wrote: > I'm unable to download gnupg-ccid from that page (cos it points to a > broken link or something). I've downloaded the gnupg-ccid.rules files > perfectly fine though. [snipped] The link points to the page you are looking at (ch02s03.html) and not to the file gnupg-ccid. Thus the instructions on the page will not work. Could somebody change this? - -- Graham Todd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Please sign and encrypt for internet privacy iD8DBQFHAKHpthMHx1h/UZYRAiY/AJ48xmYxwSh6xzHUENG6L14hR4daiQCfS+a2 IUl4kH2EAPdnZW2IqnWIPXw= =ezyg -----END PGP SIGNATURE----- From BrunosJunk at Bronosky.com Mon Oct 1 20:09:19 2007 From: BrunosJunk at Bronosky.com (Richard Bronosky) Date: Mon, 1 Oct 2007 14:09:19 -0400 Subject: pinentry-mac never displays any UI Message-ID: I've had no luck with the binary version that I downloaded based on Benjamin's various howtos and mailing list messages. I have downloaded the source, and poked around it in Xcode. I wanted to make sure that there was a GUI element to the pinentry-mac.app. There is. I built it and tried placing both the build and debug versions in /Applications. I've also downloaded and compiled pinentry-helper.c and placed it inside /Applications/pinentry-mac.app/Contents/MacOS/ and set ~/.gnupg/gpg-agent.conf to try it. Nothing works. Same result in all cases. The pinentry-mac icon bounces, but I have no UI to speak of. MacBookPro, Intel Core 2 Duo 2.2GHz, 2GB DDR2 uname -a Darwin IT-F1-P-RBRONOSKY 8.10.1 Darwin Kernel Version 8.10.1: Wed May 23 16:33:00 PDT 2007; root:xnu-792.22.5~1/RELEASE_I386 i386 i386 Please advise. -- .!# RichardBronosky #!. From BrunosJunk at Bronosky.com Mon Oct 1 20:17:08 2007 From: BrunosJunk at Bronosky.com (Richard Bronosky) Date: Mon, 1 Oct 2007 14:17:08 -0400 Subject: how can I use/test pinentry? Message-ID: I have an app that is barfing trying to call pinentry. I was to try calling pinentry manually to make sure that it is doing the right thing. Information is very parse. Based on... pinentry -h Usage: pinentry [OPTION]... Ask securely for a secret and print it to stdout. --display DISPLAY Set the X display --ttyname PATH Set the tty terminal node name --ttytype NAME Set the tty terminal type --lc-ctype Set the tty LC_CTYPE value --lc-messages Set the tty LC_MESSAGES value -e, --enhanced Ask for timeout and insurance, too -g, --no-global-grab Grab keyboard only while window is focused --parent-wid Parent window ID (for positioning) -d, --debug Turn on debugging output -h, --help Display this help and exit --version Output version information and exit I would expect there to be some way for me to call it from the command line and get prompted for a password. The best I can do is get it to prompt me with: "OK Your orders please" and the only thing I have found that doesn't give an "ERR 103 unknown command" is "OPTION ..." (which I found in a mailing list post.) I cannot find any other commands. Please advise. -- .!# RichardBronosky #!. From BrunosJunk at Bronosky.com Mon Oct 1 20:29:21 2007 From: BrunosJunk at Bronosky.com (Richard Bronosky) Date: Mon, 1 Oct 2007 14:29:21 -0400 Subject: pinentry-mac never displays any UI In-Reply-To: References: Message-ID: I got a lead on how to use pinentry, and now have an error message to report: echo GETPIN|/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac OK Your orders please 2007-10-01 14:21:54.669 pinentry-mac[6312] *** _NSAutoreleaseNoPool(): Object 0x31eaf0 of class NSCFString autoreleased with no pool in place - just leaking Again, the icon appears in the dock and bounces once, but no UI. I hope that helps. On 10/1/07, Richard Bronosky wrote: > I've had no luck with the binary version that I downloaded based on > Benjamin's various howtos and mailing list messages. I have > downloaded the source, and poked around it in Xcode. I wanted to make > sure that there was a GUI element to the pinentry-mac.app. There is. > I built it and tried placing both the build and debug versions in > /Applications. I've also downloaded and compiled pinentry-helper.c > and placed it inside /Applications/pinentry-mac.app/Contents/MacOS/ > and set ~/.gnupg/gpg-agent.conf to try it. > > Nothing works. Same result in all cases. The pinentry-mac icon > bounces, but I have no UI to speak of. > > MacBookPro, Intel Core 2 Duo 2.2GHz, 2GB DDR2 > uname -a > Darwin IT-F1-P-RBRONOSKY 8.10.1 Darwin Kernel Version 8.10.1: Wed May > 23 16:33:00 PDT 2007; root:xnu-792.22.5~1/RELEASE_I386 i386 i386 > > Please advise. > > -- > .!# RichardBronosky #!. > -- .!# RichardBronosky #!. From wk at gnupg.org Tue Oct 2 22:59:49 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 02 Oct 2007 22:59:49 +0200 Subject: how can I use/test pinentry? In-Reply-To: (Richard Bronosky's message of "Mon, 1 Oct 2007 14:17:08 -0400") References: Message-ID: <873awtnsfu.fsf@wheatstone.g10code.de> On Mon, 1 Oct 2007 20:17, BrunosJunk at Bronosky.com said: > I have an app that is barfing trying to call pinentry. I was to try > calling pinentry manually to make sure that it is doing the right > thing. Information is very parse. Based on... What about looking into the manual (pinentry.info)? > prompt me with: "OK Your orders please" and the only thing I have > found that doesn't give an "ERR 103 unknown command" is "OPTION ..." GETPIN Displays a simple dialog SETPROMPT This+is+my+prompt Changes the prompt to "This is my prompt" SETERROR Try again Display "Try again"., etc. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From sriharivijayaraghavan at yahoo.com.au Wed Oct 3 03:30:33 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Wed, 3 Oct 2007 11:30:33 +1000 (EST) Subject: GPG, card reader & udev In-Reply-To: <20071001082924.662304b4@graham-desktop> Message-ID: <270746.34950.qm@web52602.mail.re2.yahoo.com> --- Graham wrote: > Thus the instructions on the page will not work. Could somebody change > this? For the record, here's the link from where I could download the file from: http://www.fsfe.org/en/content/download/17248/121800/file/gnupg-ccid Thanks PS: Might help another poor soul looking for this kind of info. Who knows? Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. http://au.docs.yahoo.com/mail/unlimitedstorage.html From sriharivijayaraghavan at yahoo.com.au Wed Oct 3 03:41:35 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Wed, 3 Oct 2007 11:41:35 +1000 (EST) Subject: OmniKey CardMan 6121 & OpenPGP card anyone? Message-ID: <563825.72143.qm@web52611.mail.re2.yahoo.com> If they're working fine for you, what do you see when you execute pcsc_scan. This is what I see: PC/SC device scanner V 1.4.8 (c) 2001-2006, Ludovic Rousseau Compiled with PC/SC lite version: 1.3.2 Scanning present readers 0: OmniKey CardMan 6121 00 00 Wed Oct 3 11:24:47 2007 Reader 0: OmniKey CardMan 6121 00 00 Card state: Card inserted, Unresponsive card, I'm unsure whether 'Unresponsive card' is a normal message or highlights some problem with my card. Indeed the card is no go yet, yet I've tried it on 3 different OmniKey CardMan 6121 readers with the same result. Many variables to isolate, definitely proving electrical connectivity & the integrity of the OpenPGP card are the most important tasks. Thanks Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. http://au.docs.yahoo.com/mail/unlimitedstorage.html From k.proskurin at fxclub.org Thu Oct 4 08:37:23 2007 From: k.proskurin at fxclub.org (Proskurin Kirill) Date: Thu, 04 Oct 2007 10:37:23 +0400 Subject: LDAP PGP Keyserver Message-ID: <47048A23.705@fxclub.org> Hello all! First of all - sorry for my english. :-) Im try to solve one problem. What we have: FreeBSD 6.2 openldap-sasl-client-2.2.30 openldap-sasl-server-2.2.30 gnupg-2.0.4 PGP Desktop 9.6 (windows) slapd.conf: include /usr/local/etc/openldap/schema/pgp-keyserver.schema include /usr/local/etc/openldap/schema/pgp-recon.schema include /usr/local/etc/openldap/schema/pgp-remte-prefs.schema ... allow bind_anon_cred allow update_anon access to filter=(objectClass=pgpKeyInfo) by * write access to dn="ou=PGP Keys,dc=company,dc=org" by * write --- We have a "ou=PGP Keys,dc=company,dc=org" full of a PGP keys what work`s. PGP Desktop easy search at our Ldap keyserver and inports key`s from were. What we need: We need to add keys to a keyserver. When im try "sent to" any key to our keyserver via PGP Desktop it returns a error: "Strong authentication required" We use ldaps... More strong? :-\ Then im try to add it by a gnupg via console. % gpg --keyserver ldaps://pgp.company.org --send-keys KEYID gpgkeys: this keyserver type only supports key retrieval What is interesting, some one before me who make all this system is easy add key`s via PGP Desktop 8.x. But were is no way to ask him "how?". Im search all google. :-) And after few day`s im start to think what no one is use a Ldap keyservers.... Maybe im search bad... What in do wrong? Or what else im need to post for more information? Can someone help me? "man this" also good. :-) From wk at gnupg.org Thu Oct 4 11:10:01 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 04 Oct 2007 11:10:01 +0200 Subject: OmniKey CardMan 6121 & OpenPGP card anyone? In-Reply-To: <563825.72143.qm@web52611.mail.re2.yahoo.com> (Srihari Vijayaraghavan's message of "Wed, 3 Oct 2007 11:41:35 +1000 (EST)") References: <563825.72143.qm@web52611.mail.re2.yahoo.com> Message-ID: <87k5q3kzyu.fsf@wheatstone.g10code.de> On Wed, 3 Oct 2007 03:41, sriharivijayaraghavan at yahoo.com.au said: > If they're working fine for you, what do you see when you execute pcsc_scan. I have one on my real keyring and it works just fine with a cut down OpenPGP card. I am not using pcscd but the GnuPG internal driver. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dshaw at jabberwocky.com Thu Oct 4 14:36:28 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 4 Oct 2007 08:36:28 -0400 Subject: LDAP PGP Keyserver In-Reply-To: <47048A23.705@fxclub.org> References: <47048A23.705@fxclub.org> Message-ID: <20071004123628.GE28566@jabberwocky.com> On Thu, Oct 04, 2007 at 10:37:23AM +0400, Proskurin Kirill wrote: > We have a "ou=PGP Keys,dc=company,dc=org" full of a PGP keys what work`s. > > PGP Desktop easy search at our Ldap keyserver and inports key`s from were. > What we need: > > We need to add keys to a keyserver. > When im try "sent to" any key to our keyserver via PGP Desktop it > returns a error: > "Strong authentication required" > We use ldaps... More strong? :-\ > > Then im try to add it by a gnupg via console. > % gpg --keyserver ldaps://pgp.company.org --send-keys KEYID > gpgkeys: this keyserver type only supports key retrieval Ah, this is a problem. What you are seeing when you request a LDAP access is a message from the "generic" keyserver handler (using curl). Are you built with LDAP support? Recompile GPG with LDAP support, and you should be in better shape. You can tell if you have LDAP support if there is a "gpgkeys_ldap" program. Note, though, that if PGP can't send keys to the keyserver without authentication, that GPG probably won't be able to either - they use essentially the same LDAP calls. One problem at a time, however. Let's get you talking LDAP at all before we debug the other problem. David From k.proskurin at fxclub.org Thu Oct 4 14:52:57 2007 From: k.proskurin at fxclub.org (Proskurin Kirill) Date: Thu, 04 Oct 2007 16:52:57 +0400 Subject: LDAP PGP Keyserver Message-ID: <4704E229.9030402@fxclub.org> David Shaw wrote: > Ah, this is a problem. What you are seeing when you request a LDAP > access is a message from the "generic" keyserver handler (using curl). > Are you built with LDAP support? Recompile GPG with LDAP support, and > you should be in better shape. You can tell if you have LDAP support > if there is a "gpgkeys_ldap" program. > > Note, though, that if PGP can't send keys to the keyserver without > authentication, that GPG probably won't be able to either - they use > essentially the same LDAP calls. One problem at a time, however. > Let's get you talking LDAP at all before we debug the other problem. > > David > Thanks for respond. Im compile gnupg with Ldap support, BUT im don`t have a "gpgkeys_ldap" program. From dshaw at jabberwocky.com Thu Oct 4 15:22:19 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 4 Oct 2007 09:22:19 -0400 Subject: LDAP PGP Keyserver In-Reply-To: <4704E229.9030402@fxclub.org> References: <4704E229.9030402@fxclub.org> Message-ID: <20071004132219.GF28566@jabberwocky.com> On Thu, Oct 04, 2007 at 04:52:57PM +0400, Proskurin Kirill wrote: > David Shaw wrote: > > Ah, this is a problem. What you are seeing when you request a LDAP > > access is a message from the "generic" keyserver handler (using curl). > > Are you built with LDAP support? Recompile GPG with LDAP support, and > > you should be in better shape. You can tell if you have LDAP support > > if there is a "gpgkeys_ldap" program. > > > > Note, though, that if PGP can't send keys to the keyserver without > > authentication, that GPG probably won't be able to either - they use > > essentially the same LDAP calls. One problem at a time, however. > > Let's get you talking LDAP at all before we debug the other problem. > > > > David > > > Thanks for respond. > > Im compile gnupg with Ldap support, BUT im don`t have a "gpgkeys_ldap" > program. When you run ./configure to build GPG, what does it say about LDAP? It would be something like this: checking whether LDAP via "-lldap" is present and sane... yes If it doesn't say 'yes', then you're not building with LDAP support. Depending on your OS, you often need to install a "devel" package for this (so, openldap-devel or similar). David From k.proskurin at fxclub.org Thu Oct 4 15:42:30 2007 From: k.proskurin at fxclub.org (Proskurin Kirill) Date: Thu, 04 Oct 2007 17:42:30 +0400 Subject: LDAP PGP Keyserver In-Reply-To: <20071004132219.GF28566@jabberwocky.com> References: <4704E229.9030402@fxclub.org> <20071004132219.GF28566@jabberwocky.com> Message-ID: <4704EDC6.3050306@fxclub.org> David Shaw wrote: > > > When you run ./configure to build GPG, what does it say about LDAP? > It would be something like this: > > checking whether LDAP via "-lldap" is present and sane... yes > > If it doesn't say 'yes', then you're not building with LDAP support. > Depending on your OS, you often need to install a "devel" package for > this (so, openldap-devel or similar). > > David > Im use FreebBSD 6.2 now. Then im run a % portupgrade -N gnupg Im put a cross on "ldap support"... It must be really compile with ldap support. --- Kirill From dshaw at jabberwocky.com Fri Oct 5 00:02:06 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 4 Oct 2007 18:02:06 -0400 Subject: LDAP PGP Keyserver In-Reply-To: <4704EDC6.3050306@fxclub.org> References: <4704E229.9030402@fxclub.org> <20071004132219.GF28566@jabberwocky.com> <4704EDC6.3050306@fxclub.org> Message-ID: <20071004220206.GA20969@jabberwocky.com> On Thu, Oct 04, 2007 at 05:42:30PM +0400, Proskurin Kirill wrote: > David Shaw wrote: > > > > > > When you run ./configure to build GPG, what does it say about LDAP? > > It would be something like this: > > > > checking whether LDAP via "-lldap" is present and sane... yes > > > > If it doesn't say 'yes', then you're not building with LDAP support. > > Depending on your OS, you often need to install a "devel" package for > > this (so, openldap-devel or similar). > > > > David > > > Im use FreebBSD 6.2 now. > Then im run a > % portupgrade -N gnupg > > Im put a cross on "ldap support"... > > It must be really compile with ldap support. I don't know how to answer that. It seems not to be the case. David From benjamin at py-soft.co.uk Fri Oct 5 01:00:11 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Fri, 05 Oct 2007 00:00:11 +0100 Subject: pinentry-mac never displays any UI In-Reply-To: References: Message-ID: <4705707B.3050407@py-soft.co.uk> Richard Bronosky wrote: > I got a lead on how to use pinentry, and now have an error message to report: > echo GETPIN|/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac > OK Your orders please > 2007-10-01 14:21:54.669 pinentry-mac[6312] *** _NSAutoreleaseNoPool(): > Object 0x31eaf0 of class NSCFString autoreleased with no pool in place > - just leaking The NSAutoreleaseNoPool() message is a known harmless bug and I have a patch to fix it. > Again, the icon appears in the dock and bounces once, but no UI. I > hope that helps. What application are you using it with? Version of MacOS? Chipset? When I get time I will be releasing a updated version of the mac pinentry program. I suggest that you wait for that. Take care, Ben From BrunosJunk at Bronosky.com Fri Oct 5 01:48:48 2007 From: BrunosJunk at Bronosky.com (Richard Bronosky) Date: Thu, 4 Oct 2007 19:48:48 -0400 Subject: pinentry-mac never displays any UI In-Reply-To: <4705707B.3050407@py-soft.co.uk> References: <4705707B.3050407@py-soft.co.uk> Message-ID: On 10/4/07, Benjamin Donnachie wrote: > Richard Bronosky wrote: > > I got a lead on how to use pinentry, and now have an error message to report: > > echo GETPIN|/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac > > OK Your orders please > > 2007-10-01 14:21:54.669 pinentry-mac[6312] *** _NSAutoreleaseNoPool(): > > Object 0x31eaf0 of class NSCFString autoreleased with no pool in place > > - just leaking > > The NSAutoreleaseNoPool() message is a known harmless bug and I have a > patch to fix it. > > > Again, the icon appears in the dock and bounces once, but no UI. I > > hope that helps. > > What application are you using it with? Version of MacOS? Chipset? Application? First I tried doing the complete approach that your howto describes. Then I tried adding it as the pinentry-program in ~/.gnupg/gpg-agent.conf, and tested it via command line. Still no luck, so I tried sending the GETPIN command to it manually with the results that you responded to. Version of MacOS? Mac OS 10.4.10 What do you mean by Chipset? (did you miss my first email?) From my first email: MacBookPro, Intel Core 2 Duo 2.2GHz, 2GB DDR2 uname -a Darwin IT-F1-P-RBRONOSKY 8.10.1 Darwin Kernel Version 8.10.1: Wed May 23 16:33:00 PDT 2007; root:xnu-792.22.5~1/RELEASE_I386 i386 i386 > > When I get time I will be releasing a updated version of the mac > pinentry program. I suggest that you wait for that. > > Take care, > > Ben > -- .!# RichardBronosky #!. From dougb at dougbarton.us Fri Oct 5 06:36:22 2007 From: dougb at dougbarton.us (Doug Barton) Date: Thu, 4 Oct 2007 21:36:22 -0700 (PDT) Subject: LDAP PGP Keyserver In-Reply-To: <4704EDC6.3050306@fxclub.org> References: <4704E229.9030402@fxclub.org> <20071004132219.GF28566@jabberwocky.com> <4704EDC6.3050306@fxclub.org> Message-ID: On Thu, 4 Oct 2007, Proskurin Kirill wrote: > Im use FreebBSD 6.2 now. > Then im run a > % portupgrade -N gnupg > > Im put a cross on "ldap support"... Kirill, Check for /usr/local/libexec/gpg2keys_ldap If you have that you should be ok. hth, Doug -- If you're never wrong, you're not trying hard enough From sundman at iki.fi Sat Oct 6 05:56:01 2007 From: sundman at iki.fi (Marcus Sundman) Date: Sat, 6 Oct 2007 06:56:01 +0300 Subject: which revoke? Message-ID: <20071006065601.665c8a08@abo.fi> Hi, How can I find out which key a revoke file revokes? I'm very new to gpg. I played around with it and thought that my keys were only on my own computer so when I was finished I deleted all but one. Turned out they were on a public server, and since I deleted the secret keys I guess there's no way to remove them. However, I found a file named "revoke.txt" in ~/.gnupg/ and I'd like to use it to revoke at least one of the test-keys unless the revoke is for the only key I still have the secret key for, but how can I know? - Marcus From breen.mullins at gmail.com Sat Oct 6 16:03:09 2007 From: breen.mullins at gmail.com (Breen Mullins) Date: Sat, 6 Oct 2007 07:03:09 -0700 Subject: which revoke? In-Reply-To: <20071006065601.665c8a08@abo.fi> References: <20071006065601.665c8a08@abo.fi> Message-ID: <20071006140309.GB28604@mehitabel.local> * Marcus Sundman [2007-10-06 06:56 +0300]: > >However, I found a file named "revoke.txt" in ~/.gnupg/ and I'd like to >use it to revoke at least one of the test-keys unless the revoke is for >the only key I still have the secret key for, but how can I know? gpg --list-packets will show the keyid that the revoke certificate belongs to. -- Breen Mullins Menlo Park, California From dshaw at jabberwocky.com Sun Oct 7 17:15:17 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 7 Oct 2007 11:15:17 -0400 Subject: which revoke? In-Reply-To: <20071006065601.665c8a08@abo.fi> References: <20071006065601.665c8a08@abo.fi> Message-ID: <20071007151517.GA23400@jabberwocky.com> On Sat, Oct 06, 2007 at 06:56:01AM +0300, Marcus Sundman wrote: > Hi, > > How can I find out which key a revoke file revokes? > > I'm very new to gpg. I played around with it and thought that my keys > were only on my own computer so when I was finished I deleted all but > one. Turned out they were on a public server, and since I deleted the > secret keys I guess there's no way to remove them. However, I found a > file named "revoke.txt" in ~/.gnupg/ and I'd like to use it to revoke > at least one of the test-keys unless the revoke is for the only key I > still have the secret key for, but how can I know? Just run 'gpg revoke.txt'. It will print out what key the revoker is for. It doesn't actually revoke the key until you do 'gpg --import revoke.txt' David From sriharivijayaraghavan at yahoo.com.au Mon Oct 8 01:37:18 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Mon, 8 Oct 2007 09:37:18 +1000 (EST) Subject: OmniKey CardMan 6121 & OpenPGP card anyone? In-Reply-To: <87k5q3kzyu.fsf@wheatstone.g10code.de> Message-ID: <650684.55631.qm@web52604.mail.re2.yahoo.com> Werner Koch wrote: > On Wed, 3 Oct 2007 03:41, sriharivijayaraghavan at yahoo.com.au said: > > > If they're working fine for you, what do you see when you execute > pcsc_scan. > > I have one on my real keyring and it works just fine with a cut down > OpenPGP card. I am not using pcscd but the GnuPG internal driver. Fair enough. I really don't know how to get this thing working on my up-to-date Fedora 7 system. (I've stopped pcscd service.) Now this's my .gnupg/gpg-agent: daemon enable-ssh-support write-env-file log-file gpg-agent.log debug-all debug-level guru This is what happens when I execute "gpg --card-status": winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running gpg: pcsc_establish_context failed: no service (0x8010001d) gpg: card reader not available gpg: OpenPGP card not available: general error Here's the contents of gpg-agent.log: 2007-10-08 09:29:42 gpg-agent[3136] listening on socket `/tmp/gpg-fzpkL9/S.gpg-agent' 2007-10-08 09:29:42 gpg-agent[3136] listening on socket `/tmp/gpg-ScyGGM/S.gpg-agent.ssh' 2007-10-08 09:31:15 gpg-agent[3137] handler 0x927bcd8 for fd 8 started gpg-agent[3137.8] DBG: -> OK Pleased to meet you gpg-agent[3137.8] DBG: <- OPTION display=:0.0 gpg-agent[3137.8] DBG: -> OK gpg-agent[3137.8] DBG: <- OPTION ttyname=/dev/pts/1 gpg-agent[3137.8] DBG: -> OK gpg-agent[3137.8] DBG: <- OPTION ttytype=xterm gpg-agent[3137.8] DBG: -> OK gpg-agent[3137.8] DBG: <- OPTION lc-ctype=en_US.UTF-8 gpg-agent[3137.8] DBG: -> OK gpg-agent[3137.8] DBG: <- OPTION lc-messages=en_US.UTF-8 gpg-agent[3137.8] DBG: -> OK gpg-agent[3137.8] DBG: <- SCD SERIALNO openpgp 2007-10-08 09:31:15 gpg-agent[3137] no running SCdaemon - starting it 2007-10-08 09:31:15 gpg-agent[3137] DBG: first connection to SCdaemon established 2007-10-08 09:31:15 gpg-agent[3137] DBG: additional connections at `/tmp/gpg-rFVac9/S.scdaemon' gpg-agent[3137.8] DBG: -> ERR 100663356 Not supported gpg-agent[3137.8] DBG: <- BYE gpg-agent[3137.8] DBG: -> OK closing connection 2007-10-08 09:31:15 gpg-agent[3137] handler 0x927bcd8 for fd 8 terminated I'm unable to decipher what the problem is, are you? Would appreciate some help here. (To my untrained/inexperienced eyes, the "ERR 100663356 Not supported " looks like the problem here. Don't know how to solve it though.) Thank you. Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. http://au.docs.yahoo.com/mail/unlimitedstorage.html From k.proskurin at fxclub.org Mon Oct 8 07:41:58 2007 From: k.proskurin at fxclub.org (Proskurin Kirill) Date: Mon, 08 Oct 2007 09:41:58 +0400 Subject: LDAP PGP Keyserver In-Reply-To: References: <4704E229.9030402@fxclub.org> <20071004132219.GF28566@jabberwocky.com> <4704EDC6.3050306@fxclub.org> Message-ID: <4709C326.6070008@fxclub.org> Doug Barton ?????: > Kirill, > > Check for /usr/local/libexec/gpg2keys_ldap > > If you have that you should be ok. > Got it. ls -l /usr/local/libexec/gpg2keys_ldap -r-xr-xr-x 1 root wheel 29172 2 oct 18:35 /usr/local/libexec/gpg2keys_ldap But im can`t add key`s... --- Kirill From wk at gnupg.org Mon Oct 8 08:54:26 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 08 Oct 2007 08:54:26 +0200 Subject: OmniKey CardMan 6121 & OpenPGP card anyone? In-Reply-To: <650684.55631.qm@web52604.mail.re2.yahoo.com> (Srihari Vijayaraghavan's message of "Mon, 8 Oct 2007 09:37:18 +1000 (EST)") References: <650684.55631.qm@web52604.mail.re2.yahoo.com> Message-ID: <87fy0mayfx.fsf@wheatstone.g10code.de> On Mon, 8 Oct 2007 01:37, sriharivijayaraghavan at yahoo.com.au said: > This is what happens when I execute "gpg --card-status": > winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running > gpg: pcsc_establish_context failed: no service (0x8010001d) > gpg: card reader not available Eiter gpg is not build with libusb support. Check the config.h file for a line #define HAVE_LIBUSB If you have this, you need to make sure that libusb is working. Use --debug-ccid-driver to see what is going on. gpg always tries to use the internal CCID driver before falling back to pcsc. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From shavital at mac.com Mon Oct 8 17:42:44 2007 From: shavital at mac.com (Charly Avital) Date: Mon, 08 Oct 2007 10:42:44 -0500 Subject: Windows newbie In-Reply-To: <20071007151517.GA23400@jabberwocky.com> References: <20071006065601.665c8a08@abo.fi> <20071007151517.GA23400@jabberwocky.com> Message-ID: <0JPL00AW7LIVUW40@mta1.srv.hcvlny.cv.net> I''ve started running WindowsXP Pro on a Macbook using Parallels. Installed the latest GnuPG for Windows, and generated a key pair. How do I import my keyrings, created under Mac GnuPG? This is only an exercise, I'm just curious about GnuPG in Windows, have no intention to "migrate" from Mac to Windows. Thanks for your patience. Charly From trichotecene at yahoo.es Mon Oct 8 19:13:28 2007 From: trichotecene at yahoo.es (Dimitri) Date: Mon, 8 Oct 2007 19:13:28 +0200 (CEST) Subject: Windows newbie In-Reply-To: <0JPL00AW7LIVUW40@mta1.srv.hcvlny.cv.net> Message-ID: <483901.96285.qm@web27201.mail.ukl.yahoo.com> Export you key pair to a CD and... in windows import this key pair. good look --- Charly Avital escribi?: > I''ve started running WindowsXP Pro on a Macbook > using Parallels. > Installed the latest GnuPG for Windows, and > generated a key pair. How > do I import my keyrings, created under Mac GnuPG? > This is only an > exercise, I'm just curious about GnuPG in Windows, > have no intention > to "migrate" from Mac to Windows. Thanks for your > patience. > Charly > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Dimitri.- http://es.geocities.com/trichotecene ____________________________________________________________________________________ S? un Mejor Amante del Cine ?Quieres saber c?mo? ?Deja que otras personas te ayuden! http://advision.webevents.yahoo.com/reto/entretenimiento.html From shavital at mac.com Tue Oct 9 01:08:47 2007 From: shavital at mac.com (Charly Avital) Date: Mon, 08 Oct 2007 18:08:47 -0500 Subject: Windows newbie In-Reply-To: <483901.96285.qm@web27201.mail.ukl.yahoo.com> References: <483901.96285.qm@web27201.mail.ukl.yahoo.com> Message-ID: <470AB87F.70001@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dimitri wrote: > Export you key pair to a CD and... in windows import > this key pair. > > good look > [...] Well, not exactly a CD, but it sparked an idea: I used a removable USB flash memory stick where I keep a back up of gpg settings and keyrings. I have now imported the two keyrings from MacGPG, set owner trust for secret keys, all seems to be OK. Good luck to you too. Charly -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRwq4fc3GMi2FW4PvAQKTCwf9Ff3ZXiKiLENDhBhZ+SN+9zIkv/UuA0tA +oTTR3Wj0uNKZsURe5j9iISSAwtpVhntqn5Ru4JjF73+KPXFn2l6s6XaTh2gS7YM iZ/c42XvhJ4He0aic52D3qUtBtMp3XpeLKRQ3ROztNYwAcIZgtDDB50DlrTODky4 R63UE6lktViCuHq/0co6wdMcLELyoKiukx13uYyJobx0TnE96trmtSZaYWf9Bli3 SKox23u9grKF10glL0SLqkFEex8ZQlDCpUp6wzrPvixaxlk93WHFgphkTs1Hw4du QMldyh5u6UMrZoLyIrCBVVO3oJCQ9I7VG0fnOroIEfYeQea1QMsDdg== =F/p8 -----END PGP SIGNATURE----- From sriharivijayaraghavan at yahoo.com.au Tue Oct 9 01:07:03 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Tue, 9 Oct 2007 09:07:03 +1000 (EST) Subject: OmniKey CardMan 6121 & OpenPGP card anyone? In-Reply-To: <87fy0mayfx.fsf@wheatstone.g10code.de> Message-ID: <848491.82097.qm@web52602.mail.re2.yahoo.com> Werner Koch wrote: > On Mon, 8 Oct 2007 01:37, sriharivijayaraghavan at yahoo.com.au said: > > > This is what happens when I execute "gpg --card-status": > > winscard_clnt.c:3349:SCardCheckDaemonAvailability() PCSC Not Running > > gpg: pcsc_establish_context failed: no service (0x8010001d) > > gpg: card reader not available > > Eiter gpg is not build with libusb support. Check the config.h file for > a line > > #define HAVE_LIBUSB > > If you have this, you need to make sure that libusb is working. Use > --debug-ccid-driver to see what is going on. gpg always tries to use > the internal CCID driver before falling back to pcsc. Thanks for your assistance. I've just then downloaded gpg 1.4.7 source from gnupg.org & have built it & have installed it. $ egrep 'HAVE_LIBUSB' config.h #define HAVE_LIBUSB 1 $ which gpg /usr/local/bin/gpg $ gpg --version gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. ... $ gpg --card-status gpg: detected reader `OmniKey CardMan 6121 00 00' gpg: pcsc_connect failed: proto mismatch (0x8010000f) gpg: card reader not available gpg: OpenPGP card not available: general error $ gpg --card-status --debug-ccid-driver gpg: DBG: ccid-driver: using CCID reader 0 (ID=076B:6622:X:0) gpg: DBG: ccid-driver: idVendor: 076B idProduct: 6622 bcdDevice: 0203 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 7 ? gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4800 gpg: DBG: ccid-driver: dwMaxiumumClock 8000 gpg: DBG: ccid-driver: bNumClockSupported 4 gpg: DBG: ccid-driver: dwDataRate 10752 bps gpg: DBG: ccid-driver: dwMaxDataRate 412903 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 106 gpg: DBG: ccid-driver: dwMaxIFSD 254 gpg: DBG: ccid-driver: dwSyncProtocols 00000007 2-wire 3-wire I2C gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000207B2 gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: CCID can set ICC in clock stop mode gpg: DBG: ccid-driver: NAD value other than 0x00 accepted gpg: DBG: ccid-driver: Auto IFSD exchange gpg: DBG: ccid-driver: Short APDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 271 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: usb_claim_interface failed: -1 gpg: detected reader `OmniKey CardMan 6121 00 00' gpg: pcsc_connect failed: proto mismatch (0x8010000f) gpg: card reader not available gpg: OpenPGP card not available: general error I have it provided some clues. Thanks for your help. Thanks Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. http://au.docs.yahoo.com/mail/unlimitedstorage.html From John at Mozilla-Enigmail.org Tue Oct 9 01:19:54 2007 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Mon, 08 Oct 2007 18:19:54 -0500 Subject: Windows newbie In-Reply-To: <470AB87F.70001@mac.com> References: <483901.96285.qm@web27201.mail.ukl.yahoo.com> <470AB87F.70001@mac.com> Message-ID: <470ABB1A.50608@Mozilla-Enigmail.org> Charly Avital wrote: > Dimitri wrote: >> Export you key pair to a CD and... in windows import >> this key pair. > > I have now imported the two keyrings from MacGPG, set owner trust for > secret keys, all seems to be OK. Charly, As it's only an exercise, I believe if you just *copy* the three *.gpg files; pubring,gpg secring.gpg, & trustdb.gpg; from one home directory to the one in Windows you'll be "Good to Go." -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071008/d0728d4b/attachment.pgp From wk at gnupg.org Tue Oct 9 10:57:06 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 09 Oct 2007 10:57:06 +0200 Subject: OmniKey CardMan 6121 & OpenPGP card anyone? In-Reply-To: <848491.82097.qm@web52602.mail.re2.yahoo.com> (Srihari Vijayaraghavan's message of "Tue, 9 Oct 2007 09:07:03 +1000 (EST)") References: <848491.82097.qm@web52602.mail.re2.yahoo.com> Message-ID: <87tzp03btp.fsf@wheatstone.g10code.de> On Tue, 9 Oct 2007 01:07, sriharivijayaraghavan at yahoo.com.au said: > gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 > gpg: DBG: ccid-driver: usb_claim_interface failed: -1 Either you have insufficient permissions for the device or another process (e.g. pcscd) is using it. > gpg: detected reader `OmniKey CardMan 6121 00 00' Well, pcscd is up and has already claimed the device. Stop it. > gpg: pcsc_connect failed: proto mismatch (0x8010000f) I am not using pcscd so I have no experience why it does not work. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From sriharivijayaraghavan at yahoo.com.au Tue Oct 9 13:12:28 2007 From: sriharivijayaraghavan at yahoo.com.au (Srihari Vijayaraghavan) Date: Tue, 9 Oct 2007 21:12:28 +1000 (EST) Subject: OmniKey CardMan 6121 & OpenPGP card anyone? In-Reply-To: <87tzp03btp.fsf@wheatstone.g10code.de> Message-ID: <328207.78994.qm@web52602.mail.re2.yahoo.com> Werner Koch wrote: > On Tue, 9 Oct 2007 01:07, sriharivijayaraghavan at yahoo.com.au said: > > > gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 > > gpg: DBG: ccid-driver: usb_claim_interface failed: -1 > > Either you have insufficient permissions for the device or another > process (e.g. pcscd) is using it. Both conditions I've eliminated. Pls read below. > > gpg: detected reader `OmniKey CardMan 6121 00 00' > > Well, pcscd is up and has already claimed the device. Stop it. Now I've done that. It was starting between reboots. Sorry about that. Now I've disabled the pcscd service for good now. Here's the current status: [root at laptop ~]# /usr/local/bin/gpg --card-status --debug-ccid-driver gpg: DBG: ccid-driver: using CCID reader 0 (ID=076B:6622:X:0) gpg: DBG: ccid-driver: idVendor: 076B idProduct: 6622 bcdDevice: 0203 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 7 ? gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4800 gpg: DBG: ccid-driver: dwMaxiumumClock 8000 gpg: DBG: ccid-driver: bNumClockSupported 4 gpg: DBG: ccid-driver: dwDataRate 10752 bps gpg: DBG: ccid-driver: dwMaxDataRate 412903 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 106 gpg: DBG: ccid-driver: dwMaxIFSD 254 gpg: DBG: ccid-driver: dwSyncProtocols 00000007 2-wire 3-wire I2C gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000207B2 gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: CCID can set ICC in clock stop mode gpg: DBG: ccid-driver: NAD value other than 0x00 accepted gpg: DBG: ccid-driver: Auto IFSD exchange gpg: DBG: ccid-driver: Short APDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 271 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 gpg: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable gpg: DBG: ccid-driver: USB: CALLING USB_CLEAR_HALT gpg: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN gpg: DBG: ccid-driver: status: 41 error: FE octet[9]: 00 data: gpg: DBG: ccid-driver: CCID command failed: CCID timed out while talking to the ICC gpg: DBG: ccid-driver: status: 41 error: FE octet[9]: 00 data: gpg: DBG: ccid-driver: CCID command failed: CCID timed out while talking to the ICC gpg: apdu_send_simple(0) failed: card inactive gpg: DBG: ccid-driver: status: 01 error: 00 octet[9]: 01 data: gpg: DBG: ccid-driver: idVendor: 076B idProduct: 6622 bcdDevice: 0203 gpg: DBG: ccid-driver: ChipCard Interface Descriptor: gpg: DBG: ccid-driver: bLength 54 gpg: DBG: ccid-driver: bDescriptorType 33 gpg: DBG: ccid-driver: bcdCCID 1.00 gpg: DBG: ccid-driver: nMaxSlotIndex 0 gpg: DBG: ccid-driver: bVoltageSupport 7 ? gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1 gpg: DBG: ccid-driver: dwDefaultClock 4800 gpg: DBG: ccid-driver: dwMaxiumumClock 8000 gpg: DBG: ccid-driver: bNumClockSupported 4 gpg: DBG: ccid-driver: dwDataRate 10752 bps gpg: DBG: ccid-driver: dwMaxDataRate 412903 bps gpg: DBG: ccid-driver: bNumDataRatesSupp. 106 gpg: DBG: ccid-driver: dwMaxIFSD 254 gpg: DBG: ccid-driver: dwSyncProtocols 00000007 2-wire 3-wire I2C gpg: DBG: ccid-driver: dwMechanical 00000000 gpg: DBG: ccid-driver: dwFeatures 000207B2 gpg: DBG: ccid-driver: Auto configuration based on ATR gpg: DBG: ccid-driver: Auto clock change gpg: DBG: ccid-driver: Auto baud rate change gpg: DBG: ccid-driver: Auto PPS made by CCID gpg: DBG: ccid-driver: CCID can set ICC in clock stop mode gpg: DBG: ccid-driver: NAD value other than 0x00 accepted gpg: DBG: ccid-driver: Auto IFSD exchange gpg: DBG: ccid-driver: Short APDU level exchange gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 271 gpg: DBG: ccid-driver: bClassGetResponse echo gpg: DBG: ccid-driver: bClassEnvelope echo gpg: DBG: ccid-driver: wlcdLayout none gpg: DBG: ccid-driver: bPINSupport 0 gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1 Please insert the card and hit return or enter 'c' to cancel: I've ensured the card is inserted & pressed enter many times to no avail :-(. (I've a few extra OpenPGP cards, so if push comes to shove, I'll slice them to SIM size to check it out on this reader(s). Alas I've no other model of a card reader to rule out the readers themselves.) Thanks for your assistance. Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. http://au.docs.yahoo.com/mail/unlimitedstorage.html From wk at gnupg.org Tue Oct 9 15:46:18 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 09 Oct 2007 15:46:18 +0200 Subject: OmniKey CardMan 6121 & OpenPGP card anyone? In-Reply-To: <328207.78994.qm@web52602.mail.re2.yahoo.com> (Srihari Vijayaraghavan's message of "Tue, 9 Oct 2007 21:12:28 +1000 (EST)") References: <328207.78994.qm@web52602.mail.re2.yahoo.com> Message-ID: <87ejg41jv9.fsf@wheatstone.g10code.de> On Tue, 9 Oct 2007 13:12, sriharivijayaraghavan at yahoo.com.au said: > gpg: DBG: ccid-driver: usb_bulk_read error: Resource temporarily unavailable > gpg: DBG: ccid-driver: USB: RETRYING bulk_in AGAIN > gpg: DBG: ccid-driver: status: 41 error: FE octet[9]: 00 > data: > gpg: DBG: ccid-driver: CCID command failed: CCID timed out while talking to > the ICC That is some low-level problem. Most likely with the card. Make sure that you sliced the card correctly and that it is inserted correclty. It may be broken. Try with a SIM card from a cell phone. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rjh at sixdemonbag.org Wed Oct 10 02:07:43 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 09 Oct 2007 19:07:43 -0500 Subject: PGP messages getting flagged as spam Message-ID: <470C17CF.4000605@sixdemonbag.org> I just received word from one of my regular correspondents that his email server has begun flagging PGP traffic as spam. I haven't seen this come up often (ever?) in the lists before, so I'm operating on the assumption that this may be a new problem people should be aware of. SpamAssassin is giving results like this: > X-Spam-Status: Yes, score=5.6 required=5.0 > tests=BAYES_60,UNIQUE_WORDS, > UPPERCASE_25_50 autolearn=disabled version=3.0.4 > X-Spam-Report: > * 2.3 UNIQUE_WORDS BODY: Message body has many words used only > once > * 3.3 BAYES_60 BODY: Bayesian spam probability is 60 to 80% > * [score: 0.7031] > * 0.0 UPPERCASE_25_50 message body is 25-50% uppercase So, if you're running SpamAssassin, might want to see about tweaking some rules. :) From sadam at clemson.edu Wed Oct 10 02:18:01 2007 From: sadam at clemson.edu (Adam Schreiber) Date: Tue, 9 Oct 2007 20:18:01 -0400 Subject: PGP messages getting flagged as spam In-Reply-To: <470C17CF.4000605@sixdemonbag.org> References: <470C17CF.4000605@sixdemonbag.org> Message-ID: <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> When my university was using SpamAssassin, GPG emails were being marked as spam because patterns were being matched by the armored text and no negative bonus was being given to GPG signed or encrypted messages. They were not willing to tweak their rules. Adam Schreiber On 10/9/07, Robert J. Hansen wrote: > I just received word from one of my regular correspondents that his > email server has begun flagging PGP traffic as spam. I haven't seen > this come up often (ever?) in the lists before, so I'm operating on the > assumption that this may be a new problem people should be aware of. > > SpamAssassin is giving results like this: > > > X-Spam-Status: Yes, score=5.6 required=5.0 > > tests=BAYES_60,UNIQUE_WORDS, > > UPPERCASE_25_50 autolearn=disabled version=3.0.4 > > X-Spam-Report: > > * 2.3 UNIQUE_WORDS BODY: Message body has many words used only > > once > > * 3.3 BAYES_60 BODY: Bayesian spam probability is 60 to 80% > > * [score: 0.7031] > > * 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > > So, if you're running SpamAssassin, might want to see about tweaking > some rules. :) > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > From stormrider01 at gmail.com Wed Oct 10 07:20:39 2007 From: stormrider01 at gmail.com (Iron Sam Vane) Date: Tue, 9 Oct 2007 23:20:39 -0600 Subject: GnuPG UNC path on windows problem Message-ID: <61de8c630710092220j35a12b86hcb225919f23c6190@mail.gmail.com> I'm attempting to encrypt a file on a remote server, both machines are win2k3 server, using this command: gpg --homedir c:\gnupg ---batch --trust-model always --output \\server\backups\archive1.7z.gpg -e -r user \\server\backups\archive1.7z And I'm getting this error: gpg: can't open `\\\\server\\backups\\archive1.7z': No such file or directory gpg: \\\\\\server\\backups\\archive1.7z: encryption failed: file open error I've checked and the file (archive1.7z) isn't in use. Any ideas what's going on? Sean Lively From wk at gnupg.org Wed Oct 10 12:25:59 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 10 Oct 2007 12:25:59 +0200 Subject: GnuPG UNC path on windows problem In-Reply-To: <61de8c630710092220j35a12b86hcb225919f23c6190@mail.gmail.com> (Iron Sam Vane's message of "Tue, 9 Oct 2007 23:20:39 -0600") References: <61de8c630710092220j35a12b86hcb225919f23c6190@mail.gmail.com> Message-ID: <87d4vnw9jc.fsf@wheatstone.g10code.de> On Wed, 10 Oct 2007 07:20, stormrider01 at gmail.com said: > gpg --homedir c:\gnupg ---batch --trust-model always --output > \\server\backups\archive1.7z.gpg -e -r user > \\server\backups\archive1.7z > > And I'm getting this error: > > gpg: can't open `\\\\server\\backups\\archive1.7z': No such file or directory > gpg: \\\\\\server\\backups\\archive1.7z: encryption failed: file open error > > I've checked and the file (archive1.7z) isn't in use. Any ideas what's going on? I am not sure whether UNC works at all. Would need to test this. However you can overcome the problem easily: gpg --homedir c:\gnupg ---batch --trust-model always -e -r user <\\server\backups\archive1.7z >\\server\backups\archive1.7z.gpg This works because gpg won't see any file name but operates on the data received on stdin (connect to the input file) and sends the output to stdout (connected to the output file). Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From JPClizbe at tx.rr.com Wed Oct 10 12:48:52 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 10 Oct 2007 05:48:52 -0500 Subject: GnuPG UNC path on windows problem In-Reply-To: <61de8c630710092220j35a12b86hcb225919f23c6190@mail.gmail.com> References: <61de8c630710092220j35a12b86hcb225919f23c6190@mail.gmail.com> Message-ID: <470CAE14.9040206@tx.rr.com> Iron Sam Vane wrote: > I'm attempting to encrypt a file on a remote server, both machines are > win2k3 server, using this command: > gpg --homedir c:\gnupg ---batch --trust-model always --output > \\server\backups\archive1.7z.gpg -e -r user > \\server\backups\archive1.7z > > And I'm getting this error: > > gpg: can't open `\\\\server\\backups\\archive1.7z': No such file or directory > gpg: \\\\\\server\\backups\\archive1.7z: encryption failed: file open error > > I've checked and the file (archive1.7z) isn't in use. Any ideas what's going on? GnuPG for Windows is built with some translation code for Posix to Win32 path conversion. The UNC paths are confusing it. The fact that backslash (\) needs to be escaped (with a \) is causing the doubling of the characters. a) Try putting the names in "double quotes", ie gpg --homedir c:\gnupg ---batch --trust-model always --output "\\server\backups\archive1.7z.gpg" -e -r user "\\server\backups\archive1.7z" b) Try reversing the slashes (This works with non-UNC paths.) gpg --homedir c:\gnupg ---batch --trust-model always --output //server/backups/archive1.7z.gpg -e -r user //server/backups/archive1.7z c) Use 'net use' and give \\server\backups a temporary drive letter net use x: \\server\backups gpg --homedir c:\gnupg ---batch --trust-model always --output x:\archive1.7z.gpg -e -r user x:\archive1.7z -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 663 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071010/3439968a/attachment.pgp From bob.henson at galen.org.uk Wed Oct 10 12:59:14 2007 From: bob.henson at galen.org.uk (Bob Henson) Date: Wed, 10 Oct 2007 11:59:14 +0100 Subject: [GPGol] GPGol won't install Message-ID: <470CB082.7070908@galen.org.uk> I have been using GnuPG/Enigmail for some time. I just tried to install GPGol into my copy of Outlook 2003 SP2 using GPG4Win, with no success. GPA installed and seems to work fine using my existing keyrings. I repeated the install twice, but no trace of GPG appears in Outlook. I just checked and it appears that that GnuPG 2.x has not installed either - typing gpg --version in the gnupg directory shows 1.4.7. Where should I start looking for the problem? Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 546 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071010/a37600b2/attachment.pgp From bob.henson at galen.org.uk Wed Oct 10 15:18:23 2007 From: bob.henson at galen.org.uk (Bob Henson) Date: Wed, 10 Oct 2007 14:18:23 +0100 Subject: [GPGol] GPGol won't install In-Reply-To: <470CB082.7070908@galen.org.uk> References: <470CB082.7070908@galen.org.uk> Message-ID: <470CD11F.4030201@galen.org.uk> Apologies if I wasted anyone's time - I found the problem. The installer does not force a reboot after running and that's what it needed to get the new files to show up. A note for the developers though, it would be a good idea to add the option for an automatic reboot - most programs do that if it is necessary. I didn't see that mentioned in the instructions either - but, of course, I may have missed it somewhere. Anyway, I think I've got it all running OK now. I did hit a problem with Outlook after installing and setting up GPGol - but it may not have been connected, perhaps just a co-incidence (unless anyone knows better?). I tried to change Outlook's "send and receive" preferences, but clicking the menu item had no effect at all. I had to re-boot the computer again to restore its normal functionality. It certainly hasn't happened before. Regards, Bob > I have been using GnuPG/Enigmail for some time. I just tried to install > GPGol into my copy of Outlook 2003 SP2 using GPG4Win, with no success. > GPA installed and seems to work fine using my existing keyrings. I > repeated the install twice, but no trace of GPG appears in Outlook. I > just checked and it appears that that GnuPG 2.x has not installed either > - typing gpg --version in the gnupg directory shows 1.4.7. Where should > I start looking for the problem? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 546 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071010/14400fc8/attachment.pgp From stormrider01 at gmail.com Wed Oct 10 19:17:40 2007 From: stormrider01 at gmail.com (Iron Sam Vane) Date: Wed, 10 Oct 2007 11:17:40 -0600 Subject: GnuPG UNC path on windows problem In-Reply-To: <470CAE14.9040206@tx.rr.com> References: <61de8c630710092220j35a12b86hcb225919f23c6190@mail.gmail.com> <470CAE14.9040206@tx.rr.com> Message-ID: <61de8c630710101017t2f51d506n15c1c0dfa5bd0b21@mail.gmail.com> Thanks guys. Double Quoting the the files didn't work, but replacing the back slashes with forward slashes did. Sean Lively On 10/10/07, John Clizbe wrote: > Iron Sam Vane wrote: > > I'm attempting to encrypt a file on a remote server, both machines are > > win2k3 server, using this command: > > gpg --homedir c:\gnupg ---batch --trust-model always --output > > \\server\backups\archive1.7z.gpg -e -r user > > \\server\backups\archive1.7z > > > > And I'm getting this error: > > > > gpg: can't open `\\\\server\\backups\\archive1.7z': No such file or directory > > gpg: \\\\\\server\\backups\\archive1.7z: encryption failed: file open error > > > > I've checked and the file (archive1.7z) isn't in use. Any ideas what's going on? > > GnuPG for Windows is built with some translation code for Posix to Win32 path > conversion. The UNC paths are confusing it. The fact that backslash (\) needs to > be escaped (with a \) is causing the doubling of the characters. > > a) Try putting the names in "double quotes", ie > gpg --homedir c:\gnupg ---batch --trust-model always --output > "\\server\backups\archive1.7z.gpg" -e -r user "\\server\backups\archive1.7z" > > b) Try reversing the slashes (This works with non-UNC paths.) > gpg --homedir c:\gnupg ---batch --trust-model always --output > //server/backups/archive1.7z.gpg -e -r user //server/backups/archive1.7z > > c) Use 'net use' and give \\server\backups a temporary drive letter > net use x: \\server\backups > gpg --homedir c:\gnupg ---batch --trust-model always --output > x:\archive1.7z.gpg -e -r user x:\archive1.7z > > > -- > John P. Clizbe Inet: John (a) Mozilla-Enigmail.org > You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A > "what's the key to success?" / "two words: good decisions." > "what's the key to good decisions?" / "one word: experience." > "how do i get experience?" / "two words: bad decisions." > > "Just how do the residents of Haiku, Hawai'i hold conversations?" > > > From wk at gnupg.org Thu Oct 11 13:42:47 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 11 Oct 2007 13:42:47 +0200 Subject: [GPGol] GPGol won't install In-Reply-To: <470CD11F.4030201@galen.org.uk> (Bob Henson's message of "Wed, 10 Oct 2007 14:18:23 +0100") References: <470CB082.7070908@galen.org.uk> <470CD11F.4030201@galen.org.uk> Message-ID: <874pgxri6g.fsf@wheatstone.g10code.de> On Wed, 10 Oct 2007 15:18, bob.henson at galen.org.uk said: > Apologies if I wasted anyone's time - I found the problem. The installer > does not force a reboot after running and that's what it needed to get > the new files to show up. A note for the developers though, it would be The installer offers to reboot if a reboot is required - thatis if a file already exists and is in used (e.g. gpgex.dll which is loded by explorer or gpgol.dll wwhen outlook is running). Reboot is not required in other cases - that's the theory. If you can describe again what files don't show up, I can change the the installer to ask for a reboot. > (unless anyone knows better?). I tried to change Outlook's "send and > receive" preferences, but clicking the menu item had no effect at all. I > had to re-boot the computer again to restore its normal functionality. Sometimes an outlook instances is running for some time after beeing closed. That could be the source of your problem GnuPG is not really supported yet - we merely install the command line utilities. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bob.henson at galen.org.uk Thu Oct 11 20:57:04 2007 From: bob.henson at galen.org.uk (Bob Henson) Date: Thu, 11 Oct 2007 19:57:04 +0100 Subject: [GPGol] GPGol won't install In-Reply-To: <874pgxri6g.fsf@wheatstone.g10code.de> References: <470CB082.7070908@galen.org.uk> <470CD11F.4030201@galen.org.uk> <874pgxri6g.fsf@wheatstone.g10code.de> Message-ID: <470E7200.6090907@galen.org.uk> Werner Koch wrote > On Wed, 10 Oct 2007 15:18, bob.henson at galen.org.uk said: > >> Apologies if I wasted anyone's time - I found the problem. The installer >> does not force a reboot after running and that's what it needed to get >> the new files to show up. A note for the developers though, it would be > > The installer offers to reboot if a reboot is required - thatis if a > file already exists and is in used (e.g. gpgex.dll which is loded by > explorer or gpgol.dll wwhen outlook is running). When I exited to the GnupG directory and ran gpg --version I did not notice the gpg2.exe files there - it may well be they were there and I did not notice them though, as I have to admit to not having looked thoroughly. From my position of ignorance I suppose I was expecting gpg.exe to be the new versions 2 file - I did not realise it was a separate file. Had I thought a bit more at the time, I would have remembered that both versions can run alongside each other hence their must have been two files. > Reboot is not required in other cases - that's the theory. If you can > describe again what files don't show up, I can change the the installer > to ask for a reboot. Rather than the files being missing (which I think I've explained above) there were no menu entries or configuration tab etc in Outlook, so I *assumed* it had not installed at all. It was after the reboot and when the GnuPG configuration tab eventually appeared in Outlook that I looked further, and in browsing for the key manager file (under "advanced") I realised the GPG 2 files were all there. >> (unless anyone knows better?). I tried to change Outlook's "send and >> receive" preferences, but clicking the menu item had no effect at all. I >> had to re-boot the computer again to restore its normal functionality. > > Sometimes an outlook instances is running for some time after beeing > closed. That could be the source of your problem That could well be - but I am well out of my depth here, so it did not occur to me. > GnuPG is not really supported yet - we merely install the command line > utilities. Well, all seems to be well now anyway, and it is a good point to thank all concerned for providing all these utilities for us. Your work is much appreciated. Regards, Bob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 546 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071011/7de1eb58/attachment.pgp From benjamin at py-soft.co.uk Fri Oct 12 11:04:33 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Fri, 12 Oct 2007 10:04:33 +0100 Subject: pinentry-mac never displays any UI In-Reply-To: <47077A0A.7080100@py-soft.co.uk> References: <4705707B.3050407@py-soft.co.uk> <47077A0A.7080100@py-soft.co.uk> Message-ID: <470F38A1.309@py-soft.co.uk> Benjamin Donnachie wrote: > Are you using the version of pinentry that is currently bundled with > mac-gpg2? If not, try downloading from > http://www.py-soft.co.uk/~benjamin/download/mac-gpg/mac-gnupg-2.0.4-2.zip > and let me know how it goes. Did it work? Ben From email at sven-radde.de Fri Oct 12 13:06:42 2007 From: email at sven-radde.de (Sven Radde) Date: Fri, 12 Oct 2007 13:06:42 +0200 Subject: GnuPG doesn't handle filenames? Message-ID: <470F5542.8080501@sven-radde.de> Hi there! Providing filenames to GnuPG (1.4.7, gpg4win) only results in output of a syntax help, while piping the files still works. As an example, I will use one of the commands in GnuPG's help, but it is the same with other commands such as encrypt, symmetric, ...: > D:\Sven>gpg --clearsign test.txt > usage: gpg [options] --clearsign [filename] > > D:\Sven> versus > D:\Sven>gpg --clearsign -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > testtesttest > gpg: detected reader... and so on... everything fine. Using GPGee's and WinPT's GUIs works as well. GnuPGs "internal" functions such as key generation, card-status etc. are fine, too. Am I overlooking something with filenames? Thanks for any help, Sven From wk at gnupg.org Fri Oct 12 21:30:51 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 12 Oct 2007 21:30:51 +0200 Subject: GnuPG doesn't handle filenames? In-Reply-To: <470F5542.8080501@sven-radde.de> (Sven Radde's message of "Fri, 12 Oct 2007 13:06:42 +0200") References: <470F5542.8080501@sven-radde.de> Message-ID: <87odf4f7v8.fsf@wheatstone.g10code.de> On Fri, 12 Oct 2007 13:06, email at sven-radde.de said: >> D:\Sven>gpg --clearsign test.txt >> usage: gpg [options] --clearsign [filename] There is a bug in some versions of gpg4win. The gpg you use is actually a wrapper which invokes the real gpg. We do this to selective add only required programs to the PATH. Use gpg --version --version to see the real filename of gpg; for example: C:\tmp>gpg --version --version gpgwrap (Gpg4win) 1.9.0-svn558 ;C:\Programme\GNU\GnuPG\gpg.exe gpg (GnuPG) 1.4.7 Copyright (C) 2006 Free Software Foundation, Inc. So either update gpg4win or use C:\Progamme\GNU\GnuPG\gpg --clearsign test.txt or wherever the real binary is installed. Note that gpg4win 1.9 is development only and should not be used. The bug is fixed since 1.1.2. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dougb at dougbarton.us Sun Oct 14 04:52:23 2007 From: dougb at dougbarton.us (Doug Barton) Date: Sat, 13 Oct 2007 19:52:23 -0700 (PDT) Subject: PGP messages getting flagged as spam In-Reply-To: <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> Message-ID: On Tue, 9 Oct 2007, Adam Schreiber wrote: > When my university was using SpamAssassin, GPG emails were being > marked as spam because patterns were being matched by the armored text > and no negative bonus was being given to GPG signed or encrypted > messages. They were not willing to tweak their rules. Has anyone tried contacting the SA developers about this? It seems like something fairly straightforward for them to add. Doug -- If you're never wrong, you're not trying hard enough From gr at eclipsed.net Mon Oct 15 07:54:34 2007 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Mon, 15 Oct 2007 01:54:34 -0400 Subject: PGP messages getting flagged as spam In-Reply-To: References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> Message-ID: <20071015055434.GB85001@stow.eclipsed.net> At 2007-10-13 19:52 -0700, Doug Barton wrote: > Has anyone tried contacting the SA developers about this? It seems like > something fairly straightforward for them to add. "The SA developers" is a misconceived phrase here. You're interested in the party who wrote widely desseminated rules that happened to match PGP-enciphered messages (and it's likely to be several parties each and different parties for PGP/MIME- and clear-signed messages and for enciphered messages, whether ASCII- encoded or not). It's up o the site administrator to make use of SA rules that aren't braindamaged. It's hardly the fault of the authors of SA if some site decides to add 2.5 points to every message with a MIME attachment, though you can, perhaps, see how that might be a naive approach that works pretty well most of the time. -- gabriel rosenkoetter gr at eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071015/da88f836/attachment.pgp From malayter at gmail.com Mon Oct 15 13:26:08 2007 From: malayter at gmail.com (Ryan Malayter) Date: Mon, 15 Oct 2007 06:26:08 -0500 Subject: PGP messages getting flagged as spam In-Reply-To: <20071015055434.GB85001@stow.eclipsed.net> References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> Message-ID: <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> On 10/15/07, gabriel rosenkoetter wrote: > It's up o the site administrator to make use of SA rules that aren't > braindamaged. It's hardly the fault of the authors of SA if some > site decides to add 2.5 points to every message with a MIME > attachment, though you can, perhaps, see how that might be a naive > approach that works pretty well most of the time. Another problem: automatically adding negative score to PGP data would make that an attractive tactic for spammers. If such a rule were popular in SpamAssasin, you'd see a lot of base64 encoded HTML spam with "fake" PGP headers, I imagine. The real solution would be for SpamAssasin to check that the PGP messages are well-formed, and verify signatures on any PGP message before altering its score. A tad CPU intensive, I think, and it poses a host of key management and trust management issues if the SpamAssasin systems serves many users (which most do). -- RPM From wk at gnupg.org Mon Oct 15 16:32:01 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 15 Oct 2007 16:32:01 +0200 Subject: PGP messages getting flagged as spam In-Reply-To: <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> (Ryan Malayter's message of "Mon, 15 Oct 2007 06:26:08 -0500") References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> Message-ID: <87myukbg9q.fsf@wheatstone.g10code.de> On Mon, 15 Oct 2007 13:26, malayter at gmail.com said: > The real solution would be for SpamAssasin to check that the PGP > messages are well-formed, and verify signatures on any PGP message > before altering its score. A tad CPU intensive, I think, and it poses FWIW, a few weeks ago I received the first PGP signed spam. The signature was good and I believe that it was sent using a trojan utilizing the local MUA which was configured to sign all outgoing mail. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dave at brondsema.net Tue Oct 16 04:51:45 2007 From: dave at brondsema.net (Dave Brondsema) Date: Mon, 15 Oct 2007 19:51:45 -0700 (PDT) Subject: PGP messages getting flagged as spam In-Reply-To: <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> Message-ID: <13225948.post@talk.nabble.com> Ryan Malayter-2 wrote: > > On 10/15/07, gabriel rosenkoetter wrote: >> It's up o the site administrator to make use of SA rules that aren't >> braindamaged. It's hardly the fault of the authors of SA if some >> site decides to add 2.5 points to every message with a MIME >> attachment, though you can, perhaps, see how that might be a naive >> approach that works pretty well most of the time. > > Another problem: automatically adding negative score to PGP data would > make that an attractive tactic for spammers. If such a rule were > popular in SpamAssasin, you'd see a lot of base64 encoded HTML spam > with "fake" PGP headers, I imagine. > > The real solution would be for SpamAssasin to check that the PGP > messages are well-formed, and verify signatures on any PGP message > before altering its score. A tad CPU intensive, I think, and it poses > a host of key management and trust management issues if the > SpamAssasin systems serves many users (which most do). > I have started an OpenPGP plugin for SpamAssassin that could be useful to assign a negative score to signed emails. See http://search.cpan.org/perldoc?Mail::SpamAssassin::Plugin::OpenPGP I am using it myself, but it is not complete and I wouldn't recommend using it in production environment without some good testing. And patches for it, probably :) -- View this message in context: http://www.nabble.com/PGP-messages-getting-flagged-as-spam-tf4597896.html#a13225948 Sent from the GnuPG - User mailing list archive at Nabble.com. From email at sven-radde.de Tue Oct 16 07:46:29 2007 From: email at sven-radde.de (Sven Radde) Date: Tue, 16 Oct 2007 07:46:29 +0200 Subject: PGP messages getting flagged as spam In-Reply-To: <87myukbg9q.fsf@wheatstone.g10code.de> References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <87myukbg9q.fsf@wheatstone.g10code.de> Message-ID: <47145035.6000702@sven-radde.de> Hi! Werner Koch schrieb: > FWIW, a few weeks ago I received the first PGP signed spam. The > signature was good and I believe that it was sent using a trojan > utilizing the local MUA which was configured to sign all outgoing mail. Just out of curiosity: Does this (or, rather: should this) have implications for your trust of the signer's key? If the system is compromised, you cannot be sure of the authenticity of messages coming from there, can you? cu, Sven From rjh at sixdemonbag.org Tue Oct 16 08:58:46 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 16 Oct 2007 01:58:46 -0500 Subject: PGP messages getting flagged as spam In-Reply-To: <47145035.6000702@sven-radde.de> References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <87myukbg9q.fsf@wheatstone.g10code.de> <47145035.6000702@sven-radde.de> Message-ID: <47146126.7030505@sixdemonbag.org> Sven Radde wrote: > Just out of curiosity: Does this (or, rather: should this) have > implications for your trust of the signer's key? There are two schools of thought on this. 1. "Beats me. You get to define your policy, not me." 2. "If this guy's control of his keys and passphrase is so poor that a spammer can use them, then there is no sensible policy which would consider that key uncompromised." Personally, I side with #1, but my own personal policy is #2. YMMV. From wk at gnupg.org Tue Oct 16 09:20:49 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 16 Oct 2007 09:20:49 +0200 Subject: PGP messages getting flagged as spam In-Reply-To: <47145035.6000702@sven-radde.de> (Sven Radde's message of "Tue, 16 Oct 2007 07:46:29 +0200") References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <87myukbg9q.fsf@wheatstone.g10code.de> <47145035.6000702@sven-radde.de> Message-ID: <871wbv8qzy.fsf@wheatstone.g10code.de> On Tue, 16 Oct 2007 07:46, email at sven-radde.de said: > Just out of curiosity: Does this (or, rather: should this) have > implications for your trust of the signer's key? Well I assume that this guy keeps his primary key offline and thus malware would not be able to let him sign other keys ;-) > If the system is compromised, you cannot be sure of the authenticity of > messages coming from there, can you? Right. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dan at geer.org Tue Oct 16 13:23:30 2007 From: dan at geer.org (dan at geer.org) Date: Tue, 16 Oct 2007 07:23:30 -0400 Subject: PGP messages getting flagged as spam In-Reply-To: Your message of "Tue, 16 Oct 2007 09:20:49 +0200." <871wbv8qzy.fsf@wheatstone.g10code.de> Message-ID: <20071016112330.6192633E45@absinthe.tinho.net> Werner Koch writes: | | > If the system is compromised, you cannot be sure of the | > authenticity of messages coming from there, can you? | | Right. | And therein is the issue. A year ago, I wrote an editorial where I made a semi-numeric mostly educated guess that 15-30% of all home/private systems were already compromised. I got some hate mail but in the intervening months, Vint Cert said 40%, Microsoft said 2/3rds, and IDC said 3/4ths. Whatever the true number is, real risk management must now assume that the counterparty to a conversation stands a good chance of being 0wned. That said, the discount brokerages are hurting on this as 0wned machines mean that stock pump&dump schemes can be pumped by booking real trades from real people with real money, i.e., steal the password via a key logger and then time the trade to help with the pump phase. I've another editorial on that, but suffice it to say that in at least one instance, the November 06 10-Q filing by e-Trade, the losses in question reached the level that required SEC disclosure. Which brings us to a point: Those brokerages want, and are willing to pay real money for, something like an Active-X component that at the outset of the trading session is downloaded fresh, steals the keyboard away from the operating system, and pipes keystrokes through an entirely distinct network stack direct to the trading environment, i.e., makes the home user's PC into a dumb terminal for a moment. On the one hand, that this could work is horrifying and the idea of teaching the user community to say yes to "steal my keyboard" is likewise horrifying. But on the other hand there is a coherent argument that people fall in two camps: Those who always click "YES" and those who never do. If someone always clicks "YES," then the odds are that they are alreacy 0wned and, thus, you need to 0wn them for a moment if you are going to do anything important. If someone never clicks "YES," then the odds are that they are canny and self-protecting, so you don't need to 0wn them up just to have a transaction. The times, they are a changin' --dan From daniel at benoy.name Tue Oct 16 17:28:48 2007 From: daniel at benoy.name (Daniel Benoy) Date: Tue, 16 Oct 2007 11:28:48 -0400 Subject: Trouble with keyservers Message-ID: <200710161128.57244.daniel@benoy.name> Hi. I generated my key with the assistance of an experimental program called 'gnupg-pkcs11-scd' and my Aladdin eToken and I think the key that was generated is somehow messed up. When I exchange my public key with friends manually, they can encrypt to me just fine. But when they grab from a keyserver they can't. Can someone here help me determine what's wrong with the key that comes from the keyserver, and help me narrow down the issue to the keyservers, gnupg, or gnupg-pkcs11-scd? Here's what I see: (I try the same command twice. One after using the keyserver, one after importing an armored ascii key) kos-mos dbenoy # gpg --keyserver wwwkeys.us.pgp.net --recv-keys 3E2E17A6 gpg: requesting key 3E2E17A6 from hkp server wwwkeys.us.pgp.net gpg: key 3E2E17A6: public key "Daniel Benoy " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) kos-mos dbenoy # gpg -ae -r 3E2E17A6 gpg: 3E2E17A6: skipped: Unusable public key gpg: [stdin]: encryption failed: Unusable public key kos-mos dbenoy # gpg --delete-key 3E2E17A6 gpg (GnuPG) 2.0.6; Copyright (C) 2007 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. pub 1024R/3E2E17A6 2007-10-14 Daniel Benoy Delete this key from the keyring? (y/N) y kos-mos dbenoy # gpg --import -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.6 (GNU/Linux) mI0ERxGCUgEEAMfKi8XRkuazi0d2QkZ7Ql/jGJzTrIOGV1u84Hwn8941OGj6CTR6 pKTBag5AGvh3xkAKKTVG//5uJBFVyysW2kUkXjGIDWWnsSthMMwFZY/3LWdDSIUU /sXjFVP5ZTJq4Xa+fCuj7l5KX3huM/eTQVwuyXvPBfDKbYoPgDToh+XDABEBAAG0 KURhbmllbCBCZW5veSA8ZGFuaWVsLmJlbm95QGV4ZWN1bGluay5jb20+iLsEEwEC ACUFAkcRitkCGwMFCQHhM4AGCwkIBwMCBBUCCAMDFgIBAh4BAheAAAoJEOpDXYY+ LhemRaUD/05rTRzglIKOtFYuAf4bTvj0L0wRMU0fJnXFoPF8G1JMidDEI+//aRv+ pebniVgvzXcnaWdPbG++NZOPGGSx3+JjwmHDADmMGTTZ1hxLFr0JhBKpq6TVDyJe 7HrRC/BnnxhDtkO7cSuPX1/aZFCnto/b4+A3591VxMH7r9BDucjktCBHb2xkZW4g SGF3ayA8Z29sZGVuaGF3a0BtdWNrLmNhPoi6BBMBAgAlBQJHEYp/AhsDBQkB4TOA BgsJCAcDAgQVAggDAxYCAQIeAQIXgAAKCRDqQ12GPi4XpjKQA/d3m0n0+4A9XYvK zmzpP48TgUNE7KlSRXmVXZ2kZ9wCg9A0j5Vtf72oeSCncgSQ5mnQ2DzabVzU6j9i Gyl73Us76LhmqVIl5qwJSU884A6Eg+z7vsTGyoESBotq6CCVLEbkrBYov7wQ0o+Q 9DN8l959LInQ38dqGdUu4LBx/bUCtCBEYW5pZWwgQmVub3kgPGRhbmllbEBiZW5v eS5uYW1lPoi+BBMBAgAoAhsDBQkB4TOABgsJCAcDAgQVAggDAxYCAQIeAQIXgAUC RxGLPgIZAQAKCRDqQ12GPi4XplrGA/9q7eyOorvGCZ5T/GFzvWM7IcXLzTaLK8g2 ZCCXV5xnvXw1rr0LE5mI9gb5EYw0HFw8eoUGEdnMG0M/iX/FYUiTQTEknNwktPaS h7salFngg+WlqB+ZlvLQKiXmvpaqdLIjtqm0GYIiqaU3P61B/wo2e19whPaGJEB8 1s2w8Zsm5dHLP8s9ARAAAQEAAAAAAAAAAAAAAAD/2P/gABBKRklGAAEBAQBIAEgA AP/hABZFeGlmAABNTQAqAAAACAAAAAAAAP/+ABdDcmVhdGVkIHdpdGggVGhlIEdJ TVD/2wBDABYPEBMQDhYTEhMYFxYaIDYjIB4eIEIvMic2TkVSUU1FTEpWYXxpVlx1 XUpMbJNtdYCEi4yLVGiZo5eHonyIi4b/2wBDARcYGCAcID8jIz+GWUxZhoaGhoaG hoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhoaGhob/wAAR CAEgAPADASIAAhEBAxEB/8QAGgAAAwEBAQEAAAAAAAAAAAAAAAECAwQFBv/EAC4Q AAICAQQBBAEDAwUBAAAAAAABAhEDBBIhMUEFE1FhMiJxoVKBkRQjM0KxFf/EABcB AQEBAQAAAAAAAAAAAAAAAAABAgP/xAAaEQEBAQEBAQEAAAAAAAAAAAAAARExAhIh /9oADAMBAAIRAxEAPwDvAQWAAArCgAEEMBAFMTYCbCHZLn8HNm1SUW4NNJ1+4sep jJJzajfgK6VO5Ux7l8nFl1aX4Jyf/hWHUqS/XFIDsJZO+NN3wkKOWM43FgUFk3yD lS56Kir4FZCyJ/X7kvNFAa2FmK1EG+zRSUlwUUMmwsgoZFjAqwJTGihjRNh2QbAA iAABAMQAAAIAA49Tq9rlGNUuGzrbrs8TUT3Zpu+HICZTbpX0TuZDbYrA0WSS6fY1 kaMh8BW6zyqtzoSytcpmSDgDsw6n9XMmjeWoTg1av6PMUjRSdAdOTM6VdroxlNy/ Lkhtg2QOld9f3NIaiePy2vs599DUty+wPTx6hTV/wX7h5uKThNfZ2xZdRr7j+A91 mYxov3GP3JGYDRfuMN7JAmjuAQFQeQCxWABYAAHPqdSsLUIrdkl1E3b4PN/LLLM2 ufL8BWWoy5G/93Kr/pj4ORuy8jTlJ/ZmwEFhYAFgFFJWAQ5FLhhTTKrcuQqVyUpU JRadlOmuuSClJNUHhmPTLjLgCX2C7E+wKNFK+D0MTvHF/R5sUd+ndQS8MiNhiGgA YhgAAAHaACKgAAAQAICMs1GDb+Dx82ZuKh4Ts6/UM0oT2R+OTzrCwElF48e7l9AQ o34Gsbfg6Y40vBW0mrjm9plLGb7QUQuMvbKWJGm0adEMR7SEsSdmvL6KSoGOZ6cz lga6O9Rsr2wY8lxaBHflwKSbrk4pY3F0yoE0dGnk5Tr4OZI2wS2zTA7lyhiXQwgQ wAAGAAdgAFlQMQMCgE2MzzOscn9EHm+pc5VJSVVTRxorLkc5ck0KpwjukdUIpKiM MaVmpFMYhkaIdAAACQDQFIaQikFUikhItIIlxtM5tRhtWjrY3FSiEeP12OPDNtTj 2TMV8FR24pKUTQ49PkqdPydiCAYAAwEMDsEAismIBAM4/UZuOGk+zrs871Ltcgjg KirZmbYuyNN4KkUJARpS5AVhYUwEADKRI0BSGiUUgrSJqjGPBqmAflJ/RSJui1TC OfVYt0Gzzq5aPZyK4NHlZIVNssZZRbjK/KO7DPfBPycORVI00uRxnt8MqO4AGRAM QAdYCYFQMLEAAcfqMFLFufaOts8v1HK5Zdi/GP8A6VY5DXF2Yo2xGVbiFYmw0uwt fJk7Jtgb2G7kxUmi1KwutkxmaZSYFoe7kixMitVkSRSyo5mwXfYTXWppmqfBywX2 axdeQa3vjk49VBRlfhnUnwZapbsL+gleZm4kbaOm3fZjmXz2Xo0/cbvwaZd6ASYy IYAgA6hAxFAACAJdHk65R924u75Z6smeTqU3OS/p6/YEcyN8XRgaQlUfslVs3RO9 Ao/PIOkFHufEWzTHhz5VcME5J/CMLNcWsy4f+PJKNFCywnim4ZMcoyXhme8vPqJ6 ibnklul5ZjdgbxlZqmcak4M0jkyPpEXXXFWRlyKDpcsxeXNjXMUZKTrc3ywa1c5P 4Q4pvuTZjbqyoZGmVHvL07Qw9PeWTcslLlzfZwLDh/p/kxWeThTdq+i8crFI09nG uYuUX9SIy5J4otTlvxy4vyjVJMy1UH/p5v4Irjy8vjkvS/pyJkqMoNr54N8OOuys ukZKGAxiAg6hABpkCGIgGjj1enUv1rh9HYRkjujRR40oNdi27UmaZ1WRx+BtfoI2 pEyVlR5imOiDFxpicOTSXYgISpC2miiDXAGSW6aR1QVGGNXJs3iKsb+2smNr6OGE bbi10ejh6OfVYvay+4vxl39MQsc+3mjSEOeh0mXjdMqKjjUXyi6T6JnksIslWNIc MNS/9hxXcml/IOcIcykkEE82SM9rUIcq/LIMdUtuV/wXie6Cb76L1cbhddGenv23 +5Vz8ajEMrmBiGFdQgAMgQxFAJjEwjydQn78r+SkuA1H/PJfDAzXRHMeuUDn8pli aCs3NC3I02oNqAn3PhMTcpfSNKRMn4BggkkWiIo0ikFb4pUbTcZwcZK0zHFG3wXO DS4ZFck8Ki/0tpE7ZryXJvc0MqYhKb/7FxxbvylL/JUUaxQJF4sWONVBX8nQkZRV Gq6BYzzK4SX0znxLbiiv7m+d1Bv6MlwkvoF4YCGHMwAEUdQABUIAAAEABHFrcSTW T54ZznbrK9r7s4iVucAxARowBDCpZD/ItktWApy2jhOyWnZcIhHRjm4wbq3QYdRK TqaoUJJKhNRbIqMjUskmumxJlOPBD4A1ibYzljLk6cbKrpgi6oiJd8AYahbkl9mb NM1ukjLoM3hoZIwwYxWBR1iAAgEMRUAAAHPrIOWNSXO3wcPaPWZ5+rSWbjyip51HyY yy7nwGVRdM6cTOVcnRiIR2wfBVkQsvgq6wySamQ3bHldyZIYtNdjJQwigFYwOoAA 0hAAAAAAQmcOsVZE/lHcceuXMWFjlAVhZltVkT7GpEy5YVLjYthokVQGSSKUUzTa ilEKiMF8GixprouMV8G+OEa6IuuT/T34M5Qro9Ca44OSceQzWcYnVhRzx4OnGB0R +CpOkyELJKoNeWUYN2wAEGDGIZQxkjRB1gAioAAAAAEVAcuv/GL+zqOPX5IpRh57 IscbAQEbLyF8ikTYGqZaMos0TIqioklIDSJrEyiy0wLk+DDI7ZpJ8GMmBCXJ0YeX yYpm+LnoDeqRjkdyNnwh49N7q3bq/sWJbjmBHZ/8+T6mv8EZ9JLBHc5J/sXGNc6G IZFMZJRR1AAFZIAEAxClKMVcmkvs55a7DF/k3+yCuhvizxs+X3M8p/fB2ZfUIODU U7fHJ5suyLI2sDOErVF2RomyfI5E2BomXFmKZSYG6ZSZnFlkVaZomjFPke4DRszk wtg2Aqvo6cK4MMStnSvgIp8nZgpQSRxzezHKXwivTdasy9udKa6+yxn1x6cSNRDf hkvoqLL7Rpy14lUBrqYe3mkvBkR0MBDQHUFnm5PUMj4hFR/k556jJP8AKbYX5enm 1eLF3K38I5J+oyf4RS/c4mxWFkaZc88jucmzKwbFYUNgxDAV88GilZmAG3gihRlX ZfZBI12DiLoDaLNL4MYs0TAqwchMkK0T4BJt0iI23SOnHi2uyIuENq5NIrkFyWuC jLWPbppfseZhyPHkjKL5Ts7vUciWJR8tnn41yWI+pwT9zHGa/wCys3Rxemy3aOH1 wdqNOV64PUMdNT/scR6+qhvwyR5DM1ryAQAgry7ZLYyWGxYAAAIGIBghAAwAAAad MQAaKSY2jJFKYFo0jZEZJmkaAtK0VHF/gE+DSLIHCEYmi5dEJFxaQGsVROTLGCts xyaiOPt8nBlzSyy5fADz5XmyW+hRVCSHZVej6droaeLhkT2t3a8Hs4c2PNG8c1Jf R8t4KhlljkpQk4teUxrN86+rkrTPI1ENmWS8XwRp/Wckf05oqa+V2aanUYNRU8Uu fKfZax82MRoQyK8gGCEw2ABAAhDABAABDASGFAAAAAAAFxm15IGgN45WaxyHINSa A7PdSRnPUvqJzubYkrAcm5O2NISCwqrCybAC0IELyA26BSa5JGEdGPUSjw+Tohnj LzR56KTBj//ZiLsEEwECACUFAkcRihECGwMFCQHhM4AGCwkIBwMCBBUCCAMDFgIB Ah4BAheAAAoJEOpDXYY+Lhem+ZIEAK+U1K4gLM7hQvLs2xT09yLCpB2S6qmItOqz NV4OaY7vtYIMriqED2rTiwRelGShcpta8gB3UM1l1Jw+ZGMT+PWAxAAfqe45LR28 4GjE51BoBjNiyDUiuW4xXo4HENSu7ce++MaQa4O1MK7PmwEk64jf3azcM5HlyVCq /tyQeyfcuI0ERxGCUgEEAMfKi8XRkuazi0d2QkZ7Ql/jGJzTrIOGV1u84Hwn8941 OGj6CTR6pKTBag5AGvh3xkAKKTVG//5uJBFVyysW2kUkXjGIDWWnsSthMMwFZY/3 LWdDSIUU/sXjFVP5ZTJq4Xa+fCuj7l5KX3huM/eTQVwuyXvPBfDKbYoPgDToh+XD ABEBAAGIpQQYAQIADwUCRxGCUgIbIAUJAeEzgAAKCRDqQ12GPi4XpmjlA/sE4+qU V9MgybvOju/2Fq4+9WrPPqhSMg7DSNGLR0uShYvinR+x7mxAFiZxr3DARe+Y/Bzv E/teCYWxivMVB2BLuSY62uFB5WwXZkVl4erI82ZZdk84Mf9GTE60hzRpz1rRXbfA QFwAEwI2QAEhPy1vnFWw0M9EMvTKgoFunTh4o7iNBEcRglIBBADHyovF0ZLms4tH dkJGe0Jf4xic06yDhldbvOB8J/PeNTho+gk0eqSkwWoOQBr4d8ZACik1Rv/+biQR VcsrFtpFJF4xiA1lp7ErYTDMBWWP9y1nQ0iFFP7F4xVT+WUyauF2vnwro+5eSl94 bjP3k0FcLsl7zwXwym2KD4A06IflwwARAQABiKUEGAECAA8FAkcRglICGwwFCQHh M4AACgkQ6kNdhj4uF6bWtwP/Y5cR6hbUYDnk/34u+iJCa8XMW+aCy7iVn9qi1xgR mi+xHp0zREaYDXFAgLg8sa1KktIULpU+MV1laIG2WGfwDgD5EO2VPb0jTIHVnYYm 7Pic56By5CXfNnjlsYdy0P2KoHvLSFLuolEdIuTs0nbcUN8/hErXCQmqD4OPO6TX Iwo= =3uJ3 -----END PGP PUBLIC KEY BLOCK----- gpg: key 3E2E17A6: public key "Daniel Benoy " imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) kos-mos dbenoy # gpg -ae -r 3E2E17A6 gpg: 3E2E17A6: There is no assurance this key belongs to the named user pub 1024R/3E2E17A6 2007-10-14 Daniel Benoy Primary key fingerprint: 3562 2296 53CF 0B61 ECDE D473 EA43 5D86 3E2E 17A6 It is NOT certain that the key belongs to the person named in the user ID. If you *really* know what you are doing, you may answer the next question with yes. Use this key anyway? (y/N) y Test -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.6 (GNU/Linux) hIwD6kNdhj4uF6YBBACc3CjP7BFjPtn5tiooM3kutrAxTqwkgvPepkMPY/Q1842P aGb7RrbRa7OB29V0ml2Ssy4eck27zdnP+hOKP1lQ8TExA892qqoCkQE314gikQkZ d5xWM80WxHwFR7XrEFDRrIhmHj8iTiD3li9xWbQjAkdRSyj1FMBVfH4QTMLvYdJA AV9e2lyzAhA7bdnUqjCYIRBiQSMj/AQKQg82I/g0rMMHUyLA2j63RB0utOaxBfJk Dq5vnSRW6Z6jYYt7y1wBEg== =cNmq -----END PGP MESSAGE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part. Url : /pipermail/attachments/20071016/07761ce9/attachment.pgp From rjh at sixdemonbag.org Tue Oct 16 19:15:03 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 16 Oct 2007 12:15:03 -0500 Subject: PGP messages getting flagged as spam In-Reply-To: <20071016112330.6192633E45@absinthe.tinho.net> References: <20071016112330.6192633E45@absinthe.tinho.net> Message-ID: <4714F197.1080007@sixdemonbag.org> dan at geer.org wrote: > And therein is the issue. A year ago, I wrote an editorial where I > made a semi-numeric mostly educated guess that 15-30% of all > home/private systems were already compromised. I got some hate mail > but in the intervening months, Vint Cert said 40%, Microsoft said > 2/3rds, and IDC said 3/4ths. I seem to recall hearing Cerf say one in four, not two in five. Regardless, the numbers are still shockingly high. > Whatever the true number is, real risk management must now assume > that the counterparty to a conversation stands a good chance of being > 0wned. It goes a lot deeper than brokerages, although it doesn't surprise me that this industry has done a lot of thought about it. In my day job I'm finishing a Ph.D. in computer security, using electronic voting systems as a testbed for research. I am appalled at how often well-meaning people ask "well, overhauling all these DRE machines would cost a fortune, so why not just let people vote from home?" Vote-from-home over the internet is probably going to happen sooner or later in some jurisdiction, if only because it is possible for a vendor to claim huge cost savings and convenience increases. And what do we do once we've turned the machinery of democracy over to a network which is increasingly owned lock, stock and barrel by botnets? In a similar vein, I have two close relatives who are judges. It scares me... I mean, it downright _terrifies me_... that they are unaware of just how many machines are compromised, or the likelihood that their own machines are compromised. Whenever I visit either of them--which I do with some frequency--the first thing I do is scour their PCs for traces of infestation. It's a substantial amount of work, but I would much rather do this than run the risk of a felon's conviction being overturned on the grounds of the judge's PC was part of a botnet and thus we can't trust that the entered opinion was accurate. The implications of botnets are both wide-ranging and bone-chilling. I am quite concerned about the potential impacts of botnets upon the world at large. From gr at eclipsed.net Wed Oct 17 03:30:58 2007 From: gr at eclipsed.net (gabriel rosenkoetter) Date: Tue, 16 Oct 2007 21:30:58 -0400 Subject: PGP messages getting flagged as spam In-Reply-To: <87myukbg9q.fsf@wheatstone.g10code.de> <13225948.post@talk.nabble.com> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> References: <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> Message-ID: <20071017013058.GP85001@stow.eclipsed.net> At 2007-10-15 06:26 -0500, Ryan Malayter wrote: > The real solution would be for SpamAssasin to check that the PGP > messages are well-formed, and verify signatures on any PGP message > before altering its score. A tad CPU intensive, I think, and it poses > a host of key management and trust management issues if the > SpamAssasin systems serves many users (which most do). It's still a worthwhile check, assuming an appropriately weighted system (valid PGP signatures don't necessarily mean I want to read the email, so it's worth a few points, but definitely a less-than-1 fraction of my "not spam, deliver it" number). Given that the default install of SA in most package distributions makes use of various DNS[/RBL] checks, I'm pretty sure that CPU time isn't the compelling factor. I'm happy to accept a 10 minute lag in my email delivery (from or two, really) for a 95%+ reduction in email I didn't want to have to delete manually. At 2007-10-15 19:51 -0700, Dave Brondsema wrote: > I have started an OpenPGP plugin for SpamAssassin that could be useful to > assign a negative score to signed emails. See > http://search.cpan.org/perldoc?Mail::SpamAssassin::Plugin::OpenPGP I am interested in your project and excited by the concept, but I'm pretty sure it will reach the point of Works Good Enough before I have the free time to help. Good luck, though! At 2007-10-15 16:32 +0200, Werner Koch wrote: > FWIW, a few weeks ago I received the first PGP signed spam. The > signature was good and I believe that it was sent using a trojan > utilizing the local MUA which was configured to sign all outgoing mail. It was only a matter of time. -- gabriel rosenkoetter gr at eclipsed.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071016/7c023124/attachment.pgp From rjh at sixdemonbag.org Wed Oct 17 06:31:26 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 16 Oct 2007 23:31:26 -0500 Subject: PGP messages getting flagged as spam In-Reply-To: <20071017013058.GP85001@stow.eclipsed.net> References: <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <20071017013058.GP85001@stow.eclipsed.net> Message-ID: <4715901E.5080505@sixdemonbag.org> gabriel rosenkoetter wrote: > It's still a worthwhile check, assuming an appropriately weighted > system (valid PGP signatures don't necessarily mean I want to read > the email, so it's worth a few points, but definitely a less-than-1 > fraction of my "not spam, deliver it" number). Given that the default Not really. The instant spammers figure they can sneak past SpamAssassin a fractional bit more by having a good PGP signature, we're going to see an explosion of PGP/MIME. The main body will be random text and have a valid signature; the attachment will be the permuted-per-recipient image, and will not. They need to sign one message and send it to ten million people. Ten million people then need to have their spamfilters parse the PGP signature to see whether to give it the fractional point deduction. This is classic asymmetric warfare. In very short order so many spammers will be using PGP/MIME that just using PGP/MIME legitimately will raise the point value of your traffic. Which means that six months after people start marking down PGP-signed emails, people start marking the scores way, way up. I don't feel like sacrificing my ability to send encrypted emails to someone just to get an additional six months delay in the spam war. From snoken at tunedal.nu Wed Oct 17 09:00:33 2007 From: snoken at tunedal.nu (Snoken) Date: Wed, 17 Oct 2007 09:00:33 +0200 Subject: PGP messages getting flagged as spam In-Reply-To: <87myukbg9q.fsf@wheatstone.g10code.de> References: <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <87myukbg9q.fsf@wheatstone.g10code.de> Message-ID: <200710170700.l9H70gWX020197@www11.aname.net> At 16:32 2007-10-15, Werner Koch wrote: >On Mon, 15 Oct 2007 13:26, malayter at gmail.com said: > >> The real solution would be for SpamAssasin to check that the PGP >> messages are well-formed, and verify signatures on any PGP message >> before altering its score. A tad CPU intensive, I think, and it poses > >FWIW, a few weeks ago I received the first PGP signed spam. The >signature was good and I believe that it was sent using a trojan >utilizing the local MUA which was configured to sign all outgoing mail. > > >Shalom-Salam, > > Werner The good news is that this makes it fairly easy to locate the compromised computer and alert the user. Snoken From rjh at sixdemonbag.org Wed Oct 17 09:39:27 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 17 Oct 2007 02:39:27 -0500 Subject: PGP messages getting flagged as spam In-Reply-To: <4715BB0A.7070904@sven-radde.de> References: <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <20071017013058.GP85001@stow.eclipsed.net> <4715901E.5080505@sixdemonbag.org> <4715BB0A.7070904@sven-radde.de> Message-ID: <4715BC2F.9060407@sixdemonbag.org> Sven Radde wrote: > Probably true, but how will spammers get signatures on their stuff that > are valid *for me*? So, what, the plan then is to discard any message that's signed by an unknown or untrusted key? Or consider that to be a spam indicator? These cures are just as lousy as the disease. > Looks like a template for a nice Spamassassin filtering rule ("signed > body + unsigned attachment") to at least offset the bonus received from > the valid sig. ;-) So _more_ valid OpenPGP data gets discarded? This plan gets better and better. From email at sven-radde.de Wed Oct 17 09:45:35 2007 From: email at sven-radde.de (Sven Radde) Date: Wed, 17 Oct 2007 09:45:35 +0200 Subject: PGP messages getting flagged as spam In-Reply-To: <4715BC2F.9060407@sixdemonbag.org> References: <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <20071017013058.GP85001@stow.eclipsed.net> <4715901E.5080505@sixdemonbag.org> <4715BB0A.7070904@sven-radde.de> <4715BC2F.9060407@sixdemonbag.org> Message-ID: <4715BD9F.1040803@sven-radde.de> Hi! Robert J. Hansen schrieb: > So, what, the plan then is to discard any message that's signed by an > unknown or untrusted key? > (...) > So _more_ valid OpenPGP data gets discarded? This plan gets better and > better. The plan was not to discard anything, but *deny the bonus* in some cases where valid OpenPGP data is found. I fail to see why this would be worse than the current situation where OpenPGP data does not get a bonus at all. cu, Sven From email at sven-radde.de Wed Oct 17 09:34:34 2007 From: email at sven-radde.de (Sven Radde) Date: Wed, 17 Oct 2007 09:34:34 +0200 Subject: PGP messages getting flagged as spam In-Reply-To: <4715901E.5080505@sixdemonbag.org> References: <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <20071017013058.GP85001@stow.eclipsed.net> <4715901E.5080505@sixdemonbag.org> Message-ID: <4715BB0A.7070904@sven-radde.de> Hi! Robert J. Hansen schrieb: > The instant spammers figure they can sneak past SpamAssassin a > fractional bit more by having a good PGP signature, we're going to see > an explosion of PGP/MIME. Probably true, but how will spammers get signatures on their stuff that are valid *for me*? They would have to compromise one of the keys that are valid on my keyring or one that would be considered trustworthy by means of the web-of-trust. Maintaining a dedicated database of "spam-keys" that had been trustworthy but were used for spam would help, too (to assign messages signed by those keys a bad score). Note that this approach requires a per-user filtering by Spamassassin but SA already handles per-user whitelists, blacklists and even user-defined rules (not sure on the last one, though). > The main body will be random text and have a > valid signature; the attachment will be the permuted-per-recipient > image, and will not. Looks like a template for a nice Spamassassin filtering rule ("signed body + unsigned attachment") to at least offset the bonus received from the valid sig. ;-) Just my 2 cents, Sven From rjh at sixdemonbag.org Wed Oct 17 20:12:12 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 17 Oct 2007 13:12:12 -0500 Subject: PGP messages getting flagged as spam In-Reply-To: References: <20071016112330.6192633E45@absinthe.tinho.net> <4714F197.1080007@sixdemonbag.org> Message-ID: <4716507C.4090209@sixdemonbag.org> reynt0 wrote: > IIRC there was a Technische Universitaet or similar in > Austria a while ago that was going to do some student > elections by internet. A lot of institutions are doing this nowadays. I expect most universities to go this way within the next few years--and once university students get accustomed to it, a few years after that we'll see the idea gain traction in the real-world election community. For a look at the problems in the University of Iowa student government elections, take a look at: http://cs.uiowa.edu/~rjhansen/UISG.pdf After delivering this report to Student Government, their response was to bury it, never follow up with us, and the next year hired an outside contractor to provide vote-by-internet, all on the basis of "the voting research group here is not willing to be part of a productive working relationship". ObGnuPGRelevance: some of the issues pointed out in the final report could have been mitigated with GnuPG, although in the end UISG elected to ignore our recommendations. From reynt0 at cs.albany.edu Wed Oct 17 19:48:22 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Wed, 17 Oct 2007 13:48:22 -0400 (EDT) Subject: PGP messages getting flagged as spam In-Reply-To: <4714F197.1080007@sixdemonbag.org> References: <20071016112330.6192633E45@absinthe.tinho.net> <4714F197.1080007@sixdemonbag.org> Message-ID: On Tue, 16 Oct 2007, Robert J. Hansen wrote: . . . > Vote-from-home over the internet is probably going to happen sooner or > later in some jurisdiction, if only because it is possible for a vendor . . . IIRC there was a Technische Universitaet or similar in Austria a while ago that was going to do some student elections by internet. Like maybe 2-3 years ago or so?? Reading their description of their plan at the time, I was not (FWIW) specially impressed that they were considering what might be all possible problems, although IIRC there was discussion of doing regular political elections the same way. I should have checked later to see what the outcome was, but did not. From 210525p42015 at denstarfarm.us Wed Oct 17 23:55:43 2007 From: 210525p42015 at denstarfarm.us (Robert D.) Date: Wed, 17 Oct 2007 17:55:43 -0400 Subject: Question about Replying to List Message-ID: <471684DF.30303@denstarfarm.us> I'm on a MacBook and using Thunderbird version 2.0.0.6 (20070728) I see no Header of "Reply To:" ... I was looking for it because when I hit "Reply" to one of the List emails, the compose window popped up with a message addressed to Robert H. as opposed to the List. Is this normal? If not, is there a setting in the List Account for me where I can set the headers appearing in emails to me? Reply-All seems not so much a good idea since two emails would be sent ... so I figure I am doing something wrong. From benjamin at py-soft.co.uk Thu Oct 18 01:50:58 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Thu, 18 Oct 2007 00:50:58 +0100 Subject: Question about Replying to List In-Reply-To: <471684DF.30303@denstarfarm.us> References: <471684DF.30303@denstarfarm.us> Message-ID: <47169FE2.5050602@py-soft.co.uk> Robert D. wrote: > I'm on a MacBook and using Thunderbird version 2.0.0.6 (20070728) > Take a look at the Thunderbird reply to list extension - http://alumnit.ca/wiki/index.php?page=ReplyToListThunderbirdExtension Ben From reynt0 at cs.albany.edu Thu Oct 18 04:01:41 2007 From: reynt0 at cs.albany.edu (reynt0) Date: Wed, 17 Oct 2007 22:01:41 -0400 (EDT) Subject: professionalism, was Re: PGP messages getting flagged as spam In-Reply-To: <4716507C.4090209@sixdemonbag.org> References: <20071016112330.6192633E45@absinthe.tinho.net> <4714F197.1080007@sixdemonbag.org> <4716507C.4090209@sixdemonbag.org> Message-ID: On Wed, 17 Oct 2007, Robert J. Hansen wrote: . . . > For a look at the problems in the University of Iowa student government > elections, take a look at: > > http://cs.uiowa.edu/~rjhansen/UISG.pdf > > After delivering this report to Student Government, their response was > to bury it, never follow up with us, and the next year hired an outside . . . > ObGnuPGRelevance: some of the issues pointed out in the final report > could have been mitigated with GnuPG, although in the end UISG elected > to ignore our recommendations. Reading that report, I see another GnuPG relevance: the issue of Computer Science being a profession (occasionally debated in IEEE publications (at least a while ago), etc). The characteristics of a "profession" are supposed to include the existence of professional standards and ethics requiring adherence to the standards. Open source may be thought to finess this issue, working in the understanding (hope ?) that including direct feedback from interested community members (given the existence of community communication channels, and ideally including members with professional status or attitudes) may be a substitute for professional standards and ethics. Are there refined answers available to the question, how can someone like "salaried programmers" (p.2) best state a claim that GnuPG could serve as part of a professional solution to the problem? (I hope this isn't too far out of bounds of gnupg-users relevance.) From rjh at sixdemonbag.org Thu Oct 18 10:11:11 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 18 Oct 2007 03:11:11 -0500 Subject: professionalism, was Re: PGP messages getting flagged as spam In-Reply-To: References: <20071016112330.6192633E45@absinthe.tinho.net> <4714F197.1080007@sixdemonbag.org> <4716507C.4090209@sixdemonbag.org> Message-ID: <4717151F.3070002@sixdemonbag.org> reynt0 wrote: > Are there refined answers available to the question Yes. When giving a software evaluation, you always specify sources and methods. Each and every assertion needs a source and a method: who is your source, and how does your source know this? With proprietary software, you're mostly stuck relying on your vendor for information. Compare "Microsoft says that IIS will scale up to our server load with our current server configuration" to "the Apache Foundation isn't making any promises, but I've had Apache running for the last month on a test server and it's performing flawlessly." The first statement's source is Microsoft. Their method is presumably their own internal testing. The second statement's source is you-the-engineer. Your method is your own internal testing. Neither evaluation is necessarily better or worse than the other. Management might trust Microsoft more than you, or you more than Microsoft. You're not responsible for making sure Management makes the right choices--you're only responsible for giving Management accurate information with which to make their choices. From malayter at gmail.com Thu Oct 18 14:07:23 2007 From: malayter at gmail.com (Ryan Malayter) Date: Thu, 18 Oct 2007 07:07:23 -0500 Subject: professionalism, was Re: PGP messages getting flagged as spam In-Reply-To: <4717151F.3070002@sixdemonbag.org> References: <20071016112330.6192633E45@absinthe.tinho.net> <4714F197.1080007@sixdemonbag.org> <4716507C.4090209@sixdemonbag.org> <4717151F.3070002@sixdemonbag.org> Message-ID: <5d7f07420710180507r686df541i2440b7fd4241da42@mail.gmail.com> On 10/18/07, Robert J. Hansen wrote: > With proprietary software, you're mostly stuck relying on your vendor > for information. Compare "Microsoft says that IIS will scale up to our > server load with our current server configuration" to "the Apache > Foundation isn't making any promises, but I've had Apache running for > the last month on a test server and it's performing flawlessly." > > The first statement's source is Microsoft. Their method is presumably > their own internal testing. Why wouldn't you set up a test lab with the Microsoft products as well? They offer zero-cost trial and developer editions of their products for that express purpose. You should never rely on the word of a vendor if there is an alternative. You can always find proprietary vendors that will give you a trial of some sort. At my company, we've had months-long trial installations of $1M+ vertical market software packages before signing any agreement to purchase. -- RPM From rjh at sixdemonbag.org Thu Oct 18 17:23:46 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 18 Oct 2007 10:23:46 -0500 Subject: professionalism, was Re: PGP messages getting flagged as spam In-Reply-To: <5d7f07420710180507r686df541i2440b7fd4241da42@mail.gmail.com> References: <20071016112330.6192633E45@absinthe.tinho.net> <4714F197.1080007@sixdemonbag.org> <4716507C.4090209@sixdemonbag.org> <4717151F.3070002@sixdemonbag.org> <5d7f07420710180507r686df541i2440b7fd4241da42@mail.gmail.com> Message-ID: <47177A82.2050305@sixdemonbag.org> Ryan Malayter wrote: > Why wouldn't you set up a test lab with the Microsoft products as > well? It's a hypothetical. There do exist vendors that are infamously stingy with evaluation versions and heavily rely on "trust us". From gnupg at mockies.de Thu Oct 18 16:53:45 2007 From: gnupg at mockies.de (Christoph Mockenhaupt) Date: Thu, 18 Oct 2007 16:53:45 +0200 Subject: pinentry-mac never displays any UI [seems to be solved] Message-ID: <200710181654.05689.gnupg@mockies.de> Hi, I stumbled over the same problem. I am using mac-gnupg-2.0.4-2 from Ben. echo GETPIN | /Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac shows the pinentry dialog, though. But testing it together with gpg-agent didn't work (using something like 'echo "test" | gpg -ase -r KEY | gpg'). The pinentry icon bounced in the dock but no UI is shown (this seems to be the same problem Richard had). I was able to solve the problem by simply deleting the "no-grab" option from gpg-agent.conf (*hehe* "simply", took me ages to figure that out). Everything works fine, now. Thanks Ben for your work. Since kde-3.5.6 I was not able to use gpg in kmail because the usage of gpg-agent is not optional any longer. And I wasn't able to get this working till now. -- Christoph From benjamin at py-soft.co.uk Fri Oct 19 02:13:02 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Fri, 19 Oct 2007 01:13:02 +0100 Subject: Question about Replying to List In-Reply-To: <47169FE2.5050602@py-soft.co.uk> References: <471684DF.30303@denstarfarm.us> <47169FE2.5050602@py-soft.co.uk> Message-ID: <4717F68E.2070105@py-soft.co.uk> Benjamin Donnachie wrote: > Take a look at the Thunderbird reply to list extension - > http://alumnit.ca/wiki/index.php?page=ReplyToListThunderbirdExtension > If you don't want to use Thunderbird v3, take a look at the ReplyToList extension at http://cweiske.de/misc_extensions.htm Ben From BrunosJunk at Bronosky.com Fri Oct 19 03:43:02 2007 From: BrunosJunk at Bronosky.com (Richard Bronosky) Date: Thu, 18 Oct 2007 21:43:02 -0400 Subject: pinentry-mac never displays any UI [seems to be solved] In-Reply-To: <200710181654.05689.gnupg@mockies.de> References: <200710181654.05689.gnupg@mockies.de> Message-ID: By God, he's right! it was no-grab that was doing it. Thanks all! On 10/18/07, Christoph Mockenhaupt wrote: > Hi, > > I stumbled over the same problem. I am using mac-gnupg-2.0.4-2 from Ben. > echo GETPIN | /Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac shows > the pinentry dialog, though. > > But testing it together with gpg-agent didn't work (using something > like 'echo "test" | gpg -ase -r KEY | gpg'). The pinentry icon bounced in the > dock but no UI is shown (this seems to be the same problem Richard had). > > I was able to solve the problem by simply deleting the "no-grab" option from > gpg-agent.conf (*hehe* "simply", took me ages to figure that out). > > Everything works fine, now. Thanks Ben for your work. Since kde-3.5.6 I was > not able to use gpg in kmail because the usage of gpg-agent is not optional > any longer. And I wasn't able to get this working till now. > -- > Christoph > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- .!# RichardBronosky #!. From jharris at widomaker.com Fri Oct 19 05:56:59 2007 From: jharris at widomaker.com (Jason Harris) Date: Thu, 18 Oct 2007 23:56:59 -0400 Subject: PGP messages getting flagged as spam In-Reply-To: <4715BB0A.7070904@sven-radde.de> References: <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <20071017013058.GP85001@stow.eclipsed.net> <4715901E.5080505@sixdemonbag.org> <4715BB0A.7070904@sven-radde.de> Message-ID: <20071019035659.GA4074@wilma.widomaker.com> On Wed, Oct 17, 2007 at 09:34:34AM +0200, Sven Radde wrote: > Probably true, but how will spammers get signatures on their stuff that > are valid *for me*? They would have to compromise one of the keys that > are valid on my keyring or one that would be considered trustworthy by > means of the web-of-trust. Why not just take some signed content from a key in the strong set, like this message, and add some unsigned spam to it? It would be a great way to ruin keys by making them "spam-keys." > Maintaining a dedicated database of "spam-keys" that had been > trustworthy but were used for spam would help, too (to assign messages > signed by those keys a bad score). (These are best revoked by their owners, of course.) Unfortunately, these databases might be naively implemented as keyservers, or existing keyservers could start being burdened with "votes" in the form of signatures and/or revocations from any number of signers (voters). At most, you would only want to publish fingerprints of such keys rather than helping propagate and/or bloat them. Worse, how do you determine that some replayed signed content was indeed replayed? Does everyone now have to start publishing lists of the hashes for all their unencrypted, signed messages and the intended recipient(s) for each message? How would these lists be verified? -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 313 bytes Desc: not available Url : /pipermail/attachments/20071018/3bf2f79e/attachment.pgp From benjamin at py-soft.co.uk Fri Oct 19 12:06:47 2007 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Fri, 19 Oct 2007 11:06:47 +0100 Subject: pinentry-mac never displays any UI [seems to be solved] In-Reply-To: References: <200710181654.05689.gnupg@mockies.de> Message-ID: <471881B7.9070703@py-soft.co.uk> Richard Bronosky wrote: > By God, he's right! it was no-grab that was doing it. Fantastic stuff! I'm a bit pushed for time at the moment, but hope to release a new version with the latest copy of gpg2 and pinentry soon. Take care, Ben From malayter at gmail.com Fri Oct 19 14:06:10 2007 From: malayter at gmail.com (Ryan Malayter) Date: Fri, 19 Oct 2007 07:06:10 -0500 Subject: PGP messages getting flagged as spam In-Reply-To: <20071019035659.GA4074@wilma.widomaker.com> References: <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <20071017013058.GP85001@stow.eclipsed.net> <4715901E.5080505@sixdemonbag.org> <4715BB0A.7070904@sven-radde.de> <20071019035659.GA4074@wilma.widomaker.com> Message-ID: <5d7f07420710190506m18a6ff94o9f47802851c2362a@mail.gmail.com> You advocate a (x) technical ( ) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.) ( ) Spammers can easily use it to harvest email addresses (x) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money (x) It is defenseless against brute force attacks (x) It will stop spam for two weeks and then we'll be stuck with it (x) Users of email will not put up with it (x) Microsoft will not put up with it ( ) The police will not put up with it (x) Requires too much cooperation from spammers (x) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists (x) Anyone could anonymously destroy anyone else's career or business Specifically, your plan fails to account for ( ) Laws expressly prohibiting it (x) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (x) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP (x) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes (x) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam (x) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Extreme stupidity on the part of people who do business with Microsoft ( ) Extreme stupidity on the part of people who do business with Yahoo (x) Dishonesty on the part of spammers themselves (x) Bandwidth costs that are unaffected by client filtering (x) Outlook and the following philosophical objections may also apply: (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck (x) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks (x) Countermeasures must work if phased in gradually (x) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough Furthermore, this is what I think about you: (x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid jerk for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down! From mwood at IUPUI.Edu Fri Oct 19 15:11:19 2007 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Fri, 19 Oct 2007 09:11:19 -0400 Subject: PGP messages getting flagged as spam In-Reply-To: <20071019035659.GA4074@wilma.widomaker.com> References: <13225948.post@talk.nabble.com> <470C17CF.4000605@sixdemonbag.org> <8298be230710091718n2ff547cege0ea0577e956b4@mail.gmail.com> <20071015055434.GB85001@stow.eclipsed.net> <5d7f07420710150426i5e2c5520p99ca70d47dd1b5ce@mail.gmail.com> <20071017013058.GP85001@stow.eclipsed.net> <4715901E.5080505@sixdemonbag.org> <4715BB0A.7070904@sven-radde.de> <20071019035659.GA4074@wilma.widomaker.com> Message-ID: <20071019131119.GA24070@IUPUI.Edu> On Thu, Oct 18, 2007 at 11:56:59PM -0400, Jason Harris wrote: > On Wed, Oct 17, 2007 at 09:34:34AM +0200, Sven Radde wrote: > > Probably true, but how will spammers get signatures on their stuff that > > are valid *for me*? They would have to compromise one of the keys that > > are valid on my keyring or one that would be considered trustworthy by > > means of the web-of-trust. > > Why not just take some signed content from a key in the strong set, > like this message, and add some unsigned spam to it? It would be > a great way to ruin keys by making them "spam-keys." Why? I mean, what evidence is there that the owner of the key used to sign the signed content had anything to do with the unsigned content? Signed content in the interior of a message conveys no information about the trust one might choose to assign to the rest of the message. A properly written rule shouldn't care that there is signed content inside an unsigned message. -- Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu Typically when a software vendor says that a product is "intuitive" he means the exact opposite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20071019/3a88fd38/attachment.pgp From dshaw at jabberwocky.com Sun Oct 21 20:30:38 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 21 Oct 2007 14:30:38 -0400 Subject: Trouble with keyservers In-Reply-To: <200710161128.57244.daniel@benoy.name> References: <200710161128.57244.daniel@benoy.name> Message-ID: <20071021183038.GA8977@jabberwocky.com> On Tue, Oct 16, 2007 at 11:28:48AM -0400, Daniel Benoy wrote: > Hi. I generated my key with the assistance of an experimental program > called 'gnupg-pkcs11-scd' and my Aladdin eToken and I think the key that was > generated is somehow messed up. When I exchange my public key with friends > manually, they can encrypt to me just fine. But when they grab from a > keyserver they can't. The problem with your key on the keyserver is that you have a primary key that is tagged for Signing (signing data) and Certification (signing keys), and a subkey tagged for Authentication (proving you are you). You don't have any key or subkey for encryption. Or to be more accurate, you DO have a key for encryption, but the keyserver isn't storing it. This is a well-known keyserver bug with the pksd keyserver software, but many sites refuse to stop running it, despite this and other bugs. If you use a keyerver running sks software, you'll be fine. I believe that pool.sks-keyservers.net has only sks servers in its mix. David From dougb at dougbarton.us Mon Oct 22 06:45:56 2007 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 21 Oct 2007 21:45:56 -0700 (PDT) Subject: Trouble with keyservers In-Reply-To: <20071021183038.GA8977@jabberwocky.com> References: <200710161128.57244.daniel@benoy.name> <20071021183038.GA8977@jabberwocky.com> Message-ID: On Sun, 21 Oct 2007, David Shaw wrote: > Or to be more accurate, you DO have a key for encryption, but the > keyserver isn't storing it. This is a well-known keyserver bug with > the pksd keyserver software, Out of curiosity, what software are the subkeys.pgp.net servers running? I've had pretty good luck with that pool but I would hate to think I'm not getting the complete picture. (Not to mention if I ever decide to generate a key with subkeys ...) > but many sites refuse to stop running it, despite this and other bugs. > If you use a keyerver running sks software, you'll be fine. I believe > that pool.sks-keyservers.net has only sks servers in its mix. Is there a way for us to tell that remotely? Doug -- If you're never wrong, you're not trying hard enough From impulze at impulze.org Sat Oct 6 14:26:14 2007 From: impulze at impulze.org (Daniel Mierswa) Date: Sat, 06 Oct 2007 12:26:14 -0000 Subject: gnupg refuses to work on a read-only filesystem Message-ID: <4707686E.9070309@impulze.org> What do i have to pass to gpg to work on a read-only filesystem and a homedir which is not available? Meaning to be forced to not create anything except messages on stdout and stderr and to be forced to not read anything except the key i want to decrypt. I tried passing the switches --keyring /dev/null (though i think this is not the right way to do it) --no-random-seed-file and --lock-never. Thanks in advance. -- Mierswa, Daniel If you still don't like it, that's ok: that's why I'm boss. I simply know better than you do. --- Linus Torvalds, comp.os.linux.advocacy, 1996/07/22 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071006/a15365f1/attachment.pgp From dl1eec at t-online.de Sun Oct 7 18:35:08 2007 From: dl1eec at t-online.de (Hermann F. Schulze) Date: Sun, 07 Oct 2007 18:35:08 +0200 Subject: GnuPG incompatible with windows-vista ? References: 873b48jlmf.fsf__28062.0411308066$1173860404$gmane$org@wheatstone.g10code.de Message-ID: <47090ABC.2040301@t-online.de> Sorry Sir, unfortunaltely I cannot download the patched gpg.exe. May You help me? Thanks -- ---- Hermann F. Schulze Obere Waldstr. 13 D-42929 Wermelskirchen FON: +49-2196-95460 MOBIL: +49-177-88-27788 EMail: dl1eec at t-online.de Bank:Volksbank RS-SG BLZ: 340 600 94 KTO: 930 875 ----- From sven at radde.name Wed Oct 10 08:42:26 2007 From: sven at radde.name (Sven Radde) Date: Wed, 10 Oct 2007 08:42:26 +0200 Subject: PGP messages getting flagged as spam In-Reply-To: <470C17CF.4000605@sixdemonbag.org> References: <470C17CF.4000605@sixdemonbag.org> Message-ID: <470C7452.5090406@radde.name> Hi! Quite some tima ago a have seen Spams with a (obviously bogus) "---BEGIN PGP SIGNATURE---" + garbage part at the end of the mails. This might have had negative influence on some Bayesian databases. Apart from creating a special Spamassassin module which actually verifies incoming emails, I would not know what to do about it. So long, Sven From cklein at gmx.com Fri Oct 19 14:47:51 2007 From: cklein at gmx.com (Pitigrilli) Date: Fri, 19 Oct 2007 05:47:51 -0700 (PDT) Subject: Separate Fingerprint for elGamal-Subkey? Message-ID: <13293739.post@talk.nabble.com> Someone to whom I had recently sent my public key just called me to verify the Fingerprint of my key, created with gpg4win-1.1.3. I chose my key pair in the Windows privacy Tray and double clicked on it to tell him the fingerprint, and he confirmed it. The guy then told me "Now let's check the fingerprint of the elGamal-key." My reaction: "???". I could not find a separate fingerprint for the elGamal subkey (though threre is a respective subkey in my public key), neither with this software nor in the GNU privacy assistant. I did some research on the web and did not find any references to a separate "elGamal-fingerprint". Thus the guy insisted that his PGP-Software does display it (unfortunately I do not know which SW he uses). I thought that there is only one fingerprint and that this would be sufficient to confirm the integrity of the public key. Can any please provide me with some information? Thanks, Pitigrilli -- View this message in context: http://www.nabble.com/Separate-Fingerprint-for-elGamal-Subkey--tf4652924.html#a13293739 Sent from the GnuPG - User mailing list archive at Nabble.com. From twy2shcn61kzj4d at mx0.wwwnew.eu Fri Oct 19 17:39:04 2007 From: