From JPClizbe at tx.rr.com  Sat Mar  1 00:20:04 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Fri, 29 Feb 2008 17:20:04 -0600
Subject: _almost_ working, now a command line question...
In-Reply-To: <5bdbc9050802291210yb9333ccr4d86c867ba1b5e96@mail.gmail.com>
References: <5bdbc9050802291210yb9333ccr4d86c867ba1b5e96@mail.gmail.com>
Message-ID: <47C89324.9050204@tx.rr.com>

Maury Markowitz wrote:
> So after finally deciding to trust that gpg was giving me an accurate
> error, and that the passphrase really was wrong, I spend the last week
> scaring up someone within the labyrinths that could actually change
> the key to the one that we know works. Presto! Working file.
> 
> Lesson learned: You CAN simply copy binary key files from pgp to gpg,
> which is really nice.
> 
> All that's left now is to fully automate this, and my Windows CMD
> noobishness is an issue. Here's my command line:
> 
> O:\Utilities>echo o:\apricing\pass.txt | o:\utilities\gpg --homedir o:\utilities
> \ --passphrase-fd 0 --load-extension o:\utilities\idea.dll -o "o:\apricing\morga
> n_cds_20080229.txt" -d "o:\apricing\24476.txt.pgp"
> 
> And here are the results (slightly trimmed to protect the innocent):

<snip>
> 
> pass.txt absolutely has the right key in it. I tried both | and >, the
> later did nothing at all (which I guess makes sense).
> 
> Anything obvious here?

You could try

--passphrase-file o:\apricing\pass.txt

after removing --passphrase-fd

This is *very* sensitive to line endings. I had to run dos2unix on the
passphrase file before the command would work. DIR or 'ls -l' on the passphrase
file should show a length one greater than the character count in the passphrase
(just <LF>). Windows will create the file with <CR><LF> and the <CR> will muck
things up.

You may also wish to include --batch on the command line.

-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080229/cb704625/attachment.pgp>

From richih.mailinglist at gmail.com  Sat Mar  1 12:46:40 2008
From: richih.mailinglist at gmail.com (Richard Hartmann)
Date: Sat, 1 Mar 2008 12:46:40 +0100
Subject: Signing people with only one form of ID?
In-Reply-To: <005401c87afa$2db309e0$6401a8c0@T60>
References: <2d460de70802271638x6153a5f0w4bb9a355bf1c9889@mail.gmail.com>
	<47C6205E.2000200@sixdemonbag.org>
	<001d01c879bc$127fff50$6401a8c0@T60>
	<2d460de70802290149g51f8f0d2l2be7b76abb72c6fa@mail.gmail.com>
	<005401c87afa$2db309e0$6401a8c0@T60>
Message-ID: <2d460de70803010346k778f049exbbf9be40e54bc9d5@mail.gmail.com>

On Fri, Feb 29, 2008 at 6:40 PM, Brian Smith <brian at briansmith.org> wrote:


>  > The basic assumption is that a key signing is good and that
>  > you actually gain something from it.
>
>  That is the assumption that I am challenging.

You are not challengging the assumption, you are attacking the
implementation :)


> > In the US, they are just using credit cards and the ability
>  > to block money on your account for their own use in stead of
>  > ID. This is basically an ID with electronic traceability
>  > (people _know_ you were in X, renting a car.
>  > And they can look it all up in a central location).
>
>  These are things I want to help change.

For some things, you simply need to establish identity. As
soon as you leave the 'I have known you since birth and you
are tightly knit into my social circle' regions, doing some
things, especially ones involving large amounts of money,
is simply not feasible.

You can challenge that assumption by giving me your car,
house & bank accounts. Unless you never go far from your
birthplace, or progress very slowly in one direction, you
simply need to be able to establish ID. Or you can do the
US thing of just taking a pile of [electronic] cash into
custody.


>  There's got to be some mechanism that doesn't require (as much) hope,
>  and which doesn't require the loss of anonymity, at least for common
>  uses of PGP like personal email.

There are three forms of ID:

a) 'This is the same person I have had contact with before.'
   This can be done via an unsigned key or facial recognition.

b) 'This person is known to someone I [have to] trust.'
   Web of trust, government-issued ID, alias-based eID

c) 'I know this person to be X.'
   You have known them for a very long time, preferably since
   their birth.

As GPG WoT aims to stay in the realm of b), it is, quite literally,
impossible to establish anything of use with a). Note that there
are schemes that involve GPG and a), but they can not reliably
establish identity, only authenticy.


>  Would better IDs really help? It has got to be hard for a person to say
>  "I don't trust you or your ID, I'm not going to sign your key."

If your full DNA print is being taken at birth, you are implanted with a
chip immediately & you are under close, automated surveillance for
all your life, this would be the complete solution and 'help', yes.

If I had any reasonable doubt as to the validity of someone's ID
or if they match the identity on the ID, I would say so, yes. If you
are concerned about the social implications, tell them you will
sign it and then don't. Chances are that in such a scenario, you
will not meet the other person again, anyway.


Richard

>
>
>
>  - Brian
>
>
>  _______________________________________________
>  Gnupg-users mailing list
>  Gnupg-users at gnupg.org
>  http://lists.gnupg.org/mailman/listinfo/gnupg-users
>


From email at sven-radde.de  Sat Mar  1 13:20:26 2008
From: email at sven-radde.de (Sven Radde)
Date: Sat, 01 Mar 2008 13:20:26 +0100
Subject: _almost_ working, now a command line question...
In-Reply-To: <5bdbc9050802291210yb9333ccr4d86c867ba1b5e96@mail.gmail.com>
References: <5bdbc9050802291210yb9333ccr4d86c867ba1b5e96@mail.gmail.com>
Message-ID: <1204374026.6658.21.camel@carbon>

Hi!

Am Freitag, den 29.02.2008, 15:10 -0500 schrieb Maury Markowitz:
> O:\Utilities>echo o:\apricing\pass.txt | ...

Try "type o:\apricing\pass.txt | ..." if you really want to do it this
way.

cu, Sven



From saravan1 at comp.nus.edu.sg  Sun Mar  2 12:40:24 2008
From: saravan1 at comp.nus.edu.sg (Saravanan)
Date: Sun, 2 Mar 2008 19:40:24 +0800
Subject: GnuPG Make_Printable_String Remote Buffer Overflow Vulnerability
Message-ID: <000a01c87c5a$378800e0$b95d8489@yourf3zsqh74e5>

Hi,

I have been trying to find an input that will utilize the Make_Printable_String so as to look into the vulnerability.But I am rather unsuccessful at finding such an input. Can advise me on any such input? Thanks.

Saravanan  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080302/f7b2c0ad/attachment.htm>

From nicholas.cole at gmail.com  Sun Mar  2 11:00:56 2008
From: nicholas.cole at gmail.com (Nicholas Cole)
Date: Sun, 2 Mar 2008 10:00:56 +0000
Subject: Signing people with only one form of ID?
In-Reply-To: <2d460de70803010346k778f049exbbf9be40e54bc9d5@mail.gmail.com>
References: <2d460de70802271638x6153a5f0w4bb9a355bf1c9889@mail.gmail.com>
	<47C6205E.2000200@sixdemonbag.org>
	<001d01c879bc$127fff50$6401a8c0@T60>
	<2d460de70802290149g51f8f0d2l2be7b76abb72c6fa@mail.gmail.com>
	<005401c87afa$2db309e0$6401a8c0@T60>
	<2d460de70803010346k778f049exbbf9be40e54bc9d5@mail.gmail.com>
Message-ID: <a5c3d8350803020200j1891492aqd8ab2aaf6c28d982@mail.gmail.com>

On Sat, Mar 1, 2008 at 11:46 AM, Richard Hartmann
<richih.mailinglist at gmail.com> wrote:
> On Fri, Feb 29, 2008 at 6:40 PM, Brian Smith <brian at briansmith.org> wrote:
>
>
>  >  > The basic assumption is that a key signing is good and that
>  >  > you actually gain something from it.
>  >
>  >  That is the assumption that I am challenging.
>
>  You are not challengging the assumption, you are attacking the
>  implementation :)

Well, let me attack this problem from another position.  :-)

I think we need to remember what the purpose of a signature on an
OpenPGP is.  It is there, first and foremost, to tell the computer
"Yes, you should be happy encrypting to this key", for the purpose of
avoiding Man in the Middle attacks.

(And - as an aside - the purpose of OpenPGP is to make email and other
electronic communication on the internet more secure).

One of the early mistakes I think the _documentation_ of PGP made was
to suggest that one day we might all live in a world where keys would
be selected automatically from keyservers, with no effort on the part
of the user, and with almost total security.  It is with such a dream
in mind that people set up key servers, go to key-signing parties and
the like, and start worrying about how many passports they need to see
before they sign a key.


Actually, such a world is probably not possible. But for private
users, most of the time, the most important thing is still to check
the fingerprint of the key with the intended recipient of secure
communications.  It is, actually, simple.

But that does not mean the web of trust is useless - far from it.
OpenPGP lets you represent all sorts of trust models: you can choose
trust the root key of a company, university or computer software
project, and thereby "trust" all of the people involved in that
organisation, for example.

But I've never been convinced that the search for the "right" level of
id to demand before signing a key is right, nor that going to random
keysignings is very useful.

OpenPGP can only represent "trust" that already exists.  And the truth
of the matter is that if I have just met a chap in a bar, I am
unlikely to "trust" him to sign any more keys for me, no matter how
much he tells me he always looks at passports.  So even if I signed
his key, I probably wouldn't then trust him to sign other keys that I
depended upon.

Sorry - that was rather more than I meant to write.  Take home
message: use OpenPGP to represent "trust" relationships that make
sense for your situation, and don't worry about an ideal standard,
because one doesn't exist, shouldn't exist, and probably couldn't ever
exist.  ;-)

(I am reminded of this cartoon:  http://xkcd.com/386/ )

Best,

N


From jmoore3rd at bellsouth.net  Sun Mar  2 14:14:33 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 02 Mar 2008 08:14:33 -0500
Subject: Signing people with only one form of ID?
In-Reply-To: <a5c3d8350803020200j1891492aqd8ab2aaf6c28d982@mail.gmail.com>
References: <2d460de70802271638x6153a5f0w4bb9a355bf1c9889@mail.gmail.com>	<47C6205E.2000200@sixdemonbag.org>	<001d01c879bc$127fff50$6401a8c0@T60>	<2d460de70802290149g51f8f0d2l2be7b76abb72c6fa@mail.gmail.com>	<005401c87afa$2db309e0$6401a8c0@T60>	<2d460de70803010346k778f049exbbf9be40e54bc9d5@mail.gmail.com>
	<a5c3d8350803020200j1891492aqd8ab2aaf6c28d982@mail.gmail.com>
Message-ID: <47CAA839.9030302@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Nicholas Cole wrote:

> But that does not mean the web of trust is useless - far from it.
> OpenPGP lets you represent all sorts of trust models: you can choose
> trust the root key of a company, university or computer software
> project, and thereby "trust" all of the people involved in that
> organisation, for example.

ID's, Length of Relationship,Key Fingerprint verification etc. are all
just individual methods of determining Who has control of a Key.  The
WoT is only conferred based upon the 'Depth of Trust' conferred with the
Signature.  PGP refers to this as 'Trusted Introducer' [Black Pencil]
and GnuPG displays this 'depth' with a numerical notation.

Basic 'Exportable' Signatures [0x10, Yellow Pencil] are as common [&
useful] on a Key as a pocket full of business cards after returning from
a convention.  "Yeah, We met & exchanged some Contact Information."

JOHN ;)
Timestamp: Sunday 02 Mar 2008, 08:14  --500 (Eastern Standard Time)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHyqg4AAoJEBCGy9eAtCsPnooH/1PFuFXJfSo9+80HwWxQpyNG
AfjETN4e0h0uDalYsUyxq84KK/sDhGN+ChDsgci4gp9t/PBaPWZIj8egyN1PQ4pu
AIFYYUjVCSaW7UOJ3Uw8mFDkCEhPpovh4u0rJtT9HmLQ5qBF75o6jyrl5tgy2G9B
XOHNpL8MSqok7PjJZTDOlcrk3fNQ3GZreZTkArmIw2HLDHX+f6tge342m1fi44MP
Mds0TDwKmyKXagtDavprfx8mB/B+08bKxm4zW4Nk3hLCfmYNvWv793Jc0k9aGOEO
mXhuTlKzqz3kGOTqQlxt0HqaLLwY6eaPXc7yRQdo3cwwy77OcmJjU9aJgxJ76tU=
=JT+0
-----END PGP SIGNATURE-----


From funkdude at gmail.com  Mon Mar  3 02:57:20 2008
From: funkdude at gmail.com (nunzky)
Date: Sun, 2 Mar 2008 17:57:20 -0800 (PST)
Subject: GnuPG (win32) on a USB stick
Message-ID: <15796380.post@talk.nabble.com>


Hi,

I want to keep GnuPG on a USB stick to use at school and on other people's
computers (all windows). However, GPG, when run, creates the keyrings and
conf files on the HDD (documents and settings\appdata). Is it possible to
avoid this behavior and have GnuPG write those files, say, in its own dir on
my usb stick? How would I do this?

Also, this would probably have to involve me keeping my private key on the
usb stick, protected only by a passphrase. How secure is this? Are there any
better ways to do it?

Thanks in advance.
-- 
View this message in context: http://www.nabble.com/GnuPG-%28win32%29-on-a-USB-stick-tp15796380p15796380.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From rjh at sixdemonbag.org  Mon Mar  3 03:15:20 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 02 Mar 2008 20:15:20 -0600
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <15796380.post@talk.nabble.com>
References: <15796380.post@talk.nabble.com>
Message-ID: <47CB5F38.3070407@sixdemonbag.org>

nunzky wrote:
> Also, this would probably have to involve me keeping my private key on the
> usb stick, protected only by a passphrase. How secure is this? Are there any
> better ways to do it?

As a rule of thumb, never do any sensitive computer operations on a 
computer you don't completely trust.

If you think the computers in your campus's IT kiosks are safe and 
pristine, then this idea is probably reasonably good.  If you think the 
computers in the kiosks are exposed to a host of unsafe web browsing 
habits, malware and stupid users 24/7, you may want to rethink this plan.



From JPClizbe at tx.rr.com  Mon Mar  3 03:47:34 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Sun, 02 Mar 2008 20:47:34 -0600
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <15796380.post@talk.nabble.com>
References: <15796380.post@talk.nabble.com>
Message-ID: <47CB66C6.1030608@tx.rr.com>

nunzky wrote:
> Hi,
> 
> I want to keep GnuPG on a USB stick to use at school and on other people's
> computers (all windows). However, GPG, when run, creates the keyrings and
> conf files on the HDD (documents and settings\appdata). Is it possible to
> avoid this behavior and have GnuPG write those files, say, in its own dir on
> my usb stick? How would I do this?
>

set GNUPGHOME=x:\location\you\want

-- 
John P. Clizbe                   Inet:   JPClizbe (a)tx DAWT rr DAHT con
Ginger Bear Networks             hkp:\\keyserver.gingerbear.net  or
Send email with subject help to  pgp-public-keys at keyserver.gingerbear.net
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080302/e0295e3d/attachment.pgp>

From jmoore3rd at bellsouth.net  Mon Mar  3 05:39:27 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 02 Mar 2008 23:39:27 -0500
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <15796380.post@talk.nabble.com>
References: <15796380.post@talk.nabble.com>
Message-ID: <47CB80FF.7000507@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

nunzky wrote:

> I want to keep GnuPG on a USB stick to use at school and on other people's
> computers (all windows). However, GPG, when run, creates the keyrings and
> conf files on the HDD (documents and settings\appdata). Is it possible to
> avoid this behavior and have GnuPG write those files, say, in its own dir on
> my usb stick? How would I do this?

2 ways are easily available depending upon the size of Your Flash Drive.
 You could use GPG2GO and do everything from the Command Line or You
could simply Copy Your GnuPG Directory/Folder to the Flash Drive and
then use the GPGshell Portable Utility [located at the bottom of the
Start Menu list] and then run with a GUI.
http://www.jumaros.de/rsoft/index.html

> Also, this would probably have to involve me keeping my private key on the
> usb stick, protected only by a passphrase. How secure is this? Are there any
> better ways to do it?

How secure is Your passphrase?

Robert already covered the issues involved in using an untrusted PC.
Also keep in mind that not having control over the PC also means no
Control over the Swap File, whether or not any Keyloggers are present,
etc.  Another consideration is that many Public PC's have the ability to
launch any .exe File blocked.  This is particularly true in Library's
and other places where there is a concern that Students will attempt to
install malware, etc.

If You are just going to be using the USB Drive for Email then there are
Applications like Mobility Email & Portable Thunderbird w/Enigmail + GnuPG.

JOHN ;)
Timestamp: Sunday 02 Mar 2008, 23:38  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHy4D9AAoJEBCGy9eAtCsPh7gH/0P/dn8rAjzuaExpi5M7sOuQ
/uB8A+zJAefcVmWKTWxhY9d27s/PK7hmbYAN8Z2o5adIwgms40Z7qUhK1u0nA9iT
ZPD+vZekLVkoRJri3akcQiG6AfaIxqsU5rsDyEX3FWLpHItbONnGZjRSK0qDQUcc
LF9Sm99qoDwuKQh2x45Qf8S0cVQTwya6eKTaji1wglTpMnXXLopY8zTItRPw+eL4
EBRdWNkTrxvatqVVRUiHuHSFTERQHVKRSbSl2yqHZUW/BK42XkHiUdbRrVf36rtj
G0LC243nwRO0FJf9Re3ETwdgm4Z9H9F5bGHrXit0fhFeVbvTgnVR+DfUKMiwKRU=
=Hr+D
-----END PGP SIGNATURE-----


From email at sven-radde.de  Mon Mar  3 07:00:54 2008
From: email at sven-radde.de (Sven Radde)
Date: Mon, 03 Mar 2008 07:00:54 +0100
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <15796380.post@talk.nabble.com>
References: <15796380.post@talk.nabble.com>
Message-ID: <47CB9416.3060105@sven-radde.de>

Hi!

nunzky schrieb:
> However, GPG, when run, creates the keyrings and
> conf files on the HDD (documents and settings\appdata). Is it possible to
> avoid this behavior and have GnuPG write those files, say, in its own dir on
> my usb stick? How would I do this?
>   
Try using "--homedir U:\path\to\your\keyrings" as an option to every 
call to gpg, where U: is the drive letter of your USB stick.
> How secure is this? Are there any
> better ways to do it?
The OpenPGP smartcard might be an idea if you can get it to work on the 
computers where you want to use GnuPG. While this is better than relying 
on keyfiles with passphrases (which might easily be sniffed by a 
keylogger), it still is not 100% secure on a wholly untrustworthy system.
Another option would be to boot into a dedicated system from CD. Knoppix 
or the like. The risk here is a hardware keylogger. Furthermore, 
depending on the (W)LAN setup, you won't easily have network 
connectivity and, of course, it is inconvenient.

This is the general tradeoff: Security vs. convenience.

HTH, Sven


From bahamut at digital-signal.net  Mon Mar  3 17:32:24 2008
From: bahamut at digital-signal.net (Andrew Berg)
Date: Mon, 03 Mar 2008 10:32:24 -0600
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <47CB66C6.1030608@tx.rr.com>
References: <15796380.post@talk.nabble.com> <47CB66C6.1030608@tx.rr.com>
Message-ID: <47CC2818.9020201@digital-signal.net>

John Clizbe wrote:
> set GNUPGHOME=x:\location\you\want
>   

It would be inconvenient (and inconsiderate to the host machine's 
owner(s)) to set an environment variable on every machine encountered, 
wouldn't it? Sven's idea is much better, I think.


From vedaal at hush.com  Mon Mar  3 17:11:46 2008
From: vedaal at hush.com (vedaal at hush.com)
Date: Mon, 03 Mar 2008 11:11:46 -0500
Subject: GnuPG (win32) on a USB stick
Message-ID: <20080303161147.3A2D015803F@mailserver6.hushmail.com>

nunzky (funkdude at gmail.com)
wrote on Mon Mar 3 02:57:20 CET 2008 :

>Is it possible to avoid this behavior 
>and have GnuPG write those files, say, 
>in its own dir on my usb stick?
...
>this would probably have to involve 
>me keeping my private key on the usb stick, 
>protected only by a passphrase. 
>How secure is this? 
>Are there any better ways to do it?

in general,
the simplest, most secure way,
is to keep gnupg on your laptop,
and use the usb to transfer files from the public computer
to your laptop and back again

encrypting and decrypting while directly connected to a public 
computer,
runs a very real risk of having the plaintext stored in some 
recoverable form on that computer

(i would recommend a Toshiba Libretto,
that you can literally have physical control over,
at all times)
http://www.pcmag.com/article2/0,2817,1788012,00.asp

if you don't have a laptop,
and need to work from a public computer, and a usb,
here are some guidelines:

[1] generate a new gnupg key, with a comment, 'usb key',
and keep this in a separate keyring (not the the keyring with your 
'real' secret keys)

if you have any concern that this becomes compromised,
you can revoke it, without compromising your 'real' keys

(this is also a common courtesy to people who send encrypted mail 
to you

they are entrusting their secret/personal correspondence to you, 
and need to know how much they can 'trust' you

'trust' is this context,
refers to 'skill and judgment', 
not 'integrity'
[ you can 'trust' someone with your life and money,
but not to drive your BMW, 
if you don't think they have enough experience with a stickshift ] )

[2] keep the keyrings and the entire gnupg program in a truecrypt 
container on the usb
this has two advantages:
(a) it protects your keyrings
(b) it allows you to pick a drive letter that will stay the same 
regardless of the hardware differences of the various public 
computers

(i.e., you can mount the truecrypt container as drive Z,
and have all the entries in your gpg.conf refer to z:\gnupg,
and never have to change it)
truecrypt can be run in traveller mode from a usb, 
without having it installed on the host computer

[3]copy the entire gnupg directory from your home computer,
into the truecrypt container

[4] put these lines into your gpg.conf file:
no-default-keyring
keyring z:\gnupg\pubring.gpg
secret-keyring z:\gnupg\secring.gpg
(use your 'new' keyrings with the special 'usb key')

[5] open notepad and types these lines:
command com
z:
cd gnupg

save this as gusb.bat in your truecrypt container

whenever you want to run gnupg from the usb,
(and have already mounted the truecrypt container as drive z:)
double-clicking on gusb.bat
opens a dos commandline window

check it by typing gpg -h
if the gnupg version and guide appears, then you're ready

[6] minor recommendation,
(i don't know how much it would help)

get (free) editpad lite:
http://www.editpadpro.com/editpadlite.html

it can be run from the usb by just copying the file EditPadLite.exe

you can compose any correspondence from editpadlite, without using 
any of the host computers software (e.g. word, wordpad, notepad, 
etc.),
and there 'might' be less chance of the plaintext being saved on 
the host computer by some file journaling system)


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link


--
Click here for free information on how to reduce your debt by filing for bankruptcy.
http://tagline.hushmail.com/fc/Ioyw6h4elLy0MGS8ZpnSGLSkChVTeOgJgP9vCEPIVuo6a1yK8Ibamr/



From vedaal at hush.com  Mon Mar  3 18:36:56 2008
From: vedaal at hush.com (vedaal at hush.com)
Date: Mon, 03 Mar 2008 12:36:56 -0500
Subject: GnuPG (win32) on a USB stick //  forgot a line, sorry  //  ;-((
Message-ID: <20080303173656.83EF415803E@mailserver6.hushmail.com>

vedaal at hush.com (vedaal at hush.com)
wrote on Mon Mar 3 17:11:46 CET 2008 :

>[5] open notepad and types these lines:
>command com
>z:
>cd gnupg

sorry, forgot a line ;-((

it should be:

set GNUPGHOME=z:\gnupg
command com
z:
cd gnupg


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link


--
Make them pay.  If you've been a victim of medical malpractice, click here to contact a lawyer.
http://tagline.hushmail.com/fc/Ioyw6h4fOjquaOZyScN9vIuKxVUXKTzlkiXjBy0q0gNJkwzZZsLUpp/



From maury.markowitz at gmail.com  Mon Mar  3 17:44:29 2008
From: maury.markowitz at gmail.com (Maury Markowitz)
Date: Mon, 3 Mar 2008 11:44:29 -0500
Subject: _almost_ working, now a command line question...
In-Reply-To: <5bdbc9050803010647h3725d562i69f1a8387121ba59@mail.gmail.com>
References: <5bdbc9050802291210yb9333ccr4d86c867ba1b5e96@mail.gmail.com>
	<47C89324.9050204@tx.rr.com>
	<5bdbc9050803010647h3725d562i69f1a8387121ba59@mail.gmail.com>
Message-ID: <5bdbc9050803030844l5630fcf2qcc4a74934f5aa297@mail.gmail.com>

Holy smokes, this is much more annoying than I thought possible!

Using either the | and < methods of passing in the passphrase works
from the CMD window and I can decrypt the file fine. Even cutting and
pasting the command string in works fine.

But when I shell the exact same line of text (which is where I cut it
from) into the VBA Shell command, which I do for literally dozens of
tasks, it does not work. GPG puts up the message:

Reading passphrase from file descriptor 0 ...

And then just sits there. Perhaps I can't call a pipe or redirect in
the VBA shell command; if try I'm pretty much sunk unless I can get
--passphrase-file to work. And it doesn't.

Is --passphrase-file a feature of 2.0 only? If so, is there somewhere
where I can get a compiled windows binary of it?

Maury


From vedaal at hush.com  Mon Mar  3 18:53:57 2008
From: vedaal at hush.com (vedaal at hush.com)
Date: Mon, 03 Mar 2008 12:53:57 -0500
Subject: _almost_ working, now a command line question...
Message-ID: <20080303175400.0678F15803E@mailserver6.hushmail.com>

Maury Markowitz (maury.markowitz at gmail.com)
wrote on Mon Mar 3 17:44:29 CET 2008 :

>Reading passphrase from file descriptor 0 ...

>And then just sits there. Perhaps I can't call a pipe or redirect 
in
>the VBA shell command; if try I'm pretty much sunk unless I can get
>--passphrase-file to work. And it doesn't.

try this instead of --passphrase-file

--passphrase string
where 'string' is your actual passphrase


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link


--
Study law at a school near you.  Click for more info.
http://tagline.hushmail.com/fc/Ioyw6h4fKhB6woOND8XrZNYjtiE674DR6zTihOxTinc29rbkOp7MLd/



From avi.wiki at gmail.com  Mon Mar  3 17:54:27 2008
From: avi.wiki at gmail.com (Avi)
Date: Mon, 3 Mar 2008 11:54:27 -0500
Subject: GnuPG (win32) on a USB stick
Message-ID: <27ee9bfb0803030854h271687b8s8b7cc0e9e15607d7@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Personally, I am using GPGShell, which, once installed, has a
small app called Copy2USB that mounts a completely self-
contained GnuPG and GPGShell system on the stick, which I take
with me.

See http://www.jumaros.de/rsoft/index.html

Thanks,

- --Avi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32) - GPGshell v3.64

iEYEAREDAAYFAkfMLSoACgkQy6A/RnheoilMIQCdFAq1i1ALaLYrmz8VDG0jwjc2
KNEAn3LMcbkmiMMh8ycp0v/Lsi6kgxrw
=6wUh
-----END PGP SIGNATURE-----

-- 
en:User:Avraham
----
pub 1024D/785EA229 3/6/2007 Avi (Wikipedia-related) <aviwiki at gmail.com>
   Primary key fingerprint:  D233 20E7 0697 C3BC 4445 7D45 CBA0 3F46 785E
A229
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080303/195f1a68/attachment.htm>

From maury.markowitz at gmail.com  Mon Mar  3 20:27:35 2008
From: maury.markowitz at gmail.com (Maury Markowitz)
Date: Mon, 3 Mar 2008 14:27:35 -0500
Subject: _almost_ working, now a command line question...
In-Reply-To: <20080303175400.0678F15803E@mailserver6.hushmail.com>
References: <20080303175400.0678F15803E@mailserver6.hushmail.com>
Message-ID: <5bdbc9050803031127x1c43195dr3f4c67cc7d4c6b83@mail.gmail.com>

On Mon, Mar 3, 2008 at 12:53 PM,  <vedaal at hush.com> wrote:
>  --passphrase string
>  where 'string' is your actual passphrase

Worth a try, but:

gpg: failed to translate osfhandle 0000004A

Maury


From SeidlS at schneider.com  Mon Mar  3 20:25:58 2008
From: SeidlS at schneider.com (SeidlS at schneider.com)
Date: Mon, 3 Mar 2008 13:25:58 -0600
Subject: _almost_ working, now a command line question...
In-Reply-To: <20080303175400.0678F15803E@mailserver6.hushmail.com>
Message-ID: <OF1B9E261F.43F2202E-ON86257401.0069E3B3-86257401.006ABFA0@schneider.com>

Vedaal,

This works well if your willing to have the passphrase in the code base
calling GnuPG, but I'm not allowed to.  Instead I will be using a file with
the permissions restricted.   I will be able to get around this once
development is complete, as this is only being tested on my windows
machine, but will be deployed to Unix type server where the
---passphrase-file option is supported.


Thanks
Scott S.


                                                                           
             <vedaal at hush.com>                                             
             Sent by:                                                      
             gnupg-users-bounc                                          To 
             es+seidls=schneid         "gnupg" <gnupg-users at gnupg.org>     
             er.com at gnupg.org                                           cc 
                                                                           
                                                                   Subject 
             03/03/2008 11:53          re:  _almost_ working, now a        
             AM                        command line question...            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Maury Markowitz (maury.markowitz at gmail.com)
wrote on Mon Mar 3 17:44:29 CET 2008 :

>Reading passphrase from file descriptor 0 ...

>And then just sits there. Perhaps I can't call a pipe or redirect
in
>the VBA shell command; if try I'm pretty much sunk unless I can get
>--passphrase-file to work. And it doesn't.

try this instead of --passphrase-file

--passphrase string
where 'string' is your actual passphrase


vedaal

any ads or links below this message are added by hushmail without
my endorsement or awareness of the nature of the link


--
Study law at a school near you.  Click for more info.
http://tagline.hushmail.com/fc/Ioyw6h4fKhB6woOND8XrZNYjtiE674DR6zTihOxTinc29rbkOp7MLd/



_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users




From JPClizbe at tx.rr.com  Mon Mar  3 22:55:08 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Mon, 03 Mar 2008 15:55:08 -0600
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <47CC2818.9020201@digital-signal.net>
References: <15796380.post@talk.nabble.com> <47CB66C6.1030608@tx.rr.com>
	<47CC2818.9020201@digital-signal.net>
Message-ID: <47CC73BC.9020005@tx.rr.com>

Andrew Berg wrote:
> John Clizbe wrote:
>> set GNUPGHOME=x:\location\you\want
>>   
> 
> It would be inconvenient (and inconsiderate to the host machine's 
> owner(s)) to set an environment variable on every machine encountered, 
> wouldn't it? Sven's idea is much better, I think.

And it shows a clear lack of understanding to think that a SET command at a
Windows command prompt sets an environment variable permanently or globally. The
variable exists in the process environment that invoked the command and those
processes invoked from it.

"Changes made using the SET command are NOT permanent, they apply to the current
CMD prompt only and remain only until the CMD window is closed."
      - http://www.ss64.com/nt/set.html

Setting GNUPGHOME is the equivalent of specifying
"--homedir U:\path\to\your\keyrings", but without the need to type (and possibly
 mistype) it every time GnuPG is invoked.

-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080303/90f704a9/attachment-0001.pgp>

From JPClizbe at tx.rr.com  Mon Mar  3 23:23:25 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Mon, 03 Mar 2008 16:23:25 -0600
Subject: _almost_ working, now a command line question...
In-Reply-To: <5bdbc9050803030844l5630fcf2qcc4a74934f5aa297@mail.gmail.com>
References: <5bdbc9050802291210yb9333ccr4d86c867ba1b5e96@mail.gmail.com>	<47C89324.9050204@tx.rr.com>	<5bdbc9050803010647h3725d562i69f1a8387121ba59@mail.gmail.com>
	<5bdbc9050803030844l5630fcf2qcc4a74934f5aa297@mail.gmail.com>
Message-ID: <47CC7A5D.8010905@tx.rr.com>

Maury Markowitz wrote:
> And then just sits there. Perhaps I can't call a pipe or redirect in
> the VBA shell command; if try I'm pretty much sunk unless I can get
> --passphrase-file to work. And it doesn't.

Option order is sometimes important

> Is --passphrase-file a feature of 2.0 only? If so, is there somewhere
> where I can get a compiled windows binary of it?

Been a part of gnupg 1.x for ages. I tested it on XP with GnuPG 1.4.8

gpg --batch --passphrase-file <> --output <> --decrypt <>

Here's a test I just did in %TEMP%:

gpg --batch --passphrase-file passphr --output ptshowdown.decrpt.bmp --decrypt
ptshowdown.bmp.asc
gpg: encrypted with 2048-bit ELG-E key, ID EF4010D2, created 2003-03-06
      "John P. Clizbe <snip>"

The passphrase file passphr was created with Cygwin's 'echo -n'

There is yet no binary of GnuPG 2.0 for windows

-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net or
Send email with subject HELP to  pgp-public-keys at keyserver.gingerbear.net

"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080303/d8341914/attachment.pgp>

From neal.dudley at utoledo.edu  Mon Mar  3 22:59:31 2008
From: neal.dudley at utoledo.edu (Neal Dudley)
Date: Mon, 03 Mar 2008 16:59:31 -0500
Subject: Question on subkeys usage and OpenPGP card.  - warning, quite lengthy
Message-ID: <C3F1DEF3.A52%neal.dudley@utoledo.edu>

Why can keys not be signed with a signing subkey rather than a primary
signing key?  I just learned of this after going to my first signing party.
Perhaps I have misunderstood the purpose of subkeys.

I have read that it is good practice to create a primary signing key, and
then use subkeys on the card.  This is the recommended method for setup of
the FSFE card, which is just a fancy skin on the OpenPGP card.  My problem
is that now I have a DSA primary key on trusted media in a safe location,
which I have to retrieve for any key signing I want to perform.  I cannot
simply sign the keys with the signing subkey stored on my OpenPGP card.

Are there any security implications for using the same signing key for
normal document signing *and* key signing?

Would it be any less secure to:
1) generate the primary signing key as a 1024 bit RSA key,
2) create the encryption and authentication keys as 1024 bit RSA subkeys of
the signing key, and
3) copy all of these keys to the OpenPGP card?

I would also create all the keys using a machine with no network interfaces,
booted from a trusted livecd.  This procedure should allow me to make a
backup copy of my private keys to removable media (usb drive or burn a CD),
just in case the card is somehow damaged.  It would also afford me the
security and usefulness of the card for everyday use (as well as allow me to
sign keys using the card).  However, then I have to go meet everyone again
to sign my new primary signing key.

This brings me to my last question.  Let us assume that I create a primary
signing key with an expiration.  I then get that key signed by several
people.  When the expiration date is near, do I simply create a new signing
key and sign it with the original key (before it expires, of course)?  Is
the new key then considered just as trusted as the original key, which has
all the signatures on it?  Is there any method for transferring the
signatures to the new key, or would the new key have to be resigned by
everyone that signed the original?  Using the default WoT model, doesn't
this mean that every third time the key is renewed, it would not be trusted
and would need to be resigned by everyone that signed the previous key?
Yes, I have RTFM, and several mailing list postings, but I'm still a bit
unclear on these questions.

If you are still reading this - thank you for your time!  I look forward to
your reply.



From funkdude at gmail.com  Tue Mar  4 00:02:02 2008
From: funkdude at gmail.com (nunzky)
Date: Mon, 3 Mar 2008 15:02:02 -0800 (PST)
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <15796380.post@talk.nabble.com>
References: <15796380.post@talk.nabble.com>
Message-ID: <15816320.post@talk.nabble.com>


Thanks everyone of you, you have greatly enlightened me concerning the
security risks associated with my endeavor. I will have to rethink my plans,
but for now, I think John's idea of setting GNUPGHOME seems like the best
idea to me.

However, for convenience, I'd like to maybe use a batch file to set it and
open a command prompt. This would require me to be able to set it to a
relative path (ie, not have to specify a drive letter, as it will change).
Is this possible?

As for GPGShell, it seems pretty good, but I'd prefer to just keep my old
command line if I can.

The last version of GPG2Go I could find is 1.4.1, which seems pretty
outdated. Also, the author says it is the exact same thing as the official
gnupg except repackaged as a zip. Which doesn't solve the problem of gpg
writing to local disks by default.
-- 
View this message in context: http://www.nabble.com/GnuPG-%28win32%29-on-a-USB-stick-tp15796380p15816320.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From vedaal at hush.com  Tue Mar  4 01:20:31 2008
From: vedaal at hush.com (vedaal at hush.com)
Date: Mon, 03 Mar 2008 19:20:31 -0500
Subject: GnuPG (win32) on a USB stick
Message-ID: <20080304002031.87703D0102@mailserver10.hushmail.com>

nunzky (funkdude at gmail.com)
wrote on Tue Mar 4 00:02:02 CET 2008 :

>However, for convenience, 
>I'd like to maybe use a batch file to set it and
>open a command prompt. 
>This would require me to be able to set it to a
relative path 
>(ie, not have to specify a drive letter, as it will change).
>Is this possible?

easily


[1] make a directory called GNUPG on your usb,
and copy all the gnupg files into it

[2] make the following batch file:

set GNUPGHOME=gnupg
command.com

[3] save this .bat file in the GNUPG directory in your usb

double-clicking on the .bat file
gets you to a command prompt within gnupg,
ready for all gpg commands


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link




From dshaw at jabberwocky.com  Tue Mar  4 01:47:01 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 3 Mar 2008 19:47:01 -0500
Subject: Question on subkeys usage and OpenPGP card.  - warning,
	quite lengthy
In-Reply-To: <C3F1DEF3.A52%neal.dudley@utoledo.edu>
References: <C3F1DEF3.A52%neal.dudley@utoledo.edu>
Message-ID: <77AA3ACC-961E-4459-B41C-127A9011009E@jabberwocky.com>

On Mar 3, 2008, at 4:59 PM, Neal Dudley wrote:

> I have read that it is good practice to create a primary signing  
> key, and
> then use subkeys on the card.  This is the recommended method for  
> setup of
> the FSFE card, which is just a fancy skin on the OpenPGP card.  My  
> problem
> is that now I have a DSA primary key on trusted media in a safe  
> location,
> which I have to retrieve for any key signing I want to perform.  I  
> cannot
> simply sign the keys with the signing subkey stored on my OpenPGP  
> card.
>
> Are there any security implications for using the same signing key for
> normal document signing *and* key signing?

There are only minor security implications to this.  The main reason  
why you use the primary key to sign keys (called "certification", by  
the way) is semantic.  Identity in OpenPGP is a key plus a user ID.   
That key, given the way keys are laid out, is the primary.  The  
primary is what certifies (self signs) the user ID.

It is mathematically possible to certify a user ID with a subkey, but  
semantically that subkey isn't part of your identity, so the  
certification is not used.

> This brings me to my last question.  Let us assume that I create a  
> primary
> signing key with an expiration.  I then get that key signed by several
> people.  When the expiration date is near, do I simply create a new  
> signing
> key and sign it with the original key (before it expires, of  
> course)?  Is
> the new key then considered just as trusted as the original key,  
> which has
> all the signatures on it?  Is there any method for transferring the
> signatures to the new key, or would the new key have to be resigned by
> everyone that signed the original?  Using the default WoT model,  
> doesn't
> this mean that every third time the key is renewed, it would not be  
> trusted
> and would need to be resigned by everyone that signed the previous  
> key?

No, you do not need to make a new key or do anything like that.  If  
and when your key expires, you can simply extend the expiration date  
as needed.  OpenPGP has "soft" key expiration that can be changed at  
will by the keyholder.

David



From jmoore3rd at bellsouth.net  Tue Mar  4 02:48:19 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Mon, 03 Mar 2008 20:48:19 -0500
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <15816320.post@talk.nabble.com>
References: <15796380.post@talk.nabble.com> <15816320.post@talk.nabble.com>
Message-ID: <47CCAA63.1010209@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

nunzky wrote:

> The last version of GPG2Go I could find is 1.4.1, which seems pretty
> outdated.

My Bad.  I shall Update the Binaries to 1.4.8 tonight and they should be
available by this time tomorrow.  I admit that I am abysmally slow as a
Maintainer. :-[

If Your USB Drive is large enough I could send You the requisite Files
direct for GPG2GO and I won't UPX then which will make for slightly
faster access function.  GPG2GO was originally designed for use from a
3.5 Floppy Drive. :)

JOHN ;)
Timestamp: Monday 03 Mar 2008, 20:47  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHzKpiAAoJEBCGy9eAtCsPr9UH/RfywFsaJStYSMgLUcLPx81h
hepNlNb3k0WP8y4JgVhfYJaTroqyyxuL4uD7ZsQk2j6P46i6k+Y1LtdAt18/mDIi
HEjEyXcI0FhltuvIqd6QvC4dqyCRoFilr8QMWQrlkl7mrpLxHVnB9zfTtsMV+4jZ
h7iBbxyfLOzc1i6zHQa2IVKjWPWolhKsCrmdAe0Mli6MBwk6y75RPWupD636bbqa
EIM34GYyq6RP6f6zVPjedPURB1nqtyFHCp3wcyPhxk1UB8fns6X93zNF/38xtdl8
NH0FmPfmZ1tg0ShJkgJh45k+JlOzI/3umct90l5DLUDoE9zrGAPfdOb+IKDoF74=
=VRzq
-----END PGP SIGNATURE-----


From SeidlS at schneider.com  Mon Mar  3 23:41:26 2008
From: SeidlS at schneider.com (SeidlS at schneider.com)
Date: Mon, 3 Mar 2008 16:41:26 -0600
Subject: _almost_ working, now a command line question...
In-Reply-To: <47CC7A5D.8010905@tx.rr.com>
Message-ID: <OF864109FF.24120FD9-ON86257401.007C786D-86257401.007CA4BD@schneider.com>

Can you try it when streaming data to GnuPG?  The following command did not
work for me:

echo TEST |gpg --clearsign -a --passphrase-file passfile

Output:
Reading passphrase from file descriptor 3

You need a passphrase to unlock the secret key for
user: "XXXXXXX"
1024-bit DSA key, ID XXXXXXX, created 2008-01-29

gpg: no default secret key: bad passphrase
gpg: [stdin]: clearsign failed: bad passphrase




Thanks
Scott S


                                                                           
             John Clizbe                                                   
             <JPClizbe at tx.rr.c                                             
             om>                                                        To 
             Sent by:                  Maury Markowitz                     
             gnupg-users-bounc         <maury.markowitz at gmail.com>, GnuPG  
             es at gnupg.org              Users <gnupg-users at gnupg.org>       
                                                                        cc 
                                                                           
             03/03/2008 04:23                                      Subject 
             PM                        Re: _almost_ working, now a command 
                                       line question...                    
                                                                           
             Please respond to                                             
                GnuPG Users                                                
             <gnupg-users at gnup                                             
                  g.org>                                                   
                                                                           
                                                                           




Maury Markowitz wrote:
> And then just sits there. Perhaps I can't call a pipe or redirect in
> the VBA shell command; if try I'm pretty much sunk unless I can get
> --passphrase-file to work. And it doesn't.

Option order is sometimes important

> Is --passphrase-file a feature of 2.0 only? If so, is there somewhere
> where I can get a compiled windows binary of it?

Been a part of gnupg 1.x for ages. I tested it on XP with GnuPG 1.4.8

gpg --batch --passphrase-file <> --output <> --decrypt <>

Here's a test I just did in %TEMP%:

gpg --batch --passphrase-file passphr --output ptshowdown.decrpt.bmp
--decrypt
ptshowdown.bmp.asc
gpg: encrypted with 2048-bit ELG-E key, ID EF4010D2, created 2003-03-06
      "John P. Clizbe <snip>"

The passphrase file passphr was created with Cygwin's 'echo -n'

There is yet no binary of GnuPG 2.0 for windows

--
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net or
Send email with subject HELP to  pgp-public-keys at keyserver.gingerbear.net

"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

(See attached file: signature.asc)
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/octet-stream
Size: 672 bytes
Desc: not available
URL: </pipermail/attachments/20080303/fcc35fe7/attachment.obj>

From JPClizbe at tx.rr.com  Tue Mar  4 06:29:47 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Mon, 03 Mar 2008 23:29:47 -0600
Subject: _almost_ working, now a command line question...
In-Reply-To: <OF864109FF.24120FD9-ON86257401.007C786D-86257401.007CA4BD@schneider.com>
References: <OF864109FF.24120FD9-ON86257401.007C786D-86257401.007CA4BD@schneider.com>
Message-ID: <47CCDE4B.3080800@tx.rr.com>

SeidlS at schneider.com wrote:
> Can you try it when streaming data to GnuPG?  The following command did not
> work for me:
> 
> echo TEST |gpg --clearsign -a --passphrase-file passfile
> 
> Output:
> Reading passphrase from file descriptor 3
> 
> You need a passphrase to unlock the secret key for
> user: "XXXXXXX"
> 1024-bit DSA key, ID XXXXXXX, created 2008-01-29
> 
> gpg: no default secret key: bad passphrase
> gpg: [stdin]: clearsign failed: bad passphrase

Scott,

I had the same type of passfile error when I created the file using Windows ECHO
which sticks <CR><LF> on the end.

Does running DIR or ls -l on the passphrase file show it to be longer than it
actually is? (Add one byte for end-of-file plus one for CR and another for LF)

You can run a hex dump utility such as dump from the cygutils package to verify
this. The last bytes will be 0D 0A for CR-LF. You can get cygutils from :
http://gnuwin32.sourceforge.net/packages/cygutils.htm

If so, running dos2unix on passfile /may/ solve things. It's available from a
variety of sources. The GnuWin32 project is a handy source - it's also in the
cygutils package. It worked for me with the other batch decrypt problem
yesterday, but not yours today.

Using the Gnu version of echo with the suppress newline option 'echo -n' to
create passfile is also an option, probably the best. echo is part of the
coreutils package and is also available from the GnuWin32 project:
http://gnuwin32.sourceforge.net/packages/coreutils.htm

Using 'echo -n' to create passfile is what worked for me using your command from
above. passfile was created with

   <drive>:\path\to\echo -n passphrase > passfile

DIR showed passfile to be exactly the same length as the passphrase.

C:\WINDOWS\Temp>echo TEST |gpg --clearsign -a --passphrase-file passfile
Reading passphrase from file descriptor 3

You need a passphrase to unlock the secret key for
user: "John P. Clizbe <JPClizbe at Earthlink.net>"
1024-bit DSA key, ID 608D2A10, created 2003-03-06

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TEST
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (WinXP Pent3)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the ?33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.

iEYEARECAAYFAkfM0doACgkQHQSsSmCNKhAEJACgwOGzO7EdW2g+4PeTeCmzCnNB
e54An06ZsePo75r6qrMO4+5jS87TqM3S
=5aOz
-----END PGP SIGNATURE-----



-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net or
Send email with subject HELP to  pgp-public-keys at keyserver.gingerbear.net

"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080303/2c1f3457/attachment-0001.pgp>

From elmer.espinosa at gmail.com  Tue Mar  4 06:34:07 2008
From: elmer.espinosa at gmail.com (Elmer Espinosa)
Date: Tue, 4 Mar 2008 13:34:07 +0800
Subject: Command to decrypt the file
Message-ID: <78f71be20803032134l70311365o6064502770783b03@mail.gmail.com>

I'm new with GNUPG. I used the command gpg -s file to encrypt the file. to
decrpyt the file I used gpg -d file, but the output appear only in the
command prompt I was to save it in my local disk I've tried adding the path
of the file but it doesn't work any can help me with this.

Thanks,
Elmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080304/f97b9e39/attachment.htm>

From email at sven-radde.de  Tue Mar  4 07:06:15 2008
From: email at sven-radde.de (Sven Radde)
Date: Tue, 04 Mar 2008 07:06:15 +0100
Subject: _almost_ working, now a command line question...
In-Reply-To: <47CCDE4B.3080800@tx.rr.com>
References: <OF864109FF.24120FD9-ON86257401.007C786D-86257401.007CA4BD@schneider.com>
	<47CCDE4B.3080800@tx.rr.com>
Message-ID: <47CCE6D7.4070100@sven-radde.de>

Hi!

John Clizbe schrieb:
>  Using the Gnu version of echo with the suppress newline option 'echo 
-n' to
>  create passfile is also an option, probably the best.

FWIW, I just created a text file using *notepad*, containing 
"1234567890" (without pressing enter after that line, and without the 
quotes) and the length is shown to be exactly 10 bytes (by 
rightclick-properties and dir).
This file can be used as --passphrase-file for a key that I generated to 
use 1234567890 as passphrase.

cu, Sven


From neal.dudley at utoledo.edu  Tue Mar  4 07:07:19 2008
From: neal.dudley at utoledo.edu (Neal Dudley)
Date: Tue, 04 Mar 2008 01:07:19 -0500
Subject: Question on subkeys usage and OpenPGP card.  - warning, quite
	lengthy
In-Reply-To: <77AA3ACC-961E-4459-B41C-127A9011009E@jabberwocky.com>
Message-ID: <C3F25147.A60%neal.dudley@utoledo.edu>

Sounds like I should just regenerate a new 1024 bit RSA primary signing key
and copy it to the card (and an encryption subkey as well, of course).

Thank you for your help!


On 3/3/08 7:47 PM, "David Shaw" <dshaw at jabberwocky.com> wrote:

> On Mar 3, 2008, at 4:59 PM, Neal Dudley wrote:
> 
>> I have read that it is good practice to create a primary signing
>> key, and
>> then use subkeys on the card.  This is the recommended method for
>> setup of
>> the FSFE card, which is just a fancy skin on the OpenPGP card.  My
>> problem
>> is that now I have a DSA primary key on trusted media in a safe
>> location,
>> which I have to retrieve for any key signing I want to perform.  I
>> cannot
>> simply sign the keys with the signing subkey stored on my OpenPGP
>> card.
>> 
>> Are there any security implications for using the same signing key for
>> normal document signing *and* key signing?
> 
> There are only minor security implications to this.  The main reason
> why you use the primary key to sign keys (called "certification", by
> the way) is semantic.  Identity in OpenPGP is a key plus a user ID.
> That key, given the way keys are laid out, is the primary.  The
> primary is what certifies (self signs) the user ID.
> 
> It is mathematically possible to certify a user ID with a subkey, but
> semantically that subkey isn't part of your identity, so the
> certification is not used.
> 
>> This brings me to my last question.  Let us assume that I create a
>> primary
>> signing key with an expiration.  I then get that key signed by several
>> people.  When the expiration date is near, do I simply create a new
>> signing
>> key and sign it with the original key (before it expires, of
>> course)?  Is
>> the new key then considered just as trusted as the original key,
>> which has
>> all the signatures on it?  Is there any method for transferring the
>> signatures to the new key, or would the new key have to be resigned by
>> everyone that signed the original?  Using the default WoT model,
>> doesn't
>> this mean that every third time the key is renewed, it would not be
>> trusted
>> and would need to be resigned by everyone that signed the previous
>> key?
> 
> No, you do not need to make a new key or do anything like that.  If
> and when your key expires, you can simply extend the expiration date
> as needed.  OpenPGP has "soft" key expiration that can be changed at
> will by the keyholder.
> 
> David
> 



From neal.dudley at utoledo.edu  Tue Mar  4 07:10:58 2008
From: neal.dudley at utoledo.edu (Neal Dudley)
Date: Tue, 04 Mar 2008 01:10:58 -0500
Subject: Command to decrypt the file
In-Reply-To: <78f71be20803032134l70311365o6064502770783b03@mail.gmail.com>
Message-ID: <C3F25222.A64%neal.dudley@utoledo.edu>

On decrypting, add ?--output filename?, or ?-o filename? for the short form,
to output to the file ?filename?.


On 3/4/08 12:34 AM, "Elmer Espinosa" <elmer.espinosa at gmail.com> wrote:

> I'm new with GNUPG. I used the command gpg -s file to encrypt the file. to
> decrpyt the file I used gpg -d file, but the output appear only in the command
> prompt I was to save it in my local disk I've tried adding the path of the
> file but it doesn't work any can help me with this.
>  
> Thanks,
> Elmer
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080304/d321e70e/attachment.htm>

From email at sven-radde.de  Tue Mar  4 07:21:47 2008
From: email at sven-radde.de (Sven Radde)
Date: Tue, 04 Mar 2008 07:21:47 +0100
Subject: Command to decrypt the file
In-Reply-To: <78f71be20803032134l70311365o6064502770783b03@mail.gmail.com>
References: <78f71be20803032134l70311365o6064502770783b03@mail.gmail.com>
Message-ID: <47CCEA7B.8080702@sven-radde.de>

Hi!

Elmer Espinosa schrieb:
> I used the command gpg -s file to encrypt the file.
First of all, I am not quite sure whether you just spelled it wrongly 
here or whether you made a potentially serious mistake.

"gpg -s" does *not* encrypt. It signs your file. "gpg -e" encrypts.
While the outputs of both operations result in a "scrambled" file (that 
look pretty "encrypted" for a newbie), the signed one can be opened by 
anyone with access to your public key. An encrypted one can be opened 
only by using the private keys of the intended recipient(s). You may 
have noticed that you were not asked for your passphrase during your 
decryption attempts...
> to decrpyt the file I used gpg -d file, but the output appear only in 
> the command prompt I was to save it in my local disk
Try "gpg -d $file > $filename-to-save-it-under". Or "gpg -d -o 
$filename-to-save-it-under $file".
You don't have to use the "-d" at all, as GnuPG defaults to the right 
operation (decrypting an encrypted file, verifying a signature, ...). 
Just try "gpg file".

HTH, Sven


From jmoore3rd at bellsouth.net  Tue Mar  4 07:23:12 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 04 Mar 2008 01:23:12 -0500
Subject: Question on subkeys usage and OpenPGP card.  - warning, quite
	lengthy
In-Reply-To: <C3F25147.A60%neal.dudley@utoledo.edu>
References: <C3F25147.A60%neal.dudley@utoledo.edu>
Message-ID: <47CCEAD0.10006@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Neal Dudley wrote:
> Sounds like I should just regenerate a new 1024 bit RSA primary signing key
> and copy it to the card (and an encryption subkey as well, of course).

Please do the World [& Yourself] a favor and generate a Revocation
Certificate for the Key you May abandon.  ;)

If You have 'Sent' the old Key to the Keyservers then Please revoke it
and "Go Green" by helping the 'Key Landfill' a little bit. :)

JOHN 8-)
Timestamp: Tuesday 04 Mar 2008, 01:22  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHzOrOAAoJEBCGy9eAtCsPOn4H/A96qvvv9nqskzdHpXA2DP38
D0Hgq5ZUBBOU7/F2C3OfDpXO/S/BPCsS6f8c4F7M6qnAcVLNoh3zJKs8PdVbMeEa
vQxFHUMvf0EeRXOHy7Q6n14o8ZUb8f/BRXyzo+skCz8OYfIsXjE6FtDrCie64bQJ
1EKg5uY2wllXFVBCOWO0FlSYG67muIP6WkCsFjlz96brx2ptXbReryCOeIIQFmU4
eff5ygIQsE6r87WVietev3t7foD9/3ZOP2azSGbAbC9aG6IYxooTTGPC+cP5DcK5
htiGgeog1vZfYweevtnf1AY9gmnK/SIdB9thWN5VI3O0AYUfbmP9TKqaHKxCJp4=
=nf1n
-----END PGP SIGNATURE-----


From elmer.espinosa at gmail.com  Tue Mar  4 07:43:31 2008
From: elmer.espinosa at gmail.com (Elmer Espinosa)
Date: Tue, 4 Mar 2008 14:43:31 +0800
Subject: Command to decrypt the file
In-Reply-To: <47CCEA7B.8080702@sven-radde.de>
References: <78f71be20803032134l70311365o6064502770783b03@mail.gmail.com>
	<47CCEA7B.8080702@sven-radde.de>
Message-ID: <78f71be20803032243s2e202f17i25acd737fbde5968@mail.gmail.com>

Got it thanks Sven.


On Tue, Mar 4, 2008 at 2:21 PM, Sven Radde <email at sven-radde.de> wrote:

> Hi!
>
> Elmer Espinosa schrieb:
> > I used the command gpg -s file to encrypt the file.
> First of all, I am not quite sure whether you just spelled it wrongly
> here or whether you made a potentially serious mistake.
>
> "gpg -s" does *not* encrypt. It signs your file. "gpg -e" encrypts.
> While the outputs of both operations result in a "scrambled" file (that
> look pretty "encrypted" for a newbie), the signed one can be opened by
> anyone with access to your public key. An encrypted one can be opened
> only by using the private keys of the intended recipient(s). You may
> have noticed that you were not asked for your passphrase during your
> decryption attempts...
> > to decrpyt the file I used gpg -d file, but the output appear only in
> > the command prompt I was to save it in my local disk
> Try "gpg -d $file > $filename-to-save-it-under". Or "gpg -d -o
> $filename-to-save-it-under $file".
> You don't have to use the "-d" at all, as GnuPG defaults to the right
> operation (decrypting an encrypted file, verifying a signature, ...).
> Just try "gpg file".
>
> HTH, Sven
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080304/cba6d253/attachment.htm>

From jmoore3rd at bellsouth.net  Tue Mar  4 12:37:47 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 04 Mar 2008 06:37:47 -0500
Subject: [RFC] gnupg 1.4.5: old default options file ignored
In-Reply-To: <r6eq7r3a.fsf@blue.sea.net>
References: <r6eq7r3a.fsf@blue.sea.net>
Message-ID: <47CD348B.7060608@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jari Aalto wrote:
> [Please keep CC, I'm not in this list]

Please JOIN the List:

Gnupg-devel mailing list
Gnupg-devel at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

I do not 'Say' this to be a Smart-A** but merely to be constructive in
suggestions.  I, personally, consider it rude to query a Forum for
Answers, Feedback and Announce that You have chosen to not participate
beyond personal, instant gratification. >:o

RANT Concluded!

JOHN :-\
Timestamp: Tuesday 04 Mar 2008, 06:37  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHzTSJAAoJEBCGy9eAtCsPjH4H/0TIR7nyyPdSvE0f12A32vKb
gQrEL4XP0Hd7hOqIoish5S/c/2xRG17167d5eYU314EXFsKTlskQkBhTeYZWM1wV
MYqSgY3mPkjxBXI+Bx4eV0iRIlOFqO78o2XDtfXXrZ2W3XTCgpMzOoH0aGfAem56
BI1RzNi5LrZy6oW/BwggSjwZq2IM920Fu2OzqmKlKRIXhOPUmTWfQ9Sc1Hu1m3lg
r9cYX66+I45uNxUvWzfCD7a+RN+9XY4FJb29kLmqw4+pL34DNRtxIghuT7t72+tO
q5XNOPVsi+GhuV8+fkmfG6wzlGWaXSeuPvmmt/OOsxU6mKpt3mkzeKcaeMqcTCw=
=NNbK
-----END PGP SIGNATURE-----


From bahamut at digital-signal.net  Tue Mar  4 17:02:44 2008
From: bahamut at digital-signal.net (Andrew Berg)
Date: Tue, 04 Mar 2008 10:02:44 -0600
Subject: GnuPG (win32) on a USB stick
In-Reply-To: <47CC73BC.9020005@tx.rr.com>
References: <15796380.post@talk.nabble.com>
	<47CB66C6.1030608@tx.rr.com>	<47CC2818.9020201@digital-signal.net>
	<47CC73BC.9020005@tx.rr.com>
Message-ID: <47CD72A4.1010003@digital-signal.net>

John Clizbe wrote:
> Andrew Berg wrote:
>   
>> John Clizbe wrote:
>>     
>>> set GNUPGHOME=x:\location\you\want  
>>>       
>> It would be inconvenient (and inconsiderate to the host machine's 
>> owner(s)) to set an environment variable on every machine encountered, 
>> wouldn't it? Sven's idea is much better, I think.
>>     
> And it shows a clear lack of understanding to think that a SET command at a
> Windows command prompt sets an environment variable permanently or globally. The
> variable exists in the process environment that invoked the command and those
> processes invoked from it.
>   

Actually, it shows that I wasn't thinking quite clearly. For some 
reason, I was thinking of something quite different. Sorry about that.


From nobody at 4096.net  Sun Mar  2 19:38:13 2008
From: nobody at 4096.net (Anonymous)
Date: Sun,  2 Mar 2008 18:38:13 +0000 (UTC)
Subject: Strength of ciphers in PGP?
Message-ID: <4371d557d383d1fa49fad73c2da0c4b4@4096.net>

Do anyone have links to comparisons of the ciphers traditionally used in
PGP (IDEA, CAST5, 3DES). Thank you.



From elmer.espinosa at gmail.com  Mon Mar  3 02:07:47 2008
From: elmer.espinosa at gmail.com (Elmer Espinosa)
Date: Mon, 3 Mar 2008 09:07:47 +0800
Subject: gpg command
Message-ID: <78f71be20803021707n76d42c0fh240bd919d0cbcf5e@mail.gmail.com>

To whom it may concern,

I'm new with GNUPG. I used the command gpg -s file to encrypt the file. to
decrpyt the file I used gpg -d file, but the output appear only in the
command prompt I was to save it in my local disk I've tried adding the path
of the file but it doesn't work any can help me with this.

Thanks,
Elmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080303/4ea078d0/attachment.htm>

From vl.pavlov at yahoo.com  Tue Mar  4 13:24:19 2008
From: vl.pavlov at yahoo.com (vl.pavlov)
Date: Tue, 4 Mar 2008 04:24:19 -0800 (PST)
Subject: changing location of the home folder from ~/.gnupg to other
Message-ID: <15826081.post@talk.nabble.com>


hello 2 all

i wander is there a way to change location of my home folder, or at least of
keyring so that default keyring location is changed

any ideas?
-- 
View this message in context: http://www.nabble.com/changing-location-of-the-home-folder-from-%7E-.gnupg-to-other-tp15826081p15826081.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From mixmaster at remailer.privacy.at  Tue Mar  4 17:17:26 2008
From: mixmaster at remailer.privacy.at (Anonymous Remailer (austria))
Date: Tue,  4 Mar 2008 17:17:26 +0100 (CET)
Subject: IDEA not always working in GNUPG
Message-ID: <ecadc2e113ceca3810518d5087d3cd9d@remailer.privacy.at>


Hi,

I occasionally receive messages encrypted by older PGP versions that are
not being decrypted by GNUPG 1.4.7

[scrubbed] gpg filename
gpg: assuming IDEA encrypted data
Enter passphrase: [scrubbed]

gpg: [don't know]: invalid packet (ctb=67)
gpg: WARNING: message was not integrity protected
gpg: [don't know]: invalid packet (ctb=0a)


Here is the output of gpg --version:

[scrubbed] gpg --version
gpg (GnuPG) 1.4.7
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Is this normal behaviour? I'm getting round by using PGP to decrypt IDEA
messages that gpg won't decrypt but gpg does work with some IDEA
messages so I can't figure whats wrong.


From dshaw at jabberwocky.com  Tue Mar  4 17:41:23 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 4 Mar 2008 11:41:23 -0500
Subject: gpg command
In-Reply-To: <78f71be20803021707n76d42c0fh240bd919d0cbcf5e@mail.gmail.com>
References: <78f71be20803021707n76d42c0fh240bd919d0cbcf5e@mail.gmail.com>
Message-ID: <20080304164122.GA1975@jabberwocky.com>

On Mon, Mar 03, 2008 at 09:07:47AM +0800, Elmer Espinosa wrote:
> To whom it may concern,
> 
> I'm new with GNUPG. I used the command gpg -s file to encrypt the file. to
> decrpyt the file I used gpg -d file, but the output appear only in the
> command prompt I was to save it in my local disk I've tried adding the path
> of the file but it doesn't work any can help me with this.

You want the -o option, as in "gpg -o output-goes-here.gpg -e
file-to-encrypt"

Note that "-s" doesn't encrypt.  It signs.

David


From maury.markowitz at gmail.com  Tue Mar  4 17:51:13 2008
From: maury.markowitz at gmail.com (Maury Markowitz)
Date: Tue, 4 Mar 2008 11:51:13 -0500
Subject: IDEA?
Message-ID: <5bdbc9050803040851u5bb677adqd833dbd03eb9de91@mail.gmail.com>

Didn't IDEA's patent expire last year? I notice it's still not in the
list unless I load it by hand. Is there something else preventing it
from being used?

Maury


From dshaw at jabberwocky.com  Tue Mar  4 17:54:42 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 4 Mar 2008 11:54:42 -0500
Subject: Strength of ciphers in PGP?
In-Reply-To: <4371d557d383d1fa49fad73c2da0c4b4@4096.net>
References: <4371d557d383d1fa49fad73c2da0c4b4@4096.net>
Message-ID: <20080304165442.GB1975@jabberwocky.com>

On Sun, Mar 02, 2008 at 06:38:13PM +0000, Anonymous wrote:
> Do anyone have links to comparisons of the ciphers traditionally used in
> PGP (IDEA, CAST5, 3DES). Thank you.

You're not likely to find a comparison between those three ciphers
except in the most light sense of the word.  Certainly not a "XXXX is
better than YYYY" type of thing.  The question is just more
complicated than that.

I'd read these to get the information you want:

 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
 http://en.wikipedia.org/wiki/CAST5
 http://en.wikipedia.org/wiki/3DES

David


From dshaw at jabberwocky.com  Tue Mar  4 17:59:48 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 4 Mar 2008 11:59:48 -0500
Subject: IDEA?
In-Reply-To: <5bdbc9050803040851u5bb677adqd833dbd03eb9de91@mail.gmail.com>
References: <5bdbc9050803040851u5bb677adqd833dbd03eb9de91@mail.gmail.com>
Message-ID: <20080304165948.GC1975@jabberwocky.com>

On Tue, Mar 04, 2008 at 11:51:13AM -0500, Maury Markowitz wrote:
> Didn't IDEA's patent expire last year? I notice it's still not in the
> list unless I load it by hand. Is there something else preventing it
> from being used?

It's patented until 2010 (2011 in some places).

IDEA is effectively dead.  I don't mean that as a knock against IDEA -
it was a fine cipher for its time, but time has moved on.  The only
reason to use IDEA is if you want to be compatible with PGP 2
messages.

David


From dshaw at jabberwocky.com  Tue Mar  4 18:01:09 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 4 Mar 2008 12:01:09 -0500
Subject: changing location of the home folder from ~/.gnupg to other
In-Reply-To: <15826081.post@talk.nabble.com>
References: <15826081.post@talk.nabble.com>
Message-ID: <20080304170109.GD1975@jabberwocky.com>

On Tue, Mar 04, 2008 at 04:24:19AM -0800, vl.pavlov wrote:
> 
> hello 2 all
> 
> i wander is there a way to change location of my home folder, or at least of
> keyring so that default keyring location is changed

  gpg --homedir /path/to/the/folder
or
  export GNUPGHOME=/path/to/the/folder

David


From rjh at sixdemonbag.org  Tue Mar  4 18:18:10 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 04 Mar 2008 11:18:10 -0600
Subject: Strength of ciphers in PGP?
In-Reply-To: <4371d557d383d1fa49fad73c2da0c4b4@4096.net>
References: <4371d557d383d1fa49fad73c2da0c4b4@4096.net>
Message-ID: <47CD8452.5050104@sixdemonbag.org>

Anonymous wrote:
> Do anyone have links to comparisons of the ciphers traditionally used in
> PGP (IDEA, CAST5, 3DES). Thank you.

Yes.  IDEA is Godzilla, CAST5 is Moth-Ra and 3DES is MechaGodzilla.
They all excel at stomping cities flat and terrorizing inhabitants.  All
that people in Tokyo need to know about them is "when you see them
coming, run for the hills."

The above answer is tongue in cheek, but there's a lot of accuracy in
it.  Unless you're a professional cryptographer, the various
cryptanalytic analyses of the OpenPGP cipher suite are going to be
pretty much meaningless and unhelpful.  For 99% of other people--myself
included--it really reduces down to "they are all believed resistant
against all known forms of cryptanalysis, and are impractical to brute
force."

If you really want to go down this road, it would help if you clarified
your question a lot.  What sort of comparisons?  How many operations are
involved in an encryption cycle?  Decryption cycle?  How much processing
is involved in key setup?  Relative size of code?  Hardware
requirements?  Efficiency?  Best known cryptanalytic attacks?  Etc., etc.

Your question, as phrased, is far too general to give any sort of
meaningful answer except "as far as the layman is concerned, they're
pretty much identical".


From rjh at sixdemonbag.org  Tue Mar  4 18:20:37 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 04 Mar 2008 11:20:37 -0600
Subject: IDEA?
In-Reply-To: <5bdbc9050803040851u5bb677adqd833dbd03eb9de91@mail.gmail.com>
References: <5bdbc9050803040851u5bb677adqd833dbd03eb9de91@mail.gmail.com>
Message-ID: <47CD84E5.1070803@sixdemonbag.org>

Maury Markowitz wrote:
> Didn't IDEA's patent expire last year?

2010, I think.  Even once 2010 comes around, there's no point in using
it.  AES rules the roost for symmetric ciphers nowadays, and for fairly
good reasons.



From maury.markowitz at gmail.com  Tue Mar  4 17:48:57 2008
From: maury.markowitz at gmail.com (Maury Markowitz)
Date: Tue, 4 Mar 2008 11:48:57 -0500
Subject: _almost_ working, now a command line question...
In-Reply-To: <47CC7A5D.8010905@tx.rr.com>
References: <5bdbc9050802291210yb9333ccr4d86c867ba1b5e96@mail.gmail.com>
	<47C89324.9050204@tx.rr.com>
	<5bdbc9050803010647h3725d562i69f1a8387121ba59@mail.gmail.com>
	<5bdbc9050803030844l5630fcf2qcc4a74934f5aa297@mail.gmail.com>
	<47CC7A5D.8010905@tx.rr.com>
Message-ID: <5bdbc9050803040848u6f653c28n3e5114d6be4462e2@mail.gmail.com>

On Mon, Mar 3, 2008 at 5:23 PM, John Clizbe <JPClizbe at tx.rr.com> wrote:
>  Been a part of gnupg 1.x for ages. I tested it on XP with GnuPG 1.4.8
>
>  gpg --batch --passphrase-file <> --output <> --decrypt <>

Frigging frig! I had download 1.2.2! Where the heck did I get that?!

Everything is working perfectly now. Thanks to everyone that helped
this noob get up and running. I'll try to repay the kindness by
returning the favor.

Maury


From neal.dudley at utoledo.edu  Tue Mar  4 20:15:22 2008
From: neal.dudley at utoledo.edu (Neal Dudley)
Date: Tue, 04 Mar 2008 14:15:22 -0500
Subject: [Junk released by User action] Re: Question on subkeys usage
	and OpenPGP card.  - warning, quite lengthy
In-Reply-To: <47CCEAD0.10006@bellsouth.net>
Message-ID: <C3F309FA.A95%neal.dudley@utoledo.edu>

Already had the revocations generated, but won't send them to the keyserver
until I gen new replacement keys.  Thanks for the reminder, but I have it
covered.  Suppose I should have mentioned that, but I kinda thought it went
without saying.


On 3/4/08 1:23 AM, "John W. Moore III" <jmoore3rd at bellsouth.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Neal Dudley wrote:
>> Sounds like I should just regenerate a new 1024 bit RSA primary signing key
>> and copy it to the card (and an encryption subkey as well, of course).
> 
> Please do the World [& Yourself] a favor and generate a Revocation
> Certificate for the Key you May abandon.  ;)
> 
> If You have 'Sent' the old Key to the Keyservers then Please revoke it
> and "Go Green" by helping the 'Key Landfill' a little bit. :)
> 
> JOHN 8-)
> Timestamp: Tuesday 04 Mar 2008, 01:22  --500 (Eastern Standard Time)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9-svn4691: (MingW32)
> Comment: Public Key at:  http://tinyurl.com/8cpho
> Comment: Gossamer Spider Web of Trust: https://www.gswot.org
> Comment: Homepage:  http://tinyurl.com/yzhbhx
> 
> iQEcBAEBCgAGBQJHzOrOAAoJEBCGy9eAtCsPOn4H/A96qvvv9nqskzdHpXA2DP38
> D0Hgq5ZUBBOU7/F2C3OfDpXO/S/BPCsS6f8c4F7M6qnAcVLNoh3zJKs8PdVbMeEa
> vQxFHUMvf0EeRXOHy7Q6n14o8ZUb8f/BRXyzo+skCz8OYfIsXjE6FtDrCie64bQJ
> 1EKg5uY2wllXFVBCOWO0FlSYG67muIP6WkCsFjlz96brx2ptXbReryCOeIIQFmU4
> eff5ygIQsE6r87WVietev3t7foD9/3ZOP2azSGbAbC9aG6IYxooTTGPC+cP5DcK5
> htiGgeog1vZfYweevtnf1AY9gmnK/SIdB9thWN5VI3O0AYUfbmP9TKqaHKxCJp4=
> =nf1n
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



From jmoore3rd at bellsouth.net  Tue Mar  4 22:04:29 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 04 Mar 2008 16:04:29 -0500
Subject: [Junk released by User action] Re: Question on subkeys usage
	and OpenPGP card.  - warning, quite lengthy
In-Reply-To: <C3F309FA.A95%neal.dudley@utoledo.edu>
References: <C3F309FA.A95%neal.dudley@utoledo.edu>
Message-ID: <47CDB95D.6010004@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Neal Dudley wrote:
> Already had the revocations generated, but won't send them to the keyserver
> until I gen new replacement keys.  Thanks for the reminder, but I have it
> covered.  Suppose I should have mentioned that, but I kinda thought it went
> without saying.

Sadly, My experience has shown that it doesn't 'go without saying'. :(

Interestingly, having become the 'Cyber-Executor' for several Friends I
find Myself in the unique position of holding Revocation Certs In escrow
for many Keys.  :-\

My advice is to treat the 'care' of Keys as One would any other Asset
and specify what should be done when inevitable demise occurs.  Store
the Revocation Certs in a Safe place where they will be found along with
written instructions regarding what should be done with them.

JOHN ;)
Timestamp: Tuesday 04 Mar 2008, 16:04  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHzblbAAoJEBCGy9eAtCsPS/cIAId1eJGHcWjsogA7Bt38Ac0x
aX9xho2IvddH5F61D2GtOxV128NIlC8vlW44+HP8alItPlMEF260+mvBzjoMCCOW
OWE2NTaA6qGbRVzyMkTCeZRR0IDUp2ejDfEqWNf4SKX1iR/5DfI1VeUh3E0krGSQ
NiRtSRCWS5jy0nFpXmI1FuH3l4QWYI6nsupwnaR7NTPmvH1Ua7YFTZUGSjNmgSQr
k31SKgc6Jd0i4O3YwYC5QPA6jatsxNgP0MrSKtcIZHBb6v3rECWKWeG9Spi60+36
alhd2IP0vnG2eOtwNwrNRPq8d5u7TVdWqqUq3bzzVZah/m1GYscGUQpTLkhmpYg=
=Id85
-----END PGP SIGNATURE-----


From kevhilton at gmail.com  Thu Mar  6 05:37:18 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Wed, 5 Mar 2008 22:37:18 -0600
Subject: When using svn version gnupg,
	why isnt svn version shown with gpg --version
Message-ID: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>

Was wondering if it would be possible to show the actual gpg version
with the gpg --version flag when using gpg svn version. It would be
nice to show the revision number.  thanks

-- 
Kevin Hilton


From jmoore3rd at bellsouth.net  Thu Mar  6 05:55:06 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Wed, 05 Mar 2008 23:55:06 -0500
Subject: When using svn version gnupg,	why isnt svn version shown with
	gpg --version
In-Reply-To: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
Message-ID: <47CF792A.4040905@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Kevin Hilton wrote:
> Was wondering if it would be possible to show the actual gpg version
> with the gpg --version flag when using gpg svn version. It would be
> nice to show the revision number. 

Sure it's possible.  You just need to provide it in the configure.ac
File prior to building.  Check My Encrypted Message for an Example.

JOHN ;)
Timestamp: Wednesday 05 Mar 2008, 23:54  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4691: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJHz3kpAAoJEBCGy9eAtCsP/5MH/1omIFAIbGeRohTnNjfZJ1ht
3fq/ht42yqb09D5/Fw9OMM2PSk44v3DE93knv14mNBEXWDRL9bQwZiTy5kNgyit3
VT+55r+9K1uE6gl1gos2b69ST/tcF1vTq1wLaiyje/K6vKypMI157INbxM0xj0YY
a9NVFcDD8w1JR1j7PKiFlGV1ffFF6h619HrH4E0DtplsKzEqrBlDrfmf0mB4M/XY
+jlW0I5EopB1zz6ZruxoctJtOLC9ZXL0zcT/OjCctWAqFlMQILWgZITcSw4Trob6
4ipaG/mvQQ/qlZIlmlJdVXywczTnPwekWoIn8kHjTO+lMM+UCnuSiBIB8kdkLbI=
=fcga
-----END PGP SIGNATURE-----


From vl.pavlov at yahoo.com  Wed Mar  5 09:38:24 2008
From: vl.pavlov at yahoo.com (vl.pavlov)
Date: Wed, 5 Mar 2008 00:38:24 -0800 (PST)
Subject: changing location of the home folder from ~/.gnupg to other
In-Reply-To: <20080304170109.GD1975@jabberwocky.com>
References: <15826081.post@talk.nabble.com>
	<20080304170109.GD1975@jabberwocky.com>
Message-ID: <15845458.post@talk.nabble.com>


thank U very much david

> export GNUPGHOME=/path/to/the/folder <
this command solved the problem


David Shaw wrote:
> 
> On Tue, Mar 04, 2008 at 04:24:19AM -0800, vl.pavlov wrote:
>> 
>> hello 2 all
>> 
>> i wander is there a way to change location of my home folder, or at least
>> of
>> keyring so that default keyring location is changed
> 
>   gpg --homedir /path/to/the/folder
> or
>   export GNUPGHOME=/path/to/the/folder
> 
> David
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://www.nabble.com/changing-location-of-the-home-folder-from-%7E-.gnupg-to-other-tp15826081p15845458.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From vl.pavlov at yahoo.com  Wed Mar  5 09:42:52 2008
From: vl.pavlov at yahoo.com (vl.pavlov)
Date: Wed, 5 Mar 2008 00:42:52 -0800 (PST)
Subject: one more question: is there a way to use additional keyring when
	needed ?
Message-ID: <15845592.post@talk.nabble.com>


hello again

is there a way to set (defaults) gpg to use additional keyring on defined
location when needed

?
-- 
View this message in context: http://www.nabble.com/one-more-question%3A-is-there-a-way-to-use-additional-keyring-when-needed---tp15845592p15845592.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From vl.pavlov at yahoo.com  Wed Mar  5 09:53:08 2008
From: vl.pavlov at yahoo.com (vl.pavlov)
Date: Wed, 5 Mar 2008 00:53:08 -0800 (PST)
Subject: changing location of the home folder from ~/.gnupg to other
In-Reply-To: <20080304170109.GD1975@jabberwocky.com>
References: <15826081.post@talk.nabble.com>
	<20080304170109.GD1975@jabberwocky.com>
Message-ID: <15845731.post@talk.nabble.com>


ahoy again

when i use 
export GNUPGHOME=/path/to/the/folder 
my homedir is changed but when i restart my comp. home dir is still ~/gnupg

strange...

-- 
View this message in context: http://www.nabble.com/changing-location-of-the-home-folder-from-%7E-.gnupg-to-other-tp15826081p15845731.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From dshaw at jabberwocky.com  Thu Mar  6 18:01:57 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 6 Mar 2008 12:01:57 -0500
Subject: When using svn version gnupg, why isnt svn version shown with
	gpg --version
In-Reply-To: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
Message-ID: <20080306170157.GC11319@jabberwocky.com>

On Wed, Mar 05, 2008 at 10:37:18PM -0600, Kevin Hilton wrote:
> Was wondering if it would be possible to show the actual gpg version
> with the gpg --version flag when using gpg svn version. It would be
> nice to show the revision number.  thanks

It seems we forgot to reset the flag after the last release.  It's
fixed now:

 $ gpg --version

 gpg (GnuPG) 1.4.9rc1-svn4701

David


From dshaw at jabberwocky.com  Thu Mar  6 18:51:25 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 6 Mar 2008 12:51:25 -0500
Subject: one more question: is there a way to use additional keyring
	when needed ?
In-Reply-To: <15845592.post@talk.nabble.com>
References: <15845592.post@talk.nabble.com>
Message-ID: <20080306175125.GA30317@jabberwocky.com>

On Wed, Mar 05, 2008 at 12:42:52AM -0800, vl.pavlov wrote:
> 
> hello again
> 
> is there a way to set (defaults) gpg to use additional keyring on defined
> location when needed

Sure, just add "keyring the-other-keyring.gpg" to your gpg.conf file
or give --keyring on the command line.  By default, the keyring is
expected to be in your .gnupg directory.  If you want, you can give a
"/full/path/to/the/keyring.gpg" to the keyring command and then it
will look anywhere you like.

David


From JPClizbe at tx.rr.com  Fri Mar  7 00:00:19 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Thu, 06 Mar 2008 17:00:19 -0600
Subject: changing location of the home folder from ~/.gnupg to other
In-Reply-To: <15845731.post@talk.nabble.com>
References: <15826081.post@talk.nabble.com>	<20080304170109.GD1975@jabberwocky.com>
	<15845731.post@talk.nabble.com>
Message-ID: <47D07783.8030901@tx.rr.com>

vl.pavlov wrote:
> ahoy again
> 
> when i use 
> export GNUPGHOME=/path/to/the/folder 
> my homedir is changed but when i restart my comp. home dir is still ~/gnupg

you'll need to set the environment variable every time you login, usually this
is either in .profile or in .bashrc (assuming you're using bash as your shell)


-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net or
Send email with subject HELP to  pgp-public-keys at keyserver.gingerbear.net

"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 658 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080306/e6af56bb/attachment.pgp>

From kevhilton at gmail.com  Fri Mar  7 04:58:44 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Thu, 6 Mar 2008 21:58:44 -0600
Subject: When using svn version gnupg,
	why isnt svn version shown with gpg --version
In-Reply-To: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
Message-ID: <96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>

Whats wrong with my version  -- I'm getting 1.48

$ gpg --version
gpg (GnuPG) 1.4.8-svn4702
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,

        CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

My configure.ac (at least the top part looks like this:)
# Remember to change the version number immediately *after* a release.
# Set my_issvn to "yes" for non-released code.  Remember to run an
# "svn up" and "autogen.sh --force" right before creating a distribution.
m4_define([my_version], [1.4.8])
m4_define([my_issvn], [yes])

m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
          || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))

I'm guessing it should read like this:
m4_define([my_version], [1.4.9])

Since Im using the svn sources I would have thought this file would
have automatically at least been updated to 1.49 -- or am I missing
something.


From kevhilton at gmail.com  Fri Mar  7 05:14:13 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Thu, 6 Mar 2008 22:14:13 -0600
Subject: When using svn version gnupg,
	why isnt svn version shown with gpg --version
In-Reply-To: <96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
	<96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
Message-ID: <96c450350803062014j668618bewdb82fbf2c67b5286@mail.gmail.com>

Oops, David I see what you meant about updating the flag after the
last release -- just updated to the newest svn release and all is
well.  Thanks

$ gpg --version
gpg (GnuPG) 1.4.9rc1-svn4705
NOTE: THIS IS A DEVELOPMENT VERSION!


From jmoore3rd at bellsouth.net  Fri Mar  7 05:19:50 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 06 Mar 2008 23:19:50 -0500
Subject: When using svn version gnupg,	why isnt svn version shown with
	gpg --version
In-Reply-To: <96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
	<96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
Message-ID: <47D0C266.30004@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Kevin Hilton wrote:
> Whats wrong with my version  -- I'm getting 1.48

> Since Im using the svn sources I would have thought this file would
> have automatically at least been updated to 1.49 -- or am I missing
> something.

As David Shaw Posted here earlier; after the release of 1.4.8 there was
a failure to re-set the flag to indicate 1.4.9rc1-svn for subsequent SVN
releases.  This was 'fixed' with svn4703/4 released earlier today.

Try building the most current SVN release. :-\

JOHN ;)
Timestamp: Thursday 06 Mar 2008, 23:19  --500 (Eastern Standard Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9-svn4704: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJH0MJkAAoJEBCGy9eAtCsPXVMH/3QUBt/VFpjquUGySnkhUiIj
AlkFuW9GLxLEwuBtjCAsauLc9TVW2Y4kZjVuQUHetvTxHZzozKHw6VW3Z6vSpojp
f4+MWg2pmSaCF/a26chGsnCDVnvDt4E15/hUWAv6/x/GzZ4CaUkym+IAh2m3AsMt
fbeDOkBd7zLWmBfmGhQaA2SyXaUBIU0cArUsNW+ifNPY8/hPdq+XSBijjjB6O9Jq
PBKnacH7b0MNRWto/EvqwUzpEDFElQ0VbNqFYy3HJBZAESHA0dZm9OMvHXU/7uss
Vfa5pSVL2Pd+hBEADKg2LTb1mq+5/jhp9697CjiRuk08i6y2Wkx1rQ3fYzrOzCg=
=M34q
-----END PGP SIGNATURE-----


From JPClizbe at tx.rr.com  Fri Mar  7 10:51:49 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Fri, 07 Mar 2008 03:51:49 -0600
Subject: When using svn version gnupg,	why isnt svn version shown with
	gpg --version
In-Reply-To: <96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
	<96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
Message-ID: <47D11035.3060607@tx.rr.com>

Kevin Hilton wrote:
> Whats wrong with my version  -- I'm getting 1.4.8
> 
> $ gpg --version
> gpg (GnuPG) 1.4.8-svn4702

I'm probably going to regret asking this, but why did you build 1.4.8 for rev 4702?
Rev 4702 was a change for the trunk, aka GnuPG 2.0. It had nothing at all to do
with 1.4. The last check-in before today that affected the 1.4 branch was rev 4691.

It seems rather silly to (re)build the 1.4 branch every time the 2.0 trunk
changes, but I see a group of Windows folks doing it all the time. At the worst,
it leads to the suspicion that folks don't understand the changes in the code
that are taking place.

Just because one /can/ do something, doesn't necessarily mean one /should/.

> Since I'm using the svn sources I would have thought this file would
> have automatically at least been updated to 1.4.9 -- or am I missing
> something.

Changes in the Subversion repository do not magically appear on your computer.
You need to update your copy

  svn co svn://cvs.gnupg.org/gnupg/branches/STABLE-BRANCH-1-4 -r 4704 gnupg14

or similar may help. It's helpful to update at least to the revision that
contains the fix you're interested in, which for your original inquiry was 4703.
4704 was cosmetic.


-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net  or
Send email with subject HELP to  pgp-public-keys at keyserver.gingerbear.net

"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080307/514771d1/attachment.pgp>

From kevhilton at gmail.com  Fri Mar  7 13:04:35 2008
From: kevhilton at gmail.com (Kevin Hilton)
Date: Fri, 7 Mar 2008 06:04:35 -0600
Subject: When using svn version gnupg,
	why isnt svn version shown with gpg --version
In-Reply-To: <96c450350803062014j668618bewdb82fbf2c67b5286@mail.gmail.com>
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
	<96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
	<96c450350803062014j668618bewdb82fbf2c67b5286@mail.gmail.com>
Message-ID: <96c450350803070404t3e2f21favf648b1bba04a9f6f@mail.gmail.com>

Just to clarify

I wasn't compiling version 1.48 against rev 4702.  The flag in the
configure.ac was not updated to reflect the newer version, so it
appeared it was version 1.48 when in fact it was 1.49 as has been
graciously pointed out to me.

Thanks for your help.


From tss at iki.fi  Sat Mar  8 10:18:30 2008
From: tss at iki.fi (Timo Sirainen)
Date: Sat, 08 Mar 2008 11:18:30 +0200
Subject: v1.4.8 --textmode incompatible with earlier versions
Message-ID: <1204967910.11220.667.camel@hurina>

When signing data with spaces at the end of lines with --textmode (and
-a -b --sign), v1.4.8 generates signatures that older releases verify as
BAD, and vice versa.

I can't seem to find anything related to this with googling or from NEWS
or ChangeLog file. Was it changed accidentally? Will this get fixed
again in future versions, or should I just stop using --textmode for my
emails?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20080308/e615509d/attachment.pgp>

From dshaw at jabberwocky.com  Sat Mar  8 14:46:31 2008
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat, 8 Mar 2008 08:46:31 -0500
Subject: v1.4.8 --textmode incompatible with earlier versions
In-Reply-To: <1204967910.11220.667.camel@hurina>
References: <1204967910.11220.667.camel@hurina>
Message-ID: <2DB1A7E8-F024-4109-9DB9-DBCA52D9EDEE@jabberwocky.com>

On Mar 8, 2008, at 4:18 AM, Timo Sirainen wrote:

> When signing data with spaces at the end of lines with --textmode (and
> -a -b --sign), v1.4.8 generates signatures that older releases  
> verify as
> BAD, and vice versa.
>
> I can't seem to find anything related to this with googling or from  
> NEWS
> or ChangeLog file. Was it changed accidentally? Will this get fixed
> again in future versions, or should I just stop using --textmode for  
> my
> emails?

This is not a bug.  There was a "buglet" in the original OpenPGP  
specification around text canonicalization.  GnuPG follows the updated  
spec (RFC-4880) now.  To revert to the older spec, use the "--rfc2440- 
text" for this specific issue, or "--rfc2440" for a full reversion.

David


From f_philipp at fastmail.net  Sun Mar  9 10:37:49 2008
From: f_philipp at fastmail.net (Florian Philipp)
Date: Sun, 09 Mar 2008 10:37:49 +0100
Subject: Single Sign On and PAM
Message-ID: <1205055469.12557.37.camel@NOTE_GENTOO64.PHHEIMNETZ>

Hi list!

I'd like to use my login password to automatically decrypt my gpg-keys.
With PAM and gpg-agent all pieces should already exist for such a task,
someone just have to put the pieces together. 

Do you know a simple solution for this problem? 

I've stumbled upon http://pam-ssh.sourceforge.net and according to its
man-page, gpg-agent can emulate ssh-agent with "--enable-ssh-support".
However, I don't know if they work together all that well and I don't
want to waste my time on that matter until someone with more experience
tells me that this is the way to go.

Thanks in advance!

Florian Philipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20080309/965edef4/attachment-0001.pgp>

From email at sven-radde.de  Sun Mar  9 15:05:54 2008
From: email at sven-radde.de (Sven Radde)
Date: Sun, 09 Mar 2008 15:05:54 +0100
Subject: OpenPGP card stopped working
Message-ID: <1205071554.6429.8.camel@carbon>

Hello!

I was quite happy with my OpenPGP smartcard under Ubuntu until to the
point where it simply stopped working.

This is what I currently get:
$ gpg -v --card-status
gpg: selecting openpgp failed: unknown command
gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler

Apart from applying the regular patches, the only action I remember that
could possibly have an impact on GnuPG was installing the "seahorse"
package. However, removing it again did not change anything.

Both, card-reader and the card itself run fine under Windows on the same
machine.

Any ideas? Or, for starters, any hints to produce a more meaningful
error message?

Thanks in advance,
  Sven



From email at sven-radde.de  Sun Mar  9 19:40:32 2008
From: email at sven-radde.de (Sven Radde)
Date: Sun, 09 Mar 2008 19:40:32 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <502970.67745.qm@web53602.mail.re2.yahoo.com>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>
Message-ID: <1205088032.6429.24.camel@carbon>

Hi!

Thanks for your ideas, Harvey.

Am Sonntag, den 09.03.2008, 10:56 -0700 schrieb Harvey Muller:
> If pcscd is running, 

Yes, it is.

> then my guess is that there is something wrong with the smartcard driver.
> (...)
> I'm using a GemPC Twin usb card reader.  To get it to work, I only have to install pcscd.

Same thing here, only that I have an SCM Microsystems SCR335 reader.
Actually, I was somewhat surprised that I had to install PC/SC at all, since <http://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html> says that is is "supported by GnuPG directly".

lsusb finds it:
$ lsusb
...
Bus 003 Device 003: ID 04e6:5115 SCM Microsystems, Inc. SCR335 SmartCard Reader
...

While playing with ps, I noticed a seahorse-agent running. When killed, a call to gpg --card-status would hang forever. Maybe this is of importance..?

cu, Sven



From hlmuller at yahoo.com  Sun Mar  9 18:56:55 2008
From: hlmuller at yahoo.com (Harvey Muller)
Date: Sun, 9 Mar 2008 10:56:55 -0700 (PDT)
Subject: OpenPGP card stopped working
Message-ID: <502970.67745.qm@web53602.mail.re2.yahoo.com>

> Any ideas? Or, for starters, any hints to produce a more meaningful
> error message?

Sven,

I've used the OpenPGP card recently with Gutsy and the Hardy releases without issue. To troubleshoot you can try:

$ ps aux | grep pcscd

The above commands should report two lines, one for the grep command, and the other for the running pcscd.  If you only get the grep command, then pcscd is not starting and you will have to investigate why, or simply try reinstalling it.

If pcscd is running, then my guess is that there is something wrong with the smartcard driver.  It this case I would try reinstalling the driver also.

I'm using a GemPC Twin usb card reader.  To get it to work, I only have to install pcscd.  It pulls in the pcsclite and libccid dependencies.

Hope this helps,

Harv





From mkallas at schokokeks.org  Sun Mar  9 21:19:55 2008
From: mkallas at schokokeks.org (Michael Kesper)
Date: Sun, 9 Mar 2008 21:19:55 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <1205088032.6429.24.camel@carbon>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>
	<1205088032.6429.24.camel@carbon>
Message-ID: <20080309201955.GA3917@localhost>

Hi,

* Sven Radde <email at sven-radde.de> [2008-03-09 19:40:32 +0100]:
> Same thing here, only that I have an SCM Microsystems SCR335 reader.
> Actually, I was somewhat surprised that I had to install PC/SC at all, since <http://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html> says that is is "supported by GnuPG directly".

pcscd sometimes gives trouble, for example when you try to create keys on the
card. For best effect try this howto:
http://www.fsfe.org/en/card/howto/card_reader_howto_udev

Best wishes
Michael
-- 
Free Software Foundation Europe (FSFE) []         (http://fsfeurope.org)
Join the Fellowship of FSFE!         [][][]       (http://fsfe.org/join)
Your donation powers our work!         []  (http://fsfeurope.org/donate)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080309/ee26bfb4/attachment.pgp>

From email at sven-radde.de  Mon Mar 10 09:22:35 2008
From: email at sven-radde.de (Sven Radde)
Date: Mon, 10 Mar 2008 09:22:35 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <20080309201955.GA3917@localhost>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>	<1205088032.6429.24.camel@carbon>
	<20080309201955.GA3917@localhost>
Message-ID: <47D4EFCB.1000608@sven-radde.de>

Hi!

Michael Kesper schrieb:
> pcscd sometimes gives trouble, for example when you try to create keys on the
> card.
No problem with that, I created my keys off-card and then moved them.
I thought this would be the easiest way to have a backup key ready if 
the card breaks.
>  For best effect try this howto:
> http://www.fsfe.org/en/card/howto/card_reader_howto_udev
>   
This is pretty much what I did to get it working originally. As far as I 
can tell, everything is still in place (all packages are there, the udev 
files, too, and I'm in group scard, to summarize it).
I used the howto at gnupg.org but it is essentially the same (the one at 
gnupg.org has a broken link to the gnupg-ccid file but I figured that 
out quick enough at the time).

cu, Sven


From vl.pavlov at yahoo.com  Mon Mar 10 11:09:01 2008
From: vl.pavlov at yahoo.com (vl.pavlov)
Date: Mon, 10 Mar 2008 03:09:01 -0700 (PDT)
Subject: one more question: is there a way to use additional keyring
	when needed ?
In-Reply-To: <20080306175125.GA30317@jabberwocky.com>
References: <15845592.post@talk.nabble.com>
	<20080306175125.GA30317@jabberwocky.com>
Message-ID: <15950659.post@talk.nabble.com>


hello,

i wish to use additional keyring from USB stick, (i have keys on .gnupg
folder on my stick),
but i have troubles, here is my gpg.conf (from ~/.gnupg)

default-recipient-self
keyserver random.sks.keyserver.penguin.de
default-cert-check-level 3
keyserver-options auto-key-retrieve include-revoked include-subkeys
no-mangle-dos-filenames
no-secmem-warning
keyring /media/USB/.gnupg/secring.gpg   << this is the new line i wrote

but in thunderbird i still have no access to my key from stick


probably i did something wrongly



David Shaw wrote:
> 
> On Wed, Mar 05, 2008 at 12:42:52AM -0800, vl.pavlov wrote:
>> 
>> hello again
>> 
>> is there a way to set (defaults) gpg to use additional keyring on defined
>> location when needed
> 
> Sure, just add "keyring the-other-keyring.gpg" to your gpg.conf file
> or give --keyring on the command line.  By default, the keyring is
> expected to be in your .gnupg directory.  If you want, you can give a
> "/full/path/to/the/keyring.gpg" to the keyring command and then it
> will look anywhere you like.
> 
> David
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://www.nabble.com/one-more-question%3A-is-there-a-way-to-use-additional-keyring-when-needed---tp15845592p15950659.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From rjh at sixdemonbag.org  Mon Mar 10 18:56:19 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 10 Mar 2008 12:56:19 -0500
Subject: one more question: is there a way to use additional keyring	when
	needed ?
In-Reply-To: <15950659.post@talk.nabble.com>
References: <15845592.post@talk.nabble.com>	<20080306175125.GA30317@jabberwocky.com>
	<15950659.post@talk.nabble.com>
Message-ID: <47D57643.5050900@sixdemonbag.org>

vl.pavlov wrote:
> but in thunderbird i still have no access to my key from stick

In Enigmail, I think you mean; Thunderbird itself has no OpenPGP 
support.  This may seem pedantic, but I don't think the Thunderbird crew 
would like to be blamed for things that are totally outside of their 
purview.  :)

The real question is not whether Enigmail can use your USB stick, but 
whether you can.  Plug in your USB stick and open up a command-line 
window.  Try to use your secret key that's on the USB stick.  If you can 
do this, then the bug is in Enigmail and it should be taken to the 
Enigmail list.  If you can't, then the bug is in your setup or your 
usage of GnuPG.

Let us know what happens.



From albert at fsfe.org  Mon Mar 10 20:31:40 2008
From: albert at fsfe.org (Albert Dengg)
Date: Mon, 10 Mar 2008 20:31:40 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <47D4EFCB.1000608@sven-radde.de>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>
	<1205088032.6429.24.camel@carbon> <20080309201955.GA3917@localhost>
	<47D4EFCB.1000608@sven-radde.de>
Message-ID: <20080310193140.GA5216@Mjolnir.lan>

On Mon, Mar 10, 2008 at 09:22:35AM +0100, Sven Radde wrote:
> Hi!
>
> Michael Kesper schrieb:
>> pcscd sometimes gives trouble, for example when you try to create keys on the
>> card.
> No problem with that, I created my keys off-card and then moved them.
> I thought this would be the easiest way to have a backup key ready if  
> the card breaks.
>>  For best effect try this howto:
>> http://www.fsfe.org/en/card/howto/card_reader_howto_udev
>>   
> This is pretty much what I did to get it working originally. As far as I  
> can tell, everything is still in place (all packages are there, the udev  
> files, too, and I'm in group scard, to summarize it).
> I used the howto at gnupg.org but it is essentially the same (the one at  
> gnupg.org has a broken link to the gnupg-ccid file but I figured that  
> out quick enough at the time).
i don't know if it is changed..but last time i looked it did set the
permission through a shell script instead of doing it directly in the
rules file, that gave me trouble (e.g. timing issues) on some machines.

i rewrote the rules file to do it directly and it know works flawlessly
on instant on all machines i tried it on.

you can find my modified gnupg-ccid.rules at:
http://fsfe.org/en/content/download/33133/204727/file/gnupg-ccid.rules

(you won't need the shellscript anymore when using it)

yours
albert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Digital signature
URL: </pipermail/attachments/20080310/290670b4/attachment.pgp>

From JPClizbe at tx.rr.com  Mon Mar 10 21:18:44 2008
From: JPClizbe at tx.rr.com (John Clizbe)
Date: Mon, 10 Mar 2008 15:18:44 -0500
Subject: one more question: is there a way to use additional keyring	when
	needed ?
In-Reply-To: <15950659.post@talk.nabble.com>
References: <15845592.post@talk.nabble.com>	<20080306175125.GA30317@jabberwocky.com>
	<15950659.post@talk.nabble.com>
Message-ID: <47D597A4.6040803@tx.rr.com>

vl.pavlov wrote:
> hello,
> 
> i wish to use additional keyring from USB stick, (i have keys on .gnupg
> folder on my stick),
> but i have troubles, here is my gpg.conf (from ~/.gnupg)
> 
> default-recipient-self
> keyserver random.sks.keyserver.penguin.de
> default-cert-check-level 3
> keyserver-options auto-key-retrieve include-revoked include-subkeys
> no-mangle-dos-filenames
> no-secmem-warning
> keyring /media/USB/.gnupg/secring.gpg   << this is the new line i wrote
> 
> probably i did something wrongly

Try

   secret-keyring /media/USB/.gnupg/secring.gpg

If you've also moved the other *.gpg files, you'll also need

   primary-keyring /media/USB/.gnupg/pubring.gpg

and

   trustdb-name /media/USB/.gnupg/trustdb.gpg

-- 
John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
Ginger Bear Networks             hkp://keyserver.gingerbear.net  or
Send email with subject HELP to  pgp-public-keys at keyserver.gingerbear.net

"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080310/ab91965e/attachment-0001.pgp>

From wk at gnupg.org  Tue Mar 11 09:13:33 2008
From: wk at gnupg.org (Werner Koch)
Date: Tue, 11 Mar 2008 09:13:33 +0100
Subject: When using svn version gnupg,
	why isnt svn version shown with gpg --version
In-Reply-To: <47D11035.3060607@tx.rr.com> (John Clizbe's message of "Fri, 07
	Mar 2008 03:51:49 -0600")
References: <96c450350803052037q47bd23bfrdb79f0bb9823a18a@mail.gmail.com>
	<96c450350803061958o68b4339ai4156188e0d3130c4@mail.gmail.com>
	<47D11035.3060607@tx.rr.com>
Message-ID: <87d4q1oez6.fsf@wheatstone.g10code.de>

On Fri,  7 Mar 2008 10:51, JPClizbe at tx.rr.com said:

> Just because one /can/ do something, doesn't necessarily mean one /should/.

Let me also add that the SVN verion may contain bugs and may even not
compile properly.  They are basically for development only.  If there is
a important fix un unreleased code, please ask and we can post a patch
file.

BTW, I am not sure whether it is stated somewhere elese than in
README.maint: If you build the svn version and post a bug report against
this please make sure that you did a

  svn up

form the top directory followed by

 ./autogen.sh --force

the --force is required due to autoconf caching which might not update
the revision number in the version string.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From email at sven-radde.de  Tue Mar 11 09:33:55 2008
From: email at sven-radde.de (Sven Radde)
Date: Tue, 11 Mar 2008 09:33:55 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <47D56CB1.2020000@t-online.de>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>	<1205088032.6429.24.camel@carbon>	<20080309201955.GA3917@localhost>
	<47D4EFCB.1000608@sven-radde.de> <47D56CB1.2020000@t-online.de>
Message-ID: <47D643F3.2000204@sven-radde.de>

Hi!

Werner Dittmann schrieb:
> I've the same problem with an SCM 535. By running the pcscd in
> forgroung with debug enabled I got the follwoing messages:
As far as I can tell from its output, pcscd is running normally. 
Inserting and removing the OpenPGP card prints the appropriate messages. 
I don't get the "broken pipes".
However, executing "gpg --card-status" does not cause pcscd to print 
anything at all. I would expect some output here, shouldn't I? It 
appears that GnuPG doesn't even get so far as to communicate with pcscd, 
before exiting with the error message of my initial post.

cu, Sven


From email at sven-radde.de  Tue Mar 11 09:42:49 2008
From: email at sven-radde.de (Sven Radde)
Date: Tue, 11 Mar 2008 09:42:49 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <20080310193140.GA5216@Mjolnir.lan>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>	<1205088032.6429.24.camel@carbon>
	<20080309201955.GA3917@localhost>	<47D4EFCB.1000608@sven-radde.de>
	<20080310193140.GA5216@Mjolnir.lan>
Message-ID: <47D64609.1060607@sven-radde.de>

Hi!

Albert Dengg schrieb:
> i don't know if it is changed..but last time i looked it did set the
>   
> permission through a shell script
Yes. It is a script that runs chgrp and chmod on 'something'.
> i rewrote the rules file to do it directly and it know works flawlessly
> on instant on all machines i tried it on.
>   
Thanks, I will try that tonight.

cu, Sven


From florian.walther at gmail.com  Wed Mar 12 11:03:30 2008
From: florian.walther at gmail.com (Florian Walther)
Date: Wed, 12 Mar 2008 11:03:30 +0100
Subject: selecting openpgp failed: ec=6.112
Message-ID: <dd1baf130803120303y344dd853u32b6958632805803@mail.gmail.com>

Hi gpg-users,

tried to make a detached signature of a tar file today and got this:

flow at myhost:/tmp$ gpg --verbose --detach-sign  foobar.tar.gz
gpg: verwende Vertrauensmodell PGP
gpg: Schl?ssel XXXXXXXX: Akzeptiert als vertrauensw?rdiger Schl?ssel
gpg: Schl?ssel XXXXXXXX: Akzeptiert als vertrauensw?rdiger Schl?ssel
gpg: Schreiben nach 'foobar.tar.gz.sig'
gpg: selecting openpgp failed: ec=6.112
gpg: Beglaubigung fehlgeschlagen: Allgemeiner Fehler
gpg: signing failed: Allgemeiner Fehler

I was not able to find anything about it in the internet, has anyone
here an idea what the problem could be?

pure encryption works, enigmail works too. but everything with
signatures from the command line does not work.

Thank you
/~flow


-- 
0x417E9C18
556C BCFF 9118 8915 835B  C2C2 3756 3407 417E 9C18
<http://pgp.mit.edu:11371/pks/lookup?search=0x417E9C18&op=index>
skype:florian.walther


From Werner.Dittmann at t-online.de  Mon Mar 10 18:15:29 2008
From: Werner.Dittmann at t-online.de (Werner Dittmann)
Date: Mon, 10 Mar 2008 18:15:29 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <47D4EFCB.1000608@sven-radde.de>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>	<1205088032.6429.24.camel@carbon>	<20080309201955.GA3917@localhost>
	<47D4EFCB.1000608@sven-radde.de>
Message-ID: <47D56CB1.2020000@t-online.de>

I've the same problem with an SCM 535. By running the pcscd in
forgroung with debug enabled I got the follwoing messages:

pcscdaemon.c:294:main() pcscd set to foreground with debug send to stderr
pcscdaemon.c:507:main() pcsc-lite 1.4.3 daemon ready.
hotplug_libusb.c:454:HPAddHotPluggable() Adding USB device: 001:012
readerfactory.c:1115:RFInitializeReader() Attempting startup of SCM SPR 532 (6020177D) 00 00 using
/usr/lib64/readers/ifd-ccid.bundle/Contents/Linux/libccid.so.1.3.0
readerfactory.c:982:RFBindFunctions() Loading IFD Handler 3.0
ifdhandler.c:1239:init_driver() LogLevel: 0x0003
ifdhandler.c:1249:init_driver() DriverOptions: 0x0004
ifdhandler.c:77:IFDHCreateChannelByName() lun: 0, device: usb:04e6/e003:libusb:001:012
ccid_usb.c:229:OpenUSBByName() Manufacturer: Ludovic Rousseau (ludovic.rousseau at free.fr)
ccid_usb.c:239:OpenUSBByName() ProductString: Generic CCID driver v1.3.0
ccid_usb.c:245:OpenUSBByName() Copyright: This driver is protected by terms of the GNU Lesser General Public License version 2.1, or (at your option) any later
version.
ccid_usb.c:393:OpenUSBByName() Found Vendor/Product: 04E6/E003 (SCM SPR 532)
ccid_usb.c:395:OpenUSBByName() Using USB bus/device: 001/012
ccid_usb.c:704:ccid_check_firmware() Firmware (4.15) is bogus! but you choosed to use it
ccid_usb.c:744:get_data_rates() IFD does not support GET_DATA_RATES request: Broken pipe
commands.c:754:CmdPowerOff() ICC Power Off failed: Broken pipe
commands.c:754:CmdPowerOff() ICC Power Off failed: Broken pipe
commands.c:754:CmdPowerOff() ICC Power Off failed: Broken pipe
commands.c:845:CmdGetSlotStatus() ICC Slot Status failed: Broken pipe
commands.c:845:CmdGetSlotStatus() ICC Slot Status failed: Broken pipe
commands.c:845:CmdGetSlotStatus() ICC Slot Status failed: Broken pipe
ifdhandler.c:115:IFDHCreateChannelByName() failed
readerfactory.c:1154:RFInitializeReader() Open Port 200000 Failed (usb:04e6/e003:libusb:001)
readerfactory.c:1027:RFUnloadReader() Unloading reader driver.
readerfactory.c:254:RFAddReader() SCM SPR 532 (6020177D) init failed.
pcscdaemon.c:586:signal_trap() Preparing for suicide
readerfactory.c:1381:RFCleanupReaders() entering cleaning function
pcscdaemon.c:532:at_exit() cleaning /var/run

Well, I thought my card reader is defect because of these broken pipe
messages. However, it was all of a sudden, but after some updates
(YOU on my opensuese 10.3). Maybe there was some new software released that
don't like the card readers anymore :-) . Does somebody have any clue
about this?

Regards,
Werner


Sven Radde schrieb:
> Hi!
> 
> Michael Kesper schrieb:
>> pcscd sometimes gives trouble, for example when you try to create keys
>> on the
>> card.
> No problem with that, I created my keys off-card and then moved them.
> I thought this would be the easiest way to have a backup key ready if
> the card breaks.
>>  For best effect try this howto:
>> http://www.fsfe.org/en/card/howto/card_reader_howto_udev
>>   
> This is pretty much what I did to get it working originally. As far as I
> can tell, everything is still in place (all packages are there, the udev
> files, too, and I'm in group scard, to summarize it).
> I used the howto at gnupg.org but it is essentially the same (the one at
> gnupg.org has a broken link to the gnupg-ccid file but I figured that
> out quick enough at the time).
> 
> cu, Sven
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



From vl.pavlov at yahoo.com  Wed Mar 12 11:52:18 2008
From: vl.pavlov at yahoo.com (vl.pavlov)
Date: Wed, 12 Mar 2008 03:52:18 -0700 (PDT)
Subject: one more question: is there a way to use additional keyring
	when needed ?
In-Reply-To: <47D597A4.6040803@tx.rr.com>
References: <15845592.post@talk.nabble.com>
	<20080306175125.GA30317@jabberwocky.com>
	<15950659.post@talk.nabble.com> <47D597A4.6040803@tx.rr.com>
Message-ID: <16001572.post@talk.nabble.com>


hello,


i used 
secret-keyring /media/USB/.gnupg/secring.gpg 
and everything worked fine,
but now enigmail does not recognize ~/.gnupg/secring.gpg 
as default seckeyring

even with this solution i am satisfied, but still i wander is there a way to 
set additional seckeying from USB stick

?

thanx for interest



John Clizbe-3 wrote:
> 
> vl.pavlov wrote:
>> hello,
>> 
>> i wish to use additional keyring from USB stick, (i have keys on .gnupg
>> folder on my stick),
>> but i have troubles, here is my gpg.conf (from ~/.gnupg)
>> 
>> default-recipient-self
>> keyserver random.sks.keyserver.penguin.de
>> default-cert-check-level 3
>> keyserver-options auto-key-retrieve include-revoked include-subkeys
>> no-mangle-dos-filenames
>> no-secmem-warning
>> keyring /media/USB/.gnupg/secring.gpg   << this is the new line i wrote
>> 
>> probably i did something wrongly
> 
> Try
> 
>    secret-keyring /media/USB/.gnupg/secring.gpg
> 
> If you've also moved the other *.gpg files, you'll also need
> 
>    primary-keyring /media/USB/.gnupg/pubring.gpg
> 
> and
> 
>    trustdb-name /media/USB/.gnupg/trustdb.gpg
> 
> -- 
> John P. Clizbe                   Inet:   JPClizbe (a) tx DAWT rr DAHT con
> Ginger Bear Networks             hkp://keyserver.gingerbear.net  or
> Send email with subject HELP to  pgp-public-keys at keyserver.gingerbear.net
> 
> "Be who you are and say what you feel because those who mind don't matter
> and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
> 
> 
>  
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
View this message in context: http://www.nabble.com/one-more-question%3A-is-there-a-way-to-use-additional-keyring-when-needed---tp15845592p16001572.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From sinux at fsfe.org  Wed Mar 12 15:55:56 2008
From: sinux at fsfe.org (Sebastien Chassot)
Date: Wed, 12 Mar 2008 15:55:56 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <47D56CB1.2020000@t-online.de>
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>
	<1205088032.6429.24.camel@carbon>	<20080309201955.GA3917@localhost>
	<47D4EFCB.1000608@sven-radde.de>  <47D56CB1.2020000@t-online.de>
Message-ID: <1205333756.1007.10.camel@dell.sinux.seb>


On Mon, 2008-03-10 at 18:15 +0100, Werner Dittmann wrote:
> I've the same problem with an SCM 535. By running the pcscd in
> forgroung with debug enabled I got the follwoing messages:
> 

have you tried posting directly the muscle's mailing list ?
http://lists.drizzle.com/pipermail/muscle/

Ludovic Rousseau helped me fixing a SCR335 with a patch. He knows pretty
good how debug pcscd. You'll maybe get better result ?

Hope it help...;)



-- 

     Sebastien



From email at sven-radde.de  Wed Mar 12 20:36:37 2008
From: email at sven-radde.de (Sven Radde)
Date: Wed, 12 Mar 2008 20:36:37 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <1205071554.6429.8.camel@carbon>
References: <1205071554.6429.8.camel@carbon>
Message-ID: <1205350597.6290.5.camel@carbon>

Hi!

Am Sonntag, den 09.03.2008, 15:05 +0100 schrieb Sven Radde:
> Apart from applying the regular patches, the only action I remember that
> could possibly have an impact on GnuPG was installing the "seahorse"
> package. However, removing it again did not change anything.

Update: It works again. Simply removing the seahorse package left a
"seahorse-agent" process running, which was apparently responsible for
the hassle. Only after a reboot that was gone, too...

Cheers, my OpenPGP card is back!

All that's left is to wonder why seahorse (in particular its agent)
breaks a working smartcard setup...

cu, Sven



From wk at gnupg.org  Thu Mar 13 10:46:16 2008
From: wk at gnupg.org (Werner Koch)
Date: Thu, 13 Mar 2008 10:46:16 +0100
Subject: OpenPGP card stopped working
In-Reply-To: <47D56CB1.2020000@t-online.de> (Werner Dittmann's message of
	"Mon, 10 Mar 2008 18:15:29 +0100")
References: <502970.67745.qm@web53602.mail.re2.yahoo.com>
	<1205088032.6429.24.camel@carbon> <20080309201955.GA3917@localhost>
	<47D4EFCB.1000608@sven-radde.de> <47D56CB1.2020000@t-online.de>
Message-ID: <87iqzrez2v.fsf@wheatstone.g10code.de>

On Mon, 10 Mar 2008 18:15, Werner.Dittmann at t-online.de said:

> I've the same problem with an SCM 535. By running the pcscd in

You probably meant the SCR 355.

> ccid_usb.c:704:ccid_check_firmware() Firmware (4.15) is bogus! but you choosed to use it

This problem is well known.  When using GnuPG with its internal CCID
driver that version of thye SCR 335 works fine due to a workaround for
the bug.  I developed the whole smart card stuff with such a reader and
thus there should be no problem.  Well, unless you need it for non-GnuPG
applications. 

Maybe we should come up with an IFD on top of GnuPG'd scdaemon ;-)


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From wk at gnupg.org  Thu Mar 13 10:52:01 2008
From: wk at gnupg.org (Werner Koch)
Date: Thu, 13 Mar 2008 10:52:01 +0100
Subject: selecting openpgp failed: ec=6.112
In-Reply-To: <dd1baf130803120303y344dd853u32b6958632805803@mail.gmail.com>
	(Florian Walther's message of "Wed, 12 Mar 2008 11:03:30 +0100")
References: <dd1baf130803120303y344dd853u32b6958632805803@mail.gmail.com>
Message-ID: <87ejafeyta.fsf@wheatstone.g10code.de>

On Wed, 12 Mar 2008 11:03, florian.walther at gmail.com said:
> flow at myhost:/tmp$ gpg --verbose --detach-sign  foobar.tar.gz
> gpg: verwende Vertrauensmodell PGP
> gpg: Schl?ssel XXXXXXXX: Akzeptiert als vertrauensw?rdiger Schl?ssel
> gpg: Schl?ssel XXXXXXXX: Akzeptiert als vertrauensw?rdiger Schl?ssel
> gpg: Schreiben nach 'foobar.tar.gz.sig'
> gpg: selecting openpgp failed: ec=6.112

Scdaemon tell's you: "Card not present".  Sorry, for the plain error
codes; using gpg2 should give you a readable error message.

Scdaemon is used by gpg if available becuase scdaemon has exclusive
access to the reader and thus gpg's internal code can't work directly
with the card. 

Sometimes it happens that scdaemon does not correctly detect a card
change.  the easiest fix is to  pkill scdaemon two times so that it gets
restarted by gpg-agent.



Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From wk at gnupg.org  Thu Mar 13 10:58:13 2008
From: wk at gnupg.org (Werner Koch)
Date: Thu, 13 Mar 2008 10:58:13 +0100
Subject: Single Sign On and PAM
In-Reply-To: <1205055469.12557.37.camel@NOTE_GENTOO64.PHHEIMNETZ> (Florian
	Philipp's message of "Sun, 09 Mar 2008 10:37:49 +0100")
References: <1205055469.12557.37.camel@NOTE_GENTOO64.PHHEIMNETZ>
Message-ID: <87abl3eyiy.fsf@wheatstone.g10code.de>

On Sun,  9 Mar 2008 10:37, f_philipp at fastmail.net said:

> I'd like to use my login password to automatically decrypt my gpg-keys.
> With PAM and gpg-agent all pieces should already exist for such a task,
> someone just have to put the pieces together. 

What you want is Poldi:

$ apt-cache show libpam-poldi
Package: libpam-poldi
Depends: libc6 (>= 2.5), libgcrypt11 (>= 1.2.2), libgpg-error0 (>= 1.4), libusb-0.1-4 (>= 2:0.1.12)
Description: PAM module allowing authentication using a OpenPGP smartcard
 This PAM module will allow you to login, screenlock and validate to
 services using your GnuPG smartcard.
 You might have expected to find this with a name of libpam-pgp, libpam-gpg,
 libpam-openpgp or libpam-gnupg.
 .
 This code is considered experimental and needs more testing. It is, however,
 already used for the daily login.
Tag: security::authentication

Sources should be on ftp.gnupg.org/gcrypt/alpha - I am not sure right
now. 

> man-page, gpg-agent can emulate ssh-agent with "--enable-ssh-support".

That works really weel,  I am using it for at least two years now.
Daily, for all purposes inclding cron jobs and smartcards.

To test it on a system without a running gpg-agent you can do this:

  $ gpg-agent --daemon --enable-ssh-support sh
  $ ssh-add -l

and it shows you your keys.  There is a howto somewhere floating around.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.



From pubcrawler.com at gmail.com  Thu Mar 13 10:52:06 2008
From: pubcrawler.com at gmail.com (pub crawler)
Date: Thu, 13 Mar 2008 04:52:06 -0500
Subject: Offloading encryption to crypto card?
Message-ID: <4c3149fb0803130252u3b271ffas8dc101e2dd86c95d@mail.gmail.com>

We are new to GnuPG.... started using this in the past few weeks.

We have large hundred and more megabyte files that we are regularly
encrypting and decrypting as needed.

Obviously, this takes time- more time than we sometimes like.

Will something like the Rainbow Technologies CrytoSwift card help with
speeding up GnuPG? Are these cards
supported or similar cards from other manufacturers?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080313/97eb4b67/attachment.htm>

From 210525p42015 at denstarfarm.us  Thu Mar 13 12:22:40 2008
From: 210525p42015 at denstarfarm.us (Robert D.)
Date: Thu, 13 Mar 2008 07:22:40 -0400
Subject: Unable to "create" enigdbug.txt
Message-ID: <47D90E80.80502@denstarfarm.us>

I noticed this log-error to console, this AM. 

2008-03-13 05:48:13.589 enigmail.js: CreateFileStream: Failed to create \desktop/enigdbug.txt



Wondering how I can rectify the problem in my OS/X 10.4 sys

and

wondering where enigmail.js is located since I was unable to find it with a normal search on the Mac here.

Thanks



From shavital at mac.com  Thu Mar 13 13:29:14 2008
From: shavital at mac.com (Charly Avital)
Date: Thu, 13 Mar 2008 08:29:14 -0400
Subject: Unable to "create" enigdbug.txt
In-Reply-To: <47D90E80.80502@denstarfarm.us>
References: <47D90E80.80502@denstarfarm.us>
Message-ID: <47D91E1A.8020001@mac.com>

Robert D. wrote the following on 3/13/08 7:22 AM:
> I noticed this log-error to console, this AM. 
> 
> 2008-03-13 05:48:13.589 enigmail.js: CreateFileStream: Failed to create \desktop/enigdbug.txt
> 
> 
> 
> Wondering how I can rectify the problem in my OS/X 10.4 sys
> 
> and
> 
> wondering where enigmail.js is located since I was unable to find it with a normal search on the Mac here.
> 
> Thanks

In my OS X 10.5.2, enigmail.js is located at:

$HOME/Library/Thunderbird/Profiles/string.default/extensions/{string}/components/enigmail.js



How to rectify the problem? I have Googled   enigdbug.txt macos, found
many links mainly to postings by Mac users, but I can't relate them to
your problem. Maybe you might try a Google search with your own key words?

>From the raw source view of your e-mail, you are running:
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US;	rv:1.8.1.12)
 Gecko/20080213 Thunderbird/2.0.0.12 Mnenhy/0.7.5.0




Charly
MacOS 10.5.2 - MacBook Intel C2Duo - GnuPG 1.4.8 - GPG2 2.0.8
Thunderbird 2.0.0.12- Enigmail 0.95.6




From eocsor at gmail.com  Thu Mar 13 12:51:43 2008
From: eocsor at gmail.com (Roscoe)
Date: Thu, 13 Mar 2008 21:21:43 +0930
Subject: Offloading encryption to crypto card?
In-Reply-To: <4c3149fb0803130252u3b271ffas8dc101e2dd86c95d@mail.gmail.com>
References: <4c3149fb0803130252u3b271ffas8dc101e2dd86c95d@mail.gmail.com>
Message-ID: <cf657bae0803130451y2fff18fft16a423ecf2f0f702@mail.gmail.com>

Not really answering your question but...

openssl could be an option, as I gather that supports a few crypto
accelerators. I presume it would use them when calling openssl enc.

2008/3/13 pub crawler <pubcrawler.com at gmail.com>:
> We are new to GnuPG.... started using this in the past few weeks.
>
> We have large hundred and more megabyte files that we are regularly
> encrypting and decrypting as needed.
>
> Obviously, this takes time- more time than we sometimes like.
>
> Will something like the Rainbow Technologies CrytoSwift card help with
> speeding up GnuPG? Are these cards
> supported or similar cards from other manufacturers?
>
> Thanks!
>
>
> _______________________________________________
>  Gn