From eocsor at gmail.com  Tue Jan  1 00:12:31 2008
From: eocsor at gmail.com (Roscoe)
Date: Tue, 1 Jan 2008 08:42:31 +0930
Subject: Social networking
In-Reply-To: <cf657bae0712311511y646615f5ld150f16640d75510@mail.gmail.com>
References: <d7a3cfdf0712310840n118a6238uf6bc6dad567ba71b@mail.gmail.com>
	<cf657bae0712311511y646615f5ld150f16640d75510@mail.gmail.com>
Message-ID: <cf657bae0712311512k4dd0e93es296ea61ee3295675@mail.gmail.com>

Is this a major problem?
I'm sure it happens, but does it happen with any significant frequency?

I can't imagine such a system, which has a higher barrier to entry
than the normal social networking sites, being well received.

But sure, such a system could be constructed, perhaps you could allow
two modes of registration, one requiring a trusted key and the other
requiring ID of some sort. (Now you've made yourself effectively a
certificate authority, though)

-- Roscoe



On Jan 1, 2008 2:10 AM, Hardeep Singh <hs2412 at gmail.com> wrote:
> Hi All
>
> Current social networking sites have a major problem: anybody can
> download your photograph and related details, edit them to his wish,
> and repost on the same site.
>
> I would suggest the following: building of, or using an existing WOT
> and each person wishing to join the social networking site be asked to
> get his profile (photo, name, DOB and some basic details) signed by
> three people already in the WOT. Once this is done, a centralised
> identity, sign the profile having verified the signatures by the other
> three people. Uploads of the photo and profile to any social
> networking site would then require a profile signed by the centralised
> authority. An exchange of any secret can be done to ensure that the
> person uploading the profile is the owner, and the basic details
> entered by the uploader verified against those in the profile.
>
> Does this make sense? Is there a way to make this work without the
> centralised identity?
>
> Regards
> Hardeep
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>


From wk at gnupg.org  Wed Jan  2 09:46:00 2008
From: wk at gnupg.org (Werner Koch)
Date: Wed, 02 Jan 2008 09:46:00 +0100
Subject: pipes cgi and gnupg
In-Reply-To: <3ac86fa70712281903o4e41f56ex8bb366d7a893610a@mail.gmail.com>
	(Brad Tilley's message of "Fri, 28 Dec 2007 22:03:15 -0500")
References: <3ac86fa70712281903o4e41f56ex8bb366d7a893610a@mail.gmail.com>
Message-ID: <873atgmx87.fsf@wheatstone.g10code.de>

On Sat, 29 Dec 2007 04:03, byte8bits at gmail.com said:

> os.system("echo %s | gpg --batch --password-fd 0 -d %s > d.out"

 os.system("echo %s | gpg --batch --password-fd 0 --output - -d %s > d.out"

Note that all users on the machine will see the passphrase in the output
of ps(1).  You are better ofd not using a passphrase at all or by using
--passphrase-file.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From fweimer at bfk.de  Wed Jan  2 09:55:48 2008
From: fweimer at bfk.de (Florian Weimer)
Date: Wed, 02 Jan 2008 09:55:48 +0100
Subject: Ignoring expiration dates
Message-ID: <82ir2cwqqz.fsf@mid.bfk.de>

Is it possible to ignore the key expiration date during encryption?

Unfortunately, people tend to set expiration dates without thinking
about the consequences.  It's not always possible to get a new
self-signature in a reasonable time frame.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


From joao.grilo at gmail.com  Wed Jan  2 12:13:26 2008
From: joao.grilo at gmail.com (=?ISO-8859-1?Q?Jo=E3o_Grilo?=)
Date: Wed, 2 Jan 2008 11:13:26 +0000
Subject: fatal: zlib inflate problem: invalid distance code
Message-ID: <2a221bd70801020313w4f5e3fcbk41b890a70090f0ba@mail.gmail.com>

Hello,

Recently, I was asked to backup and archive a ton of sensitive data, so I
used gpg keep it away from evil eyes.

Now, trying to recover it on a different machine, it fails with the
following error:
debian:~# gpg mybigbackupfile.tar.gz.gpg
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
-- correct password is typed --
gpg: fatal: zlib inflate problem: invalid distance code
secmem usage: 2048/2240 bytes in 4/5 blocks of pool 2240/32768

I have no clue, since I have tried pretty much everything (including
installing the same operating system on the machine where I need to decipher
the data, using the "$ gpg < bigfile.gpg > bigfile" syntax and so on). The
error keeps showing up, and always stalls after processing the same amount
of data (aproximately 27 gigabytes).

The weirdest part is that decrypting the data on the same machine it was
encrypted works perfectly. I have tried to replicate the environment exactly
(apart from a few packages which will probably be different, but this is
debian stable branch anyways). The only "big" difference, is the hardware,
but even the architecture is the same, the cpu is exactly alike.

On the machine where the compression+encryption were done:
Debian Etch Beta 4
Zlib Version: 1:1.2.3-13
Gnupg Version: 1.4.6-2

On the machine where the decompression+decryption is being done (and
failing):
Debian Etch RC1
Zlib Version: 1:1.2.3-13
Gnupg Version: 1.4.6-2

Note that these are all amd64 binaries. The size of "mybigbackupfile" is
aproximately 105 gigabytes.

If I can provide any additional information that can be useful to trace the
problem down, don't hesitate to ask.

Apart from the request "how to recover this file", I'd also like to ask if
there are any measures I could take in the future to ensure this does not
happen again.

Thank you in advance,
Joao Marques
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080102/240a4c4e/attachment.htm>

From wk at gnupg.org  Wed Jan  2 13:40:59 2008
From: wk at gnupg.org (Werner Koch)
Date: Wed, 02 Jan 2008 13:40:59 +0100
Subject: Ignoring expiration dates
In-Reply-To: <82ir2cwqqz.fsf@mid.bfk.de> (Florian Weimer's message of "Wed, 02
	Jan 2008 09:55:48 +0100")
References: <82ir2cwqqz.fsf@mid.bfk.de>
Message-ID: <87y7b8jt7o.fsf@wheatstone.g10code.de>

On Wed,  2 Jan 2008 09:55, fweimer at bfk.de said:

> Is it possible to ignore the key expiration date during encryption?

Not with gpg.  With gpgsm you may try --debug-ignore-expiration.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From fweimer at bfk.de  Wed Jan  2 13:53:24 2008
From: fweimer at bfk.de (Florian Weimer)
Date: Wed, 02 Jan 2008 13:53:24 +0100
Subject: Ignoring expiration dates
In-Reply-To: <87y7b8jt7o.fsf@wheatstone.g10code.de> (Werner Koch's message of
	"Wed, 02 Jan 2008 13:40:59 +0100")
References: <82ir2cwqqz.fsf@mid.bfk.de> <87y7b8jt7o.fsf@wheatstone.g10code.de>
Message-ID: <82tzlwtmm3.fsf@mid.bfk.de>

* Werner Koch:

> On Wed,  2 Jan 2008 09:55, fweimer at bfk.de said:
>
>> Is it possible to ignore the key expiration date during encryption?
>
> Not with gpg.  With gpgsm you may try --debug-ignore-expiration.

Oh well, this is a bit counterintuitive because the expiration time is
a hard fact in X.509, and rather fuzzy in OpenPG.

Would you accept a patch, even if it's a kludge?  (Expiration doesn't
seem to be signalled separately, so we'd have to change the code that
generates the expiration flag, and not the code that uses it.)

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


From JPClizbe at tx.rr.com  Wed Jan  2 14:41:11 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Wed, 02 Jan 2008 07:41:11 -0600
Subject: fatal: zlib inflate problem: invalid distance code
In-Reply-To: <2a221bd70801020313w4f5e3fcbk41b890a70090f0ba@mail.gmail.com>
References: <2a221bd70801020313w4f5e3fcbk41b890a70090f0ba@mail.gmail.com>
Message-ID: <477B9477.8010200@tx.rr.com>

Jo?o Grilo wrote:
> Recently, I was asked to backup and archive a ton of sensitive data, so
> I used gpg keep it away from evil eyes.
> 
> Now, trying to recover it on a different machine, it fails with the
> following error:
> debian:~# gpg mybigbackupfile.tar.gz.gpg
> gpg: CAST5 encrypted data
> gpg: encrypted with 1 passphrase
> -- correct password is typed --
> gpg: fatal: zlib inflate problem: invalid distance code
> secmem usage: 2048/2240 bytes in 4/5 blocks of pool 2240/32768
> 
> I have no clue, since I have tried pretty much everything (including
> installing the same operating system on the machine where I need to
> decipher the data, using the "$ gpg < bigfile.gpg > bigfile" syntax and
> so on). The error keeps showing up, and always stalls after processing
> the same amount of data (aproximately 27 gigabytes).
> 
> The weirdest part is that decrypting the data on the same machine it was
> encrypted works perfectly. I have tried to replicate the environment
> exactly (apart from a few packages which will probably be different, but
> this is debian stable branch anyways). The only "big" difference, is the
> hardware, but even the architecture is the same, the cpu is exactly alike.

<OS details snipped>

> Note that these are all amd64 binaries. The size of "mybigbackupfile" is
> aproximately 105 gigabytes.
> 
> If I can provide any additional information that can be useful to trace
> the problem down, don't hesitate to ask.

Since the original decrypts fine, I'd check and compare the hashes of the two
encrypted archives.

Small errors can creep in during transfer that will invalidate later decryption.
Comparing the outputs from md5sum or sha1sum will alert you to the error.

GnuPG may also be used to generate the file hashes:

    gpg --print-md algo [files]

algo may be taken from the listing produced by 'gpg --version'.

    gpg --print-mds [files]

will generate hashes for all available algorithms.

Good luck.

-- 
John P. Clizbe                   Inet:   JPClizbe(a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080102/a63372a2/attachment-0001.pgp>

From wk at gnupg.org  Wed Jan  2 15:25:38 2008
From: wk at gnupg.org (Werner Koch)
Date: Wed, 02 Jan 2008 15:25:38 +0100
Subject: Ignoring expiration dates
In-Reply-To: <82tzlwtmm3.fsf@mid.bfk.de> (Florian Weimer's message of "Wed, 02
	Jan 2008 13:53:24 +0100")
References: <82ir2cwqqz.fsf@mid.bfk.de> <87y7b8jt7o.fsf@wheatstone.g10code.de>
	<82tzlwtmm3.fsf@mid.bfk.de>
Message-ID: <87r6h0i9st.fsf@wheatstone.g10code.de>

On Wed,  2 Jan 2008 13:53, fweimer at bfk.de said:

> Oh well, this is a bit counterintuitive because the expiration time is
> a hard fact in X.509, and rather fuzzy in OpenPG.

I don't agree that it is fuzzy in OpenPGP; it is well defined.  The fact
that you may change the expiration time does not make it fuzzy.

> Would you accept a patch, even if it's a kludge?  (Expiration doesn't

Sure.  Make it also --debug-ignore-expiration and for gpg2 (backporting
it then is easy).


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From fweimer at bfk.de  Wed Jan  2 15:39:56 2008
From: fweimer at bfk.de (Florian Weimer)
Date: Wed, 02 Jan 2008 15:39:56 +0100
Subject: Ignoring expiration dates
In-Reply-To: <87r6h0i9st.fsf@wheatstone.g10code.de> (Werner Koch's message of
	"Wed, 02 Jan 2008 15:25:38 +0100")
References: <82ir2cwqqz.fsf@mid.bfk.de> <87y7b8jt7o.fsf@wheatstone.g10code.de>
	<82tzlwtmm3.fsf@mid.bfk.de> <87r6h0i9st.fsf@wheatstone.g10code.de>
Message-ID: <82fxxgthoj.fsf@mid.bfk.de>

* Werner Koch:

> On Wed,  2 Jan 2008 13:53, fweimer at bfk.de said:
>
>> Oh well, this is a bit counterintuitive because the expiration time is
>> a hard fact in X.509, and rather fuzzy in OpenPG.
>
> I don't agree that it is fuzzy in OpenPGP; it is well defined.

For v3 keys, it is, but not for v4 keys.  Implementations are free to
take the minimum or maximum of the expiration date over all available
self-signatures.  After all, OpenPGP is just a format spec, and
doesn't say much about semantics.

Actually, this is a very old discussion.  I've come to accept that
it's okay to choose the maximum, but I still don't buy that's the only
choice.  8-)

>> Would you accept a patch, even if it's a kludge?  (Expiration doesn't
>
> Sure.  Make it also --debug-ignore-expiration and for gpg2 (backporting
> it then is easy).

Okay.  I guess I need some form for my employer.  Would you send it to
me, please?

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


From joao.grilo at gmail.com  Wed Jan  2 16:05:00 2008
From: joao.grilo at gmail.com (=?ISO-8859-1?Q?Jo=E3o_Grilo?=)
Date: Wed, 2 Jan 2008 15:05:00 +0000
Subject: fatal: zlib inflate problem: invalid distance code
In-Reply-To: <477B9477.8010200@tx.rr.com>
References: <2a221bd70801020313w4f5e3fcbk41b890a70090f0ba@mail.gmail.com>
	<477B9477.8010200@tx.rr.com>
Message-ID: <2a221bd70801020705y3e17e827pf8fe24021300d1fc@mail.gmail.com>

Hello again,

First of all, thanks for the quick reply.

The checksum did reveal that there are differences. I know this isn't
directly related to GnuPG, but since the file in question is so big
(100gigs), and I don't have physical access to the original file any more,
is it possible to simply transfer the difference between both binaries
through a network connection? If so, what would you consider the best option
in this situation? Rsync?

Thank you for your time, and I'll understand if you redirect me to the rsync
mailing list instead of providing an answer.

Best regards,
Joao Marques


On Jan 2, 2008 1:41 PM, John Clizbe <JPClizbe at tx.rr.com> wrote:

> Jo?o Grilo wrote:
> > Recently, I was asked to backup and archive a ton of sensitive data, so
> > I used gpg keep it away from evil eyes.
> >
> > Now, trying to recover it on a different machine, it fails with the
> > following error:
> > debian:~# gpg mybigbackupfile.tar.gz.gpg
> > gpg: CAST5 encrypted data
> > gpg: encrypted with 1 passphrase
> > -- correct password is typed --
> > gpg: fatal: zlib inflate problem: invalid distance code
> > secmem usage: 2048/2240 bytes in 4/5 blocks of pool 2240/32768
> >
> > I have no clue, since I have tried pretty much everything (including
> > installing the same operating system on the machine where I need to
> > decipher the data, using the "$ gpg < bigfile.gpg > bigfile" syntax and
> > so on). The error keeps showing up, and always stalls after processing
> > the same amount of data (aproximately 27 gigabytes).
> >
> > The weirdest part is that decrypting the data on the same machine it was
> > encrypted works perfectly. I have tried to replicate the environment
> > exactly (apart from a few packages which will probably be different, but
> > this is debian stable branch anyways). The only "big" difference, is the
> > hardware, but even the architecture is the same, the cpu is exactly
> alike.
>
> <OS details snipped>
>
> > Note that these are all amd64 binaries. The size of "mybigbackupfile" is
> > aproximately 105 gigabytes.
> >
> > If I can provide any additional information that can be useful to trace
> > the problem down, don't hesitate to ask.
>
> Since the original decrypts fine, I'd check and compare the hashes of the
> two
> encrypted archives.
>
> Small errors can creep in during transfer that will invalidate later
> decryption.
> Comparing the outputs from md5sum or sha1sum will alert you to the error.
>
> GnuPG may also be used to generate the file hashes:
>
>    gpg --print-md algo [files]
>
> algo may be taken from the listing produced by 'gpg --version'.
>
>    gpg --print-mds [files]
>
> will generate hashes for all available algorithms.
>
> Good luck.
>
> --
> John P. Clizbe                   Inet:   JPClizbe(a) tx DAWT rr DAHT con
> Ginger Bear Networks             hkp://keyserver.gingerbear.net
> "Be who you are and say what you feel because those who mind don't matter
> and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080102/ae1e7f91/attachment.htm>

From stevecliu at gmail.com  Wed Jan  2 17:07:55 2008
From: stevecliu at gmail.com (Steve Liu)
Date: Wed, 2 Jan 2008 11:07:55 -0500
Subject: GPG Decryption of a PGP encrypted zip file resulting in garbled zip
	file
Message-ID: <9b1b11990801020807u136721b8g1efbc2a678a1b348@mail.gmail.com>

Hello,

I'm a newbie here, but I have a problem decrypting a zip file encrypted with
pgp. I was trying to subscribe to the gpg group, but it didn't reply, so I
couldn't post there.  So I thought I'd ask the folks here.

The problem is this, I generate a standard 2048-bit ELG-E key and sent off
the public part to the client.
Similarly they sent me a 1024D (1024bit?) key which I was able to import
successfully

They then uploaded a file reportedly encrypted with their key. I take
the file, decrypt it, and it seems to decrypt successfully (just a warning
that it was not integrity protected).  This results in a zip file

However, when I try to uncompress the zip file, it would not decrypt Winzip
would complain that it is an invalid archive

I'm using GPG 1.4.7
I don't know what the client is using, but they required a DH/DSS key
from me (though this should have nothing to do with the file that they
send me, right?)

The symptom seem to match a little with what was described in:
http://marc.info/?l=gnupg-users&m=104982312123419&w=2
But, as that was supposed to be resolved 4 years ago, I hope that this
is just some user error on my part.
Cheers,
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080102/43733360/attachment.htm>

From wk at gnupg.org  Wed Jan  2 18:33:41 2008
From: wk at gnupg.org (Werner Koch)
Date: Wed, 02 Jan 2008 18:33:41 +0100
Subject: Ignoring expiration dates
In-Reply-To: <82fxxgthoj.fsf@mid.bfk.de> (Florian Weimer's message of "Wed, 02
	Jan 2008 15:39:56 +0100")
References: <82ir2cwqqz.fsf@mid.bfk.de> <87y7b8jt7o.fsf@wheatstone.g10code.de>
	<82tzlwtmm3.fsf@mid.bfk.de> <87r6h0i9st.fsf@wheatstone.g10code.de>
	<82fxxgthoj.fsf@mid.bfk.de>
Message-ID: <87bq84dte2.fsf@wheatstone.g10code.de>

On Wed,  2 Jan 2008 15:39, fweimer at bfk.de said:

> Actually, this is a very old discussion.  I've come to accept that
> it's okay to choose the maximum, but I still don't buy that's the only
> choice.  8-)

Okay.  We have have hard expiration dates on the todo list but nothing
you will see any time soon.

> Okay.  I guess I need some form for my employer.  Would you send it to
> me, please?

Please take this to assign at gnu org and tell that that you need a new
form for your current employer.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From lowbassman at gmail.com  Wed Jan  2 21:14:58 2008
From: lowbassman at gmail.com (Matt Alexander)
Date: Wed, 2 Jan 2008 13:14:58 -0700
Subject: Where can I buy OpenPGP smartcards?
Message-ID: <9e0a35780801021214o16ff1ff7l1f90cd5ecaa9041f@mail.gmail.com>

Does anyone know if any of the following cards are OpenPGP compatible and
will work with GnuPG?

     http://smartcardfocus.com/shop/ilp/se~5/p/index.shtml

Or is the card at...

     http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware

The only option?

Are there any other companies that also make OpenPGP compatible cards?

I'm looking at a possible deployment of OpenPGP smartcards at my company and
want to ensure that I have multiple vendors.
Thanks!
~Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080102/3953224a/attachment.htm>

From alexander.janssen at gmail.com  Wed Jan  2 19:35:02 2008
From: alexander.janssen at gmail.com (Alexander W. Janssen)
Date: Wed, 02 Jan 2008 19:35:02 +0100
Subject: Generic question: Correct content-type?
Message-ID: <477BD956.9090908@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

this is a more generic question. I use Thunderbird + Enigmail on several
machines. I never touched any of the advanced features and never got
problems with someone until now.

I've sent an encrypted email - as inline PGP - and my buddy's Mutt
couldn't deal with the encrypted message. My friend claims this is
because I've sending inline-PGP messages with Content-type text/plain.

He says that I need to configure my MUA so that it sends something like:

Content-Type: multipart/encrypted;
 protocol="application/pgp-encrypted";
 boundary="------------enig

- From what I know (I'm just a user when it comes to email and I bribe
students with beer to set up my sendmails) this is just used if you're
sending multipart-messages, like a plaintext and a HTML-version of the
same email.

1) Am I correct setting Content-Type text/plain?
2) If I'm wrong and need to set application/pgp-encrypted, do I need to
tell that my MUA/Enigmail or do I need to give gpg some parameters? (I
bet it's the MUA)

Thanks for considering this pretty off-topic and crappy question.. :-)

Cheers, Alex.

P.S.: I already searched the Enigmail FAQ and haven't made it yet to
other FAQs... So if it's in the GPG-FAQ, just drop me a RTFM :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBR3vZVBYlVVSQ3uFxAQI09wP/QMNTZ7HXqW19ngd59RO1osxGRJavuK2x
iGRvD0t/mG4Srhenu6MSssI+2Flag+5aXG/ApbUaHxwiVDas1f+tTPsVnMQ3KfXp
X4J+bEp2Eg3Nq9GbPUdyh/LvVaOGRwyTZJ4mTGHJrXjV5omtnxb48InMMKpd9Bp2
WWGuXjXjk9k=
=nsNf
-----END PGP SIGNATURE-----


From byte8bits at gmail.com  Wed Jan  2 17:10:42 2008
From: byte8bits at gmail.com (Brad Tilley)
Date: Wed, 2 Jan 2008 11:10:42 -0500
Subject: pipes cgi and gnupg
In-Reply-To: <873atgmx87.fsf@wheatstone.g10code.de>
References: <3ac86fa70712281903o4e41f56ex8bb366d7a893610a@mail.gmail.com>
	<873atgmx87.fsf@wheatstone.g10code.de>
Message-ID: <3ac86fa70801020810o310ee2fj9f831b2a37e48b61@mail.gmail.com>

On linux, would it be possible to use the Linux Key retention service
to overcome this:

http://www.ibm.com/developerworks/linux/library/l-key-retention.html

On Jan 2, 2008 3:46 AM, Werner Koch <wk at gnupg.org> wrote:

> Note that all users on the machine will see the passphrase in the output
> of ps(1).  You are better ofd not using a passphrase at all or by using
> --passphrase-file.


From alon.barlev at gmail.com  Thu Jan  3 07:24:37 2008
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Thu, 3 Jan 2008 08:24:37 +0200
Subject: Where can I buy OpenPGP smartcards?
In-Reply-To: <9e0a35780801021214o16ff1ff7l1f90cd5ecaa9041f@mail.gmail.com>
References: <9e0a35780801021214o16ff1ff7l1f90cd5ecaa9041f@mail.gmail.com>
Message-ID: <9e0cf0bf0801022224n50579bd4s58d09a5f1f643093@mail.gmail.com>

On 1/2/08, Matt Alexander <lowbassman at gmail.com> wrote:
> I'm looking at a possible deployment of OpenPGP smartcards at my company and
> want to ensure that I have multiple vendors.
> Thanks!
> ~Matt

Hello,

You can use almost any PKCS#11 enabled smartcard if you use:
http://gnupg-pkcs11.sourceforge.net/

Using PKCS#11 will enable you to use the same card for other
applications as well.

Best Regards,
Alon Bar-Lev.


From fweimer at bfk.de  Thu Jan  3 09:40:05 2008
From: fweimer at bfk.de (Florian Weimer)
Date: Thu, 03 Jan 2008 09:40:05 +0100
Subject: Generic question: Correct content-type?
In-Reply-To: <477BD956.9090908@gmail.com> (Alexander W. Janssen's message of
	"Wed, 02 Jan 2008 19:35:02 +0100")
References: <477BD956.9090908@gmail.com>
Message-ID: <82wsqrnvyy.fsf@mid.bfk.de>

* Alexander W. Janssen:

> I've sent an encrypted email - as inline PGP - and my buddy's Mutt
> couldn't deal with the encrypted message. My friend claims this is
> because I've sending inline-PGP messages with Content-type text/plain.

Tell your friend about Esc-P.

He probably wants you to send your message in OpenPGP/MIME format.
This is the better choice for various reasons, but it's still less
supported in the field.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra?e 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


From sk at intertivity.com  Thu Jan  3 10:47:22 2008
From: sk at intertivity.com (Sascha Kiefer)
Date: Thu, 3 Jan 2008 13:47:22 +0400
Subject: Where can I buy OpenPGP smartcards?
In-Reply-To: <9e0cf0bf0801022224n50579bd4s58d09a5f1f643093@mail.gmail.com>
Message-ID: <001f01c84ded$a49a1b50$8a02a8c0@saschaxp1>

http://www.smartcardfocus.com/ is a good place.

Regards,
Sascha Kiefer

-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Alon Bar-Lev
Sent: Donnerstag, 3. Januar 2008 10:25
To: Matt Alexander
Cc: gnupg-users at gnupg.org
Subject: Re: Where can I buy OpenPGP smartcards?


On 1/2/08, Matt Alexander <lowbassman at gmail.com> wrote:
> I'm looking at a possible deployment of OpenPGP smartcards at my 
> company and want to ensure that I have multiple vendors. Thanks!
> ~Matt

Hello,

You can use almost any PKCS#11 enabled smartcard if you use:
http://gnupg-pkcs11.sourceforge.net/

Using PKCS#11 will enable you to use the same card for other
applications as well.

Best Regards,
Alon Bar-Lev.

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



From y-ooshima at hitachi-system.co.jp  Fri Jan  4 03:23:05 2008
From: y-ooshima at hitachi-system.co.jp (y-ooshima at hitachi-system.co.jp)
Date: Fri, 4 Jan 2008 11:23:05 +0900
Subject: Has Vista been already included in support OS?
References: <XNM2$6$0$0$$5$6$2$A$3000451U476b5b9c@hitachi-system.co.jp> 
	<476B7AE1.3090603@tx.rr.com> <87fxxw44bq.fsf@wheatstone.g10code.de>
Message-ID: <XNM2$6$0$0$$5$6$2$A$3000454U477d9874@hitachi-system.co.jp>

Hi,

wk at gnupg.org wrote:
>On Fri, 21 Dec 2007 09:35, JPClizbe at tx.rr.com said:
>>> It seems that installing GnuPG on Vista is OK.

>> Oversight in the README. The problem that Vista had with launching the keyserver

>Right.  I have not tocuhed that README for a long time.  Will chnage it
>for the next release. 

I see, thankyou.
Would you please update a webpage http://www.gnupg.org/download/supported_systems.en.html, too?

BTW, 
the following message appeared when running gpg.exe at the only first time on Vista.

| gpg: DBG: rndw32: get performance data problem

In detail, it will be output before creating the random_seed file.
and this message disappears when turn-off UAC from Vista's control panel.

>From source code in cipher/rndw32.c:

static void
slow_gatherer_windowsNT(void (*add)(const void*, size_t, int), int requester )
{

    (snip)

            status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL,
                                      NULL, (LPBYTE) pPerfData, &dwSize);
            if (status == ERROR_SUCCESS) {
    (snip)

            }
            else {
                g10_log_debug ( "rndw32: get performance data problem\n");
                break;
            }

Under the environment with UAC on Vista, it will be refused to access 
HKEY_PERFORMACE_DATA even if user has administrator privilege. 
I think this is not serious problem, because a random_seed is made from
another part.

Is this right?

Thanks.



From marcus.brinkmann at ruhr-uni-bochum.de  Fri Jan  4 15:50:43 2008
From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann)
Date: Fri, 04 Jan 2008 15:50:43 +0100
Subject: [Announce]  GPGME 1.1.6 released
Message-ID: <874pdt4pbw.wl%marcus.brinkmann@ruhr-uni-bochum.de>

Hi,

We are pleased to announce version 1.1.6 of GnuPG Made Easy,
a library designed to make access to GnuPG easier for applications.
It may be found in the file (about 939 KB/730 KB compressed)
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.6.tar.gz
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.6.tar.bz2

The following files are also available:
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.6.tar.gz.sig
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.6.tar.bz2.sig
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.5-1.1.6.diff.gz

It should soon appear on the mirrors listed at:
http://www.gnupg.org/mirrors.html

Bug reports and requests for assistance should be sent to:
gnupg-devel at gnupg.org

The sha1sum checksums for this distibution are
ed2c9699367d1be32f84bf154673becd16deba0a  gpgme-1.1.5-1.1.6.diff.gz
05218df939d72c2fd6d74f22c2b5d5ade0718b7a  gpgme-1.1.6.tar.bz2
2c2994d98ab545d1bced14c0554f4a50fd8e0878  gpgme-1.1.6.tar.bz2.sig
8dee551f362fc428c25c9bd542ce944ac916347d  gpgme-1.1.6.tar.gz
996e0b48a4f5e0ce3029e95c310ae64af92a6131  gpgme-1.1.6.tar.gz.sig


Noteworthy changes in version 1.1.6 (2008-01-04)
------------------------------------------------

 * Bug fixes for for W32.

 * A new, experimental (and thus undocumented and potentially
   unstable) interface for accessing gpg-conf through GPGME has been
   added.

 * Interface changes relative to the 1.1.1 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 gpgme_signature_t               EXTENDED: New field chain_model.
 gpgme_op_getauditlog_start      NEW.
 gpgme_op_getauditlog            NEW.
 GPGME_AUDITLOG_HTML             NEW.
 GPGME_AUDITLOG_WITH_HELP        NEW.


Marcus Brinkmann
mb at g10code.de

--
g10 Code GmbH       http://g10code.com      AmtsGer. Wuppertal HRB 14459
H?ttenstr. 61                               Gesch?ftsf?hrung Werner Koch
D-40699 Erkrath  -=- The GnuPG Experts -=-  USt-Id DE215605608


_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce

From dshaw at jabberwocky.com  Sat Jan  5 03:14:08 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 4 Jan 2008 21:14:08 -0500
Subject: pipes cgi and gnupg
In-Reply-To: <3ac86fa70801020810o310ee2fj9f831b2a37e48b61@mail.gmail.com>
References: <3ac86fa70712281903o4e41f56ex8bb366d7a893610a@mail.gmail.com>
	<873atgmx87.fsf@wheatstone.g10code.de>
	<3ac86fa70801020810o310ee2fj9f831b2a37e48b61@mail.gmail.com>
Message-ID: <C35C7EEB-431C-438A-BFF1-1D3A95084111@jabberwocky.com>

On Jan 2, 2008, at 11:10 AM, Brad Tilley wrote:

> On linux, would it be possible to use the Linux Key retention service
> to overcome this:
>
> http://www.ibm.com/developerworks/linux/library/l-key-retention.html

Not well.  The Linux key retention service (while very neat) doesn't  
really solve the problem - GPG needs to be as platform-independent as  
possible, which precludes solutions that are only available on Linux.

David



From hidekis at gmail.com  Sat Jan  5 06:04:18 2008
From: hidekis at gmail.com (Hideki Saito)
Date: Fri, 4 Jan 2008 21:04:18 -0800
Subject: GnuPG wikia
Message-ID: <f49fc4840801042104i6f3dece5t72fe30d68886bcb8@mail.gmail.com>

I've started up GnuPG wiki on Wikia.
http://gnupg.wikia.com/wiki/Main_Page

I will be posting contents from my Japanese GnuPG page shortly...
-- 
Hideki Saito


From 210525p42015 at denstarfarm.us  Sat Jan  5 11:43:37 2008
From: 210525p42015 at denstarfarm.us (Robert D.)
Date: Sat, 05 Jan 2008 05:43:37 -0500
Subject: Trimming Per Recipient Rules list
Message-ID: <477F5F59.9010702@denstarfarm.us>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I noticed today that my Per Recipient Rules list is in sad disarray.
Furthermore, the list is huge, by my standards and patience level.

I would like to push all those entries that have a "Key" associated, up
into the top of the list, but rapidly, not "Move-Up ,, Move-Up"

I would like to delete all the rest, if that makes sense to do ...I am
using Thunderbird and am not sure if and how the remainder of the list
is used .... those entries where there is no key and the rule states to
move on to next recipient .... because I am getting a wee bit impatient
with Thunderbird locking herself up for long periods and was working on
trimming things down ... compacting, expunging rules, and so forth ...
and came across the Rules List.


Thanks for any help.

- --
Apple OS/X
-----BEGIN PGP SIGNATURE-----
Comment: www.denstarfarm.us/Public/P3x759.html

iQIcBAEBCgAGBQJHf19YAAoJEM+FBuO1wKhL2t4P/i/vfN/+cTqpeFbqtEZC7ZE5
MUyF8SD+hxLZuvTPbsgHogA6LCqRCXCUCpWR5mD0ZozmGgj1s6JWYJHQpAtHrW1w
a6RleTiIpnm8FM59YBDNJczVaaYPEYhNR3FExZAcArE+e5sl0HPdA/Aw0T5fhmW0
+fFzfGuYbcqbqTdYTl6cR94LtfolMIZziPWghnJBXL6m+TBwBpn6d/flbHq8WDgV
TnRYOrV72YnpakJE/F9U5LjKer/JWh+qKUOSrz4QIHCcIC8tHmwK9+B1KL7V9Iyi
GKiEn3hMSnlL6WQDEYdO6PB11+1XT1nYCq2m5RagimweOAlKbVY2bpoOwq1RXN8L
Fh2kqpotgG0a3r0zZ9NWswXrKlZlXN3o9JorN3k3PlMyxbJ5Eoc+rTAj6BIrFCrQ
Au5Pof0h1amz3/XHe5OzvgnTetPUvyKCDRmJ6wY8PxC/TBLzEB1+QmubINEDXN/9
UBCsmOktsUtiZw2uTNFzhto2r5034hEuO6LWCCDu/ebU2yaIjJD/wi/AaQvuxpsh
IcKw2I4LamixdzYXhMkbsFumDPyd5CkP5YB1LLt2mxcVSkd2Pvx3JhpbUSFK9v4e
IUxjyyqE5ngV6qD6rcEeHx1PneUBEoE/2YEjqBeO1cX4XwZPUa66rEYrUjOEpgv2
wAQZilz78et0SCvsG3+X
=v9G9
-----END PGP SIGNATURE-----


From shavital at mac.com  Sat Jan  5 13:33:27 2008
From: shavital at mac.com (Charly Avital)
Date: Sat, 05 Jan 2008 07:33:27 -0500
Subject: Trimming Per Recipient Rules list
In-Reply-To: <477F5F59.9010702@denstarfarm.us>
References: <477F5F59.9010702@denstarfarm.us>
Message-ID: <477F7917.4000907@mac.com>

Robert D. <210525p42015 at denstarfarm.us> wrote the following on 1/5/08 
5:43 AM:
> I noticed today that my Per Recipient Rules list is in sad disarray.
> Furthermore, the list is huge, by my standards and patience level.
> 
> I would like to push all those entries that have a "Key" associated, up
> into the top of the list, but rapidly, not "Move-Up ,, Move-Up"

I couldn't find any work around the gradual moving (up or down) of each 
entry by entry. Trying to select several entries together is not possible.

Maybe you could find some information in user specific files. From 
Enigmail help pages:

     * The settings are stored in an XML file in your profile folder 
called pgprules.xml.
       If you delete your profile for any reason, you should be sure to 
back this file up along with your mail, user.js, etc.


> I would like to delete all the rest, if that makes sense to do

I believe you can do it, there's a button for that. I suppose that the 
next time you want to send an e-mail to any of the recipients, whose 
rule has been deleted, Enigmail will prompt you to set a rule, unless 
you disable the automatic creation of per recipient rules, in OpenPGP 
Preferences > Key Selection (see further)

  ...I am
> using Thunderbird and am not sure if and how the remainder of the list
> is used .... those entries where there is no key and the rule states to
> move on to next recipient .... because I am getting a wee bit impatient
> with Thunderbird locking herself up for long periods and was working on
> trimming things down ... compacting, expunging rules, and so forth ...
> and came across the Rules List.

Good move, but I believe that trimming Thunderbird's Inbox to zero 
entries might improve Thunderbird's performance, by saving indexing time.

If it was possible to disable the function 'automatically download keys 
for signature verification' that would be a good thing. I haven't found 
the ways to do it, maybe in pgprules.xml.

Alternatively, it is possible to disable OpenPGP>Automatically 
Decrypt/Verify Messages. I suggested, some time ago, to condition this 
rule to be "Automatically Decrypt/Verify Messages, *unless already read*.

Maybe you could also use the following (from Enigmail Help)

Tips and Tricks
If you wish to send a mail to somebody for whom you don't have a rule, 
and you wish to manually turn on signing, encryption, or PGP/MIME, it 
will be overridden by the settings in the Enigmail > Preferences > 
OpenPGP Security tab and the Per-Recipient Rules, and the message will 
be sent in plain text.

To get around this, add a new rule.

     * In the Set OpenPGP Rules for field enter @
     * Set Apply rule if recipient to Contains
     * Set Continue with the next rule for the matching address
     * Do not add any keys
     * Set Signing, Encryption, and PGP/MIME to Yes, if selected in message
     * Save the rule and ensure that it is at the bottom of the list of 
rules.

> Thanks for any help.

I am not sure I helped.

Charly





From yalla at fsfe.org  Mon Jan  7 09:27:31 2008
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Mon, 07 Jan 2008 09:27:31 +0100
Subject: Setting proxy through command-line parameters?
Message-ID: <4781E273.7030204@fsfe.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I know how to set my Proxy in the appropriate config-files, but is there
also a possibility to set the proxy on the command-line?

Background: I'm using Thunderbird/Enigmail in different
network-environments and it'd be neat if Enigmail could take the current
proxy-configuration from the Thunderbird settings, and applying it to
the command-line parameters of GPG.

Oh, and it's a socks-proxy as well which complicates the situation...

Alex.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQCVAwUBR4HicRYlVVSQ3uFxAQK6wgP5AVyVWPysxLDZl3jKbGrpH6mB2LJW0aEF
njOrrzZ1zGY0+GocF/D1NRsuhjUFDy7fCQ9WM4mgtEkqFwUN/8JiRijznqNV6JXP
iZCYXEHRd8UxoVwa5ww0bfxBUcQT2yIXNkXdIrPkUCE0uj59jowe27AUhuyVbL4o
biRxeoVAheE=
=DDHC
-----END PGP SIGNATURE-----


From lowbassman at gmail.com  Mon Jan  7 19:36:41 2008
From: lowbassman at gmail.com (Matt Alexander)
Date: Mon, 7 Jan 2008 11:36:41 -0700
Subject: Where can I buy OpenPGP smartcards?
In-Reply-To: <9e0cf0bf0801022224n50579bd4s58d09a5f1f643093@mail.gmail.com>
References: <9e0a35780801021214o16ff1ff7l1f90cd5ecaa9041f@mail.gmail.com>
	<9e0cf0bf0801022224n50579bd4s58d09a5f1f643093@mail.gmail.com>
Message-ID: <9e0a35780801071036q4b01da53j956913d3070655ed@mail.gmail.com>

Wow, that's cool.  That definitely would simplify things for me.  Are there
plans in the future to incorporate PKCS#11 support into the main GnuPG
source?



On Jan 2, 2008 11:24 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote:

> On 1/2/08, Matt Alexander <lowbassman at gmail.com> wrote:
> > I'm looking at a possible deployment of OpenPGP smartcards at my company
> and
> > want to ensure that I have multiple vendors.
> > Thanks!
> > ~Matt
>
> Hello,
>
> You can use almost any PKCS#11 enabled smartcard if you use:
> http://gnupg-pkcs11.sourceforge.net/
>
> Using PKCS#11 will enable you to use the same card for other
> applications as well.
>
> Best Regards,
> Alon Bar-Lev.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080107/73041f18/attachment.htm>

From alon.barlev at gmail.com  Mon Jan  7 19:38:49 2008
From: alon.barlev at gmail.com (Alon Bar-Lev)
Date: Mon, 7 Jan 2008 20:38:49 +0200
Subject: Where can I buy OpenPGP smartcards?
In-Reply-To: <9e0a35780801071036q4b01da53j956913d3070655ed@mail.gmail.com>
References: <9e0a35780801021214o16ff1ff7l1f90cd5ecaa9041f@mail.gmail.com>
	<9e0cf0bf0801022224n50579bd4s58d09a5f1f643093@mail.gmail.com>
	<9e0a35780801071036q4b01da53j956913d3070655ed@mail.gmail.com>
Message-ID: <9e0cf0bf0801071038u48039531k1a7ee23d7fc21480@mail.gmail.com>

The chances are slim... Because of this we forked the scdaemon...

On Jan 7, 2008 8:36 PM, Matt Alexander <lowbassman at gmail.com> wrote:
> Wow, that's cool.  That definitely would simplify things for me.  Are there
> plans in the future to incorporate PKCS#11 support into the main GnuPG
> source?
>
>
>
>
>
> On Jan 2, 2008 11:24 PM, Alon Bar-Lev < alon.barlev at gmail.com> wrote:
> >
> > On 1/2/08, Matt Alexander <lowbassman at gmail.com> wrote:
> > > I'm looking at a possible deployment of OpenPGP smartcards at my company
> and
> > > want to ensure that I have multiple vendors.
> > > Thanks!
> > > ~Matt
> >
> > Hello,
> >
> > You can use almost any PKCS#11 enabled smartcard if you use:
> > http://gnupg-pkcs11.sourceforge.net/
> >
> > Using PKCS#11 will enable you to use the same card for other
> > applications as well.
> >
> > Best Regards,
> > Alon Bar-Lev.
> >
>
>


From abdalma1 at yahoo.de  Tue Jan  8 17:19:53 2008
From: abdalma1 at yahoo.de (Abd-Al-Latif Mahmud)
Date: Tue, 8 Jan 2008 17:19:53 +0100 (CET)
Subject: GPG 2.0.8 compilation: ok, execution: error
Message-ID: <381351.38965.qm@web23402.mail.ird.yahoo.com>

Hi,


I am trying to compile GPG 2.0.8 on my Mac. The
compilation itself seemed to work flawlessly, but
p.ex. upon decrypting a text, I get following error:

MacBook:bin foo$ ./gpg2 --homedir=/Users/foo/.gnupg/
-d /Users/foo/some-encrypted-file.gpg 

You need a passphrase to unlock the secret key for
user: "foo bar <foo at bar>"
1024-bit ELG key, ID 01234567, created 1970-01-01
(main key ID 76543210)

can't connect to `/Users/foo/.gnupg//S.gpg-agent': No
such file or directory
gpg-agent[65520]: directory
`/Users/foo/.gnupg/private-keys-v1.d' created
gpg-agent[65520]: can't connect server: `ERR 67109133
can't exec `/Users/foo/Downloads/built': Permission
denied'
gpg-agent[65520]: can't connect to the PIN entry
module: IPC connect call failed
gpg-agent[65520]: command get_passphrase failed: No
pinentry
gpg: problem with the agent: No pinentry
gpg: encrypted with 1024-bit ELG key, ID 01234567,
created 2001-01-01
      "foo bar <foo at bar>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key

In the compilation process, pinentry has of course
been compiled (with ncurses only). I have installed
(i.e. "--prefix=...") everything in a subdirectory of
my home - don't know if that matters.

Any idea on how to fix the error?
Thanks

Mit freundlichen Gr?ssen

Abd-Al-Latif Mahmud


      Machen Sie Yahoo! zu Ihrer Startseite. Los geht's: 
http://de.yahoo.com/set



From pneukom at gmail.com  Wed Jan  9 03:10:03 2008
From: pneukom at gmail.com (Philip Neukom)
Date: Tue, 08 Jan 2008 21:10:03 -0500
Subject: gpg: waiting for lock (held by 1529 - probably dead)?
Message-ID: <47842CFB.3060403@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I'm back and updating my key for new email accounts after a long absence.

But am running a problem and getting the following error.  I did a
Google search but didn't find anything yet.

Could someone please explain what the error means?  And, if there is
obvious place to look for such info that I don't know about, please let
me know where I can look.

Error
- ---cut---
gpg: waiting for lock (held by 1529 - probably dead) ...
- ---cut---

MacOSx 10.4.11
macgpg 1.4.8
keyserver: mit

Thank you in advance
Philip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBR4Qs+77LWbdllVmZAQJTGgQAiHhDq1zJKA7xDz5puMCoAsnbP8idDN+D
1Q+VbtjyVNvmUJfsU+4vJauQEMmOZKC0CgITKH2tsvndsZmUv3VMOAtRmoBdauDD
igdPFhP6kGjdeHxr57zAN3s0OjUtBOkNI+xMmj7IXXOeZ/2fZR697ieFRamrGxfV
krEoSSuXm90=
=CkQx
-----END PGP SIGNATURE-----


From shavital at mac.com  Wed Jan  9 13:08:41 2008
From: shavital at mac.com (Charly Avital)
Date: Wed, 09 Jan 2008 07:08:41 -0500
Subject: gpg: waiting for lock (held by 1529 - probably dead)?
In-Reply-To: <47842CFB.3060403@gmail.com>
References: <47842CFB.3060403@gmail.com>
Message-ID: <4784B949.80701@mac.com>

Philip Neukom wrote the following on 1/8/08 9:10 PM:
> Hi!
> 
> I'm back and updating my key for new email accounts after a long absence.

Welcome back.
> 
> But am running a problem and getting the following error.  I did a
> Google search but didn't find anything yet.
> 
> Could someone please explain what the error means?  And, if there is
> obvious place to look for such info that I don't know about, please let
> me know where I can look.
> 
> Error
> ---cut---
> gpg: waiting for lock (held by 1529 - probably dead) ...
> ---cut---

I remember having had that kind of problem.

Please point your browser to:
<http://lists.gnupg.org/pipermail/gnupg-users/2000-December/007196.html>.

All I can understand is that gpg started a process that it couldn't 
complete, and/or crashed. I very vaguely remember that the crash was due 
to a missing hash SHA224 (H11); but don't take me to my word, launch 
Terminal and type gpg -v --version, and see what you get.

The crash, or whatever it was resulted in the creation in ~/.gnupg of a 
file named secring.gpg.lock or trustdb.gpg.lock, any file with the 
extension .....gpg.lock. Remove that file, it should solve the problem.

By the way, an unrelated question: how did you install 1.4.8? Compiled 
src, or used the binary installer available at 
<http://macgpg.sourceforge.net/>?

Charly
MacOSX 10.5.1
gpg 1.4.8, gpg2 2.0.7 with gpg-agent.

> 
> MacOSx 10.4.11
> macgpg 1.4.8
> keyserver: mit
> 
> Thank you in advance
> Philip

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users




From pneukom at gmail.com  Wed Jan  9 14:10:19 2008
From: pneukom at gmail.com (Philip Neukom)
Date: Wed, 09 Jan 2008 08:10:19 -0500
Subject: gpg: waiting for lock (held by 1529 - probably dead)?
In-Reply-To: <4784B949.80701@mac.com>
References: <47842CFB.3060403@gmail.com> <4784B949.80701@mac.com>
Message-ID: <4784C7BB.1050008@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Charly, thank you for your reply.  And especially for the direct 
response.  I forgot to mention that I am on digest mode. (oophs).

Thank you for the link.  I didn't think to look for a "lock" file in 
~.gnupg.  I just deleted those files and will try to get the uid updated 
again.

Is there a "search" page for all the archives?  I have just found a page 
that lists all the discussions by month.  I think you would need to 
select and search each month.  That would be tedious.  Doesn't Google 
index these forums?

I was running the binary MacGPG version 1.4.8 but since my original keys 
were created using IDEA, I couldn't run it properly.   I tried to 
compile a  plug-in but that was beyond my limited ability.

Luckily for me, Robert Hansen was able to give me some help and I 
compiled the complete 1.4.8 with IDEA by myself!!  So right now, I am 
running v 1.4.8 compiled from source.

Thanks again.
Philip

Charly Avital wrote:
| Philip Neukom wrote the following on 1/8/08 9:10 PM:
|> Hi!
|>
|> I'm back and updating my key for new email accounts after a long absence.
|
| Welcome back.
|>
|> But am running a problem and getting the following error.  I did a
|> Google search but didn't find anything yet.
|>
|> Could someone please explain what the error means?  And, if there is
|> obvious place to look for such info that I don't know about, please let
|> me know where I can look.
|>
|> Error
|> ---cut---
|> gpg: waiting for lock (held by 1529 - probably dead) ...
|> ---cut---
|
| I remember having had that kind of problem.
|
| Please point your browser to:
| <http://lists.gnupg.org/pipermail/gnupg-users/2000-December/007196.html>.
|
| All I can understand is that gpg started a process that it couldn't 
complete, and/or crashed. I very vaguely remember that the crash was due 
to a missing hash SHA224 (H11); but don't take me to my word, launch 
Terminal and type gpg -v --version, and see what you get.
|
| The crash, or whatever it was resulted in the creation in ~/.gnupg of 
a file named secring.gpg.lock or trustdb.gpg.lock, any file with the 
extension .....gpg.lock. Remove that file, it should solve the problem.
|
| By the way, an unrelated question: how did you install 1.4.8? Compiled 
src, or used the binary installer available at 
<http://macgpg.sourceforge.net/>?
|
| Charly
| MacOSX 10.5.1
| gpg 1.4.8, gpg2 2.0.7 with gpg-agent.
|
|>
|> MacOSx 10.4.11
|> macgpg 1.4.8
|> keyserver: mit
|>
|> Thank you in advance
|> Philip
|
| _______________________________________________
| Gnupg-users mailing list
| Gnupg-users at gnupg.org
| http://lists.gnupg.org/mailman/listinfo/gnupg-users
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBR4THu77LWbdllVmZAQIEYQQAlzlP8rYDZfpiThtLn9tnpY686ujNSKVV
Wt4+LRLS32pZF7U2SBPLXlkl9vqItycE1Rde2jyBf0/ndWZRtKkAkmbasxeOxMj+
WJk+bicop0JVmzk3nfT7l4rlzOvDn2qhYvKNm6qSjB1+ksgJFIhEDZAiHioVhOxF
h49CNRrSlUc=
=7s1n
-----END PGP SIGNATURE-----



From paul.crittenden at simpson.edu  Wed Jan  9 23:28:46 2008
From: paul.crittenden at simpson.edu (Paul Crittenden)
Date: Wed, 9 Jan 2008 16:28:46 -0600
Subject: Decryption error
Message-ID: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>

I am using gpg for encryption with Amanda, a disk backup utility. It
backups up just fine but when I try to restore I get the error:

 

ld.so.1: gpg: fatal: libgcc_s.so.1: open failed: No such file or
directory

 

I have set environment variables both when I compiled gpg and when I run
the restore utility but I can't seem to get past this error.

I have worked with the Amanda folks but still haven't figured this one
out.

 

Any ideas would be appreciated.

 

Paul Crittenden

Computer Systems Manager

Simpson College

Phone: 515-961-1680

Email: paul.crittenden at simpson.edu

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080109/79db43c9/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 4219 bytes
Desc: image001.gif
URL: </pipermail/attachments/20080109/79db43c9/attachment-0001.gif>

From dshaw at jabberwocky.com  Thu Jan 10 04:26:14 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 9 Jan 2008 22:26:14 -0500
Subject: Decryption error
In-Reply-To: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>
References: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>
Message-ID: <20080110032614.GA18701@jabberwocky.com>

On Wed, Jan 09, 2008 at 04:28:46PM -0600, Paul Crittenden wrote:
> I am using gpg for encryption with Amanda, a disk backup utility. It
> backups up just fine but when I try to restore I get the error:
> 
>  
> 
> ld.so.1: gpg: fatal: libgcc_s.so.1: open failed: No such file or
> directory
> 
>  
> 
> I have set environment variables both when I compiled gpg and when I run
> the restore utility but I can't seem to get past this error.
> 
> I have worked with the Amanda folks but still haven't figured this one
> out.

This isn't an Amanda issue or a GPG issue.  Rather, it's a regular old
Unix-ish shared library issue.  The error means that the gpg binary
was compiled on a system that could find libgcc_s.so.1, but is now
being run on a system that cannot.

Does the libgcc_s.so.1 file exist at all on your machine?

David


From dshaw at jabberwocky.com  Thu Jan 10 04:38:18 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 9 Jan 2008 22:38:18 -0500
Subject: Setting proxy through command-line parameters?
In-Reply-To: <4781E273.7030204@fsfe.org>
References: <4781E273.7030204@fsfe.org>
Message-ID: <20080110033818.GB18701@jabberwocky.com>

On Mon, Jan 07, 2008 at 09:27:31AM +0100, Alexander W. Janssen wrote:
> Hi,
> 
> I know how to set my Proxy in the appropriate config-files, but is there
> also a possibility to set the proxy on the command-line?

I assume you mean the HTTP proxy for keyserver access?  If so, then
yes.  Add something like this to your command line:

   --keyserver-options "http-proxy=http://my.proxy.example.com"

David


From paul.crittenden at simpson.edu  Thu Jan 10 15:32:31 2008
From: paul.crittenden at simpson.edu (Paul Crittenden)
Date: Thu, 10 Jan 2008 08:32:31 -0600
Subject: Decryption error
In-Reply-To: <20080110032614.GA18701@jabberwocky.com>
References: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>
	<20080110032614.GA18701@jabberwocky.com>
Message-ID: <319C97430831164E90F66B72B419713D39D0DA@MAIL.sc.loc>

I ran ldd against the binary gpg and it found the file.

# ldd /usr/bin/gpg
        libiconv.so.2 =>         /usr/local/lib/libiconv.so.2
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libz.so.1 =>     /usr/lib/libz.so.1
        libreadline.so.5 =>      /usr/local/lib/libreadline.so.5
        libcurses.so.1 =>        /usr/lib/libcurses.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libgcc_s.so.1 =>         /usr/local/lib/libgcc_s.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        /usr/platform/SUNW,Sun-Fire-V890/lib/libc_psr.so.1

Paul Crittenden
Computer Systems Manager
Simpson College
Phone: 515-961-1680
Email: paul.crittenden at simpson.edu

-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David Shaw
Sent: Wednesday, January 09, 2008 9:26 PM
To: gnupg-users at gnupg.org
Subject: Re: Decryption error

On Wed, Jan 09, 2008 at 04:28:46PM -0600, Paul Crittenden wrote:
> I am using gpg for encryption with Amanda, a disk backup utility. It
> backups up just fine but when I try to restore I get the error:
> 
>  
> 
> ld.so.1: gpg: fatal: libgcc_s.so.1: open failed: No such file or
> directory
> 
>  
> 
> I have set environment variables both when I compiled gpg and when I
run
> the restore utility but I can't seem to get past this error.
> 
> I have worked with the Amanda folks but still haven't figured this one
> out.

This isn't an Amanda issue or a GPG issue.  Rather, it's a regular old
Unix-ish shared library issue.  The error means that the gpg binary
was compiled on a system that could find libgcc_s.so.1, but is now
being run on a system that cannot.

Does the libgcc_s.so.1 file exist at all on your machine?

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

NOTE: This message was trained as non-spam.  If this is wrong,
please correct the training as soon as possible.

Teach CanIt if this mail (ID 17778430) is spam:
Spam:
https://storm.simpson.edu/canit/b.php?i=17778430&m=1223e5389390&c=s
Not spam:
https://storm.simpson.edu/canit/b.php?i=17778430&m=1223e5389390&c=n
Forget vote:
https://storm.simpson.edu/canit/b.php?i=17778430&m=1223e5389390&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS



From paul.crittenden at simpson.edu  Thu Jan 10 16:22:54 2008
From: paul.crittenden at simpson.edu (Paul Crittenden)
Date: Thu, 10 Jan 2008 09:22:54 -0600
Subject: Decryption error
In-Reply-To: <20080110032614.GA18701@jabberwocky.com>
References: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>
	<20080110032614.GA18701@jabberwocky.com>
Message-ID: <319C97430831164E90F66B72B419713D39D0E0@MAIL.sc.loc>

I fixed it, perhaps not the proper fix but it now works. I made a link
from /usr/local/lib/libgcc... to /usr/lib/libgcc...


Paul Crittenden
Computer Systems Manager
Simpson College
Phone: 515-961-1680
Email: paul.crittenden at simpson.edu

-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David Shaw
Sent: Wednesday, January 09, 2008 9:26 PM
To: gnupg-users at gnupg.org
Subject: Re: Decryption error

On Wed, Jan 09, 2008 at 04:28:46PM -0600, Paul Crittenden wrote:
> I am using gpg for encryption with Amanda, a disk backup utility. It
> backups up just fine but when I try to restore I get the error:
> 
>  
> 
> ld.so.1: gpg: fatal: libgcc_s.so.1: open failed: No such file or
> directory
> 
>  
> 
> I have set environment variables both when I compiled gpg and when I
run
> the restore utility but I can't seem to get past this error.
> 
> I have worked with the Amanda folks but still haven't figured this one
> out.

This isn't an Amanda issue or a GPG issue.  Rather, it's a regular old
Unix-ish shared library issue.  The error means that the gpg binary
was compiled on a system that could find libgcc_s.so.1, but is now
being run on a system that cannot.

Does the libgcc_s.so.1 file exist at all on your machine?

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


-- 
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

NOTE: This message was trained as non-spam.  If this is wrong,
please correct the training as soon as possible.

Teach CanIt if this mail (ID 17778430) is spam:
Spam:
https://storm.simpson.edu/canit/b.php?i=17778430&m=1223e5389390&c=s
Not spam:
https://storm.simpson.edu/canit/b.php?i=17778430&m=1223e5389390&c=n
Forget vote:
https://storm.simpson.edu/canit/b.php?i=17778430&m=1223e5389390&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS



From shavital at mac.com  Thu Jan 10 16:56:31 2008
From: shavital at mac.com (Charly Avital)
Date: Thu, 10 Jan 2008 10:56:31 -0500
Subject: gpg2 2.0.8
Message-ID: <4786402F.4030604@mac.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


After checking which libraries where already in my system (from previous
installations) I downloaded gnupg-2.0.8 from gnupg.org's site, verified
the signature, and compiled the source code, using the usual commands.

At the end of ./configure:

GnuPG v2.0.8 has been configured as follows:

~        Platform:  Darwin (i386-apple-darwin9.1.0)

~        OpenPGP:   yes
~        S/MIME:    yes
~        Agent:     yes
~        Smartcard: yes (without internal CCID driver)

~        Protect tool:      (default)
~        Default agent:     (default)
~        Default pinentry:  (default)
~        Default scdaemon:  (default)
~        Default dirmngr:   (default)

~        PKITS based tests: no


I have now:

$ gpg2 --version
gpg (GnuPG) 2.0.8
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Used libraries: gcrypt(1.4.0)

Question: why 'Used libraries: gcrypt(1.4.0)?

Charly

~  Model Name:	MacBook
~  Model Identifier:	MacBook2,1
~  Processor Name:	Intel Core 2 Duo
~  Processor Speed:	2 GHz
~  Number Of Processors:	1
~  Total Number Of Cores:	2
~  L2 Cache:	4 MB
~  Memory:	2 GB
~  Bus Speed:	667 MHz
~  Boot ROM Version:	MB21.00A5.B07
~  SMC Version:	1.13f3

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (Darwin)
Comment: GnuPG for Privacy
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJHhkAmAAoJEM3GMi2FW4Pv8G8IAISGHRmnr+gPmNdvqJEOO/0B
8gxqAQqn729amuHyZZ+XU8qmUxxtXNJpCQktvl9vJ3jikrKij279/tscE8Nbsdq0
rBHHUXb5uUbx9JciY6Yr6qDySPprd8VbUQcAt/TCD50M3CwtPry1rukbD17gDgk/
qX0Wlfh+yHkMDJLS29aWPNyKLccqec7DDq9PfGZ7nSs9T2ZOHwJY7WRBrabaJfdP
zDHxFcLQh3UMqI7mmKJyrW8U9pPhbL7U2IJ8lX8b0k21UrUSHRx9cOM/9qyri0ql
4NoHb0WINcN3Vq1lNhkk7ANzE5mxJyIHsRxYRZf7LQQdI758Ake1E3uoDDAvOLQ=
=lCJo
-----END PGP SIGNATURE-----


From yalla at fsfe.org  Thu Jan 10 16:34:10 2008
From: yalla at fsfe.org (Alexander W. Janssen)
Date: Thu, 10 Jan 2008 16:34:10 +0100
Subject: Decryption error
In-Reply-To: <319C97430831164E90F66B72B419713D39D0E0@MAIL.sc.loc>
References: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>	<20080110032614.GA18701@jabberwocky.com>
	<319C97430831164E90F66B72B419713D39D0E0@MAIL.sc.loc>
Message-ID: <47863AF2.2070202@fsfe.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Crittenden wrote:
| I fixed it, perhaps not the proper fix but it now works. I made a link
| from /usr/local/lib/libgcc... to /usr/lib/libgcc...

If it's a Linux-system add /usr/local/lib to the file /etc/ld.so.conf
and run the command ldconfig once.

In Solaris you need to use the crle-tool, I've found instructions here
so I don't have to type it:
http://bwachter.lart.info/solaris/solfaq.html - Section "Configure the
dynamic linker"

Both commands have the same result, to tell your system where to look
for libraries. If you system doesn't look into /usr/local/lib because it
isn't configured to do so, you run into the problem you have.

HTH, Alex.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQCVAwUBR4Y68BYlVVSQ3uFxAQKwHwP+NuL80m/mstGuT4d2zXF1rAQp9rbGqoLY
9sSaEGBcupJUeG5otHr+EWL3TOmflMBUXeBEDZ9SfX1qETdSkxZgayGk2znenWkY
l8scDtXqXtDCzbZcJFVQzYMvESQY5e2iW29oCiwdrj15eKaEJtdz6ILntwWpqgVn
X4G3lPlEQ8Y=
=ZxY6
-----END PGP SIGNATURE-----


From paul.crittenden at simpson.edu  Thu Jan 10 20:28:01 2008
From: paul.crittenden at simpson.edu (Paul Crittenden)
Date: Thu, 10 Jan 2008 13:28:01 -0600
Subject: Decryption error
In-Reply-To: <47863AF2.2070202@fsfe.org>
References: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>	<20080110032614.GA18701@jabberwocky.com><319C97430831164E90F66B72B419713D39D0E0@MAIL.sc.loc>
	<47863AF2.2070202@fsfe.org>
Message-ID: <319C97430831164E90F66B72B419713D39D0E6@MAIL.sc.loc>

Thanks, this fixed the problem, the correct way.

Paul Crittenden
Computer Systems Manager
Simpson College
Phone: 515-961-1680
Email: paul.crittenden at simpson.edu

-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Alexander W. Janssen
Sent: Thursday, January 10, 2008 9:34 AM
To: gnupg-users
Subject: Re: Decryption error

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Crittenden wrote:
| I fixed it, perhaps not the proper fix but it now works. I made a link
| from /usr/local/lib/libgcc... to /usr/lib/libgcc...

If it's a Linux-system add /usr/local/lib to the file /etc/ld.so.conf
and run the command ldconfig once.

In Solaris you need to use the crle-tool, I've found instructions here
so I don't have to type it:
http://bwachter.lart.info/solaris/solfaq.html - Section "Configure the
dynamic linker"

Both commands have the same result, to tell your system where to look
for libraries. If you system doesn't look into /usr/local/lib because it
isn't configured to do so, you run into the problem you have.

HTH, Alex.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQCVAwUBR4Y68BYlVVSQ3uFxAQKwHwP+NuL80m/mstGuT4d2zXF1rAQp9rbGqoLY
9sSaEGBcupJUeG5otHr+EWL3TOmflMBUXeBEDZ9SfX1qETdSkxZgayGk2znenWkY
l8scDtXqXtDCzbZcJFVQzYMvESQY5e2iW29oCiwdrj15eKaEJtdz6ILntwWpqgVn
X4G3lPlEQ8Y=
=ZxY6
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


From s_protsman at yahoo.com  Fri Jan 11 01:55:09 2008
From: s_protsman at yahoo.com (Shawn Protsman)
Date: Thu, 10 Jan 2008 16:55:09 -0800 (PST)
Subject: export keys and import to pgp 7
Message-ID: <792710.5744.qm@web30814.mail.mud.yahoo.com>

I'm running some tests and exported some keys from my gpg 1.4.7 instance using the instructions here:

http://gnupg.org/documentation/faqs.en.html#q5.7

I then attempted to import into an older PGP 7.01 (command line) installation:

Now, when I receive a file and attempt to decrypt that file with PGP 7 it still doesn't accept my passphrase. Does anyone know of a workaround? 

--Shawn




      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080110/edad7890/attachment-0001.htm>

From landes_eric at yahoo.fr  Sat Jan 12 13:49:49 2008
From: landes_eric at yahoo.fr (ERIC LANDES)
Date: Sat, 12 Jan 2008 13:49:49 +0100 (CET)
Subject: Checking expiration date automatically
Message-ID: <834779.75600.qm@web27612.mail.ukl.yahoo.com>


Hello,

I use gnupg with a software I write and it needs a gpg key with expiration date. 
As I do not myself manage this software, I would like to provide a shell script on 
Linux (e.g. launched every day with cron) which would check for the expiration date and send 
a warning if key expires within a given time (15 days for example). 

Does there exist an option which would give the expiration date of a key, if such date exists ? 
I saw nothing on man gpg. 


It is possible to retrieve the expiration date on Linux with a 
command line, as shown below, but the command is ugly, not totally safe 
(because of the grep) and may not work on all versions of gpg. 


Having these keys : 
# LANG=C gpg --list-keys 
/root/.gnupg/pubring.gpg
------------------------
pub   1024D/E5F2C00E 2008-01-12 [expires: 2009-01-11]
uid                  test date (test) <test at date>
sub   2048g/7C17580B 2008-01-12 [expires: 2009-01-11]

pub   1024D/16B870A6 2008-01-12
uid                  aaaaaa (fdsfsd) <a at a.a>
sub   2048g/B2526B84 2008-01-12

Expiration date of key test at date is : 
# LANG=C gpg --list-keys test at date | grep "\[expires:" | cut -d ":" -f 2 | cut -d " " -f 2 | cut -d "]" -f 1 | head -n 1
2009-01-11


Thanks, 
Eric LANDES



             
---------------------------------
 Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080112/952bb02a/attachment.htm>

From dshaw at jabberwocky.com  Sat Jan 12 15:53:11 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat, 12 Jan 2008 09:53:11 -0500
Subject: Checking expiration date automatically
In-Reply-To: <834779.75600.qm@web27612.mail.ukl.yahoo.com>
References: <834779.75600.qm@web27612.mail.ukl.yahoo.com>
Message-ID: <20080112145311.GA28425@jabberwocky.com>

On Sat, Jan 12, 2008 at 01:49:49PM +0100, ERIC LANDES wrote:
> 
> Hello,
> 
> I use gnupg with a software I write and it needs a gpg key with expiration date. 
> As I do not myself manage this software, I would like to provide a shell script on 
> Linux (e.g. launched every day with cron) which would check for the expiration date and send 
> a warning if key expires within a given time (15 days for example). 
> 
> Does there exist an option which would give the expiration date of a key, if such date exists ? 
> I saw nothing on man gpg. 
> 
> 
> It is possible to retrieve the expiration date on Linux with a 
> command line, as shown below, but the command is ugly, not totally safe 
> (because of the grep) and may not work on all versions of gpg. 
> 
> 
> Having these keys : 
> # LANG=C gpg --list-keys 
> /root/.gnupg/pubring.gpg
> ------------------------
> pub   1024D/E5F2C00E 2008-01-12 [expires: 2009-01-11]
> uid                  test date (test) <test at date>
> sub   2048g/7C17580B 2008-01-12 [expires: 2009-01-11]
> 
> pub   1024D/16B870A6 2008-01-12
> uid                  aaaaaa (fdsfsd) <a at a.a>
> sub   2048g/B2526B84 2008-01-12
> 
> Expiration date of key test at date is : 
> # LANG=C gpg --list-keys test at date | grep "\[expires:" | cut -d ":" -f 2 | cut -d " " -f 2 | cut -d "]" -f 1 | head -n 1
> 2009-01-11

See the file DETAILS in the doc/ directory.  Something like:

  gpg --with-colons --fixed-list-mode --list-keys test at date | cut -d: -f7

should do what you want.

The number is the expiration date (if any) expressed as the number of
seconds since 1/1/1970.

Daxvid


From stefanmalte at gmail.com  Sat Jan 12 21:14:00 2008
From: stefanmalte at gmail.com (Stefan Malte Schumacher)
Date: Sat, 12 Jan 2008 21:14:00 +0100
Subject: Compiling libgcrypt
Message-ID: <fc1b0e2b0801121214n51d7b134i4ded78768f84565f@mail.gmail.com>

Hello

I am currently trying to build GnuPG 2.08 from the source. I have compiled
and installed the latest versions of the necessary libraries (libksba-1.0.2,
libgpg-error-1.6,  libassuan-1.0.4 and pth-2.0.7) except libgcrypt
1.4.0which unfortunately aborts during the compile process. I have
tried to
install an older version (1.2.2) but it also aborted with an error in
rijndael.lol . I am using GNU Make 3.80 and gcc (GCC) 3.3.3 (SuSE Linux).
Below are the outputs of make and the configure-script while trying to build
libgcrypt 1.4.0. How can I get this working ?

Yours sincerely
Stefan Malte Schumacher

This is the make output :

/bin/sh ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I..
-I../src -I../src   -I/usr/local/include -g -O2 -Wall -Wpointer-arith -MT
rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c -o rijndael.lo rijndael.c
 gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/usr/local/include -g -O2
-Wall -Wpointer-arith -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c
rijndael.c  -fPIC -DPIC -o .libs/rijndael.o
 gcc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -I/usr/local/include -g -O2
-Wall -Wpointer-arith -MT rijndael.lo -MD -MP -MF .deps/rijndael.Tpo -c
rijndael.c -o rijndael.o >/dev/null 2>&1
make[2]: *** [rijndael.lo] Fehler 1
make[2]: Leaving directory `/home/stefan/Software/Packed/libgcrypt-1.4.0
/cipher'
make[1]: *** [all-recursive] Fehler 1
make[1]: Leaving directory `/home/stefan/Software/Packed/libgcrypt- 1.4.0'
make: *** [all] Fehler 2

And this is the output of configure :

checking for mmap... yes
checking for getpagesize... yes
checking for sysconf... yes
checking for waitpid... yes
checking for wait4... yes
checking for gettimeofday... yes
checking for getrusage... yes
checking for gethrtime... no
checking for clock_gettime... no
checking for fcntl... yes
checking for ftruncate... yes
checking for mlock... yes
checking for sysconf... (cached) yes
checking for getpagesize... (cached) yes
checking whether mlock is broken... no
checking for random device... yes
checking for _ prefix in compiled symbols... no
checking for mpi assembler functions... done
checking if gcc supports -Wpointer-arith... yes
checking whether non excutable stack support is requested... yes
checking whether assembler supports --noexecstack option... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating m4/Makefile
config.status: creating mpi/Makefile
config.status: creating cipher/Makefile
config.status: creating doc/Makefile
config.status: creating src/Makefile
config.status: creating src/gcrypt.h
config.status: creating src/libgcrypt-config
config.status: creating src/versioninfo.rc
config.status: creating tests/Makefile
config.status: creating config.h
config.status : config.h is unchanged
config.status: linking ./mpi/i386/mpih-add1.S to mpi/mpih-add1-asm.S
config.status: linking ./mpi/i386/mpih-sub1.S to mpi/mpih-sub1-asm.S
config.status: linking ./mpi/i386/mpih-mul1.S to mpi/mpih- mul1-asm.S
config.status: linking ./mpi/i386/mpih-mul2.S to mpi/mpih-mul2-asm.S
config.status: linking ./mpi/i386/mpih-mul3.S to mpi/mpih-mul3-asm.S
config.status: linking ./mpi/i386/mpih-lshift.S to mpi/mpih-lshift-asm.S
config.status: linking ./mpi/i386/mpih-rshift.S to mpi/mpih-rshift-asm.S
config.status: linking ./mpi/generic/mpi-asm-defs.h to mpi/mpi-asm-defs.h
config.status: executing depfiles commands
config.status: executing gcrypt-conf commands

                Configured for: GNU/Linux (i686-pc-linux-gnu)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080112/c0bf0d92/attachment.htm>

From dirk at dirkeinecke.de  Sun Jan 13 17:38:46 2008
From: dirk at dirkeinecke.de (Dirk Einecke)
Date: Sun, 13 Jan 2008 17:38:46 +0100
Subject: Backup my key (private/public)
Message-ID: <381F2DE3-93E6-418C-AC97-D84D80BC6E49@dirkeinecke.de>

Hi,

I want to backup my public and my private key. Is it right that I've  
only to backup my private key? I do it with this command:

gpg --armor --output _secret.asc --export-secret-key max at mustermann.de

The result for importing (gpg --import) the backup file is my public  
and my private key. Is the private key automatically re-generated from  
the private key?

greetings
Dirk Einecke


From dshaw at jabberwocky.com  Sun Jan 13 19:56:07 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun, 13 Jan 2008 13:56:07 -0500
Subject: Backup my key (private/public)
In-Reply-To: <381F2DE3-93E6-418C-AC97-D84D80BC6E49@dirkeinecke.de>
References: <381F2DE3-93E6-418C-AC97-D84D80BC6E49@dirkeinecke.de>
Message-ID: <20080113185607.GA3258@jabberwocky.com>

On Sun, Jan 13, 2008 at 05:38:46PM +0100, Dirk Einecke wrote:
> Hi,
>
> I want to backup my public and my private key. Is it right that I've only 
> to backup my private key? I do it with this command:
>
> gpg --armor --output _secret.asc --export-secret-key max at mustermann.de

That is a fine way to back it up.  See also
http://www.jabberwocky.com/software/paperkey/ for another way to do
it.

> The result for importing (gpg --import) the backup file is my public and my 
> private key. Is the private key automatically re-generated from the private 
> key?

A public key can be automatically regenerated from your private key.

David


From kevhilton at gmail.com  Mon Jan 14 00:39:01 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Sun, 13 Jan 2008 17:39:01 -0600
Subject: Question about history of hash and cipher collections
Message-ID: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>

Here was I was able to find about the current hash and cipher choices with gpg

    Pref Code (n)  	Algorithm (name)  	PGP 2  	PGP 5  	PGP 6  	PGP 7
	PGP 6.5.8ckt  	GPG 1.0.6
    s1 * 	IDEA 	X 	X 	X 	X 	X 	X *
    s2 	3DES 	--- 	X 	X 	X 	X 	X
    s3 	CAST5 	--- 	X 	X 	X 	X 	X
    s4 	Blowfish 	--- 	--- 	--- 	-- 	X (03) 	X
    s7 	AES (128) 	--- 	--- 	--- 	X (7.0.1) 	X (03) 	X
    s8 	AES192 	--- 	--- 	--- 	X (7.0.1) 	X (03) 	X
    s9 	AES256 	--- 	--- 	--- 	X (7.0.1) 	X (03) 	X
    s10 	Twofish 	--- 	--- 	--- 	X 	X (03) 	X
    s11  Camellia128
    s12  Camellia256

    * only with IDEA module

    Digest (Hash) Algorithms
    Pref Code (n) 	Algorithm (name) 	PGP 2 	PGP 5 	PGP 6 	PGP 7 	PGP
6.5.8ckt 	GPG 1.0.6
    h1 	MD5 	X 	X 	X 	X 	X 	X
    h2 	SHA1 	--- 	X 	X 	X 	X 	X
    h3 	RIPEMD160 	--- 	X 	X 	X 	X 	X
    h6 + 	TIGER192 	--- 	--- 	--- 	--- 	X (08) 	X +
    h8 * 	SHA256 	--- 	--- 	--- 	--- 	X (07) 	X *
    h9 * 	SHA384 	--- 	--- 	--- 	--- 	X (07) 	X *
    h10 * 	SHA512 	--- 	--- 	--- 	--- 	X (07) 	X *

Just a few questions,

#1 - How can I generate this list with newer versions of gpg -- is
their an internal command that cross-references the s or h numbers
with the specific ciphers/hashes that are compiled into the module --
something I can type at the command line?

#2 Historically, what ciphers were eliminated -- For example what
ciphers were in the s5, s6 slots?  Same with the hashes.  I believe
the TIGER has was equal to s5.  What happened to that hash choice?

Thanks for your help

-- 
Kevin Hilton


From dshaw at jabberwocky.com  Mon Jan 14 02:33:33 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun, 13 Jan 2008 20:33:33 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
Message-ID: <20080114013332.GA7602@jabberwocky.com>

On Sun, Jan 13, 2008 at 05:39:01PM -0600, Kevin Hilton wrote:
> Here was I was able to find about the current hash and cipher choices with gpg
> 
>     Pref Code (n)  	Algorithm (name)  	PGP 2  	PGP 5  	PGP 6  	PGP 7
> 	PGP 6.5.8ckt  	GPG 1.0.6
>     s1 * 	IDEA 	X 	X 	X 	X 	X 	X *
>     s2 	3DES 	--- 	X 	X 	X 	X 	X
>     s3 	CAST5 	--- 	X 	X 	X 	X 	X
>     s4 	Blowfish 	--- 	--- 	--- 	-- 	X (03) 	X
>     s7 	AES (128) 	--- 	--- 	--- 	X (7.0.1) 	X (03) 	X
>     s8 	AES192 	--- 	--- 	--- 	X (7.0.1) 	X (03) 	X
>     s9 	AES256 	--- 	--- 	--- 	X (7.0.1) 	X (03) 	X
>     s10 	Twofish 	--- 	--- 	--- 	X 	X (03) 	X
>     s11  Camellia128
>     s12  Camellia256
> 
>     * only with IDEA module
> 
>     Digest (Hash) Algorithms
>     Pref Code (n) 	Algorithm (name) 	PGP 2 	PGP 5 	PGP 6 	PGP 7 	PGP
> 6.5.8ckt 	GPG 1.0.6
>     h1 	MD5 	X 	X 	X 	X 	X 	X
>     h2 	SHA1 	--- 	X 	X 	X 	X 	X
>     h3 	RIPEMD160 	--- 	X 	X 	X 	X 	X
>     h6 + 	TIGER192 	--- 	--- 	--- 	--- 	X (08) 	X +
>     h8 * 	SHA256 	--- 	--- 	--- 	--- 	X (07) 	X *
>     h9 * 	SHA384 	--- 	--- 	--- 	--- 	X (07) 	X *
>     h10 * 	SHA512 	--- 	--- 	--- 	--- 	X (07) 	X *
> 
> Just a few questions,
> 

I'm afraid the chart you made was somewhat eaten by word wrap, but it
seems basically sane.  Note that Camellia is not a standard algorithm,
and while it will probably be one eventually, it isn't today.

> #1 - How can I generate this list with newer versions of gpg -- is
> their an internal command that cross-references the s or h numbers
> with the specific ciphers/hashes that are compiled into the module --
> something I can type at the command line?

Yes.  "gpg -v --version" will give you the algorithm numbers along
with the algorithm names.  However, the algorithm numbers are not
really relevant to anything unless you're writing OpenPGP software.
For years now, all programs have referred to AES256 as "AES256" and
not "cipher 9".

> #2 Historically, what ciphers were eliminated -- For example what
> ciphers were in the s5, s6 slots?  Same with the hashes.  I believe
> the TIGER has was equal to s5.  What happened to that hash choice?

S5 was SAFER-SK128 and S6 was reserved for DES/SK.  SAFER was dropped
and nobody ever implemented it.  DES/SK was never even allocated.

You can see the history between RFC-2440 and RFC-4880.  A good number
of algorithms were cleaned up between the two: if it wasn't actually
being used, it got dropped.

David


From kevhilton at gmail.com  Mon Jan 14 04:15:21 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Sun, 13 Jan 2008 21:15:21 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080114013332.GA7602@jabberwocky.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
Message-ID: <96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>

Sorry about my post

Whatever happened to the tiger hash??

Lastly, do you know the reason that the serpent cipher algorithm never
made it into gpg.  From the NSA competition, I thought the serpent
algorithm came in second --- again Im not sure of the criteria that
was used to judge strength -- but wasnt it from this competition that
the US gov adopted AES as the national standard?  Ive seen


From kevhilton at gmail.com  Mon Jan 14 04:15:42 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Sun, 13 Jan 2008 21:15:42 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
Message-ID: <96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>

Sorry the last post was cut off

Sorry about my post

I can see you seem to know a lot about gpg -- thanks.

Whatever happened to the tiger hash??

Lastly, do you know the reason that the serpent cipher algorithm never
made it into gpg.  From the NSA competition, I thought the serpent
algorithm came in second --- again Im not sure of the criteria that
was used to judge strength -- but wasnt it from this competition that
the US gov adopted AES as the national standard?  Just a question, b/c
from my very elementary understanding of ciphers, it seems like
serpent is a very secure standard.  I believe looking at the source
code (either in pgg or pgp2 -- I cant remember) I even saw a serpent.c
file.

Thanks for your input


From dshaw at jabberwocky.com  Mon Jan 14 05:24:23 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun, 13 Jan 2008 23:24:23 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
Message-ID: <20080114042423.GA8227@jabberwocky.com>

On Sun, Jan 13, 2008 at 09:15:42PM -0600, Kevin Hilton wrote:
> Sorry the last post was cut off
> 
> Sorry about my post
> 
> I can see you seem to know a lot about gpg -- thanks.
> 
> Whatever happened to the tiger hash??

Tiger was never really a part of OpenPGP.  RFC-2440 reserved an
algorithm ID number for it, but Tiger wasn't fully specified at the
time, so was not usable (the algorithm was specified, but an OID
number was never allocated).  It was dropped as part of RFC-4880 as it
was never widely implemented, and sort of missed its chance - it was
okay back when 2440 was published, but at only 192 bits, it's too
small for the modern 4880 era.

> Lastly, do you know the reason that the serpent cipher algorithm never
> made it into gpg.  From the NSA competition, I thought the serpent
> algorithm came in second --- again Im not sure of the criteria that
> was used to judge strength -- but wasnt it from this competition that
> the US gov adopted AES as the national standard?  Just a question, b/c
> from my very elementary understanding of ciphers, it seems like
> serpent is a very secure standard.  I believe looking at the source
> code (either in pgg or pgp2 -- I cant remember) I even saw a serpent.c
> file.

Serpent was never put in the OpenPGP standard, so GnuPG won't use it.
There isn't a really dramatic reason for it.  Adding algorithms to
OpenPGP involves a rough consensus among the OpenPGP working group.
With Serpent, that consensus never really happened.

David


From rjh at sixdemonbag.org  Mon Jan 14 05:40:00 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 13 Jan 2008 22:40:00 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
Message-ID: <478AE7A0.7060604@sixdemonbag.org>

Kevin Hilton wrote:
> Whatever happened to the tiger hash??

The OpenPGP Working Group decided that it didn't bring anything new to 
the table, especially in light of SHA256 and SHA512.

Strong arguments (IMO, very strong!) can be made that OpenPGP supports 
way too many algorithms.  Even with as many algorithms as OpenPGP 
supports, though, the line still has to be drawn somewhere.

> Lastly, do you know the reason that the serpent cipher algorithm never
> made it into gpg.

Yes.  It never made it into the OpenPGP RFC (RFC2440 and later RFC4880). 
  If the WG had decided to include Serpent, GnuPG would support Serpent.

>  From the NSA competition, I thought the serpent
> algorithm came in second

There was no second place finisher.  AES won, and everyone else was an 
also-ran.



From rjh at sixdemonbag.org  Mon Jan 14 05:46:18 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 13 Jan 2008 22:46:18 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	<20080114013332.GA7602@jabberwocky.com>	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
Message-ID: <478AE91A.7050608@sixdemonbag.org>

Kevin Hilton wrote:
> I can see you seem to know a lot about gpg -- thanks.

He should; he's one of the GnuPG authors.

> Just a question, b/c from my very elementary understanding of
> ciphers, it seems like serpent is a very secure standard.

Serpent was developed by some very smart people.  However, /all/ the AES
finalists were considered to be very competent designs.  What caused
NIST to select Rijndael over Serpent were factors other than
security--speed, ability to fit in a smart card, key agility, etc.

(Rijndael, pronounced "rain-doll", was ultimately selected to become
AES.  When talking about the history of AES, it's helpful to call it by
its old name.)

> I believe looking at the source code (either in pgg or pgp2 -- I cant
> remember) I even saw a serpent.c file.

It wasn't in pgp 2.x, since Serpent came out almost a decade after pgp
2.x.  There has never been an official GnuPG build that has supported
Serpent, to the best of my knowledge.



From aolsen at standard.com  Mon Jan 14 18:09:40 2008
From: aolsen at standard.com (Alan Olsen)
Date: Mon, 14 Jan 2008 09:09:40 -0800
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080114013332.GA7602@jabberwocky.com>
Message-ID: <92A893260738B0408497A64189BC1E62032CE41F@MSEXCHANGE305.corp.standard.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


> From: David Shaw

> Yes.  "gpg -v --version" will give you the algorithm numbers along
> with the algorithm names.  However, the algorithm numbers are not
> really relevant to anything unless you're writing OpenPGP software.
> For years now, all programs have referred to AES256 as "AES256"
> and not "cipher 9".

Version will not report it that way, but decryption errors will.  If you have an older version of GPG that does not know about the newer cypher or hash, it will report "cypher n" or "hash n".  I have encountered this on systems that have not been upgraded for a while.  (And, yes, there is an upgrade in process.)  The information is useful in that case when you are trying to explain to production people what happened when their file decryption failed.
-----BEGIN PGP SIGNATURE-----
Version: 9.5.3 (Build 5003)

wsBVAwUBR4uXVGqdmbpu7ejzAQrxzQf6A+V0Y0//VmtM2T5phkihrEPl//7qMr7y
oWntZ8qBUlg2DJuChcY2KVUp7Se7y6wmikTrcdJfF9M0FxAWJ7IsVo1dxg9GDq0y
qGJmeVlUYWHjeDw22UdwzR3xVeaJdssz2NUwlYCxRTFT0PJVfggltzREqqlrQ11I
G9+vUUgXTdH/tHDDII++RloPO+ixWbHW2bl16wSOOIPhXx+Mmu8mqiErGUjz2BAf
JRg45D8Oz7w7+qmRmo7wZmjKncrxYgqKYuE2ThNDdQCkS38IgAmXx6I01Fi8IE6d
MAd0pwrrm037N19Sk1aQnlsBoSLQISvlHCas09TfV1r/54w3kp50aQ==
=tKlq
-----END PGP SIGNATURE-----


From dshaw at jabberwocky.com  Mon Jan 14 18:24:39 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 14 Jan 2008 12:24:39 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <92A893260738B0408497A64189BC1E62032CE41F@MSEXCHANGE305.corp.standard.com>
References: <20080114013332.GA7602@jabberwocky.com>
	<92A893260738B0408497A64189BC1E62032CE41F@MSEXCHANGE305.corp.standard.com>
Message-ID: <20080114172439.GA11213@jabberwocky.com>

On Mon, Jan 14, 2008 at 09:09:40AM -0800, Alan Olsen wrote:
> 
> > From: David Shaw
> 
> > Yes.  "gpg -v --version" will give you the algorithm numbers along
> > with the algorithm names.  However, the algorithm numbers are not
> > really relevant to anything unless you're writing OpenPGP software.
> > For years now, all programs have referred to AES256 as "AES256"
> > and not "cipher 9".
> 
> Version will not report it that way, but decryption errors will.

Version does report it that way.

$ gpg -v --version
gpg (GnuPG) 1.4.7
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), 
        AES256 (S9), TWOFISH (S10)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), 
      SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)

David


From aolsen at standard.com  Mon Jan 14 18:49:00 2008
From: aolsen at standard.com (Alan Olsen)
Date: Mon, 14 Jan 2008 09:49:00 -0800
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080114172439.GA11213@jabberwocky.com>
Message-ID: <92A893260738B0408497A64189BC1E62032CE422@MSEXCHANGE305.corp.standard.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> From David Shaw
>On Mon, Jan 14, 2008 at 09:09:40AM -0800, Alan Olsen wrote:
>> 
>> > From: David Shaw
>> 
>> > Yes.  "gpg -v --version" will give you the algorithm numbers along 
>> > with the algorithm names.  However, the algorithm numbers are not 
>> > really relevant to anything unless you're writing OpenPGP software. 
>> > For years now, all programs have referred to AES256 as "AES256" and 
>> > not "cipher 9".
>> 
>> Version will not report it that way, but decryption errors will.

>Version does report it that way.

Not quite what I meant.  (I should really not post on a Monday until I am fully awake.  Which means posting on Tuesday.)

Actually what I meant to say is that the cypher numbers is actually useful if you are trying to figure out what you are missing from older versions.

-----BEGIN PGP SIGNATURE-----
Version: 9.5.3 (Build 5003)

wsBVAwUBR4ugjGqdmbpu7ejzAQoIBQgAvGyNRh78yDtBILGiX/RO2XpCuwzVip4M
1RQ4e/G0pNUwOiA578RAjI2d0wNKMlQ3GiDBm/JsxmIioWhcZKBj7UBgQvkvttuY
HVvfq0Ua2AM8z8ubedWsTufV3bX3oOZmnYIpgZRHLLpUI1C8AWtFmvi7B1BrU7KQ
Fg/+ISnJzIaNL3YpwdhDuCLLfQBeesgeQULdhf6YtKYOEThhxinXSOG8NR1ot84G
SrJrekpzo4CmH+glj2Sff4l2oaiBih+8PGurt4d0HjgSn/KCst0HpDtlLV0A+X5d
eagjcQYREASiark45PijfmJMnCzWfd+dj0E2oEQS5ac+133Pl1eyhQ==
=kWzA
-----END PGP SIGNATURE-----


From wk at gnupg.org  Mon Jan 14 19:40:14 2008
From: wk at gnupg.org (Werner Koch)
Date: Mon, 14 Jan 2008 19:40:14 +0100
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080114042423.GA8227@jabberwocky.com> (David Shaw's message of
	"Sun, 13 Jan 2008 23:24:23 -0500")
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<20080114042423.GA8227@jabberwocky.com>
Message-ID: <87r6gkl08h.fsf@wheatstone.g10code.de>

On Mon, 14 Jan 2008 05:24, dshaw at jabberwocky.com said:

> There isn't a really dramatic reason for it.  Adding algorithms to
> OpenPGP involves a rough consensus among the OpenPGP working group.
> With Serpent, that consensus never really happened.

FWIW, about 7 years ago we had an informal meeting of OpenPGP
implementors and we agreed that we should try to keep the list of
supported algorithms short.  Meanwhile it had turned out the the
preference system works quite well and that for political reasons
(e.g. national regulations) we may need to add other algorithms in the
future.  That is actually not new thing, RIPEMD-160 has been in OpenPGP
since the early days because European telcos and governments like that
algorithms.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From pehr at alumni.utexas.net  Mon Jan 14 19:58:57 2008
From: pehr at alumni.utexas.net (Pehr Jansson)
Date: Mon, 14 Jan 2008 12:58:57 -0600
Subject: Fwd: Question about history of hash and cipher collections
References: <92A893260738B0408497A64189BC1E62032CE422@MSEXCHANGE305.corp.standard.com>
Message-ID: <FD587869-21BE-4574-9055-FFDFAFE27D41@alumni.utexas.net>

please remove me from this mailing list.

Begin forwarded message:

> From: "Alan Olsen" <aolsen at standard.com>
> Date: January 14, 2008 11:49:00 AM CST
> To: "David Shaw" <dshaw at jabberwocky.com>, <gnupg-users at gnupg.org>
> Subject: RE: Question about history of hash and cipher collections
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
>> From David Shaw
>> On Mon, Jan 14, 2008 at 09:09:40AM -0800, Alan Olsen wrote:
>>>
>>>> From: David Shaw
>>>
>>>> Yes.  "gpg -v --version" will give you the algorithm numbers along
>>>> with the algorithm names.  However, the algorithm numbers are not
>>>> really relevant to anything unless you're writing OpenPGP software.
>>>> For years now, all programs have referred to AES256 as "AES256" and
>>>> not "cipher 9".
>>>
>>> Version will not report it that way, but decryption errors will.
>
>> Version does report it that way.
>
> Not quite what I meant.  (I should really not post on a Monday  
> until I am fully awake.  Which means posting on Tuesday.)
>
> Actually what I meant to say is that the cypher numbers is actually  
> useful if you are trying to figure out what you are missing from  
> older versions.
>
> -----BEGIN PGP SIGNATURE-----
> Version: 9.5.3 (Build 5003)
>
> wsBVAwUBR4ugjGqdmbpu7ejzAQoIBQgAvGyNRh78yDtBILGiX/RO2XpCuwzVip4M
> 1RQ4e/G0pNUwOiA578RAjI2d0wNKMlQ3GiDBm/JsxmIioWhcZKBj7UBgQvkvttuY
> HVvfq0Ua2AM8z8ubedWsTufV3bX3oOZmnYIpgZRHLLpUI1C8AWtFmvi7B1BrU7KQ
> Fg/+ISnJzIaNL3YpwdhDuCLLfQBeesgeQULdhf6YtKYOEThhxinXSOG8NR1ot84G
> SrJrekpzo4CmH+glj2Sff4l2oaiBih+8PGurt4d0HjgSn/KCst0HpDtlLV0A+X5d
> eagjcQYREASiark45PijfmJMnCzWfd+dj0E2oEQS5ac+133Pl1eyhQ==
> =kWzA
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080114/caeee15d/attachment.htm>

From pehr at alumni.utexas.net  Mon Jan 14 19:59:18 2008
From: pehr at alumni.utexas.net (Pehr Jansson)
Date: Mon, 14 Jan 2008 12:59:18 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080114172439.GA11213@jabberwocky.com>
References: <20080114013332.GA7602@jabberwocky.com>
	<92A893260738B0408497A64189BC1E62032CE41F@MSEXCHANGE305.corp.standard.com>
	<20080114172439.GA11213@jabberwocky.com>
Message-ID: <7774A238-8832-4604-84DF-18C58E9B7508@alumni.utexas.net>

Please remove me from this mailing list.

On Jan 14, 2008, at 11:24 AM, David Shaw wrote:

> On Mon, Jan 14, 2008 at 09:09:40AM -0800, Alan Olsen wrote:
>>
>>> From: David Shaw
>>
>>> Yes.  "gpg -v --version" will give you the algorithm numbers along
>>> with the algorithm names.  However, the algorithm numbers are not
>>> really relevant to anything unless you're writing OpenPGP software.
>>> For years now, all programs have referred to AES256 as "AES256"
>>> and not "cipher 9".
>>
>> Version will not report it that way, but decryption errors will.
>
> Version does report it that way.
>
> $ gpg -v --version
> gpg (GnuPG) 1.4.7
> Copyright (C) 2006 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditions. See the file COPYING for details.
>
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),
>         AES256 (S9), TWOFISH (S10)
> Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
>       SHA512 (H10), SHA224 (H11)
> Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)
>
> David
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



From pehr at alumni.utexas.net  Mon Jan 14 19:59:33 2008
From: pehr at alumni.utexas.net (Pehr Jansson)
Date: Mon, 14 Jan 2008 12:59:33 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <92A893260738B0408497A64189BC1E62032CE41F@MSEXCHANGE305.corp.standard.com>
References: <92A893260738B0408497A64189BC1E62032CE41F@MSEXCHANGE305.corp.standard.com>
Message-ID: <7400EABE-A152-45B0-AA8B-78864E425601@alumni.utexas.net>

Please remove me from this mailing list.

On Jan 14, 2008, at 11:09 AM, Alan Olsen wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
>
>> From: David Shaw
>
>> Yes.  "gpg -v --version" will give you the algorithm numbers along
>> with the algorithm names.  However, the algorithm numbers are not
>> really relevant to anything unless you're writing OpenPGP software.
>> For years now, all programs have referred to AES256 as "AES256"
>> and not "cipher 9".
>
> Version will not report it that way, but decryption errors will.   
> If you have an older version of GPG that does not know about the  
> newer cypher or hash, it will report "cypher n" or "hash n".  I  
> have encountered this on systems that have not been upgraded for a  
> while.  (And, yes, there is an upgrade in process.)  The  
> information is useful in that case when you are trying to explain  
> to production people what happened when their file decryption failed.
> -----BEGIN PGP SIGNATURE-----
> Version: 9.5.3 (Build 5003)
>
> wsBVAwUBR4uXVGqdmbpu7ejzAQrxzQf6A+V0Y0//VmtM2T5phkihrEPl//7qMr7y
> oWntZ8qBUlg2DJuChcY2KVUp7Se7y6wmikTrcdJfF9M0FxAWJ7IsVo1dxg9GDq0y
> qGJmeVlUYWHjeDw22UdwzR3xVeaJdssz2NUwlYCxRTFT0PJVfggltzREqqlrQ11I
> G9+vUUgXTdH/tHDDII++RloPO+ixWbHW2bl16wSOOIPhXx+Mmu8mqiErGUjz2BAf
> JRg45D8Oz7w7+qmRmo7wZmjKncrxYgqKYuE2ThNDdQCkS38IgAmXx6I01Fi8IE6d
> MAd0pwrrm037N19Sk1aQnlsBoSLQISvlHCas09TfV1r/54w3kp50aQ==
> =tKlq
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



From landes_eric at yahoo.fr  Mon Jan 14 19:59:40 2008
From: landes_eric at yahoo.fr (ERIC LANDES)
Date: Mon, 14 Jan 2008 19:59:40 +0100 (CET)
Subject: Checking expiration date automatically
In-Reply-To: <mailman.185.1200274068.2242.gnupg-users@gnupg.org>
Message-ID: <587859.15083.qm@web27604.mail.ukl.yahoo.com>

> > Does there exist an option which would give the expiration date of a
>  key, if such date exists ? 
> 
> See the file DETAILS in the doc/ directory.  Something like:
> 
>   gpg --with-colons --fixed-list-mode --list-keys test at date | cut -d:
>  -f7
> 
> should do what you want.
> 
> The number is the expiration date (if any) expressed as the number of
> seconds since 1/1/1970.
> 
Thanks, it is a command I can rely on ! And it gives an epoch time which can be easily processed. 
For those interested, I just added a -- grep -E "^pub:" -- to get only one date. 

Eric LANDES


             
---------------------------------
 Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080114/2ddeacce/attachment.htm>

From pehr at alumni.utexas.net  Mon Jan 14 19:59:58 2008
From: pehr at alumni.utexas.net (Pehr Jansson)
Date: Mon, 14 Jan 2008 12:59:58 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <87r6gkl08h.fsf@wheatstone.g10code.de>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<20080114042423.GA8227@jabberwocky.com>
	<87r6gkl08h.fsf@wheatstone.g10code.de>
Message-ID: <394FD844-8A88-405D-B6C3-FF2D965AFEDD@alumni.utexas.net>

Please remove me from this mailing list.

On Jan 14, 2008, at 12:40 PM, Werner Koch wrote:

> On Mon, 14 Jan 2008 05:24, dshaw at jabberwocky.com said:
>
>> There isn't a really dramatic reason for it.  Adding algorithms to
>> OpenPGP involves a rough consensus among the OpenPGP working group.
>> With Serpent, that consensus never really happened.
>
> FWIW, about 7 years ago we had an informal meeting of OpenPGP
> implementors and we agreed that we should try to keep the list of
> supported algorithms short.  Meanwhile it had turned out the the
> preference system works quite well and that for political reasons
> (e.g. national regulations) we may need to add other algorithms in the
> future.  That is actually not new thing, RIPEMD-160 has been in  
> OpenPGP
> since the early days because European telcos and governments like that
> algorithms.
>
>
> Salam-Shalom,
>
>    Werner
>
> -- 
> Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



From zvrba at globalnet.hr  Mon Jan 14 21:04:27 2008
From: zvrba at globalnet.hr (Zeljko Vrba)
Date: Mon, 14 Jan 2008 21:04:27 +0100
Subject: Question about history of hash and cipher collections
In-Reply-To: <394FD844-8A88-405D-B6C3-FF2D965AFEDD@alumni.utexas.net>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	<20080114013332.GA7602@jabberwocky.com>	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>	<20080114042423.GA8227@jabberwocky.com>	<87r6gkl08h.fsf@wheatstone.g10code.de>
	<394FD844-8A88-405D-B6C3-FF2D965AFEDD@alumni.utexas.net>
Message-ID: <478BC04B.3000509@globalnet.hr>

Pehr Jansson wrote:
> Please remove me from this mailing list.
>
Visit the URL that is written at the bottom of each message sent to the
list and remove yourself.


From j.lysdal at gmail.com  Mon Jan 14 22:17:24 2008
From: j.lysdal at gmail.com (Jorgen Christiansen Lysdal)
Date: Mon, 14 Jan 2008 22:17:24 +0100
Subject: Question about history of hash and cipher collections
In-Reply-To: <87r6gkl08h.fsf@wheatstone.g10code.de>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	<20080114013332.GA7602@jabberwocky.com>	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>	<20080114042423.GA8227@jabberwocky.com>
	<87r6gkl08h.fsf@wheatstone.g10code.de>
Message-ID: <478BD164.70508@gmail.com>

Werner Koch wrote:
> Meanwhile it had turned out the the
> preference system works quite well ...)
> 

Which leads me to a question. Since I don't like that gpg falls back to 
3DES, if a cipher cannot be agreed opon. Would it be possible to change 
it to AES256 or something, in a relative easy way? Maybe a small change 
to source, and building myself? (BTW, thanks for gpg4win making it easy)


From rjh at sixdemonbag.org  Mon Jan 14 23:40:49 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Jan 2008 16:40:49 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <478BD164.70508@gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	<20080114013332.GA7602@jabberwocky.com>	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>	<20080114042423.GA8227@jabberwocky.com>	<87r6gkl08h.fsf@wheatstone.g10code.de>
	<478BD164.70508@gmail.com>
Message-ID: <478BE4F1.60208@sixdemonbag.org>

Jorgen Christiansen Lysdal wrote:
> Which leads me to a question. Since I don't like that gpg falls back to 
> 3DES, if a cipher cannot be agreed opon. Would it be possible to change 
> it to AES256 or something, in a relative easy way? Maybe a small change 
> to source, and building myself? (BTW, thanks for gpg4win making it easy)

What's wrong with 3DES?  It's ridiculously slow, of course, but even 
after all these years it's still sturdy as a Soviet workers' housing bloc.

Anyway, to answer your question... not in a way which will interoperate 
well.  According to 2440, 3DES is the only MUST symmetric algorithm, 
which means it will be supported by all clients.

If you're willing to take the interoperability hit, I would suggest 
looking into g10/pkclist.c line 1263, "select_algo_from_prefs".  That 
appears to be the best place to hack in what you have in mind.



From dshaw at jabberwocky.com  Mon Jan 14 23:56:35 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 14 Jan 2008 17:56:35 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <478BD164.70508@gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<20080114042423.GA8227@jabberwocky.com>
	<87r6gkl08h.fsf@wheatstone.g10code.de> <478BD164.70508@gmail.com>
Message-ID: <20080114225635.GA13260@jabberwocky.com>

On Mon, Jan 14, 2008 at 10:17:24PM +0100, Jorgen Christiansen Lysdal wrote:
> Werner Koch wrote:
>> Meanwhile it had turned out the the
>> preference system works quite well ...)
>
> Which leads me to a question. Since I don't like that gpg falls back to 
> 3DES, if a cipher cannot be agreed opon. Would it be possible to change it 
> to AES256 or something, in a relative easy way? Maybe a small change to 
> source, and building myself? (BTW, thanks for gpg4win making it easy)

You could, but the end result would not interoperate with the rest of
the world.

For example, if you tried to send an encrypted message to someone who
hadn't hacked their GPG and had preferences of (for example) "TWOFISH,
CAST5, IDEA", your copy would pick AES256... and your message would
not be readable.

It doesn't matter all that much what the "cipher of last resort"
actually *is*, but it's absolutely vital that everyone has the *same*
one.  RFC-2440 and 4880 require 3DES for this reason.

Besides, 3DES has been around for longer than any other cipher in
OpenPGP, been studied and attacked far more, and still hasn't fallen.
The only thing wrong with it is that it's slow.  And I doubt you'd
notice the speed issue unless you're running on a very slow machine,
or sending very large messages.

David


From kevhilton at gmail.com  Tue Jan 15 05:05:54 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Mon, 14 Jan 2008 22:05:54 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
Message-ID: <96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>

I can see NIST is calling for entries for a competition to discover a
new hash function:
http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

I was hoping they would name the winner of this contest the ASS
(American Signing Standard), but see the winner will be referred to as
the SHA-3 (Secure Hash Algorithm version 3).  No doubt the winner of
this consult will eventually be added to the gpg standard.


From rjh at sixdemonbag.org  Tue Jan 15 05:32:36 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 14 Jan 2008 22:32:36 -0600
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	<20080114013332.GA7602@jabberwocky.com>	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>
Message-ID: <478C3764.90000@sixdemonbag.org>

Kevin Hilton wrote:
> I can see NIST is calling for entries for a competition to discover a
> new hash function:

Yeah, it's been underway for a while now.  It's been known for years
that the SHA-3 competition was going to happen; now it's actually started.

> No doubt the winner of this consult will eventually be added to the
> gpg standard.

My take on the IETF OpenPGP working group is that a lot of people have
some serious concerns that RFC2440 and RFC4880 include /way/ too many
algorithms.  While I imagine there is a broad desire among WG
participants to see SHA-3 added, I think some hash algorithms may have
to be dropped.  The way I read the tea leaves, we should expect to see
some tumult in the list of algorithms.

Pretty much everyone agrees that we have too many algorithms.  Hardly 
anyone can agree on which algorithms should be dropped.  Even TIGER192 
(a remarkably useless addition which was mercifully axed from the RFC 
shortly after introduction) has partisans who think its exclusion is 
unfair and that it should be reinstated.

If you have strong feelings on this issue, the right place to bring them
up is on the IETF OpenPGP working group mailing list.



From kevhilton at gmail.com  Tue Jan 15 16:12:08 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Tue, 15 Jan 2008 08:12:08 -0700
Subject: Question about history of hash and cipher collections
In-Reply-To: <478C3764.90000@sixdemonbag.org>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>
	<478C3764.90000@sixdemonbag.org>
Message-ID: <96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>

I dont have any feelings or objections about any of the ciphers or
hashes included or excluded (ok maybe serpent should be included),
however I can imagine that deleting old ciphers and hashes would cause
a problem with backwards compatibility.  Why md5 and cast5 are still
included is beyond me, other than for backwards compatibility.

Lastly, who is this governing body that decides what algorithms should
be included? The IETF OpenPGP group?  As a regular user of gpg, but
novice when it comes to the history of PGP/GPG this discussion on the
history/politics of GPG/PGP has been very interesting for me.


From vedaal at hush.com  Tue Jan 15 17:08:28 2008
From: vedaal at hush.com (vedaal at hush.com)
Date: Tue, 15 Jan 2008 11:08:28 -0500
Subject: Question about history of hash and cipher collections
Message-ID: <20080115160829.2CB8F1A0039@mailserver8.hushmail.com>

David Shaw dshaw at jabberwocky.com
wrote on Mon Jan 14 23:56:35 CET 2008 :

>It doesn't matter all that much what the "cipher of last resort"
>actually *is*, but it's absolutely vital that everyone has the 
*same*
>one.  RFC-2440 and 4880 require 3DES for this reason.


have often wondered about this,

if this is so,
wouldn't it make more sense to have gnupg use 3DES as the default 
cipher instead of CAST-5

it might have made sense historically when pgp moved to version 5 +,
and used CAST-5 as default, that gnupg used CAST-5 as the default 
cipher to protect the secret key, and also the default cipher for 
encryption,

(i haven't used pgp for a long time now,
[ since 8.x ],
so i don't know for sure, 
but i don't think they still use CAST-5 as a default,

but in any event,
if 3-DES is the 'open-pgp must implement'
it would make more sense to start using it as the secret key 
default,
(or at least, as the symmetrical encryption default, unbundled from 
being the same as the cipher for the secret key) )


for practical purposes, it can be done easily enough by using gnupg 
options,
and isn't a 'priority' issue,
but was curious if there is any reason that gnupg doesn't want to 
make 
3-DES the default


--
Boost your business with a small business loan. Click now!
http://tagline.hushmail.com/fc/Ioyw6h4euXyjScQGkinXXJUT3b7oEb6kcTwjhkvW9f7XRbvuM1Ikyz/
vedaal



From dshaw at jabberwocky.com  Tue Jan 15 17:52:04 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Jan 2008 11:52:04 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>
	<478C3764.90000@sixdemonbag.org>
	<96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>
Message-ID: <20080115165203.GA26411@jabberwocky.com>

On Tue, Jan 15, 2008 at 08:12:08AM -0700, Kevin Hilton wrote:
> I dont have any feelings or objections about any of the ciphers or
> hashes included or excluded (ok maybe serpent should be included),
> however I can imagine that deleting old ciphers and hashes would cause
> a problem with backwards compatibility.  Why md5 and cast5 are still
> included is beyond me, other than for backwards compatibility.

Choosing algorithms in OpenPGP is always a delicate balancing act
between technical issues, politics, and market forces.

Is the algorithm strong[1]?  Is the key length long enough?  Has it
been used in the past and a zillion keys have it in their preferences?
Will inclusion of the algorithm into OpenPGP allow use of OpenPGP in a
new industry (some industries in some countries have legally-mandated
algorithms), and so on.

CAST5 is a fine cipher and meets all the above criteria.  Don't assume
that just because it's older than AES, it's worth removing.  3DES is
the oldest cipher in OpenPGP (dating back to the 1970s) and it still
meets all the above criteria.  Arguably, it's better in some ways than
the newer ciphers as it's been actively studied and attacked since the
1970s and still hasn't fallen.

MD5 was effectively removed from OpenPGP.  RFC-4880 says:

  Implementations MUST NOT generate new signatures using MD5 as a hash
  function. They MAY continue to consider old signatures that used MD5
  as valid.

That's as close as removal as is realistic, given the huge number of
existing signatures using MD5 that are out there.

> Lastly, who is this governing body that decides what algorithms should
> be included? The IETF OpenPGP group?  As a regular user of gpg, but
> novice when it comes to the history of PGP/GPG this discussion on the
> history/politics of GPG/PGP has been very interesting for me.

http://www.ietf.org/html.charters/openpgp-charter.html

David

[1] I'm defining "strong" here in the loose sense of there are no
    workable attacks against it.  Remember that SHA-1 was broken, but
    it still in daily use as the break didn't reduce its strength
    enough for a workable attack.


From dshaw at jabberwocky.com  Tue Jan 15 18:09:49 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Jan 2008 12:09:49 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080115160829.2CB8F1A0039@mailserver8.hushmail.com>
References: <20080115160829.2CB8F1A0039@mailserver8.hushmail.com>
Message-ID: <20080115170949.GB26574@jabberwocky.com>

On Tue, Jan 15, 2008 at 11:08:28AM -0500, vedaal at hush.com wrote:
> David Shaw dshaw at jabberwocky.com
> wrote on Mon Jan 14 23:56:35 CET 2008 :
> 
> >It doesn't matter all that much what the "cipher of last resort"
> >actually *is*, but it's absolutely vital that everyone has the 
> *same*
> >one.  RFC-2440 and 4880 require 3DES for this reason.
> 
> 
> have often wondered about this,
> 
> if this is so,
> wouldn't it make more sense to have gnupg use 3DES as the default 
> cipher instead of CAST-5
> 
> it might have made sense historically when pgp moved to version 5 +,
> and used CAST-5 as default, that gnupg used CAST-5 as the default 
> cipher to protect the secret key, and also the default cipher for 
> encryption,

GPG does use 3DES as the default cipher for encryption.  That behavior
is required by OpenPGP.

There is no OpenPGP requirement for secret key protection (there are
few interoperability issues there), so CAST5 is as good as anything
else.  For what it's worth, if you set --openpgp mode, the secret key
protection cipher does switch to 3DES.

David


From vedaal at hush.com  Tue Jan 15 18:57:42 2008
From: vedaal at hush.com (vedaal at hush.com)
Date: Tue, 15 Jan 2008 12:57:42 -0500
Subject: Question about history of hash and cipher collections
Message-ID: <20080115175742.E16481A0039@mailserver8.hushmail.com>

David Shaw dshaw at jabberwocky.com
wrote on Tue Jan 15 18:09:49 CET 2008 :

>GPG does use 3DES as the default cipher for encryption.  That 
>behavior
>is required by OpenPGP.


does it?

this is what i get when i try a symmetrical encryption using the 
defaults:

c:\gnupg>gpg -c -a c:\jat.txt
gpg: using cipher CAST5
gpg: writing to `c:\jat.txt.asc'

here is the output:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Acts of Kindness better the World, and protect the Soul
passphrase: jat

jA0EAwMC1u7kYt5GDPpgySjAcWW2AhrskPs0zteJPzScCwtwqsgEYdYQeY7Tq9sQ
4NKAHU4Urql+
=3qDE
-----END PGP MESSAGE-----


here is the gpg.conf i'm using, in case i overlooked something:

##gpg2go  drive
comment "Acts of Kindness better the World, and protect the Soul"
keyring v:\z\147\home\pubring.gpg
secret-keyring v:\z\147\home\secring.gpg
no-default-keyring
trustdb-name v:\z\147\home\trustdb.gpg
#cipher-algo TWOFISH
#digest-algo SHA256
#compress-algo ZIP
load-extension v:\z\147\idea.dll
homedir v:\z\147\home
local-user 0x5AA20C866A589A97!
#hidden-encrypt-to 0x5AA20C866A589A97
#s2k-cipher-algo twofish

#s2k-digest-algo SHA256
#
#cert-digest-algo SHA256
#digest-algo sha1
#digest-algo ripemd160
verbose
verbose
ignore-crc-error
ignore-mdc-error
show-session-key
expert
#throw-keyids
#try-all-secrets
#default-key 6A589A97!


it has been my experience that the cipher used for symmetric 
encryption is the one that is named in s2k-cipher-algo  unless 
otherwise specified,
and if unspecified, and no s2k-cipher-algo is specified either,
then it reverts to CAST-5

(the above test was done using gnupg 1.4.8,
haven't gotten around to changing the folder names yet ;-) )

vedaal



From dshaw at jabberwocky.com  Tue Jan 15 19:07:41 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 15 Jan 2008 13:07:41 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080115175742.E16481A0039@mailserver8.hushmail.com>
References: <20080115175742.E16481A0039@mailserver8.hushmail.com>
Message-ID: <20080115180741.GC26574@jabberwocky.com>

On Tue, Jan 15, 2008 at 12:57:42PM -0500, vedaal at hush.com wrote:
> David Shaw dshaw at jabberwocky.com
> wrote on Tue Jan 15 18:09:49 CET 2008 :
> 
> >GPG does use 3DES as the default cipher for encryption.  That 
> >behavior
> >is required by OpenPGP.
> 
> 
> does it?
> 
> this is what i get when i try a symmetrical encryption using the 
> defaults:
> 
> c:\gnupg>gpg -c -a c:\jat.txt
> gpg: using cipher CAST5
> gpg: writing to `c:\jat.txt.asc'

It uses 3DES for symmetric encryption to a recipient as required.
Straight symmetric encryption you're allowed to use anything.

David


From kevhilton at gmail.com  Tue Jan 15 19:09:16 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Tue, 15 Jan 2008 11:09:16 -0700
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>
	<478C3764.90000@sixdemonbag.org>
	<96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>
Message-ID: <96c450350801151009m27f36e6cw690e180d31799a16@mail.gmail.com>

>From what you are saying about cipher/hashes, it sounds as an end user
of gnupg, it would be best to regularly rotate my personal cipher/hash
preferences.


And lastly, not to be a conspiracy theorist, but how certain can I be
that the NSA (who probably employs the single largest collection of
cryptographers) hasn't discovered "back-doors" or cracks in the
encryption algorithms?  I always get asked this by my brother, and I'm
not sure how best to respond.


From rjh at sixdemonbag.org  Tue Jan 15 20:01:53 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 15 Jan 2008 14:01:53 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801151009m27f36e6cw690e180d31799a16@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	
	<20080114013332.GA7602@jabberwocky.com>	
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>	
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>	
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>	
	<478C3764.90000@sixdemonbag.org>	
	<96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>
	<96c450350801151009m27f36e6cw690e180d31799a16@mail.gmail.com>
Message-ID: <478D0321.6070109@sixdemonbag.org>

Kevin Hilton wrote:
> From what you are saying about cipher/hashes, it sounds as an end user
> of gnupg, it would be best to regularly rotate my personal cipher/hash
> preferences.

Ack!  No.  No.  No.

My advice has been the same for years: unless you know precisely what 
you're doing and why, stick with the defaults.  GnuPG's defaults are 
excellent.  They make good sense.  They interoperate well.  Don't mess 
with them unless you know precisely what you're doing and why.

> And lastly, not to be a conspiracy theorist, but how certain can I be
> that the NSA (who probably employs the single largest collection of
> cryptographers) hasn't discovered "back-doors" or cracks in the
> encryption algorithms?  I always get asked this by my brother, and I'm
> not sure how best to respond.

I get asked this question a lot.  The full answer can be found at:

	http://sixdemonbag.org/cryptofaq.html#agencies


From jmoore3rd at bellsouth.net  Tue Jan 15 21:14:26 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 15 Jan 2008 15:14:26 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <20080115175742.E16481A0039@mailserver8.hushmail.com>
References: <20080115175742.E16481A0039@mailserver8.hushmail.com>
Message-ID: <478D1422.3030209@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

vedaal at hush.com wrote:

> here is the gpg.conf i'm using, in case i overlooked something:

openpgp

The above line needs to be added to Your gpg.conf & You'll be using 3DES.

JOHN ;)
Timestamp: Tuesday 15 Jan 2008, 15:14  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8-svn4658: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/9ubue

iQEcBAEBCgAGBQJHjRQgAAoJEBCGy9eAtCsPapsH/3t5/X3lOqlkgOvKMweO8B/S
GySCmWgWajzunD6JRCadmLjvTgK3OFh4LC/1juXoJJcadTTnQIIskpjm4Wt2BvsC
IhOypEXQ1YjEDe5JLsozV9e5tB/+B7TayerDH/Cptx9XFs48Xj+COTYiIgy7b+CY
qwHYR0frRuQnoBlWVyVuMx+yR15QZNvbR/VZg/FMWFm6KrN2Nh5BMcXVJw7BgB9p
EETauYFkeSf0A3INcNP3J7a2EbZQn1sbgVfErx63bY9ZblQdZUDmOWsgKzv4MILG
6ME4OL2LHxgdxBa2ARLZyQY4TyC9uX0BvbPA0ScV+Qkp8q75vuIMgquIzJYfmAM=
=tJpy
-----END PGP SIGNATURE-----


From kevhilton at gmail.com  Wed Jan 16 03:48:20 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Tue, 15 Jan 2008 19:48:20 -0700
Subject: Question about history of hash and cipher collections
In-Reply-To: <1200437607.6565.9.camel@carbon>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<20080114013332.GA7602@jabberwocky.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>
	<478C3764.90000@sixdemonbag.org>
	<96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>
	<96c450350801151009m27f36e6cw690e180d31799a16@mail.gmail.com>
	<1200437607.6565.9.camel@carbon>
Message-ID: <96c450350801151848p50e1e673oe110cf62c279e55d@mail.gmail.com>

Just a few follow-up points

Quote:
My advice has been the same for years: unless you know precisely what
you're doing and why, stick with the defaults.  GnuPG's defaults are
excellent.  They make good sense.  They interoperate well.  Don't mess
with them unless you know precisely what you're doing and why.

However in your link: http://sixdemonbag.org/cryptofaq.html#agencies,
you recommend other things (as discussed below).

>From my limited knowledge, the default GnuPG settings are to create a
1024-bit DSA signing key, a 1024-bit ElGamal encryption key, a 3DES
symmetric cipher, and SHA-1 hash.

In your link however, you recommend the creation of 1024 or 2048 RSA
signing and encryption keys (or DSA2 signing key with RSA encryption
key??), and to choose something else other than the SHA-1 hash.

It would seem from your the information in your link, it would not be
best to follow the default settings in terms of signing/encryption key
creation, and hash algorithm.  What hash algorithm should I be using,
if SHA-1 is not preferred? SHA512??

Who chooses the defaults in terms of DSA/ElGamal signing/encryption
keys?  Is this set by the GnuPG programmers or they OpenGPG standard?


From rjh at sixdemonbag.org  Wed Jan 16 04:23:58 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 15 Jan 2008 22:23:58 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801151848p50e1e673oe110cf62c279e55d@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	
	<20080114013332.GA7602@jabberwocky.com>	
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>	
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>	
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>	
	<478C3764.90000@sixdemonbag.org>	
	<96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>	
	<96c450350801151009m27f36e6cw690e180d31799a16@mail.gmail.com>	
	<1200437607.6565.9.camel@carbon>
	<96c450350801151848p50e1e673oe110cf62c279e55d@mail.gmail.com>
Message-ID: <478D78CE.1010102@sixdemonbag.org>

Kevin Hilton wrote:
> In your link however, you recommend the creation of 1024 or 2048 RSA
> signing and encryption keys (or DSA2 signing key with RSA encryption
> key??), and to choose something else other than the SHA-1 hash.

And I also say "unless you know exactly what you're doing and why, use 
the defaults."

It's true that I am not fond of kilobit keys, for reasons I won't go 
into right now.  I am far, far less fond of people who do not know what 
they are doing, or why they are doing it, tinkering around with deep 
magics beyond their kenning.

A Formula-1 race mechanic may be able to tweak a car engine to get a few 
more percent out of it than the factory settings allow.  Your average 
driver should not attempt this, because they have better odds of cutting 
their own brake lines by accident than by realizing any marginal 
improvement.

Prudence demands that drivers be strongly encouraged to just drive the car.

> creation, and hash algorithm.  What hash algorithm should I be using,
> if SHA-1 is not preferred? SHA512??

Unless you know exactly what you're doing and why, use the defaults. 
That is all the advice you will get from me.

> Who chooses the defaults in terms of DSA/ElGamal signing/encryption
> keys?  Is this set by the GnuPG programmers or they OpenGPG standard?

The OpenPGP standard specifies what algorithms must be present, and to 
an extent what the defaults must be.  The GnuPG crew is free to exceed 
those standards.


From kevhilton at gmail.com  Wed Jan 16 04:29:36 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Tue, 15 Jan 2008 20:29:36 -0700
Subject: Question about history of hash and cipher collections
In-Reply-To: <478D78CE.1010102@sixdemonbag.org>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>
	<478C3764.90000@sixdemonbag.org>
	<96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>
	<96c450350801151009m27f36e6cw690e180d31799a16@mail.gmail.com>
	<1200437607.6565.9.camel@carbon>
	<96c450350801151848p50e1e673oe110cf62c279e55d@mail.gmail.com>
	<478D78CE.1010102@sixdemonbag.org>
Message-ID: <96c450350801151929m1733787as4d075d1f7f449998@mail.gmail.com>

>Unless you know exactly what you're doing and why, use the defaults.
>That is all the advice you will get from me.

Hmm, not the answer I was quite expecting.

Thanks again for all your time.  You have greatly enlightened me and
reinforced my love for gnupg.


From rjh at sixdemonbag.org  Wed Jan 16 07:22:27 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 16 Jan 2008 01:22:27 -0500
Subject: Question about history of hash and cipher collections
In-Reply-To: <96c450350801151848p50e1e673oe110cf62c279e55d@mail.gmail.com>
References: <96c450350801131539o18438c61g7709b9de86752a0f@mail.gmail.com>	
	<20080114013332.GA7602@jabberwocky.com>	
	<96c450350801131915m5d4a97ado3aa33a9737bff2a7@mail.gmail.com>	
	<96c450350801131915q4a30155dwaf8300a2f1ee7dbe@mail.gmail.com>	
	<96c450350801142005p131e15ffi7f34a58de7e8e6ed@mail.gmail.com>	
	<478C3764.90000@sixdemonbag.org>	
	<96c450350801150712q7d1a659exb1275891f7a12c5f@mail.gmail.com>	
	<96c450350801151009m27f36e6cw690e180d31799a16@mail.gmail.com>	
	<1200437607.6565.9.camel@carbon>
	<96c450350801151848p50e1e673oe110cf62c279e55d@mail.gmail.com>
Message-ID: <478DA2A3.2030004@sixdemonbag.org>

Kevin Hilton wrote:
> From my limited knowledge, the default GnuPG settings are to create a
> 1024-bit DSA signing key, a 1024-bit ElGamal encryption key, a 3DES
> symmetric cipher, and SHA-1 hash.

Incidentally, with 1.4.8 it defaults to a 2048-bit DSA/Elg keypair and 
SHA256.  There is no contradiction between what you read and my "use the 
defaults!" creed.

That page was written before DSA2 was widespread, and right after some 
major cracks were showing in SHA-1.  I should update the page to reflect 
the changes since then.




From max.allan at nbs.co.uk  Thu Jan 10 09:35:27 2008
From: max.allan at nbs.co.uk (Max Allan)
Date: Thu, 10 Jan 2008 08:35:27 +0000
Subject: Decryption error
In-Reply-To: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>
References: <319C97430831164E90F66B72B419713D39D0D5@MAIL.sc.loc>
Message-ID: <008101c85363$c090ec50$5dc810ac@maxpc>

You can try to run ldd on the binary (use the full path to gpg, ldd won't search $PATH for you). That will show all libraries the
binary wants and if they aren't found. 
This might save you