From bushveld at gmx.de Wed Oct 1 07:00:32 2008 From: bushveld at gmx.de (Michael) Date: Wed, 1 Oct 2008 07:00:32 +0200 Subject: Problem with gpg and option --check-options Message-ID: Hello I am useing kde 4.1.1 and gpg 2.0.9 within kde there is a Program Kleopatra to maintain the keys. This program performs a selfcheck and complains about an option setting: gpgconf: ung?ltige Option "--check-options" I have searched all files up and down but I can not find out where this option is set. If there is anyone how has an idea to find this setting or even has an idea why this option might be invalid - I'd be happy to here about. Thanks a lot Michael -------------- next part -------------- An HTML attachment was scrubbed... URL: From robert.vanyi at gmail.com Wed Oct 1 12:56:48 2008 From: robert.vanyi at gmail.com (Robert Vanyi) Date: Wed, 1 Oct 2008 11:56:48 +0100 Subject: Unicode filename support on Windows In-Reply-To: <200809180101.AA02239@VELA.sun.atlas-is.co.jp> References: <200809180101.AA02239@VELA.sun.atlas-is.co.jp> Message-ID: Hi Shuichi, 2008/9/18 HIRA, Shuichi : > Hi, > I am Japanese user. > >>C:\>gpg -e ???.txt > I tried and successfully encrypted. > > I think you need settings like below. > http://www.nihongo-ok.com/method/010326_gonmethod.htm Thanks for the link. However, if I apply the settings, the whole system will be using Japanese, and then I won't be able to use for example Russian (cyrillic) file names. Encrypting Japanese files on Japanese Windows works. However, I would like to be able to encrypt files with any Unicode characters in the file name on any (recent) Windows system. Does anybody has any experience with that? I was browsing some documentation, and maybe I have found an important point: Windows passes command line parameters always as UTF-16. If the application cannot handle UTF-16, it is converted to the local codepage. It would explain why I'm seeing question marks instead of Japanese characters, because Japanese characters cannot be represented in the local (English) codepage, so they are replaced with a placeholder. I've read that the application should have a wmain function instead of main to handle UTF-16 on Windows. Do you know anything about that? Maybe I should discuss this topic on gnupg-dev. Thanks, Robert From nicholas.cole at gmail.com Wed Oct 1 13:32:38 2008 From: nicholas.cole at gmail.com (Nicholas Cole) Date: Wed, 1 Oct 2008 12:32:38 +0100 Subject: Probable cause of bad signature? Message-ID: I've just noticed a curious signature on my own key - apparently one that I made myself a few years ago (2004), but which --check-sigs is now listing as "bad". It is the only signature on the key showing as bad. It probably doesn't matter at all, but I'm still curious to know what might have caused it. Does anyone have any ideas? The signature is class 10. All of the other self-sigs seem to be fine. Best wishes, Nicholas From shavital at mac.com Wed Oct 1 13:13:35 2008 From: shavital at mac.com (Charly Avital) Date: Wed, 01 Oct 2008 07:13:35 -0400 Subject: Problem with gpg and option --check-options In-Reply-To: References: Message-ID: <48E35B5F.2000200@mac.com> Michael wrote the following on 10/1/08 1:00 AM: > Hello > > I am useing kde 4.1.1 and gpg 2.0.9 within kde there is a Program > Kleopatra to maintain the keys. This program performs a selfcheck and > complains about an option setting: > > gpgconf: ung?ltige Option "--check-options" > > > I have searched all files up and down but I can not find out where this > option is set. If there is anyone how has an idea to find this setting > or even has an idea why this option might be invalid - I'd be happy to > here about. > > Thanks a lot > Michael Michael, there does seem to be such an option as --check-options. There are such options as: --import-options, --export-options, --list-options, --keyserver-options, and a few more; all of them have to be defined by a value, e.g. --list-options no-show-photos (do not show photos when listing keys included in a user's keyserver), and so on. Whereas the --check option is always (or usually) composed as --check-sigs, --check-trustdb, etc. --check-options as a inclusive option followed by a defining value is invalid (I believe ung?ltige means invalid). So maybe you'd be better erase (or comment) --check-options in your gpg.conf file. Just a thought, Charly From vipul3aggarwal at yahoo.com Wed Oct 1 11:39:25 2008 From: vipul3aggarwal at yahoo.com (vipul aggarwal) Date: Wed, 1 Oct 2008 02:39:25 -0700 (PDT) Subject: compiling without gnutls-extra Message-ID: <589058.75214.qm@web56202.mail.re3.yahoo.com> Hi, We are using gnutls 1.6.3. I was wondering, if we can compile the gnutls without the gnutls-extra. This is required because the gnutls-extra is under GPL and we want to remove the GPL component completely from the gnutls package. And then we want to ship gnutls without gnutls-extra along with our product. So, what I want to know is that is there a way to compile the gnutls without the gnutls-extra? Thanks n Regds, Vipul From kevhilton at gmail.com Wed Oct 1 16:09:24 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Wed, 1 Oct 2008 09:09:24 -0500 Subject: GPG2 - IDEA Message-ID: <96c450350810010709u178f46a7k4c88d298cb2f6b88@mail.gmail.com> Ok, I've finally managed to compile the gpg2 package (the stable package, not svn) with cygwin. Is there a way to add idea support to gpg2 or is this feature not supported? Thanks -- Kevin Hilton From bushveld at gmx.de Wed Oct 1 22:28:56 2008 From: bushveld at gmx.de (Michael) Date: Wed, 1 Oct 2008 22:28:56 +0200 Subject: Problem with gpg and option --check-options In-Reply-To: <48E35B5F.2000200@mac.com> References: <48E35B5F.2000200@mac.com> Message-ID: <200810012228.56878.bushveld@gmx.de> Hello Charly, thanks for your answer, I have attacht further information at the bottom of this mail. Am Mittwoch 01 Oktober 2008 13:13:35 schrieb Charly Avital: > Michael wrote the following on 10/1/08 1:00 AM: > > I am useing kde 4.1.1 and gpg 2.0.9 within kde there is a Program > > Kleopatra to maintain the keys. This program performs a selfcheck and > > complains about an option setting: > > > > gpgconf: ung?ltige Option "--check-options" > > there does seem to be such an option as --check-options. [...] > Whereas the --check option is always (or usually) composed as > --check-sigs, --check-trustdb, etc. > So maybe you'd be better erase (or comment) --check-options in your > gpg.conf file. These are my settings in gpg.conf I do not really see a check-option, how ever this makes sense. Maybe one of the experts sees the problem ? default-key 923B023B ask-cert-level default-cert-level 2 require-cross-certification charset utf-8 keyserver hkp://subkeys.pgp.net verbose verbose verbose keyserver-options auto-key-retrieve include-subkeys include-revoked import- clean export-clean import-options import-clean comment GPG keyID 0xxxxxxxxx - For copy: http://tinyurl.com/xxxxx use-agent Thanks a lot Michael From John at Mozilla-Enigmail.org Thu Oct 2 01:01:03 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 01 Oct 2008 18:01:03 -0500 Subject: Problem with gpg and option --check-options In-Reply-To: <200810012228.56878.bushveld@gmx.de> References: <48E35B5F.2000200@mac.com> <200810012228.56878.bushveld@gmx.de> Message-ID: <48E4012F.7020302@Mozilla-Enigmail.org> Michael wrote: > keyserver-options auto-key-retrieve include-subkeys include-revoked import- > clean export-clean import-options import-clean import-options import-clean belongs on a separate line from the keyserver-options -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From bushveld at gmx.de Thu Oct 2 07:56:48 2008 From: bushveld at gmx.de (Michael) Date: Thu, 2 Oct 2008 07:56:48 +0200 Subject: Problem with gpg and option --check-options In-Reply-To: <48E4012F.7020302@Mozilla-Enigmail.org> References: <200810012228.56878.bushveld@gmx.de> <48E4012F.7020302@Mozilla-Enigmail.org> Message-ID: <200810020756.48762.bushveld@gmx.de> Hi, thanks for the hint, I have changed this - unfortunately this did not made a change to the error message. Interesting to mention what Kleopatra tells me: - gpgcong Configuration Check Ok - gpg Configuration Check failed - gpg-agent Configuration Check failed - scddeamon Configuration Check failed - dirmngr Configuration Check failed All failed have a tool tip which says: gpgconf: invalid option -check-options I have searched google so many times. i do not find a hint - hope you have one :-))) Michael Am Donnerstag 02 Oktober 2008 01:01:03 schrieb John Clizbe: > Michael wrote: > > keyserver-options auto-key-retrieve include-subkeys include-revoked > > import- clean export-clean import-options import-clean > > import-options import-clean> > belongs on a separate line from the keyserver-options From wk at gnupg.org Thu Oct 2 08:33:17 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 02 Oct 2008 08:33:17 +0200 Subject: Problem with gpg and option --check-options In-Reply-To: <200810020756.48762.bushveld@gmx.de> (bushveld@gmx.de's message of "Thu, 2 Oct 2008 07:56:48 +0200") References: <200810012228.56878.bushveld@gmx.de> <48E4012F.7020302@Mozilla-Enigmail.org> <200810020756.48762.bushveld@gmx.de> Message-ID: <87vdwbjyky.fsf@wheatstone.g10code.de> On Thu, 2 Oct 2008 07:56, bushveld at gmx.de said: > All failed have a tool tip which says: gpgconf: invalid option -check-options The name of the option should be --check-options (two leading dashes). This is a quite new option to gpgconf, it was added on 2008-05-20 and thus it is not available in the last released version of GnuPG (2.0.9) I was not aware that KDE did a release requiring a non yet released version of GnuPG. This is probably becuase all developers used an SVN snapshot. Background: The new code was added in the course of a Windows project to port KDE to Windows. For Windows we use a snapshot of GnuPG. I know that a GnuPG release is long overdue; I hope to get a release candidate out in about 2 weeks. Salam-Shalom, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From bushveld at gmx.de Thu Oct 2 13:26:42 2008 From: bushveld at gmx.de (Michael) Date: Thu, 2 Oct 2008 13:26:42 +0200 Subject: Problem with gpg and option --check-options In-Reply-To: <87vdwbjyky.fsf@wheatstone.g10code.de> References: <200810020756.48762.bushveld@gmx.de> <87vdwbjyky.fsf@wheatstone.g10code.de> Message-ID: <200810021326.43036.bushveld@gmx.de> Hello Werner, Am Donnerstag 02 Oktober 2008 08:33:17 schrieb Werner Koch: > On Thu, 2 Oct 2008 07:56, bushveld at gmx.de said: > > All failed have a tool tip which says: gpgconf: invalid option > > -check-options > > The name of the option should be --check-options (two leading dashes). Thanks, my typo there are two dashes... > This is a quite new option to gpgconf, it was added on 2008-05-20 and > thus it is not available in the last released version of GnuPG (2.0.9) > I was not aware that KDE did a release requiring a non yet released > version of GnuPG. > This is probably becuase all developers used an SVN > snapshot. I use for KDE: Version 4.1.2 (KDE 4.1.1 (KDE 4.1 >= 20080828)) "release 52.2" so this is kind of very actual but not (too) experimental.. > Background: The new code was added in the course of a Windows > project to port KDE to Windows. For Windows we use a snapshot of GnuPG. > > I know that a GnuPG release is long overdue; I hope to get a release > candidate out in about 2 weeks. I will unsubscribe from the list and post an update in case I encounter problems. Is there an anouncelist for your next release? Michael > > Salam-Shalom, > > Werner From wk at gnupg.org Thu Oct 2 16:14:36 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 02 Oct 2008 16:14:36 +0200 Subject: Problem with gpg and option --check-options In-Reply-To: <200810021326.43036.bushveld@gmx.de> (bushveld@gmx.de's message of "Thu, 2 Oct 2008 13:26:42 +0200") References: <200810020756.48762.bushveld@gmx.de> <87vdwbjyky.fsf@wheatstone.g10code.de> <200810021326.43036.bushveld@gmx.de> Message-ID: <87prmjhynn.fsf@wheatstone.g10code.de> On Thu, 2 Oct 2008 13:26, bushveld at gmx.de said: > I will unsubscribe from the list and post an update in case I encounter > problems. Is there an anouncelist for your next release? gnupg-announce at gnupg.org Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tchitwoo at us.ibm.com Thu Oct 2 19:19:32 2008 From: tchitwoo at us.ibm.com (Thomas Chitwood) Date: Thu, 2 Oct 2008 10:19:32 -0700 Subject: Import Secret Key Message-ID: I need to import an additional secret key to my keyring. I am running gpg 1.4.5. What is the command to do this? I thought it would be "gpg --import-secret-keys , but that doesn't seen to work. Tom Chitwood MCP, MCSE, CNA Wellpoint Account Information Technology Services Americas Global Services, IBM -------------- next part -------------- An HTML attachment was scrubbed... URL: From duwainer at srlcd.com Fri Oct 3 00:01:39 2008 From: duwainer at srlcd.com (Duwaine Robinson) Date: Thu, 2 Oct 2008 17:01:39 -0500 Subject: Bypass Invalid Public key Message-ID: Hi All, Is there a way to get GnuPG to complete encryption, if there is at least one valid public key specified? I am trying automate my encryption process, and I am hoping to be able to get away with not having to specify error handling if one or more of my public keys does not exist on the key ring. Any help is greatly appreciated. Thank you Duwaine Robinson -------------- next part -------------- An HTML attachment was scrubbed... URL: From faramir.cl at gmail.com Fri Oct 3 04:57:16 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 02 Oct 2008 22:57:16 -0400 Subject: Import Secret Key In-Reply-To: References: Message-ID: <48E58A0C.8020306@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Thomas Chitwood escribi?: > > I need to import an additional secret key to my keyring. I am running > gpg 1.4.5. What is the command to do this? I thought it would be "gpg > --import-secret-keys , but that doesn't seen to work. I am not sure how is the command to do it, since I usually use some GUI to do those things, but, *in my opinion*, it would be a good idea to upgrade to gpg 1.4.9, since that is the current version. Version 1.4.5 is RFC2440 compliant, and version 1.4.9 is RFC4880 compliant... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI5YoLAAoJEMV4f6PvczxAzGwH/11ArlMtoSBfe8pudHR0TmbH tYj2AJp+rpU/Jj+ieMiMLAXzQ0gswQqvn/NRZYWaoEw8Oe/kMm9kWCZlx2FUYFwB QQCDOUC9hJ2KIx4Y75NisbIlc2oTnSXgwAEZ5qkYhep2QK1Vh3Qx33d07eBeJGKp lMz1ATqkIyAMpA7lntyffae+946r7DaV5tnZ+OLGGXN6l/G6+3iUEn+kKuFX2Afj eVKg7j7eXFcYsYNV5enaUcK9ZOxxX3evXeENt4xOB3giLRKsF36rPFDXMmnqeBON WHvJjxzMfln0enZrpBJAk/n4hpuUt/YkZHokxyWtGp86eX4DEHAX7mOK3EaP7LM= =+gWj -----END PGP SIGNATURE----- From tim at cu.net Thu Oct 2 00:45:51 2008 From: tim at cu.net (Tim Stebar) Date: Wed, 1 Oct 2008 16:45:51 -0600 Subject: Secret Key Not Available Message-ID: <16B619A03867164EBB5625B92887AA240105C68D@cu-exsrv1.cu.net> Hello, I created an EDI job (Trinary translation/schedule) that pulls down files and it decrypts just fine from the command line as well as if I spawn the EDI job from the command line. However, if I schedule the job in Trinary (kicks off the job by itself) it will not decrypt the file. It comes up with the following: $gpg -batch -passphrase gocatsgo -output out.txt -decrypt 810x12.pgp E:\ew\sv53\recv\tmp_recv>echo off Press any key to continue . . . gpg: encrypted with ELG-E key, ID 9B1D9DED gpg: decryption failed: secret key not available I have tried this with both a hard code passphrase (txt) as well as a passphrase file as well and still no luck? Anyone ever run into this by chance? I am wondering if it is something with the different environments or if it is how the Gnupg was installed maybe? $gpg -batch -passphrase gocatsgo -output out.txt -decrypt 810x12.pgp I have also tried $gpg -batch -passphrase-file pass.txt -output out.txt -decrypt 810x12.pgp Again, I can pull up a cmd dos prompt and do those commands and it works just fine. However when schedule and ran in batch in Trinary (EDI translator/schedule) it cannot find the key to decrypt. I have seen some other posts with similar problem when running from WEBMETHODS jobs but none of the posts had anyone answer them so thought I would run it by this news group. Thanks in advance! Tim Stebar EDI Systems Analyst Computers Unlimited Billings, MT 59105 ________________________________ DISCLAIMER: This message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. If you are not the intended recipient(s), you are notified that the dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or by calling the telephone number associated with this transmission. Please delete this e-mail from your computer (or discard this fax). Thank You. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmz at pobox.com Fri Oct 3 15:59:08 2008 From: tmz at pobox.com (Todd Zullinger) Date: Fri, 3 Oct 2008 09:59:08 -0400 Subject: Import Secret Key In-Reply-To: References: Message-ID: <20081003135908.GG10172@inocybe.teonanacatl.org> Thomas Chitwood wrote: > I need to import an additional secret key to my keyring. I am > running gpg 1.4.5. What is the command to do this? I thought it > would be "gpg --import-secret-keys , but that doesn't seen > to work. Two problems: 1) There is no --import-secret-keys option. See the manpage for valid commands. 2) How would specifying a key id for a key that hasn't been imported yet work? You can use a key id for keys already on your keyrings or when searching public keyservers, but for importing, you need to pass a path or the key data via standard input. You just want to use "gpg --import /path/to/secret-key" as you would for importing a public key. You might also want to set the trust level on the imported secret key (via gpg --edit-key $keyid trust). -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The only difference between a rut and a grave is the depth. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From ivo.alxneit at psi.ch Fri Oct 3 16:57:53 2008 From: ivo.alxneit at psi.ch (Ivo Alxneit-Kamber) Date: Fri, 03 Oct 2008 16:57:53 +0200 Subject: verifying signatures with gpgme 1.1.6 Message-ID: <48E632F1.7030904@psi.ch> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all i do not quite understand how i should interpret the result of `gpgme_op_verify_result(ctx)`. using gpg for my two files `foo` and `bar` i obtain what i expected. $ gpg --verify foo gpg: Signature made Thu 02 Oct 2008 10:32:46 AM CEST using DSA key ID 515E30C7 gpg: Good signature from "Ivo Alxneit (work) " gpg: aka "Ivo Alxneit (privat, old) " gpg: aka "Ivo Alxneit (privat) " - -> good signature from "trusted" key $ gpg --verify bar gpg: Signature made Tue 23 Sep 2008 05:05:00 PM CEST using RSA key ID 70B61F81 gpg: Good signature from "Timestamp Service " [uncertain] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4B 12 BC D5 78 85 11 06 3B 54 31 90 E0 9D F3 06 - -> good signature from "untrusted" key i then use the following code to verify the signatures using gpgme (version 1.1.6) gpgme_op_verify(ctx, sig, NULL, text); result = gpgme_op_verify_result(ctx); s = result->signatures; while (s) { fprintf(stdout, "\nsummary=%d\n", s->summary); fprintf(stdout, "fpr=%s\n", s->fpr); fprintf(stdout, "status=%d\n", s->status); fprintf(stdout, "timestamp=%lu\n", s->timestamp); fprintf(stdout, "wrong_key_usage=%u\n", s->wrong_key_usage); fprintf(stdout, "pka_trust=%u\n", s->pka_trust); fprintf(stdout, "chain_model=%u\n", s->chain_model); fprintf(stdout, "validity=%d\n", s->validity); fprintf(stdout, "validity_reason=%d\n", s->validity_reason); fprintf(stdout, "key=%d\n", s->pubkey_algo); fprintf(stdout, "hash=%d\n", s->hash_algo); s = s->next; } this seems to work fine. but i do not understand all of the result structure. for `foo` i obtain summary=3 (GPGME_SIGSUM_VALID + GPGME_SIGSUM_GREEN) fpr=D0E3ADE78E893E9CAEC1E2F401DEC213515E30C7 status=0 timestamp=1222936366 wrong_key_usage=0 pka_trust=0 chain_model=0 validity=4 (GPGME_VALIDITY_FULL) validity_reason=0 key=17 hash=2 why not validity=5 (GPGME_VALIDITY_ULTIMTE) as my key hast validity and trust set to ultimate. $ gpg --edit-key 0x515e30c7 Secret key is available. pub 1024D/515E30C7 created: 2002-02-11 expires: never usage: SCA trust: ultimate validity: ultimate sub 2048g/0503D66E created: 2002-02-11 expires: never usage: E for `bar` i obtain summary=0 (??) fpr=4B12BCD5788511063B543190E09DF306 status=0 timestamp=1222182300 wrong_key_usage=0 pka_trust=0 chain_model=0 validity=0 (GPGME_VALIDITY_UNKNOWN) validity_reason=0 key=1 hash=1 why not summary=2 (GPGME_SIGSUM_GREEN) so how ist the correct / intended way to detect a good signature made by an untrusted key? thanks for the help - -- Dr. Ivo Alxneit Laboratory for Solar Technology phone: +41 56 310 4092 Paul Scherrer Institute fax: +41 56 310 2688 CH-5232 Villigen http://solar.web.psi.ch Switzerland gnupg key: 0x515E30C7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFI5jLxAd7CE1FeMMcRAspKAKCBf4YUy9V5cffTgQuJix07sj8tNgCcDN/k niTLSEktrQOdnaKeRHqERQ4= =E2TX -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Oct 3 21:24:41 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 3 Oct 2008 15:24:41 -0400 Subject: Secret Key Not Available In-Reply-To: <16B619A03867164EBB5625B92887AA240105C68D@cu-exsrv1.cu.net> References: <16B619A03867164EBB5625B92887AA240105C68D@cu-exsrv1.cu.net> Message-ID: <20081003192441.GA75721@jabberwocky.com> On Wed, Oct 01, 2008 at 04:45:51PM -0600, Tim Stebar wrote: > Hello, > > I created an EDI job (Trinary translation/schedule) that pulls down files and it decrypts just fine from the command line as well as if I spawn the EDI job from the command line. However, if I schedule the job in Trinary (kicks off the job by itself) it will not decrypt the file. It comes up with the following: > > $gpg -batch -passphrase gocatsgo -output out.txt -decrypt 810x12.pgp > > E:\ew\sv53\recv\tmp_recv>echo off > Press any key to continue . . . > gpg: encrypted with ELG-E key, ID 9B1D9DED > gpg: decryption failed: secret key not available > > I have tried this with both a hard code passphrase (txt) as well as a passphrase file as well and still no luck? Anyone ever run into this by chance? I am wondering if it is something with the different environments or if it is how the Gnupg was installed maybe? It's not a question of the passphrase; rather, the key isn't there. If it works from the command line but not from the scheduled job, then I'd check for differences in the environment. Possibly you have two different GPG home directories when run in your two different ways. Check for different GNUPGHOME variables as well as different home directories for your different run methods. David From josef at troendle.net Sat Oct 4 17:18:53 2008 From: josef at troendle.net (Josef =?iso-8859-1?b?VHL2bmRsZQ==?=) Date: Sat, 04 Oct 2008 17:18:53 +0200 Subject: What happens to the original files after encryption? Message-ID: <20081004171853.x3p1nqu04o4gg0kw@www.netbeat.de> Hello, i'm going to encrypt sensitive data with gpg and i'm unsure about the way it handles the original files. Does it securely wipe or just shallowly remove them? Can I trust gpg that the only oddment is the encrypted file? Thanks a lot, Josef From dshaw at jabberwocky.com Sat Oct 4 17:43:33 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 4 Oct 2008 11:43:33 -0400 Subject: What happens to the original files after encryption? In-Reply-To: <20081004171853.x3p1nqu04o4gg0kw@www.netbeat.de> References: <20081004171853.x3p1nqu04o4gg0kw@www.netbeat.de> Message-ID: <90AF2CE8-B363-47F4-91D2-B2068AA7A2F7@jabberwocky.com> On Oct 4, 2008, at 11:18 AM, Josef Tr?ndle wrote: > Hello, > > i'm going to encrypt sensitive data with gpg and i'm unsure about > the way it handles the original files. Does it securely wipe or just > shallowly remove them? The original files are untouched, and you can do whatever you like with them. David From Dmitri.Shvetsov at lenel.com Fri Oct 3 16:40:53 2008 From: Dmitri.Shvetsov at lenel.com (Shvetsov, Dmitri UTCFS) Date: Fri, 3 Oct 2008 10:40:53 -0400 Subject: Verify digital signature by GnuPG for Windows Message-ID: <5E580B8FEE75ED429C6F86463FAFD2B70104CC66@UUSNWEK3.na.utcmail.com> Hello, I have downloaded and installed GnuPG 1.4.9 for Windows. The link is ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe. I am using gpg.exe to verify digital signature as follows: 1. gpg --import my_key.public 2. gpg --verify my_file.asc The scenario above works fine if I am using command prompt. But if I do the same commands by executing gpg.exe as a separate process from my code using CreateProcess Windows API call I have the following side effect. The signature is being verified without any problems but by some reason an additional file my_file (without extension) has been created. This file contains the signed content from the input file (my_file.asc) which has clearsign format. I am wondering why the behavior is different and if it's possible to suppress the creation of that additional file when launching gpg.exe programmatically from the code. Thanks, Dmitri. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurtc1972 at gmail.com Sat Oct 4 22:44:02 2008 From: kurtc1972 at gmail.com (Lawrence Chin) Date: Sat, 04 Oct 2008 13:44:02 -0700 Subject: Adding a UserID to Your Key In-Reply-To: <48DDB3D7.8010206@earthlink.net> References: <48DDB3D7.8010206@earthlink.net> Message-ID: <48E7D592.8010207@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kara wrote: > ==== > > Reference your 26 Sep (1859 -0700) "signing documents and others": > >> ...(5) How to add an additional UID to my kurt c key on the >> keyserver? I want to add my real name to it. > > Go to "Thunderbird | OpenPGP | Key Management" and highlight your key. > Then on the same "Key Management" screen go to "Edit | Manage User > ID" and on the lower left of the resulting screen click on "Add." > > Complete the resulting screen as desired and click on "OK," and then > on the resulting screen enter your key's passphrase and you're done. > > ==== > > Another way would be do use your computer's terminal mode program and > do the same sort of thing via the GPG command line procedure. If you > don't currently know how to do that, let me know and I'll be glad to > provide a quick step by step outline. > > I'm not doing that here since I assume you're in a hurry to make the > change and since you are using Enigmail, I'm providing instructions > for that. However, when and as you're comfortable with using GPG, I > urge you to gradually ease into some of the basic uses of the GPG > command line procedures as the need arises and your time permits. > > Enigmail, like any Graphic User Interface (GUI) for GPG > or PGP only allows you to access some of the most commonly > used commands of those two programs. It's only through the > use of the GPG or PGP command line procedures that you are > able to access all of the capabilities of either program. > > ==== > > Regarding adding a userID to your current key: > > a. That's a good way to go if you don't mind individuals > using your key being aware of both your real name and > your pseudonymous name. > > b. If you wish to keep those two identities totally separate, > then you would probable wish to establish one key for > each. > > c. In making the above decision, keep in mind that once you > (or someone else) uploads your subpara "a" key above to > a public keyserver, you are stuck with it forever since > currently there is no way to remove your key from the > public keyserver. You can revoke the key, you can revoke > the two differently named userIDs, etc but despite your > uploading a key with those revocations, those changes are > only "added" to your key as originally posted. Nothing > once posted can be removed. > > As an extreme example, if someone signs your > key with a key that includes the comment > "Lawrence hates the Pope, Jews, and Blacks" > and then uploads your key to a public > keyserver, that signatures will remain on your > key essentially forever no matter how distasteful > or maddening such a comment is. You can't remove > the signature and you can't revoke it. And even > if the individual who signed the key subsequently > revokes his signature, that signature (and its > revocation) will still continue to be shown on > your key as displayed on the public keyservers. > Again, even if you revoke the key, it will remain > on the public keyservers (albeit, shown as revoked). > > d. And whether you want your key uploaded to a public keyserver > or not, you can almost be positive that eventually it will > be by someone who does so thinking they are being helpful or > by someone who just wants to annoy you since he or she knows > you don't want your key uploaded there. > > ==== > > I won't be able to respond to your query on how to structure your two > e-mail accounts until late Sat probably due to unexpected company > having arrived. > > Best wishes for an enjoyable weekend. > > > Timestamp: Sat 27 Sep 2008, 0017 Local (UTC -0400) > > ==== Hi everyone, I want to propose something. Kara has been very patiently helping me with my questions on the board about how to use GnuPG and Enigmail, as is here. However, on two occasions she used sensitive words in her examples as in the "extreme example" here. It didn't just keep me scared all night and day due to my weak nervous system, but it has bothered me for over a whole week for another reason. I want to propose that we all use absolutely untainted clean language when we send encrypted emails (like this one is encrypted) so that we wouldn't give authority a reason to take away this privilege of ours to use encryption. It should be part of our ethic in using encryption. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjn1HQACgkQE7PX/Y51jV/+mQCgj/A+g4W8koqdupOylywssFSr rkMAoKW/8vYRq06ou0PWV8IoNLdTyXbm =kl65 -----END PGP SIGNATURE----- From kurtc1972 at gmail.com Sat Oct 4 22:49:52 2008 From: kurtc1972 at gmail.com (Lawrence Chin) Date: Sat, 04 Oct 2008 13:49:52 -0700 Subject: Revocation Certificates In-Reply-To: <48E07B2B.4030108@earthlink.net> References: <48E07B2B.4030108@earthlink.net> Message-ID: <48E7D6F0.1000802@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kara wrote: > ==== > > Reference Faramir's 27 Sep (2218 -0400) "Re: backing up keys etc" > which responded to your 27 Sep (1738 -0700) "backing up keys etc": > > Lawrence wrote in part: >>> So, if I need to revoke this public key in the future, I just >>> upload it to the keyserver? > Faramir wrote in part: >> IIRC, you would need to import the certificate to your keyring, and >> then upload the key to the keyserver... once you have done that, >> there is no coming back... And I think if you do that, you will >> revoke the whole key, with all its UID... the only time I imported >> a revocation certificate, the key just had one UID, so I am not >> 100% sure about that. And it was very easy to import it (indeed, I >> didn't intend to do it). > > a. Let's say you have a GPG/PGP key with five userIDs. You can > revoke any four of those userIDs but not the last one since > by definition a key must have at least one userID. > > (1) A userID has three possible elements: The "name" > is mandatory, the "e-mail address" and the > "comment" are optional. > > (2) A userID that has only a name is referred to as > a free-form userID. > > b. If you have a userID and for any reason you no longer wish > to use one of its elements because it has either changed or > you no longer wish to use it or have it shown on your key, > you'd normally revoke the userID. > > (1) For example, the userID's "e-mail address" > is no longer active or valid; or the "comment" > indicating you are "CIA Deputy Director" is > no longer valid since you're now the President's > "National Security Advisor"; or the "name" only > shows your first two initials and your last name > and you now wish to use only your full name (e.g., > first, middle, and last) on the key; or the "name" > is a pseudonym that you no longer wish to use or > have shown on your key. > > (2) After revoking the userID you'd upload the key to > a public keyserver and then -- I'd delete that > revoked userID from your key (and from the copy > of your key posted on Biglumber (BL) or the PGP > Global Directory (PGP-GD) if you posted your key > on either site. > > c. If you want to revoke all of the key's userIDs, you'd just > revoke the key itself and then upload the revoked key to > a public keyserver. > > (1) Before you delete the revoked key from your > keyring, however, keep in mind that if you > do that you won't be able to decrypt any > messages or files stored in your computer > or on discs that were encrypted with that key. > > (2) Also before you delete the revoked key keep > in mind that if someone uses your revoked key > without realizing its been revoked, you won't > be able to decrypt any message they send which > has been encrypted with that key. Normally that > wouldn't be a problem since you'd contact the > sender and tell them to resend their message > encrypting it with your xxxxxxxx key. > > (3) For the majority of individuals subpara (1) and > (2) above are not a problem and you can just > delete the revoked key -- I only mention those > two concerns so you can think of them before you > actually delete the revoked key from your keyring. > > (4) Once most folks obtain a copy of your key they > frequently don't later update it via one of the > public keyservers and those individuals won't be > aware you've revoked it. For those individuals > who you frequently correspond with and that you > know or think might have your revoked key, it is > often helpful to go ahead and notify them of the > key's revocation and tell them what key you wish > them to use in the future when writing you. > > ==== > >>> (2) So I used OpenPGP key management, "file" -> "export key to >>> file"...I can see each file consists of a public key block and a >>> private key block... > > Also keep in mind that when you "export key to file" you are given the > option of exporting the entire key pair or just the public part of the > key pair. Sometimes it's only the public part that you need to save. > > ==== > >>> .. typed in the correct passphrase at my third try. Now, where >>> can I find this revocation certificate? I don't even know the >>> file name!!! > > a. *If you've already created the key* (e.g., Dummy ) > and wish to use the terminal mode (command line) procedure to > create a revocation certificate for it: > > (1) Follow the atch 1 procedure. > > (2) Note at the end of atch 1 you have the resulting > revocation certificate and save it wherever you > wish (e.g., on a CD, a flash drive, etc) and titled > the saved file as desire. > > b. *If you choose to create the key with Enigmail* ("Thunderbird | > OpenPGP | Key Management | Generate": > > (1) You'll first be shown atch 2 for completion, then > > (2) After the key has been created you'll get atch 3. > > (3) If you answer atch 3 with a "Yes", > > (4) You'll get atch 4 which will provide you with > > (a) The proposed name (see the red circled area) for > the revocation certificate is one which you can > change as desired, and > > (b) The ability to specify where you want the > certificate saved (as indicates by either > the blue or the green circled areas is > one which you can change as desired. > > (c) I normally save lots of things on my Desktop > since it's uncluttered and I can easily find > anything I've saved there and either subsequently > delete it or move it elsewhere or copy it on a CD > or flash drive, etc as desired. > > (d) You'll note on atch 4 I'm saving it on my Desktop > (which is my default setting for saving files). > If I didn't want to save it there, I'd click on > "Kara" which is where all my other files are > located and then use the "green circled" option > to select a specific folder or file to save the > item. > > c. Note that since Enigmail is a "Graphic User Interface (GUI) it > only allows you to do some of the most common of the procedures > GPG is capable of doing. As a GUI, it currently doesn't permit > you to create a key and then _later_ create a revocation > certificate for it. To do the latter, you currently have to use > the terminal mode (command line) procedure. > > ==== > > *Repeating again*: > >>> ...Now, where can I find this revocation certificate? I don't >>> even know the file name!!! >> Good question... I think it should be in the same folder where your >> backup key files were exported... and the name should be something >> like the one you showed us in the question n?1, something like >> "email address (keyID number) rev.asc". If it is not there, it >> could be at C:\Documents and Settings\YourWindowsUserName\ or >> maybe in the GnuPG folder, since you was working at that folder >> when you generated the rev certificate. > > Here I'd politely tend to disagree with Faramir -- you are able to > save the revocation statements wherever you wish -- it's your decision > and not one that GPG or Enigmail automatically makes for you: > > a. If the revocation certificate is created by the terminal mode > (command line) procedure, as atch 1 indicates you can provide > the file's title and where it is to be saved yourself. > > b. If the revocation certificate is created via Enigmail when the > key itself is created, again as atch 4 indicates the title of > the file and where it is to be saved are decisions you control > yourself. > >> ...the only time I imported a revocation certificate,...And it was >> very easy to import it (indeed, I didn't intend to do it).... > > That to me is a very good reason not to keep your revocation > certificates anywhere near your GPG keys or keyring if you're keeping > revocation certificates on your computer. You never wish to put > yourself in the position that you've accidentally revoked a key if > that can be avoided. > > ==== > > *Personal Thoughts*: > > a. The common and recommended wisdom is that you should always create > a revocation certificate whenever you create a key. The majority > of folks don't do that and then may at sometime in the future find > they would like to revoke the key but can't because they've either > lost the entire key, lost the secret (private) part of the > key pair, or have forgotten the passphrase associated with the > key. > > b. But if you do create a revocation certificate, you've got to keep > it someplace safe and so _I_ tend to do things a bit differently. > > (1) I copy each of my keys (in each case the key pair) onto > two CDs and store that along with each key's passphrase > and a printed copy of each secret key: > > (a) First in a sealed envelope in what I consider > a very secure location in my home. > > (b) Second in a sealed envelope in my bank safety > deposit box. > > (2) With that data I'm positive that I'm able to revoke any > of my keys as and when desired and thus don't need > revocation certificates. If I were to create such > certificates I'd store them in the same two places noted > above. But because I don't have them, unlike Faramir I > can't easily accidentally import or upload them. > > (3) The two things you must have to maintain control over any > of your keys is first the passphrase for the key and > second the secret (private) part of the key pair. > > (a) I've securely stored the passphrase in > written form. > > (b) I've securely stored the secret (private) > and public parts of each key pair on a CD. > > (c) If for some reason neither CD will yield > the secret key, I can -- with great care > and effort, if I have to -- use the > printed copy of the secret key to recreate > it in my computer. > > (d) Since I try to keep each of my keys current > and updated on both Biglumber and on the > public keyservers, I don't need to worry > about having access to the public portion > of each of my keys -- however, if it was > absolutely necessary, I could create the > public part of my key pair by extracting > it from the secret (private) part. Note, > you can't reverse the procedure and use > the public part to create the secret (or > private) part of the key pair. > > ==== > > *Your four GPG/PGP Keys*: > >>> ...to export both the public and secret part of all my 4 keys.... > > *If and when you're willing share them*, I'd like to obtain copies of > your three other public keys (I've obviously got your 8E758D5F). If > they are posted on the public keyservers, I'd need just the three > keyIDs, otherwise either a copy of each key or the URL where I could > go to download them. > > ==== > > *Question*: Did the SMTP information I provided you yesterday help > resolve your problem or does it still exist? > > If any of the above information is no clear or if you have any > additional questions, please let me know. > > > Best wishes for an enjoyable week. > > > Timestamp: Mon 29 Sep 2008, 0252 Local (UTC -0400) > > ==== > > > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > This is another message of Kara's that's causing me nightmare last night when I read through it. We shouldn't have words like "...Deputy director" or "NS adviser" etc in an encrypted email! Please no body send encrypted email anymore! I'll just practice encryption with myself by writing to myself. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjn1vAACgkQE7PX/Y51jV8PBQCfWwBPo8uS+QDIzaKFS6TETOiT poMAmQGZj2BSj3Sd85WJMGVQ4FYKloLE =yMwA -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sat Oct 4 22:56:50 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 04 Oct 2008 16:56:50 -0400 Subject: Adding a UserID to Your Key In-Reply-To: <48E7D592.8010207@gmail.com> References: <48DDB3D7.8010206@earthlink.net> <48E7D592.8010207@gmail.com> Message-ID: <48E7D892.6000900@sixdemonbag.org> Lawrence Chin wrote: > I want to propose that we all use absolutely untainted clean language > when we send encrypted emails (like this one is encrypted) so that we > wouldn't give authority a reason to take away this privilege of ours > to use encryption. It should be part of our ethic in using > encryption. I call shenanigans. First, if you live in a country where encryption is a privilege, I feel sorry for you. Privacy is a human right. Tools that ensure privacy are also human rights. Second, if it's encrypted, how do you propose the authorities will read it? > This is another message of Kara's that's causing me nightmare last > night when I read through it. We shouldn't have words like "...Deputy > director" or "NS adviser" etc in an encrypted email! Why not? Intelligence agencies are already reading this list. Why not smile, wave and say hi to them? Speaking very broadly, as long as you aren't advocating terrorism, tax fraud, the drug trade or the exploitation of children, they really don't care. ... Privacy is a human right. Stand up for it, and don't apologize for insisting upon it. From dshaw at jabberwocky.com Sun Oct 5 00:01:29 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 4 Oct 2008 18:01:29 -0400 Subject: Adding a UserID to Your Key In-Reply-To: <48E7D592.8010207@gmail.com> References: <48DDB3D7.8010206@earthlink.net> <48E7D592.8010207@gmail.com> Message-ID: <221DD6CD-8B7E-400C-9EE9-20FF8B066A13@jabberwocky.com> On Oct 4, 2008, at 4:44 PM, Lawrence Chin wrote: [personal email removed for obvious reasons] > Hi everyone, I want to propose something. [removed] has been very > patiently > helping me with my questions on the board about how to use GnuPG and > Enigmail, as is here. However, on two occasions she used sensitive > words > in her examples as in the "extreme example" here. It didn't just > keep me > scared all night and day due to my weak nervous system, but it has > bothered me for over a whole week for another reason. I want to > propose > that we all use absolutely untainted clean language when we send > encrypted emails (like this one is encrypted) so that we wouldn't give > authority a reason to take away this privilege of ours to use > encryption. It should be part of our ethic in using encryption. Let me get this straight - you posted someone else's personal and encrypted mail on a public mailing list? To scold them for using words that bothered you? Seriously? Also, no. You don't get to pick what words people use in their emails, encrypted or not. If you don't like certain words used by certain people, it is your right to not communicate with them. It is not your right to lower the general level of communication to a level you approve of. David From jmoore3rd at bellsouth.net Sun Oct 5 00:19:40 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat, 04 Oct 2008 18:19:40 -0400 Subject: Adding a UserID to Your Key In-Reply-To: <48E7D592.8010207@gmail.com> References: <48DDB3D7.8010206@earthlink.net> <48E7D592.8010207@gmail.com> Message-ID: <48E7EBFC.5090103@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Lawrence Chin wrote: > bothered me for over a whole week for another reason. I want to propose > that we all use absolutely untainted clean language when we send > encrypted emails (like this one is encrypted) so that we wouldn't give > authority a reason to take away this privilege of ours to use > encryption. It should be part of our ethic in using encryption. The Encryption genie is 'out-of-the-bottle' now and cannot be stuffed back in. Particularly here in the U.S. where eCommerce and Online Banking rely upon PKI protocols. More basic is the 'electronic processing' of Demand Deposit [checking] Payments. Even if the desire existed; the NSA, FCC & FTC _combined_ do not have the resources to 'outlaw' Encryption at this point in time. :-D Even the paranoid Patriot Act makes no mention of or reference to Encryption. JOHN ;) Timestamp: Saturday 04 Oct 2008, 18:18 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI5+v6AAoJEBCGy9eAtCsPA94IAIH5RzJergEJRx0iiSrYOMTG IGyKnB7rrJQm5eMVvPqR3nYuqdtrjA4WxlhoaWAi8FnsihHhmsDJKahBLnVxbyeD 5CY1vDIiqKUc4fJDnisL0gqR7qRG1hRKGWfI2ttrhwB7/L7Lcb+qWyYkgpEmo5wi CyskY3oi11IyF+aKfFNLA7nuvCYkwY8bkqzimmst89EAVfE6yRFXZtIVPjFcNBBw pFppBoDMpppDtUkCbHTfg/uOqcWRiU/7hahT6iHaepnyl43QB6W6/OqAfMDd75+R CmGI1waEt2G2Zbt9Sj0jEtZV3KFvhsm+uLWd0JBuIbNZG/UMUFXO5KlUsklKw1c= =Tflj -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Oct 5 00:23:25 2008 From: faramir.cl at gmail.com (Faramir) Date: Sat, 04 Oct 2008 18:23:25 -0400 Subject: Adding a UserID to Your Key In-Reply-To: <48E7D592.8010207@gmail.com> References: <48DDB3D7.8010206@earthlink.net> <48E7D592.8010207@gmail.com> Message-ID: <48E7ECDD.80204@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Lawrence Chin escribi?: > Hi everyone, I want to propose something. Kara has been very patiently > helping me with my questions on the board about how to use GnuPG and Yes, I don't remember to have seen a message from Kara in the list, but she has helped me too, by private messages. > Enigmail, as is here. However, on two occasions she used sensitive words > in her examples as in the "extreme example" here. It didn't just keep me > scared all night and day due to my weak nervous system, but it has Well, on her behalf, the idea about an "extreme example" is to make it "extreme". Now, you should not let an "extreme example" bother you, in special if your nervous system is weak (maybe you should ask a medic about it, and sometimes, you need a second opinion). The thing about signatures in our public keys mean: "you can't control them", but I would add: "since we know we can't control them, why should be worried about them?". I mean, most people doesn't know how to use GPG, and the people trying to learn about it, soon or latter will learn about that fact... They will learn it sooner if that point is included in a FAQ... By the way, the fact the used that example as "extreme example", implies she considers it a very undesirable signature... a racist person would not use it as an example, since that person could even be proud of such message... > bothered me for over a whole week for another reason. I want to propose > that we all use absolutely untainted clean language when we send > encrypted emails (like this one is encrypted) so that we wouldn't give The first thing I should point, is the message you sent to the list, is not encrypted, it is just signed... and yes, if you sign a message and send it unencrypted, you should be careful about what are you saying, since we would know it was you the one who sent it. BUT at the same time (*if I am not wrong*), malicious people can't modify it to change the context... so if you send an "extreme example", a malicious user would need to show the whole message, and that would make clear the fact it was just an example, and not an opinion. The second thing, is the purpose of encrypting messages, is to keep them private. There are laws about reading letters sent to other people (at least, in my country, that is not legal), and the only thing gpg does, is to give us a way to bring the same privacy principle to email messages. In _my_ _opinion_, the only concern we must have when we send an encrypted message, is to not offend the recipient's sensibility, but I would not care about what a "listener" would think about the message, since gpg (_if_ _used_ _in_ _a_ _proper_ _way_), will take care of "listeners". > authority a reason to take away this privilege of ours to use > encryption. It should be part of our ethic in using encryption. Well, IIRC, there was an attempt to forbid encryption, but it could not be done, because it would destroy the electronic commerce... Now, I would be careful about the use of encryption in countries where privacy is not a right... but I suppose if you are in this list, then you are not in one of those countries. The only ways the authorities can know the content of an encrypted messages are: 1.- If the recipient disclosures the content of the message, as you did with Kara's message (but since the only thing it contained was an "extreme example", and also you didn't post her signature -so she can claim your forged the message), I suppose it won't cause any problem. Anyway, maybe next time you should ask people before posting the content of a private message... 2.- If the authority ask a judge to order either the recipient or the sender to disclosure the content of the message (note that, if the sender has not configured enigmail to encrypt the message to his own key too, he would not be able to do it, even if he wants to). 3.- If either the recipient or the sender has some spyware in his computer... Now, if you want to receive just "absolutely untainted clean language", maybe you should add a signature talking about that, in your email client (Thunderbird, I suppose) Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI5+zcAAoJEMV4f6PvczxAKFgH/2kWNiWoyprpzYjhvwp/jl+R zlHR3hvbe/sBS04L3sFnuTynSkCnoUsvlUKdmi6CtIRGRSipDnbLprFQvneG6lQg qyrvJaSdbopMdp6lMRFUquqvJ/si7k0RNTgIp9a5OJ+EoZDiOwAB9CiD5r8EMwja 6ZouF1VNPaoKPTBe2pDHiQPaAbQB8xp8eRDcHHDCS5jpQegF+H8B4I7flYvdRvJU zTIBdAvz6ZRh5KHnLgMR+OurQO5ktyLVRuvZzZ8s/iBCQAaEoxTY/dAaJY5KDSGO eZtqjXnhh4rW7eFiDKO1ubqEz3K12WHQj1wf0vTLMi6566pY5ybCGAILEp+DFSo= =TdWO -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Sun Oct 5 00:27:38 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat, 04 Oct 2008 18:27:38 -0400 Subject: Revocation Certificates In-Reply-To: <48E7D6F0.1000802@gmail.com> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> Message-ID: <48E7EDDA.3050200@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Lawrence Chin wrote: > This is another message of Kara's that's causing me nightmare last night > when I read through it. We shouldn't have words like "...Deputy > director" or "NS adviser" etc in an encrypted email! Why? Even if Reference to entities whose existence is public knowledge were known to exist; the Message was Encrypted [until re-Posted here] and therefore privy _only_ to You and the Sender. :-\ > Please no body send encrypted email anymore! I'll just practice > encryption with myself by writing to myself. Your choice, of course, but prior to Your entry to Encryption there have been many profane, obscene & inflammatory comments made about DIRNSA, the President of the U.S. & many others. At present all of these Public figures have much larger fish to fry than concerning themselves about references made to or about them. :-D JOHN ;) Timestamp: Saturday 04 Oct 2008, 18:26 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI5+3YAAoJEBCGy9eAtCsPQJUH/2gD4wD/JUS6jRM1xKBV94qO TUbNsKBq43rABwLtRKNmWecIDALHSQ8Z8qWdpqH7TVRTZSVpyIPTKDMb5F9Ad3nW heEOyM8xg5NfgTmfOdc1aK+6jWQLLAfdajqh4Jh9N+9YdccAkSpprNFh7VmdoFqJ YFkuykdki+xNSpdlxgYvj4d4HkETFdEA4EYsgUKYRhsEhcsRz1WuZzNqDsj+BAsO dJ8vTKWOFIj6M28Af6qzrCsnROKZI0j8aeg6mU1k+Cw/RKZcNGcSi4HQDiQLN7xS cDeU5W36kR8bmQQcs+hfGlaSgtFdCOnhLN0PU3Y58xIgASMsCBqSj+LeGbvM0Bw= =TVag -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Sun Oct 5 00:58:52 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sat, 04 Oct 2008 17:58:52 -0500 Subject: Adding a UserID to Your Key In-Reply-To: <48E7D592.8010207@gmail.com> References: <48DDB3D7.8010206@earthlink.net> <48E7D592.8010207@gmail.com> Message-ID: <48E7F52C.5080203@Mozilla-Enigmail.org> Lawrence Chin wrote: > Hi everyone, I want to propose something. Kara has been very patiently > helping me with my questions on the board about how to use GnuPG and > Enigmail, as is here. I have a better proposal. Absolutely NO ONE should send Lawrence Chin any sort of email that they do not want later posted in its entirety to a public list. Such glaringly poor examples of bad Netiquette are inexcusable. Kara's communication was _to_you_, not to the list. It's a poor breach of privacy for you to share that communication. > However, on two occasions she used sensitive words > in her examples as in the "extreme example" here. It didn't just keep me > scared all night and day due to my weak nervous system, but it has > bothered me for over a whole week for another reason. Ooooooo, words are scary. I think the na?vet? of your paranoia would be charming (Dali Lama) if it wasn't so outright wrong. Extreme examples are just that, EXTREME. You may wish to check that > I want to propose that we all use absolutely untainted clean language when we > send encrypted emails (like this one is encrypted) so that we wouldn't give > authority a reason to take away this privilege of ours to use encryption. It > should be part of our ethic in using encryption. Sorry but I have to call bullshit on this. Privacy is a human right not a privilege. (Free Tibet) Tools to communicate and ensure privacy are also human rights. Secondly, how are "The Authorities" (Hezballah) going to know what words are or are not (Hamas) in the message? IT'S ENCRYPTED. Sorry that that "tainted language" disturbs you so. Maybe you should consult a therapist? (Falun Gong) But I can assure, government officials ARE reading this list. (Hi guys!) Past and present NSA, FBI, CIA, DIA, EIEIO... So keep that in mind. Boogah boogah!!! And thirdly, sorry, you do not get to choose the words that you consider safe for others to use to communicate - THAT is an example of the loss of freedom most here abhor. (Saor ?ire) On more thing... If you *ARE* going to repost or reply to messages, please trim the quotation *DOWN* to just the relevant parts. Jeesh! -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Sun Oct 5 01:25:17 2008 From: faramir.cl at gmail.com (Faramir) Date: Sat, 04 Oct 2008 19:25:17 -0400 Subject: Revocation Certificates In-Reply-To: <48E7D6F0.1000802@gmail.com> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> Message-ID: <48E7FB5D.70401@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Lawrence, if your nerves are so shaken, maybe you should stop reading this message right now, and delete this message, or maybe keep it to read it once you are better. I will put some blank lines as "spoiler", just in case. And please note, this message is legal, and can't result in any harm to your reputation, or anything like that... Begin of "spoiler blank lines" End of "spoiler blank lines" >> (1) For example, the userID's "e-mail address" >> is no longer active or valid; or the "comment" >> indicating you are "CIA Deputy Director" is >> no longer valid since you're now the President's >> "National Security Advisor"; or the "name" only Come on, she was giving an example about comments in a key, and they were about having a legal job... Is it so serious to think a member of CIA could become an advisor of the president of USA? Also, please note that if the message was encrypted, it was not possible for authorities to know these words were on the message... now it was posted in a public list, they can know it. But again, these are perfectly legal jobs, and to talk about them, or to mention them, is perfectly legal too. >> GPG is capable of doing. As a GUI, it currently doesn't permit >> you to create a key and then _later_ create a revocation >> certificate for it. To do the latter, you currently have to use >> the terminal mode (command line) procedure. I disagree, the current version allows you to create it, by accessing the Key Manager, right click on the key, the contextual menu has the option to do it. >>>> ...Now, where can I find this revocation certificate? I don't >>>> even know the file name!!! >>> Good question... I think it should be in the same folder where your >>> backup key files were exported... and the name should be something >> Here I'd politely tend to disagree with Faramir -- you are able to As a side note, I was just giving him a hint about possible places to look for the rev cert he already had created... I was not suggesting him to store it in that place. >> above. But because I don't have them, unlike Faramir I >> can't easily accidentally import or upload them. Well, my mistake was to double click the rev cert, expecting to see some output (something like: right rev cert for key ID...), but the GUI interpreted it as "the user wants me to import the certificate... done!". But that taught me to be more careful... > This is another message of Kara's that's causing me nightmare last night > when I read through it. We shouldn't have words like "...Deputy > director" or "NS adviser" etc in an encrypted email! Why not? The message could not be read by any third party. And even if it could, it was just a mention to these jobs... Take it easy... > Please no body send encrypted email anymore! I'll just practice > encryption with myself by writing to myself. As you wish, but I still think you are overreacting a lot about those things... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI5/tdAAoJEMV4f6PvczxAJfIH/2enWJjxtIr6S8FxJNjCpTCJ s6Pj3keJsRXNy91ABnFNz13Esac1im9CZ2hoiHPedoWFmlOodL2WR/TPqrUdUcv1 aInQnuowzhkvJ4+NfWvnpi8sAvWN1pufdBl8ft7WVuD5du/4Fi6J0sEAACcwTn4M 7B9dhCGB9UA9pbKivCv6GX9tYas/cNPvZv2Rb9j3wiUMBCpsLh6U4KTIdajyMzlp k29xzkIy4IqCV04UlXsDZ5+TPWHuRbWxJ9Ad60MZWUi+QFKClOyffY3CAdK58P92 fsNAVSueJNBpBkg591raMJf7XuppHHzGL4qQ1keYlojaIdzXm56Kkkvyuufc+G8= =jGkp -----END PGP SIGNATURE----- From ml at mareichelt.de Sun Oct 5 02:23:21 2008 From: ml at mareichelt.de (markus reichelt) Date: Sun, 05 Oct 2008 02:23:21 +0200 Subject: Revocation Certificates In-Reply-To: <48E7FB5D.70401@gmail.com> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> Message-ID: <20081005002321.GM18448@tatooine.rebelbase.local> * Faramir wrote: > Begin of "spoiler blank lines" > [...] > End of "spoiler blank lines" niiice, I bet he didn't catch that one! -- left blank, right bald -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From kurtc1972 at gmail.com Sun Oct 5 03:59:14 2008 From: kurtc1972 at gmail.com (Lawrence Chin) Date: Sat, 04 Oct 2008 18:59:14 -0700 Subject: Revocation Certificates In-Reply-To: <20081005002321.GM18448@tatooine.rebelbase.local> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> <20081005002321.GM18448@tatooine.rebelbase.local> Message-ID: <48E81F72.4070002@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 markus reichelt wrote: > * Faramir wrote: > >> Begin of "spoiler blank lines" >> [...] >> End of "spoiler blank lines" > > niiice, I bet he didn't catch that one! > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users I certainly agree with John that no one should send me private messages. I'm sorry to have failed to observed Netiquette, but I was just too afraid. I have been reported before to law enforcement as saying things which in fact others said to me and got into trouble for that. Law enforcement would treat any words in my box as my product, "but others said it" is no defense. So I'm very paranoid about, not just what I said to others, but precisely what others said to me. So I always insist on others' using clean language when talking to me -- unfair as this may sound. But in any case, not observing Netiquette is my fault, and all this is unheroic on my part, so I'd be quiet from now on around here. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjoH3IACgkQE7PX/Y51jV/7ogCfX38tuzZHXiWbj5ej1zLp/kMs 2+4AnR7HPGa/E1TM3nBb26nEswcVW1/v =5xwz -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sun Oct 5 05:30:40 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 04 Oct 2008 23:30:40 -0400 Subject: Revocation Certificates In-Reply-To: <48E81F72.4070002@gmail.com> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> <20081005002321.GM18448@tatooine.rebelbase.local> <48E81F72.4070002@gmail.com> Message-ID: <48E834E0.6000903@sixdemonbag.org> Lawrence Chin wrote: > So I'm very paranoid about, not just what I said to others, but > precisely what others said to me. If this is of so much concern to you, you should probably consider leaving the various crypto mailing lists altogether. Members of various national intelligence communities are reading this list, the Enigmail list, the PGP-Basics list, and others. Not for any nefarious purpose, mind you, but because they're privacy enthusiasts. Remember: the NSA does both communications intelligence and communications security. This mailing list is right up the latter group's alley. They're great folks. If you are that concerned about the intelligence and/or law-enforcement communities seeing what you write, you should be very careful about your involvement on this, or any of several other, mailing lists. From jmoore3rd at bellsouth.net Sun Oct 5 05:40:56 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat, 04 Oct 2008 23:40:56 -0400 Subject: Revocation Certificates In-Reply-To: <48E834E0.6000903@sixdemonbag.org> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> <20081005002321.GM18448@tatooine.rebelbase.local> <48E81F72.4070002@gmail.com> <48E834E0.6000903@sixdemonbag.org> Message-ID: <48E83748.8090307@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: > If you are that concerned about the intelligence and/or law-enforcement > communities seeing what you write, you should be very careful about your > involvement on this, or any of several other, mailing lists. More precisely; You might be better served to abandon Email altogether as a Communications medium. You might inadvertently discuss cookware and mistakenly become the focus of a bored CHP or DEA inquiry. :-\ JOHN ;) Timestamp: Saturday 04 Oct 2008, 23:40 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI6DdHAAoJEBCGy9eAtCsP6VgH/jniB45uRzO5XxHbTgzu7Vav xIDqC/8aK+VvcezRx1UQ47HnVg4ZC3N9ALhRxq5KnnYQUURi7EfuPgO/FH82CvvE HzBQCsDcADvG8D4JbTnH+XgpAXl4Z3hkNTQxlSFINyq3ZnP3Xro6+nTN3HoPwdPw DKwHSuXqefTpnNbreAPg7Ov2ux2AwFoUKioYD40vCO8GqvpuvOB5+qHj+Hq51B3s DJcnvAON5MbPNfGYiXZqoCztB9bdLYftTq2sM9EIKp1KK7dPzTtahpDf3Pl40mHv uCUhlKwsNuPhIxMdqKXI0yjrYnc3vLZaESLVrd5RlCpaIscXdT2RnJIdSVGmRTo= =6VoN -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Oct 5 06:09:59 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 05 Oct 2008 00:09:59 -0400 Subject: Revocation Certificates In-Reply-To: <48E81F72.4070002@gmail.com> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> <20081005002321.GM18448@tatooine.rebelbase.local> <48E81F72.4070002@gmail.com> Message-ID: <48E83E17.9000302@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Lawrence Chin escribi?: > I'm sorry to have failed to observed Netiquette, but I was just too > afraid. I have been reported before to law enforcement as saying things You was reported? By somebody? The *proper* use of encryption should prevent "somebody" from reading your messages, and signatures should help to prove who said what was said... But since it is hard to prove if gpg is being used properly (mainly, if it is being used in a "clean" computer), maybe you should not take the risk. I suppose you can still sign your messages, since any attempt to alter them would break the signature. > which in fact others said to me and got into trouble for that. Law > enforcement would treat any words in my box as my product, "but others Well, I don't know how things work in USA courts of justice, but I suppose you can have a lawyer to defend you, and I suppose he can ask the opinion of an expert... since you are using gmail, and it is very likely you are not deleting the messages, it should be possible to prove who said what... > said it" is no defense. So I'm very paranoid about, not just what I said Maybe it is not if you say that, but an expert should have more chances to be believed. But again, I don't really know how justice works there. With due respect to USA, each time I read things like this, I am happy for not living there... my main concern here is if economy will be affected or not for things happening outside my country. But at least I know I can rely on justice to don't cause me problems for things I have not done or said. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI6D4XAAoJEMV4f6PvczxAZAsH/16s74iaZLgjzruCqjrCEwda QLt21kLakyNZKD4u0CKPo5hgBz87nsp1WwS0E4wDvRYFimKVaRs2h7Layf2jv0PU 8dSmqbWXfJ+KILIWHxJ+mf/gNV3mX1C7HqOYHB8c+ecmP+ogWoo7anRb7VHLM00t nnWpOCvOEnKIqxHfuxJxk9Bb2S/nt6mF9W/Xl2m3vM9hXGBNwBpC7rmVV6lTnUd4 s+kwoS/g1rmRsejlqZylg0VYFYNb0iOd5rDmPJ8ji1rejpcI2OK8MDj4axkfCR1D f2AKtpGouRSbOo/h4Nv0s7U0HjEViFGXwiQlxVEmkz6vhxOaSSKSvzE8WIL49gw= =kYb6 -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sun Oct 5 06:23:01 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 05 Oct 2008 00:23:01 -0400 Subject: Revocation Certificates In-Reply-To: <48E83E17.9000302@gmail.com> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> <20081005002321.GM18448@tatooine.rebelbase.local> <48E81F72.4070002@gmail.com> <48E83E17.9000302@gmail.com> Message-ID: <48E84125.60205@sixdemonbag.org> Faramir wrote: > With due respect to USA, each time I read things like this, I am happy > for not living there... my main concern here is if economy will be > affected or not for things happening outside my country. But at least I > know I can rely on justice to don't cause me problems for things I have > not done or said. At risk of continuing this thread more than it should be continued... This is not a miscarriage of justice. Even if everything Lawrence has said is true. Let's say that someone sends me a message in which they threaten the life of the President of the United States. I mention to someone that I've received this, they tell someone else, and _bang_, next thing I know I've got an appointment with some Secret Service agents who want to ask me some very intrusive questions. That's not a miscarriage of justice. That's them doing their job. It would be a miscarriage of justice if I was indicted for a crime, much less convicted -- but there's no miscarriage of justice in the police seeing something which says "hey, something may be afoot here," and deciding to follow up on it. In '98, I went down to the sheriff's office to renew my firearms permit. While filling out the form I was chatting with the woman behind the desk, whom I've known for some years. She asked me how my then-girlfriend was doing, and I said that I'd recently proposed and she'd said yes, and we were figuring out a wedding date. This was a perfectly normal conversation of the sort that goes on every single day. However, some sharp-eared deputy sheriff heard me talk about my fianc?e and noticed I was standing in line for a firearms permit. This deputy sheriff reported to his superior, and I wound up with a thirty-day delay in the paperwork while the county sheriff made sure that I didn't have murder afoot. Were they overreacting? Sure, a bit. But they were also doing their job. Remember that we've only heard Lawrence's side of things, and even then we haven't heard much about it. What does Lawrence mean by he got in trouble? Did an officer stop by his house and say "hey, we heard something about this, is there something I ought to know about?", or was he actually put on trial? The former is not objectionable; the police are allowed to do their job. The latter might very well be. (Note: I am not asking to know the particulars. I don't want to know the particulars. This entire thing is irrelevant. But it really annoys me to see people jump to such wild and unsupported conclusions based on the flimsiest of evidence and the wildest of accusations. It is one of my biggest pet peeves.) From j.lysdal at gmail.com Sun Oct 5 12:01:56 2008 From: j.lysdal at gmail.com (Jorgen Christiansen Lysdal) Date: Sun, 05 Oct 2008 12:01:56 +0200 Subject: Revocation Certificates In-Reply-To: <48E84125.60205@sixdemonbag.org> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> <20081005002321.GM18448@tatooine.rebelbase.local> <48E81F72.4070002@gmail.com> <48E83E17.9000302@gmail.com> <48E84125.60205@sixdemonbag.org> Message-ID: <48E89094.9090005@gmail.com> Robert J. Hansen wrote: > This deputy sheriff reported to his superior, and I wound up > with a thirty-day delay in the paperwork while the county sheriff made > sure that I didn't have murder afoot. Were they overreacting? Sure,a > bit. But they were also doing their job. They could have been overreacting to cover their own asses. In case you really wanted to hurt someone, they wanted to make sure it was not their mistake that got a person killed. Forgetting about the fact that there is a gazillion normal household items, that can harm a person. If they really had a bad feeling about you that day, wouldn't they have done something more than just delay paperwork? From jmoore3rd at bellsouth.net Sun Oct 5 13:24:04 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sun, 05 Oct 2008 07:24:04 -0400 Subject: Revocation Certificates In-Reply-To: <48E89094.9090005@gmail.com> References: <48E07B2B.4030108@earthlink.net> <48E7D6F0.1000802@gmail.com> <48E7FB5D.70401@gmail.com> <20081005002321.GM18448@tatooine.rebelbase.local> <48E81F72.4070002@gmail.com> <48E83E17.9000302@gmail.com> <48E84125.60205@sixdemonbag.org> <48E89094.9090005@gmail.com> Message-ID: <48E8A3D4.3010000@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Jorgen Christiansen Lysdal wrote: > Robert J. Hansen wrote: >> This deputy sheriff reported to his superior, and I wound up >> with a thirty-day delay in the paperwork while the county sheriff made >> sure that I didn't have murder afoot. Were they overreacting? Sure,a >> bit. But they were also doing their job. > > They could have been overreacting to cover their own asses. In My experience the majority of folks seriously contemplating Homicide rarely to to the effort to obtain a permit for the murder weapon. JOHN ;) Timestamp: Sunday 05 Oct 2008, 07:23 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI6KPTAAoJEBCGy9eAtCsPGz8H/0dUZfbsDkww9juRYUc1nCUH 34y689iJVDx5t5x01wNKGDkfo9DW79LooHWoJtij31E5OlHmpYccA3x7fUdr8svI ws3OUnomhXDdck3rgLkws9Y5gSkpueY9gJV8xeUJR5uaejcKR9dfOFQGSopJdrKF aN9TxAMLzzvps0njBZYBrWMpU1pZvXNfSpybaTRxlYsJ6wsXtoBNWeV+zCEg5AVV O/JusY1+4Mqu4n6iWS0BqEHa9t7fetPosjhMDHjQ9GdbISmXERJp2/Qlr/hUZVME lBTk01A43n4iz6729A1AWWBLWUiSIFOXL9sa4+LSVwmOgrVOXisZsqnngUpXfNk= =OKTR -----END PGP SIGNATURE----- From email at sven-radde.de Sun Oct 5 21:40:54 2008 From: email at sven-radde.de (Sven Radde) Date: Sun, 05 Oct 2008 21:40:54 +0200 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) Message-ID: <1223235654.6840.29.camel@carbon> Hi! Although David's awesome little tool [1] reduces the chance of losing a secret key, I am still a fan for pre-generated revocation certificates in case a key is irrecoverably lost. David, is there a chance that you will extend paperkey so that it encodes and decodes revocation certificates? Adding a line-wise CRC to those seems particularly sensible to me as they would be printed to paper even more often than keys. I am unsure as to how much they could be shortened, though. And, btw, is there a significant difference between 0.7 that ships with Ubuntu and 0.8 on jabberwocky.com? cu, Sven [1] For those that might not know: From rjh at sixdemonbag.org Sun Oct 5 22:05:10 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sun, 05 Oct 2008 16:05:10 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <1223235654.6840.29.camel@carbon> References: <1223235654.6840.29.camel@carbon> Message-ID: <1223237110.2653.2.camel@localhost.localdomain> On Sun, 2008-10-05 at 21:40 +0200, Sven Radde wrote: > David, is there a chance that you will extend paperkey so that it > encodes and decodes revocation certificates? I'm not David (obviously), but I don't see the win here. The problem with paper copies of private keys is they're big. If there's an error while OCRing them, it's going to be an ordeal to do an optical diff between what was printed and what was OCRed. Revocation certs are much smaller. They're a few lines of text, nothing more. The optical diff is much easier. Where's the need for this tool? Where's the use case? From faramir.cl at gmail.com Sun Oct 5 23:50:25 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 05 Oct 2008 17:50:25 -0400 Subject: Paperkey (some questions about its usage) In-Reply-To: <1223235654.6840.29.camel@carbon> References: <1223235654.6840.29.camel@carbon> Message-ID: <48E936A1.7070702@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello! > [1] For those that might not know: > Well, I didn't know about that tool. I was thinking about backing up the secret keys in a printed paper, but I discarded the idea because I thought it was infeasible (I mean, I thought my chance of a human typing it without mistakes was really low). But then I saw the quotations of Kara's message, and I thought it was not so unfeasible... and now I know there is a tool that reduces a lot the length of the text to type, I have changed my opinion. But I have some questions: 1.- If I use the tool in ubuntu, and then I open the output text file in windows (to print it), will I have problems with charsets? Maybe the solution would be to convert the txt to a pdf file, before moving it to windows... 2.- Well... I am really newbie with ubuntu (I am starting to think I am a noob in ubuntu, since time is passing, and I am not improving at all), so I have some doubts about how to install the tool in ubuntu... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI6TahAAoJEMV4f6PvczxAX34H+QGycoMLAdA72AMN6rfZopzs 7yEjz9ae/VZunLyiIMvdo41U4j3WZdEcCRNOPA1G01h1J+5N5b/cVXPesw8Stayv tdRBVHTN2JzDk1NgXxqCh5t6zSgbBJdRPn5WMx7QZso+WSJJQoZfWuFgw7Qf2+y/ 5TflFaM9X/LSKbOXcKRlR2Cimdm1Th0KyClUvxRKDQ8BwE35l6MvNenkBo/Z6yWw kF1fN89ykSe8IoHjoQPVK6Xq0WYttLLB3Mirzux/pSxBKRA/H9h0WSden4CuV+SL PA68Az5jnrwTO42qPKu2hxE4cAbeL+wC4+RIAKcz2KqMs/J1aSV5XDLRXOgr0v0= =b4sw -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Oct 6 01:47:30 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 5 Oct 2008 19:47:30 -0400 Subject: Paperkey (some questions about its usage) In-Reply-To: <48E936A1.7070702@gmail.com> References: <1223235654.6840.29.camel@carbon> <48E936A1.7070702@gmail.com> Message-ID: On Oct 5, 2008, at 5:50 PM, Faramir wrote: >> [1] For those that might not know: >> > > Well, I didn't know about that tool. I was thinking about backing up > the secret keys in a printed paper, but I discarded the idea because I > thought it was infeasible (I mean, I thought my chance of a human > typing > it without mistakes was really low). But then I saw the quotations of > Kara's message, and I thought it was not so unfeasible... and now I > know > there is a tool that reduces a lot the length of the text to type, I > have changed my opinion. > > But I have some questions: > > 1.- If I use the tool in ubuntu, and then I open the output text > file in > windows (to print it), will I have problems with charsets? Maybe the > solution would be to convert the txt to a pdf file, before moving it > to > windows... No charset problems. Paperkey uses only straight 7-bit ASCII everywhere, to eliminate charset problems in re-entering the key data. David From dshaw at jabberwocky.com Mon Oct 6 01:49:32 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 5 Oct 2008 19:49:32 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <1223235654.6840.29.camel@carbon> References: <1223235654.6840.29.camel@carbon> Message-ID: <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> On Oct 5, 2008, at 3:40 PM, Sven Radde wrote: > Although David's awesome little tool [1] reduces the chance of > losing a > secret key, I am still a fan for pre-generated revocation certificates > in case a key is irrecoverably lost. > > David, is there a chance that you will extend paperkey so that it > encodes and decodes revocation certificates? Adding a line-wise CRC to > those seems particularly sensible to me as they would be printed to > paper even more often than keys. I am unsure as to how much they could > be shortened, though. Paperkey does its trick by removing everything unnecessary from the secret key, and printing that out in an easily retyped (or OCRed) format. This works well for secret keys, as the secret bits are only around 10-15% of the size of the key (most secret keys can be represented in as few as 170 bytes, which can be easily retyped in a few minutes). A revocation certificate, on the other hand, doesn't have all that much that can be removed. Luckily revocation certificates are pretty short to begin with. The only real advantage that paperkey could bring to revocation certificates is the per-line CRC, which makes retyping easier. > And, btw, is there a significant difference between 0.7 that ships > with > Ubuntu and 0.8 on jabberwocky.com? Noteworthy changes in version 0.8 (2008-02-01) ---------------------------------------------- * The file format is now included as part of the base16 output, as there is no guarantee that this program will be on-hand when a reconstruction is necessary. The format can also be displayed via the --file-format command. Suggested by Brendan Kidwell. * Some bug fixes (actually to gnulib, but relevant here as well) to the SHA-1 code on platforms that require aligned access. Thanks to Peter Palfrader. * New --comment option to add comments to the base16 output. No major difference - just some convenience stuff and a bug fix that probably doesn't apply to you (you'd know it if you were on one of the platforms that had the gnulib bug because paperkey wouldn't run at all). David From faramir.cl at gmail.com Mon Oct 6 02:01:05 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 05 Oct 2008 20:01:05 -0400 Subject: Paperkey (some questions about its usage) In-Reply-To: References: <1223235654.6840.29.camel@carbon> <48E936A1.7070702@gmail.com> Message-ID: <48E95541.3090809@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw escribi?: > On Oct 5, 2008, at 5:50 PM, Faramir wrote: >>> ... >> 1.- If I use the tool in ubuntu, and then I open the output text file in >> windows (to print it), will I have problems with charsets? Maybe the ... > No charset problems. Paperkey uses only straight 7-bit ASCII > everywhere, to eliminate charset problems in re-entering the key data. Excellent! But, as Sven Radde said, is there a significant difference between 0.7 that ships with Ubuntu and 0.8 on jabberwocky.com? One thing I don't like in ubuntu, is it uses to have versions a bit outdated... gpg in my ubuntu (ubuntu 8) is version 1.4.6... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI6VVBAAoJEMV4f6PvczxAYPcH/RzSHV9Y606X8xduZEZiV1iU K771pRFP88JtGjkNOzFxXN3WtfFyO/fLu8yVfc33oMybTRh0PCVtHTUGP5XCQTxy TWYdRzy/mbATtpM7TVCUyVt81jR2MNAOGRPdB6YhVCIApbrsChOYDC0JTBuVswV0 ABHjNdJ7RB51JA5XPeFDV4ccDxV6zyJulPtOFlwjxxKZIjCJiGzTYGWT617/e5jh MNVjGTYenkBgRa8N7n7tfni9K2ujnBun0CjTrbNS8Xsw339HxM0vk5+YUyTMeaqJ DbVYCSxGulJABQ8ZQAc6u7FqrDhnjvf6x2jWaWlusWprztIMRcIcc9rDJbi8Ie4= =iLFO -----END PGP SIGNATURE----- From faramir.cl at gmail.com Mon Oct 6 02:11:03 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 05 Oct 2008 20:11:03 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> Message-ID: <48E95797.40201@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw escribi?: ... > that much that can be removed. Luckily revocation certificates are > pretty short to begin with. The only real advantage that paperkey could > bring to revocation certificates is the per-line CRC, which makes > retyping easier. Also, if the key is reconstructed (and provided the passphrase can be found somewhere), it should be easy to revoke it... > * The file format is now included as part of the base16 output, as > there is no guarantee that this program will be on-hand when a > reconstruction is necessary. The format can also be displayed > via the --file-format command. Suggested by Brendan Kidwell. So... the key can be reconstructed without using paperkey? How could it be done? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI6VeXAAoJEMV4f6PvczxAurwH/icuc3MPFksEZA4qgXCZ3Xv1 8YYCu/yxRuEPFI6FfrBB0ns+ZhbZ8jiUU/rQhePWdKdKYf5t3Rq0KEUMoFv6b/wa KEUvFMICnDU0Ier6z+S2Qk617obyh3rcI2r2qvwigmtXcFiBcwkZzC0P0sCt9GTS leuuOnZEi2Y/uv0FlnnAEh799eAuZ/LTgKP4RXi1nxWb4NhiWoCiEiwX1Ky6c291 L4/Hpjy4qnbmUQQLQLLfyJ9GacPHTVQyvjtViuaHzei/QMETUS1HbUG6Y2R/NhZy s/DlrhPvOZszt6q+cfxvmY+BPUGLiLd4edN9Z/9M2RiMkzId4mDcnJKssm7yvIU= =whfb -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Mon Oct 6 02:51:08 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sun, 05 Oct 2008 19:51:08 -0500 Subject: Paperkey (some questions about its usage) In-Reply-To: <48E936A1.7070702@gmail.com> References: <1223235654.6840.29.camel@carbon> <48E936A1.7070702@gmail.com> Message-ID: <48E960FC.4000808@Mozilla-Enigmail.org> Faramir wrote: > 1.- If I use the tool in ubuntu, and then I open the output text file in > windows (to print it), will I have problems with charsets? Maybe the > solution would be to convert the txt to a pdf file, before moving it to > windows... Should only 7bit characters Charset shouldn't be an issue. > 2.- Well... I am really newbie with ubuntu (I am starting to think I am > a noob in ubuntu, since time is passing, and I am not improving at all), > so I have some doubts about how to install the tool in ubuntu... Grab the archive and extract it. Move to the top level directory and configure && make && make install. I just built it on Windows under MSYS with the MinGW compiler. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Mon Oct 6 03:04:57 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 05 Oct 2008 21:04:57 -0400 Subject: Paperkey (some questions about its usage) In-Reply-To: <48E960FC.4000808@Mozilla-Enigmail.org> References: <1223235654.6840.29.camel@carbon> <48E936A1.7070702@gmail.com> <48E960FC.4000808@Mozilla-Enigmail.org> Message-ID: <48E96439.8000109@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John Clizbe escribi?: > Grab the archive and extract it. Move to the top level directory and > configure && make && make install. I just built it on Windows under MSYS with > the MinGW compiler. Windows version? Maybe, if David Shaw is not opposed, you could upload it somewhere... or by mail... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI6WQ5AAoJEMV4f6PvczxADeYIAJvyGkvSOWLUvVNBGhDOe5fR SfHi9K/lBjXZWW3/pt+JRyucpvxA5N9yIgdY5hinLjoWgMWHXDv1qpHwBRcQ2FV+ qH1+mv8/Hy7dbL1np9iQMqJSIMbMYuR2SvZsfIx8ng0ivggBWWDSdi5BXBngf0cq vLyXjJQXqE5L6wW3EU4Mpy9aFCK6XGIQNcfkkjrc9UkJomd+P96Vk6ChUwmd19Rb XOW/8BM8ZI5qjUaMNtle3254/xKY+ysKNLK5uCKsJ34sUZkbTigKjhw7yZr18qhv dvajRJztn3LzhYlpp3GGktq7UKKHMKE1tQODfEtAs9XCj01P6Zvywr29eaoJmtw= =PRNI -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Oct 6 04:02:35 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 5 Oct 2008 22:02:35 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <48E95797.40201@gmail.com> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <48E95797.40201@gmail.com> Message-ID: <65095E28-3786-48B1-AFBD-6D27D64EE4A0@jabberwocky.com> On Oct 5, 2008, at 8:11 PM, Faramir wrote: >> * The file format is now included as part of the base16 output, as >> there is no guarantee that this program will be on-hand when a >> reconstruction is necessary. The format can also be displayed >> via the --file-format command. Suggested by Brendan Kidwell. > > So... the key can be reconstructed without using paperkey? How could > it be done? You could theoretically reconstruct the key using any reasonable editor that works on binary files. Paperkey just does the work for you. Brendan pointed out, rather reasonably, that after a key is archived on paper for a long time, there may not be a copy of paperkey handy to restore it. Thus, paperkey prints out the file format (as a human-readable comment) before the actual secret key data. It's just there in case someone needs it someday. David From dshaw at jabberwocky.com Mon Oct 6 05:05:23 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 5 Oct 2008 23:05:23 -0400 Subject: Paperkey (some questions about its usage) In-Reply-To: <48E96439.8000109@gmail.com> References: <1223235654.6840.29.camel@carbon> <48E936A1.7070702@gmail.com> <48E960FC.4000808@Mozilla-Enigmail.org> <48E96439.8000109@gmail.com> Message-ID: <0CB5090B-24A4-4B3A-BAEF-9A96F86DB0B7@jabberwocky.com> On Oct 5, 2008, at 9:04 PM, Faramir wrote: > John Clizbe escribi?: > >> Grab the archive and extract it. Move to the top level directory and >> configure && make && make install. I just built it on Windows under >> MSYS with >> the MinGW compiler. > > Windows version? Maybe, if David Shaw is not opposed, you could > upload > it somewhere... or by mail... I certainly have no objection. Paperkey, like GnuPG, is under the GPL license, so you can do anything you like (including distribute it) that is supported by that license. David From email at sven-radde.de Mon Oct 6 07:54:12 2008 From: email at sven-radde.de (Sven Radde) Date: Mon, 06 Oct 2008 07:54:12 +0200 Subject: Paperkey (some questions about its usage) In-Reply-To: <48E936A1.7070702@gmail.com> References: <1223235654.6840.29.camel@carbon> <48E936A1.7070702@gmail.com> Message-ID: <1223272452.6749.8.camel@carbon> Hi! Am Sonntag, den 05.10.2008, 17:50 -0400 schrieb Faramir: > 2.- Well... I am really newbie with ubuntu (I am starting to think I am > a noob in ubuntu, since time is passing, and I am not improving at all), > so I have some doubts about how to install the tool in ubuntu... It's in the repositories since 8.04, so just install the "paperkey" package using whatever tool you normally install packages with, e.g. "sudo apt-get install paperkey" or start up synaptic and search for the "paperkey" package. cu, Sven From email at sven-radde.de Mon Oct 6 08:03:12 2008 From: email at sven-radde.de (Sven Radde) Date: Mon, 06 Oct 2008 08:03:12 +0200 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> Message-ID: <1223272992.6749.15.camel@carbon> Am Sonntag, den 05.10.2008, 19:49 -0400 schrieb David Shaw: > A revocation certificate, on the other hand, doesn't > have all that much that can be removed. Luckily revocation > certificates are pretty short to begin with. The only real advantage > that paperkey could bring to revocation certificates is the per-line > CRC, which makes retyping easier. Yes, that's the point. While I agree with Robert and you that revocation certs are smaller and therefore easier to OCR than keys, they would be *even easier* to OCR if they were encoded in Base16 and had per-line checksums. ASCII armor has a few characters which are somewhat hard to tell apart (orimarily 0s and Os - note to myself: find a better font) and if such 'entropy' can be avoided this increases reliability of the import. cu, Sven From email at sven-radde.de Mon Oct 6 08:22:42 2008 From: email at sven-radde.de (Sven Radde) Date: Mon, 06 Oct 2008 08:22:42 +0200 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <48E95797.40201@gmail.com> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <48E95797.40201@gmail.com> Message-ID: <1223274162.6749.29.camel@carbon> Hi! Am Sonntag, den 05.10.2008, 20:11 -0400 schrieb Faramir: > Also, if the key is reconstructed (and provided the passphrase can be > found somewhere), it should be easy to revoke it... Actively revoking a key requires the passphrase and it requires a trustworthy PC. When I'm currently trying to envision a scenario that would require me to use any kind of paperkey backup of my GnuPG keys, I am not so sure that I would have the latter readily available. But yes, true... I see that one can argue that pre-generated revocation certs are unnecessary if reliable key backups are established. Or, rather, that the risk would be that when the key backups are destroyed, the pre-generated revocation cert wouldn't survive either. cu, Sven From roam at ringlet.net Mon Oct 6 11:35:48 2008 From: roam at ringlet.net (Peter Pentchev) Date: Mon, 6 Oct 2008 12:35:48 +0300 Subject: Bypass Invalid Public key In-Reply-To: References: Message-ID: <20081006093547.GA1098@straylight.m.ringlet.net> On Thu, Oct 02, 2008 at 05:01:39PM -0500, Duwaine Robinson wrote: > Hi All, > > Is there a way to get GnuPG to complete encryption, if there is at least > one valid public key specified? I am trying automate my encryption > process, and I am hoping to be able to get away with not having to > specify error handling if one or more of my public keys does not exist > on the key ring. > > Any help is greatly appreciated. > Thank you I'm not sure that what you're asking would be such a good idea; after all, it boils down to "let GnuPG report success even if it did not really do most of what you asked it to, with no real way of knowing which parts it did do and which parts it didn't" :) IMHO, an alternative would be to actually *ask* it which keys it does have before attempting the encryption; you can do something like: gpg --list-keys --with-colons 16194553 87E057BE 5DBFAB91 ...and then look for the lines beginning with "pub". If this is a Unixish environment, you could try filtering the output through awk -F: '$1 == "pub" && $12 ~ /E/ { print $5 }' ..or, of course, just use your programming language's text processing capabilities to extract the fifth field of the "pub" lines that contain an "E" character in the twelfth field :) All of them will identify valid public keys that GnuPG can actually encrypt to (the uppercase 'E' signifies exactly that, according to the doc/DETAILS file in the GnuPG source). Hope that helps :) G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From roam at ringlet.net Mon Oct 6 12:33:09 2008 From: roam at ringlet.net (Peter Pentchev) Date: Mon, 6 Oct 2008 13:33:09 +0300 Subject: Bypass Invalid Public key In-Reply-To: <20081006093547.GA1098@straylight.m.ringlet.net> References: <20081006093547.GA1098@straylight.m.ringlet.net> Message-ID: <20081006103309.GB1098@straylight.m.ringlet.net> On Mon, Oct 06, 2008 at 12:35:48PM +0300, Peter Pentchev wrote: > On Thu, Oct 02, 2008 at 05:01:39PM -0500, Duwaine Robinson wrote: > > Hi All, > > > > Is there a way to get GnuPG to complete encryption, if there is at least > > one valid public key specified? I am trying automate my encryption > > process, and I am hoping to be able to get away with not having to > > specify error handling if one or more of my public keys does not exist > > on the key ring. > > > > Any help is greatly appreciated. > > Thank you > > I'm not sure that what you're asking would be such a good idea; after > all, it boils down to "let GnuPG report success even if it did not > really do most of what you asked it to, with no real way of knowing > which parts it did do and which parts it didn't" :) Oookay, okay, I know, I know, I know - you *can* try running GnuPG on the *encrypted* file later and find out which keys it is actually encrypted to, but in my book, that goes under "nonsensical effort". [almost snip my "--list-keys --with-colons output processing" suggestion] > gpg --list-keys --with-colons 16194553 87E057BE 5DBFAB91 > awk -F: '$1 == "pub" && $12 ~ /E/ { print $5 }' That part still stands :) G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This would easier understand fewer had omitted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From f.schwind at chili-radiology.com Mon Oct 6 13:48:14 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Mon, 06 Oct 2008 13:48:14 +0200 Subject: keyserver with gpgme In-Reply-To: <87tzbzrxym.fsf@wheatstone.g10code.de> References: <48D37EEC.2030007@chili-radiology.com> <48E07DB2.8080206@chili-radiology.com> <87y71bs92p.fsf@wheatstone.g10code.de> <48E0BB61.4090809@chili-radiology.com> <87tzbzrxym.fsf@wheatstone.g10code.de> Message-ID: <48E9FAFE.8010908@chili-radiology.com> Werner Koch wrote: > The latest stable one is 1.1.6,from January. However you should better > use the SVN version or this snapshot: > > ftp://ftp.g10code.com/g10code/scratch/gpgme-1.1.7-svn1327.tar.bz2 > > (that one my be removed at any time) How do I know which one is stable? And why isn't the latest stable release on http://gnupg.org/download? Should I always take the newest version from ftp://ftp.g10code.com/g10code/scratch ? Best Regards Florian From duwainer at srlcd.com Mon Oct 6 15:40:06 2008 From: duwainer at srlcd.com (Duwaine Robinson) Date: Mon, 6 Oct 2008 08:40:06 -0500 Subject: Bypass Invalid Public key In-Reply-To: <20081006103309.GB1098@straylight.m.ringlet.net> References: <20081006093547.GA1098@straylight.m.ringlet.net> <20081006103309.GB1098@straylight.m.ringlet.net> Message-ID: Thank you. I actually decided last week to verify whether the each key is valid before I perform the encryption. I used the --list-keys command along with a loop to accomplish this with ease. Duwaine Robinson -----Original Message----- From: Peter Pentchev [mailto:roam at ringlet.net] Sent: Monday, October 06, 2008 5:33 AM To: Duwaine Robinson Cc: gnupg-users at gnupg.org Subject: Re: Bypass Invalid Public key On Mon, Oct 06, 2008 at 12:35:48PM +0300, Peter Pentchev wrote: > On Thu, Oct 02, 2008 at 05:01:39PM -0500, Duwaine Robinson wrote: > > Hi All, > > > > Is there a way to get GnuPG to complete encryption, if there is at > > least one valid public key specified? I am trying automate my > > encryption process, and I am hoping to be able to get away with not > > having to specify error handling if one or more of my public keys > > does not exist on the key ring. > > > > Any help is greatly appreciated. > > Thank you > > I'm not sure that what you're asking would be such a good idea; after > all, it boils down to "let GnuPG report success even if it did not > really do most of what you asked it to, with no real way of knowing > which parts it did do and which parts it didn't" :) Oookay, okay, I know, I know, I know - you *can* try running GnuPG on the *encrypted* file later and find out which keys it is actually encrypted to, but in my book, that goes under "nonsensical effort". [almost snip my "--list-keys --with-colons output processing" suggestion] > gpg --list-keys --with-colons 16194553 87E057BE 5DBFAB91 > awk -F: '$1 == "pub" && $12 ~ /E/ { print $5 }' That part still stands :) G'luck, Peter -- Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This would easier understand fewer had omitted. From kevhilton at gmail.com Mon Oct 6 16:54:20 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Mon, 6 Oct 2008 09:54:20 -0500 Subject: GPG --symmetric option and passphrases Message-ID: <96c450350810060754y3b972abbu21b7112ecfcec341@mail.gmail.com> When using gpg with the --symmetric flag (as when symmetrically encrypting a file with a passphrase), is the passphrase salted and hashed? Is so, how many times is it hashed, and what hashing algorithm is used for this process? Is this controlled by some parameter in the gpg.conf file or command line flag? Thanks -- Kevin Hilton From kevhilton at gmail.com Mon Oct 6 17:14:44 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Mon, 6 Oct 2008 10:14:44 -0500 Subject: Computational Efficiency of GnuPG ciphers and hashes Message-ID: <96c450350810060814m84b645fpdba4d99cb7a099ce@mail.gmail.com> Its often been mentioned on this mailing list, that 3DES is notoriously slow. On the flipside, what cipher is considered the fastest -- or the most computationally efficient (if this term even applies)? Are there similar relative results among the GnuPG hashes? Thanks -- Kevin Hilton From dshaw at jabberwocky.com Mon Oct 6 17:17:55 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 6 Oct 2008 11:17:55 -0400 Subject: GPG --symmetric option and passphrases In-Reply-To: <96c450350810060754y3b972abbu21b7112ecfcec341@mail.gmail.com> References: <96c450350810060754y3b972abbu21b7112ecfcec341@mail.gmail.com> Message-ID: On Oct 6, 2008, at 10:54 AM, Kevin Hilton wrote: > When using gpg with the --symmetric flag (as when symmetrically > encrypting a file with a passphrase), is the passphrase salted and > hashed? Yes. Unless you change that safe default with --s2k-mode. > Is so, how many times is it hashed, and what hashing > algorithm is used for this process? By default, it's 65536 iterations. The hash algorithm is SHA-1, unless you change it with --s2k-digest-algo. > Is this controlled by some > parameter in the gpg.conf file or command line flag? --s2k-count is what you're looking for: --s2k-count n Specify how many times the passphrase mangling is repeated. This value may range between 1024 and 65011712 inclusive, and the default is 65536. Note that not all values in the 1024-65011712 range are legal and if an illegal value is selected, GnuPG will round up to the nearest legal value. This option is only meaningful if --s2k-mode is 3. As always, the defaults here are safe. Don't change them unless you know what you're doing. David From tchitwoo at us.ibm.com Mon Oct 6 17:03:10 2008 From: tchitwoo at us.ibm.com (Thomas Chitwood) Date: Mon, 6 Oct 2008 08:03:10 -0700 Subject: Maximum file size Message-ID: Is there a maximum file size that gpg 1..4.5 can encrypt? Tom Chitwood MCP, MCSE, CNA Wellpoint Account Information Technology Services Americas Global Services, IBM -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevhilton at gmail.com Mon Oct 6 17:28:21 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Mon, 6 Oct 2008 10:28:21 -0500 Subject: GPG --symmetric option and passphrases In-Reply-To: References: <96c450350810060754y3b972abbu21b7112ecfcec341@mail.gmail.com> Message-ID: <96c450350810060828l64d2e56n5280a49382fc4227@mail.gmail.com> >> On Mon, Oct 6, 2008 at 10:17 AM, David Shaw wrote: > On Oct 6, 2008, at 10:54 AM, Kevin Hilton wrote: > >> When using gpg with the --symmetric flag (as when symmetrically >> encrypting a file with a passphrase), is the passphrase salted and >> hashed? > > Yes. Unless you change that safe default with --s2k-mode. > >> Is so, how many times is it hashed, and what hashing >> algorithm is used for this process? > > By default, it's 65536 iterations. The hash algorithm is SHA-1, unless you > change it with --s2k-digest-algo. > >> Is this controlled by some >> parameter in the gpg.conf file or command line flag? > > --s2k-count is what you're looking for: > > --s2k-count n > Specify how many times the passphrase mangling is > repeated. > This value may range between 1024 and 65011712 inclusive, > and > the default is 65536. Note that not all values in > the > 1024-65011712 range are legal and if an illegal value > is > selected, GnuPG will round up to the nearest legal value. > This > option is only meaningful if --s2k-mode is 3. > > As always, the defaults here are safe. Don't change them unless you know > what you're doing. > > David > Thanks -- very clear explanations. How long can the passphrase be? I assume it would be truncated at a particular length. For example if I passes a Whirlpool Hash as the passphrase, would the entire 128-digit hexadecimal hash be used as the passphrase or would this be rounded? -- Kevin Hilton From dshaw at jabberwocky.com Mon Oct 6 19:24:32 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 6 Oct 2008 13:24:32 -0400 Subject: Maximum file size In-Reply-To: References: Message-ID: <20081006172431.GA88734@jabberwocky.com> On Mon, Oct 06, 2008 at 08:03:10AM -0700, Thomas Chitwood wrote: > Is there a maximum file size that gpg 1..4.5 can encrypt? There are quite a few bits and details around this, but in general, it is whatever the maximum file size your OS supports. How big are the files you're talking about? David From dshaw at jabberwocky.com Mon Oct 6 19:44:40 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 6 Oct 2008 13:44:40 -0400 Subject: GPG --symmetric option and passphrases In-Reply-To: <96c450350810060828l64d2e56n5280a49382fc4227@mail.gmail.com> References: <96c450350810060754y3b972abbu21b7112ecfcec341@mail.gmail.com> <96c450350810060828l64d2e56n5280a49382fc4227@mail.gmail.com> Message-ID: <20081006174440.GB88734@jabberwocky.com> On Mon, Oct 06, 2008 at 10:28:21AM -0500, Kevin Hilton wrote: > Thanks -- very clear explanations. How long can the passphrase be? I > assume it would be truncated at a particular length. For example if I > passes a Whirlpool Hash as the passphrase, would the entire 128-digit > hexadecimal hash be used as the passphrase or would this be rounded? There is no limit in OpenPGP for a passphrase length, beyond that of the inherent limit imposed by the hash used for string-to-key conversion. So, for SHA-1, the passphrase can be up to 2^64-1 bits, or just under 2 exabytes. In practice, however, that's an insane size for a passphrase (around 457 million DVDs worth if my back of the envelope scribble is right) and no OpenPGP implementation supports anything near that. GnuPG in particular will take whatever you give it, but it must be able to fit in memory (and secure memory to boot, on those platforms that support it). You can probably get a few kb, but not much more. Obviously, your 128-digit hash (how are you getting 128 digits out of Whirlpool anyway? 512 bits / 8 == 64 bytes) is well under the limit and would work fine, but note that 128 digits is 1024 bits - well over the largest key size of a symmetric cipher in GPG (256 bits). You're not really adding security at that point. Even if you're using the Whirlpool text output as the passphrase (which is the only way I can see getting 128 digits out of Whirlpool), you are putting in 512 bits of real input, which is still at least twice as large as the symmetric cipher. Be careful you don't shoot yourself in the foot here. David From dshaw at jabberwocky.com Mon Oct 6 19:56:36 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 6 Oct 2008 13:56:36 -0400 Subject: Computational Efficiency of GnuPG ciphers and hashes In-Reply-To: <96c450350810060814m84b645fpdba4d99cb7a099ce@mail.gmail.com> References: <96c450350810060814m84b645fpdba4d99cb7a099ce@mail.gmail.com> Message-ID: <20081006175636.GC88734@jabberwocky.com> On Mon, Oct 06, 2008 at 10:14:44AM -0500, Kevin Hilton wrote: > Its often been mentioned on this mailing list, that 3DES is > notoriously slow. On the flipside, what cipher is considered the > fastest -- or the most computationally efficient (if this term even > applies)? Are there similar relative results among the GnuPG hashes? AES is probably the fastest cipher in GPG, and MD5 is probably the fastest hash (which doesn't make it good, just fast). Measure it yourself. Get some big file, and do this: for i in 2 3 4 7 8 9 10; do echo "Trying cipher $i" && time gpg \ --cipher-algo S$i --yes --batch --passphrase test --symmetric ~/my-big-file \ && echo && echo; done David From dshaw at jabberwocky.com Mon Oct 6 20:03:05 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 6 Oct 2008 14:03:05 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <1223272992.6749.15.camel@carbon> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <1223272992.6749.15.camel@carbon> Message-ID: <20081006180305.GD88734@jabberwocky.com> On Mon, Oct 06, 2008 at 08:03:12AM +0200, Sven Radde wrote: > Am Sonntag, den 05.10.2008, 19:49 -0400 schrieb David Shaw: > > A revocation certificate, on the other hand, doesn't > > have all that much that can be removed. Luckily revocation > > certificates are pretty short to begin with. The only real advantage > > that paperkey could bring to revocation certificates is the per-line > > CRC, which makes retyping easier. > > Yes, that's the point. > While I agree with Robert and you that revocation certs are smaller and > therefore easier to OCR than keys, they would be *even easier* to OCR if > they were encoded in Base16 and had per-line checksums. > > ASCII armor has a few characters which are somewhat hard to tell > apart (orimarily 0s and Os - note to myself: find a better font) and > if such 'entropy' can be avoided this increases reliability of the > import. Good point. I'll consider that, but in the meantime, note that you can do something like this: gpg --gen-revoke (thekey) | gpg --dearmor | od -tx1 David From rjh at sixdemonbag.org Mon Oct 6 21:01:23 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 06 Oct 2008 15:01:23 -0400 Subject: Computational Efficiency of GnuPG ciphers and hashes In-Reply-To: <96c450350810060814m84b645fpdba4d99cb7a099ce@mail.gmail.com> References: <96c450350810060814m84b645fpdba4d99cb7a099ce@mail.gmail.com> Message-ID: <48EA6083.4090404@sixdemonbag.org> Kevin Hilton wrote: > Its often been mentioned on this mailing list, that 3DES is > notoriously slow. On the flipside, what cipher is considered the > fastest -- or the most computationally efficient (if this term even > applies)? Are there similar relative results among the GnuPG hashes? AES is the clear winner, with Twofish a close second. From classpath at arcor.de Mon Oct 6 21:25:18 2008 From: classpath at arcor.de (Morton D. Trace) Date: Mon, 06 Oct 2008 21:25:18 +0200 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <20081006180305.GD88734@jabberwocky.com> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <1223272992.6749.15.camel@carbon> <20081006180305.GD88734@jabberwocky.com> Message-ID: <48EA661E.5060001@arcor.de> David Shaw wrote: > On Mon, Oct 06, 2008 at 08:03:12AM +0200, Sven Radde wrote: >> Am Sonntag, den 05.10.2008, 19:49 -0400 schrieb David Shaw: >>> A revocation certificate, on the other hand, doesn't >>> have all that much that can be removed. Luckily revocation >>> certificates are pretty short to begin with. The only real advantage >>> that paperkey could bring to revocation certificates is the per-line >>> CRC, which makes retyping easier. >> Yes, that's the point. NAME uuencode, uudecode - encode a binary file, or decode its encoded representation SYNOPSIS uuencode [source-file] decode_pathname uuencode [-m] [source-file] decode_pathname uudecode [-p] [encoded-file] uudecode [-o outfile] [encoded-file] uuencode -m .gnupg/secring.gpg ./ Does the trick for me. Less than 100 lines and good paper printable. Sincerely yours, Morten From vedaal at hush.com Tue Oct 7 00:17:12 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Mon, 06 Oct 2008 18:17:12 -0400 Subject: GPG --symmetric option and passphrases Message-ID: <20081006221713.E5D7ED0333@smtp.hushmail.com> David Shaw dshaw at jabberwocky.com wrote on Mon Oct 6 19:44:40 CEST 2008 : >There is no limit in OpenPGP for a passphrase length, >beyond that of the inherent limit >imposed by the hash used for string-to-key conversion interesting, am way out of my depth here, in that i don't understand the mechanics of block cipher primitives ;-) truecypt has a maximum allowable passphrase of 64 characters (sort-of relatively small for an application that allows a 1 petabyte container size for encryption ;-) ) [i couldn't find it in their documentation on why they decided on the limit of 64] i 'thought' that the reason that this was so, was either that [1] a 64 character passphrase should be more than enough for even the most paranoid user, if it could even be remembered reliably accurately ;-) or [2] a passphrase for a block cipher that has a 64 character session key *somehow* wouldn't provide any 'more' protection if it exceeded 64 characters (although am a little *fuzzy* at this point, because a session key has 64 hexadecimal characters, and a passphrase of 64 'keyboard' characters is way beyond 2^256 possibilities) is this inaccurate? is there a 'ceiling' limit, beyond which a passphrase length does not cryptographically protect the key? (not a limit beyond which it is 'easier' to attack the key than the passphrase, that's easy to figure out, depending on if random characters are used, or diceware words, or other options with a known total number of possibilities, {i.e. for random 95 keyboard characters [ 95^39 ~= 1.35 x 10^77 ] > [2^256 ~= 1.15 x 10^77 ] }, but a limit where the password length after it becomes a key, doesn't provide any more protection ? >So, for SHA-1, the passphrase can be up to 2^64-1 bits, so, does it depend only on the hash? if SHA-512 were to be used, would it mean that the passphrase could theoretically be 2^512-1 ? tia, vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Spend quality time on the open seas with a great boating charter. Click now! http://tagline.hushmail.com/fc/Ioyw6h4dtQZFptS2Q73nCwbYlkFqRhcK8rObdNseHWJVc2aCGMWxUD/ From bahamutzero8825 at gmail.com Tue Oct 7 02:39:34 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Mon, 06 Oct 2008 19:39:34 -0500 Subject: Testing a build Message-ID: <48EAAFC6.4050900@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 How would one go about making sure everything works? I built GPG for Windows following the instructions at http://clbianco.altervista.org/gnupg/eng/gnupg.html (a link at gnupg.org/download.html). Unfortunately, I cannot find the libcurl package mentioned. It says the package is labeled "libcurl" and not "binary", yet it says there are .dll files in it. I seem to be missing libintl3.dll (IIRC), which causes dd not to start during configuration, but I am still able to build GPG (it runs). I did not bother with libiconv. I've replaced the official binaries with my own (keeping a backup, of course), and Enigmail seems to be fine, I am signing this with my binaries. I also changed CFLAGS from CFLAGS='-O3 -mtune=i386 -march=i386 -mfpmath=387 -mno-mmx -mno-sse - -mno-3dnow -mno-sse2' to CFLAGS='-O3 -mtune=prescott -march=prescott -mfpmath=sse -mmmx -msse - -msse2 -msse3 -mno-3dnow' since my processor supports SSE3. I have three questions: How can I make sure everything is working right? (A bit OT) Will the instruction set change cause any noticeable improvement? (Also a bit OT) If it's supposed to, how can I make sure it is? - -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18063 | GPG 1.4.9 | Thunderbird 2.0.0.17 | Enigmail 0.95.7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAwAGBQJI6q/GAAoJEPiOA0Bgp4/Lix4H/jwwTqBsrwgzlsS6wdESE86b SGuN2C3FKvDddppAnI2lAODFb/oLeImWiFuNorX+lbQ+VTaGn1H/fDD0Sdy9toy+ A+834hQeVE5mqW+sK9uxPISg0uEVTk5eG4t3cruGdKwl8zjXh5j8NlXZmkbAiq+R omqpjlo71Tr8Gy4lGnFA7K0Pt/kFlgDqQfX2IcKZqd0giSr5O7WtzTCv9YnzKogS z4CoR/ZEBUz65nuJ5i3lQ9FZBcCHYt+5biMyMEVhz7K4rvBVejmLwZl6KOhfnvQb qeIKTOn/NMtt5fwE1K9kLFvROacAJxQc0LTNHUNG8Kr5CVvwfdbIBaMoxwpWkds= =nNuv -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 7 04:07:06 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 6 Oct 2008 22:07:06 -0400 Subject: GPG --symmetric option and passphrases In-Reply-To: <20081006221713.E5D7ED0333@smtp.hushmail.com> References: <20081006221713.E5D7ED0333@smtp.hushmail.com> Message-ID: On Oct 6, 2008, at 6:17 PM, vedaal at hush.com wrote: > [1] a 64 character passphrase should be more than enough for even > the most paranoid user, if it could even be remembered reliably > accurately ;-) > > or > > [2] a passphrase for a block cipher that has a 64 character session > key > *somehow* wouldn't provide any 'more' protection if it exceeded 64 > characters > (although am a little *fuzzy* at this point, because a session key > has 64 hexadecimal characters, and a passphrase of 64 'keyboard' > characters is way beyond 2^256 possibilities) > > > is this inaccurate? At least in the context of OpenPGP, I think you're confusing cipher key size with hash size. A hash is used to convert a passphrase to a key that can be used in a cipher. This is called a string to key or S2K function. The OpenPGP S2K function basically takes the passphrase, adds salt, then hashes this blob over and over. The result is used as the key. (I'm simplifiying - the exact details are in RFC-4880). In other words, the key is going to be 128 (or whatever) bits no matter what you do. > if SHA-512 were to be used, > would it mean that the passphrase could theoretically be 2^512-1 ? No, it's "only" 2^128-1, but let's put this in perspective. That number is around 7 times larger than the number of atoms contained in every human being on planet earth. David From dshaw at jabberwocky.com Tue Oct 7 04:21:59 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 6 Oct 2008 22:21:59 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <48EA661E.5060001@arcor.de> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <1223272992.6749.15.camel@carbon> <20081006180305.GD88734@jabberwocky.com> <48EA661E.5060001@arcor.de> Message-ID: On Oct 6, 2008, at 3:25 PM, Morton D. Trace wrote: > David Shaw wrote: >> On Mon, Oct 06, 2008 at 08:03:12AM +0200, Sven Radde wrote: >>> Am Sonntag, den 05.10.2008, 19:49 -0400 schrieb David Shaw: >>>> A revocation certificate, on the other hand, doesn't >>>> have all that much that can be removed. Luckily revocation >>>> certificates are pretty short to begin with. The only real >>>> advantage >>>> that paperkey could bring to revocation certificates is the per- >>>> line >>>> CRC, which makes retyping easier. >>> Yes, that's the point. > > > NAME > uuencode, uudecode - encode a binary file, or decode its > encoded representation > > SYNOPSIS > uuencode [source-file] decode_pathname > > uuencode [-m] [source-file] decode_pathname > > uudecode [-p] [encoded-file] > > uudecode [-o outfile] [encoded-file] > > > uuencode -m .gnupg/secring.gpg ./ > > Does the trick for me. > > Less than 100 lines and good paper printable. Why would you use uuencode, when GPG actually has that built in? gpg --armor --export-secret-keys But you seem to be missing the point. Uuencode (or GPG armor) creates lines that are very difficult to type in. There are no spaces, and the character set includes uppercase, lowercase, numbers, and symbols. There is no CRC to help you type it back in again, so if there is an error, you must proofread the whole file. Plus, as you say, it's around 100 lines long. The same key run through paperkey is only the letters A-F and numbers 0-9. There are per-line CRCs so if there is a problem, you know which line to examine. And it's just 10 lines long. A bit easier to handle, no? David From John at Mozilla-Enigmail.org Tue Oct 7 08:43:40 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 07 Oct 2008 01:43:40 -0500 Subject: Testing a build In-Reply-To: <48EAAFC6.4050900@gmail.com> References: <48EAAFC6.4050900@gmail.com> Message-ID: <48EB051C.3030903@Mozilla-Enigmail.org> Andrew Berg wrote: > How would one go about making sure everything works? I built GPG for > Windows following the instructions at > http://clbianco.altervista.org/gnupg/eng/gnupg.html (a link at > gnupg.org/download.html). Unfortunately, I cannot find the libcurl > package mentioned. It says the package is labeled "libcurl" and not > "binary", yet it says there are .dll files in it. I seem to be missing > libintl3.dll (IIRC), which causes dd not to start during configuration, > but I am still able to build GPG (it runs). I did not bother with > libiconv. Probably http://curl.haxx.se/download/libcurl-7.17.1-win32-nossl-sspi.zip That's a static build, BTW (no DLLs) The libcurl 7.19.0 build of G?nter Knauf is built with OpenSSL support (that's the SSL next to the name). Not having it should only affect gpgkeys_curl.exe curl (and libcurl) isn't really that difficult to build. libintl is part of gettext. See http://www.gnu.org/software/gettext/ 0.17 is the latest release and, as I recall, it builds pretty much right out of the box on Win32 under MSYS with MinGW libintl13.dll and libiconv2.dll are in the coreutils dependency package, coreutils-5.3.0-dep.zip, _also_ in GnuWin32. The dd in MSYS' coreutils-5.97-MSYS-1.0.11-snapshot.tar.bz2 has no dependencies on other DLLs. You can also build GnuPG perfectly well without dd > I also changed CFLAGS from > CFLAGS='-O3 -mtune=i386 -march=i386 -mfpmath=387 -mno-mmx -mno-sse > -mno-3dnow -mno-sse2' > to > CFLAGS='-O3 -mtune=prescott -march=prescott -mfpmath=sse -mmmx -msse > -msse2 -msse3 -mno-3dnow' > since my processor supports SSE3. > I have three questions: > How can I make sure everything is working right? make check > (A bit OT) Will the instruction set change cause any noticeable improvement? Maybe > (Also a bit OT) If it's supposed to, how can I make sure it is? Run some benchmarks on both the generic i386 and your Prescott-optimized versions and compare the results. You could also build both in separate directories and run 'time make check' on an unloaded system and compare results. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From John at Mozilla-Enigmail.org Tue Oct 7 08:47:58 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 07 Oct 2008 01:47:58 -0500 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <1223272992.6749.15.camel@carbon> <20081006180305.GD88734@jabberwocky.com> <48EA661E.5060001@arcor.de> Message-ID: <48EB061E.9090903@Mozilla-Enigmail.org> David Shaw wrote: > But you seem to be missing the point. Uuencode (or GPG armor) creates > lines that are very difficult to type in. There are no spaces, and > the character set includes uppercase, lowercase, numbers, and > symbols. There is no CRC to help you type it back in again, so if > there is an error, you must proofread the whole file. Plus, as you > say, it's around 100 lines long. And depending on the printer font, you get the joy of '0' vs 'O'; '1' vs 'l'; and '8' vs 'B'. I'll take 0-9A-F any day. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Tue Oct 7 09:17:00 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 07 Oct 2008 03:17:00 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <48EB061E.9090903@Mozilla-Enigmail.org> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <1223272992.6749.15.camel@carbon> <20081006180305.GD88734@jabberwocky.com> <48EA661E.5060001@arcor.de> <48EB061E.9090903@Mozilla-Enigmail.org> Message-ID: <48EB0CEC.7090900@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John Clizbe escribi?: > And depending on the printer font, you get the joy of '0' vs 'O'; '1' vs 'l'; > and '8' vs 'B'. But I suppose you can copy/paste it into a text editor, and chose a font clearer to read... or I am wrong? > I'll take 0-9A-F any day. What is that? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI6wzrAAoJEMV4f6PvczxAI6kH/0+TS7yo6FDqPRUEt4850Lwg aUCfmBqOjrgUtB0tImfhK40TOVaU/uoLO78wcSjRWabhmqcLdKJgAI+KFRu3v8ZB cQtkW5zZL5PxU2pfwJTuLv6S7feA0CVO6cahIgsdrmWxie2YxTRyBwbWFt0PeORq YfBsbWRPYGb8ZVM434coO6iAmy7o4gA/uSahq+O1v5uLje9LzzBMIYVOF7ogKvPK KJZPSM5jg+++rIotQNmBxqc0XDOVvdQwLS4VRRJsBeLWDs89hVB6WpgfebdJ8/IL vq/LituNg3qq4cnp80pFbZVbZ/MK3/U4oQmEpGPPYAMXlPxs0OiI5L2iNTxDMF8= =zzuj -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Tue Oct 7 09:33:07 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 07 Oct 2008 02:33:07 -0500 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <48EB0CEC.7090900@gmail.com> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <1223272992.6749.15.camel@carbon> <20081006180305.GD88734@jabberwocky.com> <48EA661E.5060001@arcor.de> <48EB061E.9090903@Mozilla-Enigmail.org> <48EB0CEC.7090900@gmail.com> Message-ID: <48EB10B3.5030004@Mozilla-Enigmail.org> Faramir wrote: > John Clizbe escribi?: > >> And depending on the printer font, you get the joy of '0' vs 'O'; '1' vs 'l'; >> and '8' vs 'B'. > > But I suppose you can copy/paste it into a text editor, and chose a > font clearer to read... or I am wrong? Could you explain how you are going to copy-and-paste from a paper copy? Yes, you can use a scanner and OCR, but you're still left with the task of proofreading the entire document. >> I'll take 0-9A-F any day. > What is that? The values used in Hexadecimal: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. The numerals 0 to 9 followed by the letters A to F -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Tue Oct 7 10:05:19 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 07 Oct 2008 04:05:19 -0400 Subject: Paperkey for Revocation Certificates? (Feature-Request :-) In-Reply-To: <48EB10B3.5030004@Mozilla-Enigmail.org> References: <1223235654.6840.29.camel@carbon> <5B41AE85-23B2-45A0-BBC6-6AC261963648@jabberwocky.com> <1223272992.6749.15.camel@carbon> <20081006180305.GD88734@jabberwocky.com> <48EA661E.5060001@arcor.de> <48EB061E.9090903@Mozilla-Enigmail.org> <48EB0CEC.7090900@gmail.com> <48EB10B3.5030004@Mozilla-Enigmail.org> Message-ID: <48EB183F.2030705@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John Clizbe escribi?: > Faramir wrote: >> John Clizbe escribi?: >> >>> And depending on the printer font, you get the joy of '0' vs 'O'; '1' vs 'l'; >>> and '8' vs 'B'. >> But I suppose you can copy/paste it into a text editor, and chose a >> font clearer to read... or I am wrong? > > Could you explain how you are going to copy-and-paste from a paper copy? Well, if it was already printed "You will pay the price for your lack of vision." as Palpatine would say. (I am joking). But if I understood it right, paperkey generates a txt output file (ascii 7 bits). You can copy and paste that output, chose a clear font, and print it... > Yes, you can use a scanner and OCR, but you're still left with the task of > proofreading the entire document. I don't even dare to think the effort that would require, since the few OCR software I have used, made use of dictionaries to avoid making too many errors... and still they made a lot of them. Without the aid of dictionaries... it's scary XD >>> I'll take 0-9A-F any day. > >> What is that? > > The values used in Hexadecimal: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. > > The numerals 0 to 9 followed by the letters A to F Oh.. right, I will remember that... I have not been exposed to hexadecimal... yet (I suppose I will learn a lot about that in the network curse...). Best Regards P.S: tomorrow I will try paperkey... may the Force be with me ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI6xg/AAoJEMV4f6PvczxABRwH/1MOxV5nQ3JNoOijm3VTjUdR 7WJwyAWLl7R+eB8IIRG18TUmCoyVhwROYMfaai2ACKUdR6ZiaQozjcdDevIbYQtk 3Zu+TOSTMpxDeAlwfmjH1ghGP4qcFDUp/Zal4RFhQbC5hjHhpUmHgYXNh6/SmxTM 87qci23UH/AqZzXdgLkQSNtEssIQv3KtoNmLoYZ1sLzZC6r0bF9FRhJFPnQMwjoW MD5LWib6ZlhUB+SmmeYRKZ1iRyo9VrkBDI8fRpNG2+kpN5//wldSF5vzCNC8Bo2C NRzZ0Km8VbN5vjLW5xkMqj6Tuz+na84BMshCEmPTfyQPB5fNhQ3Js/ivgYjsmX8= =fu+d -----END PGP SIGNATURE----- From Too-much-extreme at gmx.de Sun Oct 5 16:13:53 2008 From: Too-much-extreme at gmx.de (horson) Date: Sun, 5 Oct 2008 07:13:53 -0700 (PDT) Subject: Attribute 'comment' In-Reply-To: <20070223130920.GA30939@jabberwocky.com> References: <200702230957.40762.pubmb01@skynet.be> <20070223130920.GA30939@jabberwocky.com> Message-ID: <19824979.post@talk.nabble.com> i think i have the same problem. i wan to change the comment i entered when creating the key. is that possible? David Shaw wrote: > > On Fri, Feb 23, 2007 at 09:57:40AM +0100, Bruno Costacurta wrote: >> Hello, >> >> is it possible to change 'comment' attribute, ie. via gpg options >> like --comment [string] or --no-comments ? > > If you're referring to the "Comment: xxxxxx" string that appears in > the header of armored messages, then yes. Just use "--comment xxxxx" > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://www.nabble.com/Attribute-%27comment%27-tp9115680p19824979.html Sent from the GnuPG - User mailing list archive at Nabble.com. From jmoore3rd at bellsouth.net Tue Oct 7 11:56:10 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 07 Oct 2008 05:56:10 -0400 Subject: Attribute 'comment' In-Reply-To: <19824979.post@talk.nabble.com> References: <200702230957.40762.pubmb01@skynet.be> <20070223130920.GA30939@jabberwocky.com> <19824979.post@talk.nabble.com> Message-ID: <48EB323A.8020808@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 horson wrote: > i think i have the same problem. i wan to change the comment i entered when > creating the key. > is that possible? The 'solution' here is only to create a New UID containing whatever New Comment is desired and then setting it as Primary and Revoking the Old UID. There is no way to selectively 'Edit' individual/specific components of an existing UID. JOHN ;) Timestamp: Tuesday 07 Oct 2008, 05:55 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI6zI3AAoJEBCGy9eAtCsP3ZkIAJC9qG7WDBRVnbCMvV0z9nkR 8toY0U89aEpcaIaeXcGFXMw1aw2+7tsfPSBteP+usi14P537/ZHOPurIKEpRPIOh uxAD+R/pYbQnX9/IhpXc0nG8VyxmXmY2kAvtsh4/1iw5C3Gfeq9vcPsJMeZLjFLc J8/mh22cA1sBWoEETXTvEcDIXOknpKw1KGAWwUqX6VsLmjxKGlk9w1igCDZRdjMV GJtJL7iP9eKG/XktWWfe+WjzCOs2K4XXsiV4w1s6rL4AuJe4KGiXoiTy0G8tqmB+ lg7k8kJwFMjnDqcUz+jQAjbDsbBQXHIXQEqtku6+46OkpMGFt2o1s4z2iEynmhA= =k3W6 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 7 19:10:53 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 7 Oct 2008 13:10:53 -0400 Subject: Attribute 'comment' In-Reply-To: <19824979.post@talk.nabble.com> References: <200702230957.40762.pubmb01@skynet.be> <20070223130920.GA30939@jabberwocky.com> <19824979.post@talk.nabble.com> Message-ID: <20081007171053.GA14921@jabberwocky.com> On Sun, Oct 05, 2008 at 07:13:53AM -0700, horson wrote: > > i think i have the same problem. i wan to change the comment i entered when > creating the key. > is that possible? It depends on what you mean by 'comment'. If you mean the comment that is part of your user ID, as in: My Name (my comment) Then no, you can't change it. You can, however, make a brand new user ID with a different comment (or no comment at all). To do this, run "gpg --edit-key (your key)" and then enter "adduid". David From John.Bailo at Bowne.com Fri Oct 10 07:19:51 2008 From: John.Bailo at Bowne.com (Bailo, John) Date: Fri, 10 Oct 2008 01:19:51 -0400 Subject: Export key to PKCS8 ASN.1 format Message-ID: I need to export an RSA/1024 gpg private key in the ASN.1 (PKCS8) encoded private key format. Can I do this with gpg? Or is there a converter for formats? John Bailo Web Developer ______________________________________ Bowne & Co, Inc. 20017 72nd Ave S Kent, WA 98032 Office: 253/437-7085 Cell: 253/217-2776 Fax: 253/872-5602 CONFIDENTIALITY NOTICE: The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bahamutzero8825 at gmail.com Fri Oct 10 07:34:48 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Fri, 10 Oct 2008 00:34:48 -0500 Subject: Testing a build Message-ID: <48EEE978.3060600@gmail.com> Initial testing (I encrypted a few files symmetrically using 3DES) shows that Werner's generic build is actually faster. Werner, which version of gcc do you use (or do you use something else?)? I used gcc 3.4.5 (anything higher for Windows is in alpha or experimental AFAIK). Correct me if I'm wrong, but I assume you cross-compile and use Linux when building GPG for Windows. -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18063 | GPG 1.4.9 | Thunderbird 2.0.0.17 | Enigmail 0.95.7 From John at Mozilla-Enigmail.org Fri Oct 10 21:53:21 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Fri, 10 Oct 2008 14:53:21 -0500 Subject: Testing a build In-Reply-To: <48EEE978.3060600@gmail.com> References: <48EEE978.3060600@gmail.com> Message-ID: <48EFB2B1.40507@Mozilla-Enigmail.org> Andrew Berg wrote: > Initial testing (I encrypted a few files symmetrically using 3DES) shows > that Werner's generic build is actually faster. Werner, which version of > gcc do you use (or do you use something else?)? > > I used gcc 3.4.5 (anything higher for Windows is in alpha or > experimental AFAIK). Correct me if I'm wrong, but I assume you > cross-compile and use Linux when building GPG for Windows. WK has posted several times to the list that the canonical supported build system for Windows is a Linux-based cross-compile. From other communication, Werner's configuration is based on Debian. Most Linux distros are shipping some variant of GCC 4.2.x. You may wish to compare CFLAGS and LDFLAGS. They're likely to have more influence than compiler versions. You'll want to start with Werner's settings and work from there. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Fri Oct 10 23:13:25 2008 From: wk at gnupg.org (Werner Koch) Date: Fri, 10 Oct 2008 23:13:25 +0200 Subject: Testing a build In-Reply-To: <48EFB2B1.40507@Mozilla-Enigmail.org> (John Clizbe's message of "Fri, 10 Oct 2008 14:53:21 -0500") References: <48EEE978.3060600@gmail.com> <48EFB2B1.40507@Mozilla-Enigmail.org> Message-ID: <87r66onoga.fsf@wheatstone.g10code.de> On Fri, 10 Oct 2008 21:53, John at Mozilla-Enigmail.org said: > WK has posted several times to the list that the canonical supported build > system for Windows is a Linux-based cross-compile. Let's say: Using a POSIX based cross-compile;-). It just happens that I use Debian and that you can simply do an "apt-get install mingw32". But there is no reasons why you can't build that chain from any other platform. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From tsally2 at gmail.com Fri Oct 10 23:10:07 2008 From: tsally2 at gmail.com (Tim Sally) Date: Fri, 10 Oct 2008 16:10:07 -0500 Subject: Difference in Public Key Message-ID: <4753154c0810101410x5e71536bl30e1ac74c5658ac0@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Before reinstalling my operating system on this computer, I saved my .gnupg folder. After the reinstall, I copied over the folder to my home directory. My secret key was recognized, just fine, but I did not have the corresponding public key. I used gpgsplit to extract my public key. Now, what I am wondering is this. When I export my public key on my computer with: gpg --armor --export tss at member.fsf.org I get: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.6 (GNU/Linux) mQGiBEh6yMIRBADguqPrPjz3D+frb6x3c1jJpQvE3BjOPcs77PB4TrPv+PWLCg0G lr4XEZRNyHWb5h6aMO1+Km+V2N0Sp2IZGsktvDaCiOviylp0q1D03jjWJLpdcMsb c/T1tdez5H+20ov1ijX2f0w6Xe5TrvriMDwqqMj20HHXKFR29Rt/rqMQLwCghFRB EVN3WlZkKXEizIag/SYMXS0EAOABVHDZZaVsEomOL8P4p1waDxPPrJUgnPKjxjZf i/zh2aOSMBu9kW0/qKToQ1oVWbv00fhroeWUOFadCfcMId51SN+5BkCqH2oMbDXv RIl3Uf92C0rOVF6qdGEAfM9wLOerbHx+zLLNVcHReAYJSlB7khbKQUpcB8i+kboE urK5BADfvWHBUN+wVUgBojx0efKlicN/XPaeqcW1iG7f4kgQlI814XGv7geBc6kx dKYdTqDDj3EqQTQj89Bs24aPO1BDIMjkFwYS0Xk/s0cKkzsaoMt+3tYXqyOFL5GM m+884PcF0gm9sTo+XFesavpweA9tUbPUCCebG9PoFHhM2C1TK7Q9VGltb3RoeSBT dGVwaGVuIFNhbGx5IChDUywgRW5nbGlzaCwgRlNGKSA8dHNzQG1lbWJlci5mc2Yu b3JnPohfBBMRAgAgBQJIesjCAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ HP0kvm+M4eHjyQCeMYVRtuCBpKrUY/QFRXI/TQCZFFUAl1N2VNEVoAcR6w4RWAIO oLbzgr25Ag0ESHrIxhAIAJmaSpSYyNJRt3wihPBk0S0XosmmFfc4/gU9cWT7K4zR WkB9OTr9peArFmZGGR9Iwk0CwpZqTtueqduErQvuHJ0fVDSg6FE6yTac1ODFCNwm x3BXPpi4baL8ieNZSYrJLet11OKUftWWYDbCQrhrp7I4TH/cFFEX6jmJ2XK6RNR0 PnrM/ar3Q07pPJc1kd7LFpgPD/jO1u20WEnAm27XaJzKtvFAMgLY/sWTKZpenQkb yCPGfQgwxFIDWTvYC3fVKfpa9dYXkrBB4FdcftDvgnsV0Z7CIpi65U+Tiv0Ac7jv CmUbkNtnhLDDnSHrdYlwMyrNMuiZ0EhlEugbB/T7Ig8AAwcH/icnjo3I8t4F5zH4 oYk427oHdbzQWzd1+k2ao3bIXh262NL6ifVjA9xYZcsD5jye8n/9A0/6ZaAHhUd8 kmcOnlQi1FbR09pWdjUM5Q/+63aWoXDavonaDimOIuuYxXXDP+CFuXETgUzdD69O 68ZdpcuQ8gDJUNkbneKgtGFJCMJ4nPGbAGRZCtqw8myLWzFRcMNG6EJfsDRqKrIx M1ciVuI3lo0D0A45lyZhB5zyJo5Rje9H5NcCMpSNWV0EY2E7a4RFDv43k1drlPGj xoloVIZ2FbnCE9mJN3vZOU5gHf0OkrLFnZKqkx8v746y0VMW4teEOJVGVw5BLeQs KjbdufeISQQYEQIACQUCSHrIxgIbDAAKCRAc/SS+b4zh4fZBAJ9U6XLF2GCpzwAD tr9RvkyjNrerEgCcDG2a6QbIrDeJgyvU5KgEC8HbeSQ= =rxYL - -----END PGP PUBLIC KEY BLOCK----- This, however, is different than the public key that I uploaded to keyservers before I did the reinstall (see here): http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6F8CE1E1 What accounts for this difference? Thanks, Tim - -- Tim Sally Department of Computer Science University of Illinois, Urbana-Champaign -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: http://getfiregpg.org iD8DBQFI78SNHP0kvm+M4eERAhahAJ9Lsu9ME50xlK1mpLKXBkER/cukYgCdHCf9 GS3B4+yOoT6X/youIa7k07s= =25UN -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Sat Oct 11 00:23:27 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 10 Oct 2008 18:23:27 -0400 Subject: Difference in Public Key In-Reply-To: <4753154c0810101410x5e71536bl30e1ac74c5658ac0@mail.gmail.com> References: <4753154c0810101410x5e71536bl30e1ac74c5658ac0@mail.gmail.com> Message-ID: <20081010222327.GA3528@jabberwocky.com> On Fri, Oct 10, 2008 at 04:10:07PM -0500, Tim Sally wrote: > Hello, > > Before reinstalling my operating system on this computer, I saved my > .gnupg folder. After the reinstall, I copied over the folder to > my home directory. My secret key was recognized, just fine, but > I did not have the corresponding public key. I used gpgsplit to > extract my public key. Now, what I am wondering is this. > When I export my public key on my computer with: [..] > This, however, is different than the public key that I uploaded to > keyservers before I did the reinstall (see here): > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6F8CE1E1 > > What accounts for this difference? The different base64 packing is not relevant to the functioning of the key. Do you see a difference besides that? David From tsally2 at gmail.com Sat Oct 11 00:34:52 2008 From: tsally2 at gmail.com (Tim Sally) Date: Fri, 10 Oct 2008 17:34:52 -0500 Subject: Difference in Public Key In-Reply-To: <20081010222327.GA3528@jabberwocky.com> References: <4753154c0810101410x5e71536bl30e1ac74c5658ac0@mail.gmail.com> <20081010222327.GA3528@jabberwocky.com> Message-ID: <4753154c0810101534h73dfda27hf4c250756d0071ba@mail.gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David, Thanks for the prompt reply. Another difference that I have noticed is that sometimes FireGPG notifies me that a message I have signed is not valid. That seems strange to me because: (a) it only happens intermittently and (b) FireGPG is the program that is doing the actual signing. Of course, this could be an issue with FireGPG and not with my key situation. Encypting and decrypting appear to work fine. The output of gpg --list-keys and gpg --list-secret-keys print out what I would expect. Would you say there probably is not a problem? I'm having a difficult time imagining where the source of error might come from. The only thing I can think of is the extracting of the public key. Tim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: http://getfiregpg.org iD8DBQFI79iOHP0kvm+M4eERAqc7AJ0fmUyzsOeb92ujVLiyu9NHJrOD7ACfYL7N m2+m+/AWA4ElieRCzackeNU= =/c/M -----END PGP SIGNATURE----- On Fri, Oct 10, 2008 at 5:23 PM, David Shaw wrote: > On Fri, Oct 10, 2008 at 04:10:07PM -0500, Tim Sally wrote: > > Hello, > > > > Before reinstalling my operating system on this computer, I saved my > > .gnupg folder. After the reinstall, I copied over the folder to > > my home directory. My secret key was recognized, just fine, but > > I did not have the corresponding public key. I used gpgsplit to > > extract my public key. Now, what I am wondering is this. > > When I export my public key on my computer with: > > [..] > > > This, however, is different than the public key that I uploaded to > > keyservers before I did the reinstall (see here): > > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6F8CE1E1 > > > > What accounts for this difference? > > The different base64 packing is not relevant to the functioning of the > key. Do you see a difference besides that? > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Tim Sally Department of Computer Science University of Illinois, Urbana-Champaign -------------- next part -------------- An HTML attachment was scrubbed... URL: From bahamutzero8825 at gmail.com Sun Oct 12 08:39:15 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Sun, 12 Oct 2008 01:39:15 -0500 Subject: Testing a build In-Reply-To: <87r66onoga.fsf@wheatstone.g10code.de> References: <48EEE978.3060600@gmail.com> <48EFB2B1.40507@Mozilla-Enigmail.org> <87r66onoga.fsf@wheatstone.g10code.de> Message-ID: <48F19B93.9080709@gmail.com> Werner Koch wrote: > It just happens that I use Debian and that you can simply do an "apt-get > install mingw32". But there is no reasons why you can't build that > chain from any other platform. Unfortunately, I am unable to run anything but Windows right now (the reason is way off topic) unless I use my PS3, but that uses a PPC64 architecture, and I don't know how to set up a cross-compiler. If someone knows how to get Linux (I'm open to similar OSes as well) set up over RAID 0, I'd appreciate some help (off-list of course). -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18063 | GPG 1.4.9 | Thunderbird 2.0.0.17 | Enigmail 0.95.7 From faramir.cl at gmail.com Mon Oct 13 06:32:51 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 13 Oct 2008 01:32:51 -0300 Subject: Is there an easy way to know...? Message-ID: <48F2CF73.7080808@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 When I began using GPG, I signed a few keys, until I learned about local signatures... And I'd like to know how many public keys, signed by me, are over there... I can check the public keys in my public keyring, one by one, but I also remember having deleted some keys from people I don't see writing so often in the list... So, is there a way to ask a keyserver about "keys signed by...."? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI8s9yAAoJEMV4f6PvczxATOIIAKU0AXoprm7tlP4dpjMZ53wm aR+FQyDh1YuNVbEG0joxJCxg+EIE1bK6doDHja7FdIZrPaNgIsT11B3K9SnEXRli C8vEgtrwMRxu4P+1JkYRkdCnjjQ3dUvg3mHR37Spcj4CGdSwBhofctBjxrvETjU9 g03g6LVrw417F+ETRcxe6cmurLqkzbD3MJHpS234ngr8+uOk4qurbMK4fYu1CMPg 5DT15LnFkCbOGe3Nua5ydnHrGwkBb9nqk3UI8F15nespgO7sGQQipucsgfwekG5u 1/rW+cCwJZs1KRCgvTdFwmw9+HIimmAVPcblpNrj//vOV6N/nG9Z/x1gqoZuXGM= =UP4u -----END PGP SIGNATURE----- From kevhilton at gmail.com Mon Oct 13 14:18:02 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Mon, 13 Oct 2008 07:18:02 -0500 Subject: Testing a build Message-ID: <96c450350810130518o22c66415w694aeadc5eb70dc6@mail.gmail.com> Just to throw it out there -- if you need to compile for Windows why don't you do it for cygwin? I've just recently been able to compile both gpg and gpg2 using cygwin on WinXP. This saved me the need to cross compile. Probably not the most elegant solution, however it does work. -- Kevin Hilton From wk at gnupg.org Mon Oct 13 15:31:39 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 13 Oct 2008 15:31:39 +0200 Subject: Testing a build In-Reply-To: <96c450350810130518o22c66415w694aeadc5eb70dc6@mail.gmail.com> (Kevin Hilton's message of "Mon, 13 Oct 2008 07:18:02 -0500") References: <96c450350810130518o22c66415w694aeadc5eb70dc6@mail.gmail.com> Message-ID: <87hc7gei4k.fsf@wheatstone.g10code.de> On Mon, 13 Oct 2008 14:18, kevhilton at gmail.com said: > Just to throw it out there -- if you need to compile for Windows why > don't you do it for cygwin? I've just recently been able to compile Another solution: http://www.gpg4win.org/build-installer-on-vm.html Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From christoph.niethammer at web.de Fri Oct 10 19:42:43 2008 From: christoph.niethammer at web.de (Christoph Niethammer) Date: Fri, 10 Oct 2008 19:42:43 +0200 Subject: New subkey or edit expiration date? Message-ID: <200810101943.04179.christoph.niethammer@web.de> Hi, As you can see my subkeys will expire in near future. Now I'm thinking about the two possibilities 1.) create a new set of subkeys using addkey and let the old ones expire 2.) change the expiration date of the existing subkeys So what is the preferred way for this problem? Thanks Christoph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 221 bytes Desc: This is a digitally signed message part. URL: From scottjohnpearson at googlemail.com Sat Oct 11 19:20:28 2008 From: scottjohnpearson at googlemail.com (scottpearson) Date: Sat, 11 Oct 2008 10:20:28 -0700 (PDT) Subject: Recovered files from Ext USB drive but in GPG format Message-ID: <19934561.post@talk.nabble.com> I had 50GB of data on the USB drive. I installed SecureLock and configured the disk encryption. I didn't read/realise that data would be lost and only considered this when I was prompted to format the disk. I cancelled out and it seems the partition has been deleted. Now, when i connect the USB drive, I am prompted to decrypt the disk, which does successfully, but Windows does not recognise the drive or make it available as there is no partition. How am I able to recover this partition and the data? i have been able to recover some data using photorec but the files have a GPG file extension. Does anyone know of a utility that would recover these? I have tried GnuPG for windows but the utility states there is no openPGP in the files. Help! Scott -- View this message in context: http://www.nabble.com/Recovered-files-from-Ext-USB-drive-but-in-GPG-format-tp19934561p19934561.html Sent from the GnuPG - User mailing list archive at Nabble.com. From jmoore3rd at bellsouth.net Mon Oct 13 18:56:21 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 13 Oct 2008 12:56:21 -0400 Subject: Is there an easy way to know...? In-Reply-To: <48F2CF73.7080808@gmail.com> References: <48F2CF73.7080808@gmail.com> Message-ID: <48F37DB5.6000805@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Faramir wrote: > When I began using GPG, I signed a few keys, until I learned about local > signatures... And I'd like to know how many public keys, signed by me, > are over there... I can check the public keys in my public keyring, one > by one, but I also remember having deleted some keys from people I don't > see writing so often in the list... > > So, is there a way to ask a keyserver about "keys signed by...."? Assuming that You did _not_ Upload these Keys to a Keyserver or return these Keys to the Key Owner with Your Exportable Sig attached then the Sig by You will carry no 'Weight' anywhere. When You deleted the Key from Your Keyring Your Signature ceased to exist at the same time. :) If You did Upload the Key /after/ Signing [without notifying the Owner would be poor etiquette] then Your only way would be to use Jason's 'trace trust path' from Your Key to a specific Key. This requires You to know the specific Key ID. :-\ JOHN ;) Timestamp: Monday 13 Oct 2008, 12:56 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI832zAAoJEBCGy9eAtCsPj3wH/jioGO+u7q67STiEOUdw3x/S zYp4bBlZnXtQGKU8BBQFhKLKsnpgLYWJy6wsrmYjX9RqWfLlgwFWh47l5UzmGRUP 8Klli6l16hqdxUos+dg8vXenXaVZguMjOXTnZmOkGxR585HfXJCmC7ye8ac4zjEh c719rTafAnVDGGH+5QiqBki8ZprHEVcs9ZcW0CyPlDXrQi1i7tCwn3HfyHDe11v0 BWvwfk07Z/2xWYqrWrgXNJrlXTsKhcy23hEYUf+DJGf5FUVonfOTXuRrysoIyllh EGJouLF+mTLklFfcvUDCfiYX7aDg968UxEdpoBkSvUedTR/nHeGcZz/o6PnNWQk= =cn5W -----END PGP SIGNATURE----- From faramir.cl at gmail.com Mon Oct 13 19:31:54 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 13 Oct 2008 14:31:54 -0300 Subject: Is there an easy way to know...? In-Reply-To: <48F37DB5.6000805@bellsouth.net> References: <48F2CF73.7080808@gmail.com> <48F37DB5.6000805@bellsouth.net> Message-ID: <48F3860A.3090709@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: > Faramir wrote: >> When I began using GPG, I signed a few keys, until I learned about local >> signatures... And I'd like to know how many public keys, signed by me, ... >> So, is there a way to ask a keyserver about "keys signed by...."? > Assuming that You did _not_ Upload these Keys to a Keyserver or return Probably I eagerly uploaded them... I was really newbie at that time... > If You did Upload the Key /after/ Signing [without notifying the Owner > would be poor etiquette] then Your only way would be to use Jason's > 'trace trust path' from Your Key to a specific Key. This requires You > to know the specific Key ID. :-\ I declare myself guilty about that, and plea for mercy about my bad etiquette... I was not aware about signature etiquette at that time... What is "Jason's 'trace trust path'"? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI84YKAAoJEMV4f6PvczxA47kH/jtWDKEzrhL/LEsu3nFVc/fg 2iug/69ToUUQe3kWwisEMgd9FVe4jZjQ/ABykv0yuvUh0lZ5HSfLBDC4wga/fwP5 TInw3M/NGJIgU700Ew1qzdlFPqUlJ9qmm97XupEtUDBuTwPVS1oj0EiyNqnwOzMH iJwGL1KA5XTLiM/j9T7LYnKOXgFMptb/1WIqu/net2ujH8r221RIYZmGhKblhS3i h7B6JMf38ioSFINZsQWbvf0Woh8JWUtLGvdjPzWRgByHX94keFAqrNRaEinFqmlF BL7nwIW76cxlfvhrzClTsqPBGhUf83Ysld6FY338a6cV4dD8P8aC6Sh6WziOCYU= =ph/F -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Oct 13 21:47:53 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 13 Oct 2008 15:47:53 -0400 Subject: Is there an easy way to know...? In-Reply-To: <48F2CF73.7080808@gmail.com> References: <48F2CF73.7080808@gmail.com> Message-ID: <20081013194753.GA20163@jabberwocky.com> On Mon, Oct 13, 2008 at 01:32:51AM -0300, Faramir wrote: > When I began using GPG, I signed a few keys, until I learned about local > signatures... And I'd like to know how many public keys, signed by me, > are over there... I can check the public keys in my public keyring, one > by one, but I also remember having deleted some keys from people I don't > see writing so often in the list... > > So, is there a way to ask a keyserver about "keys signed by...."? Sure, use Wotsap: http://www.lysator.liu.se/~jc/wotsap/search.html Plug your keyid into the "Key statistics" section, and you'll get a list of everyone who signed that key, and everyone who that key signed. Note that this only works if those keys (and sigs) were uploaded to the keyserver net. David From jmoore3rd at bellsouth.net Mon Oct 13 22:40:46 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Mon, 13 Oct 2008 16:40:46 -0400 Subject: Is there an easy way to know...? In-Reply-To: <20081013194753.GA20163@jabberwocky.com> References: <48F2CF73.7080808@gmail.com> <20081013194753.GA20163@jabberwocky.com> Message-ID: <48F3B24E.9050807@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Shaw wrote: > Note that this only works if those keys (and sigs) were uploaded to > the keyserver net. Should You wish to Upload Your Key directly to this Keyserver net then visit here: http://wwwkeys.ch.pgp.net:11371/pks/searchkey.html Then go to: Add Key HTH JOHN ;) Timestamp: Monday 13 Oct 2008, 16:40 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI87JMAAoJEBCGy9eAtCsPKVkH/jofDWoFYpcUiUIAg4xDBEXp mYchvxLZeCPrpcxlDfTObWGJBnAgvOf09vVsy22meKnFPGVr6MF/PFfSe+Rp/bE2 YvKFchwpew1/4CTBBkdBkQbkWKdpdSdZ9NKUG3gm9CjNp/NsW0Z0OSJu7/RBGcIY SZNocOex21jqo949R9rsKT5ElDM1ct+p8fQ7263/h/HE0bBOOuetmGPasrd1W7Es 3YJUIe9gVyHUbgoNcNboxtP08JP+nVXHxqLsVIFqqTJ/jidfoR22c9RQDazFlRTy 9MDsS/VXDSDzmm9hSplp1wdgvtpDcYkNur9+JPEdP6fVZZd3KU0IB7wwi6pWAzY= =KG2/ -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Oct 13 22:42:46 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 13 Oct 2008 16:42:46 -0400 Subject: New subkey or edit expiration date? In-Reply-To: <200810101943.04179.christoph.niethammer@web.de> References: <200810101943.04179.christoph.niethammer@web.de> Message-ID: <20081013204245.GC20186@jabberwocky.com> On Fri, Oct 10, 2008 at 07:42:43PM +0200, Christoph Niethammer wrote: > Hi, > > As you can see my subkeys will expire in near future. > > Now I'm thinking about the two possibilities > 1.) create a new set of subkeys using addkey and let the old ones expire > 2.) change the expiration date of the existing subkeys > > So what is the preferred way for this problem? It's somewhat a matter of taste as there is no one right answer. Either way, you need to redistribute your key (usually just reupload to a keyserver). I'd make the new subkeys, personally, but then I tend to like a longer expiration time than 2 years. If you make new keys every 2 years, your key will eventually get pretty big. David From dshaw at jabberwocky.com Mon Oct 13 22:50:10 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 13 Oct 2008 16:50:10 -0400 Subject: Recovered files from Ext USB drive but in GPG format In-Reply-To: <19934561.post@talk.nabble.com> References: <19934561.post@talk.nabble.com> Message-ID: <20081013205010.GD20186@jabberwocky.com> On Sat, Oct 11, 2008 at 10:20:28AM -0700, scottpearson wrote: > > I had 50GB of data on the USB drive. I installed SecureLock and configured > the disk encryption. I didn't read/realise that data would be lost and only > considered this when I was prompted to format the disk. I cancelled out and > it seems the partition has been deleted. > > > > Now, when i connect the USB drive, I am prompted to decrypt the disk, which > does successfully, but Windows does not recognise the drive or make it > available as there is no partition. How am I able to recover this partition > and the data? > > > > i have been able to recover some data using photorec but the files have a > GPG file extension. Does anyone know of a utility that would recover these? > I have tried GnuPG for windows but the utility states there is no openPGP > in the files. Are these really GPG files, or just files that happen to have a .gpg filename extension? Were you using GPG in the first place, or is this some artifact of the file recovery process looking at files and thinking they were GPG files? David From faramir.cl at gmail.com Mon Oct 13 22:53:47 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 13 Oct 2008 17:53:47 -0300 Subject: Is there an easy way to know...? In-Reply-To: <20081013194753.GA20163@jabberwocky.com> References: <48F2CF73.7080808@gmail.com> <20081013194753.GA20163@jabberwocky.com> Message-ID: <48F3B55B.6060104@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw escribi?: > On Mon, Oct 13, 2008 at 01:32:51AM -0300, Faramir wrote: >> So, is there a way to ask a keyserver about "keys signed by...."? > > Sure, use Wotsap: > http://www.lysator.liu.se/~jc/wotsap/search.html > > Plug your keyid into the "Key statistics" section, and you'll get a > list of everyone who signed that key, and everyone who that key > signed. > > Note that this only works if those keys (and sigs) were uploaded to > the keyserver net. Is that net linked somehow with pool.sks-keyservers.net ? I searched my key, but nothing was found... Then I searched my keys at http://wwwkeys.ch.pgp.net:11371/pks/searchkey.html and I found them... I am a bit confused (I mean, probably I did something wrong, but right now I don't know what could it be). Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI87VbAAoJEMV4f6PvczxALF0H/16mZjSvY80f/y9sanWCICZw H/nSGp/KLbBPnTHFErqRBKAiWv7UE+1+O1UebfhaBacNy985oA+98ml9GzA6ex4+ Kurq8znmn0OpTvtnKWbWhtoo8xFer+1M0b6T3vIPOjU3M6PtTjsMXJ42NuM9rF5t M95E9WskQOiAS2fbtZOqrNV4zJnXkha37PaKWCBiayqHJAGTO1RD2+xdfLUUdCXw gWpzl+qkVi95HwaaWgF34fw0PxrLF/ZsQ5HvAgS6Nkha5NTLEgGMVMqZbEmUkTKJ ao25ZiJ6dCVu5bTPcZVgAD95X5Os2qvajHr+3BB36xE3EE5h7dcwm8f9UzS0mOw= =ybSY -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Oct 13 23:56:44 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 13 Oct 2008 17:56:44 -0400 Subject: Difference in Public Key In-Reply-To: <4753154c0810101534h73dfda27hf4c250756d0071ba@mail.gmail.com> References: <4753154c0810101410x5e71536bl30e1ac74c5658ac0@mail.gmail.com> <20081010222327.GA3528@jabberwocky.com> <4753154c0810101534h73dfda27hf4c250756d0071ba@mail.gmail.com> Message-ID: <20081013215644.GA20465@jabberwocky.com> On Fri, Oct 10, 2008 at 05:34:52PM -0500, Tim Sally wrote: > David, > > Thanks for the prompt reply. > > Another difference that I have noticed is that sometimes FireGPG > notifies me that a message I have signed is not valid. That > seems strange to me because: (a) it only happens intermittently and > (b) FireGPG is the program that is doing the actual signing. Of > course, this could be an issue with FireGPG and not with my key > situation. Encypting and decrypting appear to work fine. > The output of gpg --list-keys and gpg --list-secret-keys print out > what I would expect. Would you say there probably is not a > problem? I'm having a difficult time imagining where the source > of error might come from. The only thing I can think of is the > extracting of the public key. If it is intermittent, then it is likely not your key. If your key was corrupt in some manner, it would fail reliably. David From jamesd at jml.net Tue Oct 14 12:47:17 2008 From: jamesd at jml.net (James Davis) Date: Tue, 14 Oct 2008 11:47:17 +0100 Subject: Problems with gpg-agent and ssh Message-ID: <48F478B5.6010606@jml.net> After a hard disk died, I recently moved from Debian Etch to Ubuntu Hardy and I'm in the process of rebuilding my gnupg/gnupg-smartcard environment. The card is working fine for encryption and decryption but I'm having some problems getting gpg-agent to use the authentication key for my SSH logins. When I run ssh-add... $ ssh-add -l The agent has no identities and gpg-agent's logs say 2008-10-14 11:45:42 gpg-agent[11743] ssh handler 0x8097fe0 for fd 9 started 2008-10-14 11:45:42 gpg-agent[11743] ssh request 1 is not supported 2008-10-14 11:45:42 gpg-agent[11743] ssh request handler for request_identities (11) started 2008-10-14 11:45:42 gpg-agent[11743] new connection to SCdaemon established (reusing) 2008-10-14 11:45:42 gpg-agent[11743] secret key file `/home/jamesd/.gnupg/private-keys-v1.d/717BA1D51659FA28DDD049724211B955B012D778.key' already exists 2008-10-14 11:45:42 gpg-agent[11743] error writing key: General error 2008-10-14 11:45:42 gpg-agent[11743] ssh request handler for request_identities (11) ready 2008-10-14 11:45:42 gpg-agent[11743] ssh handler 0x8097fe0 for fd 9 terminated Any ideas as to what's causing this problem? Thanks, James From sattva at pgpru.com Tue Oct 14 22:00:00 2008 From: sattva at pgpru.com (Vlad "SATtva" Miller) Date: Wed, 15 Oct 2008 03:00:00 +0700 Subject: Is there an easy way to know...? In-Reply-To: <48F3B55B.6060104@gmail.com> References: <48F2CF73.7080808@gmail.com> <20081013194753.GA20163@jabberwocky.com> <48F3B55B.6060104@gmail.com> Message-ID: <48F4FA40.3090501@pgpru.com> Faramir (14.10.2008 03:53): > David Shaw escribi?: >> On Mon, Oct 13, 2008 at 01:32:51AM -0300, Faramir wrote: > >>> So, is there a way to ask a keyserver about "keys signed by...."? >>> >> Sure, use Wotsap: http://www.lysator.liu.se/~jc/wotsap/search.html > >> Plug your keyid into the "Key statistics" section, and you'll get a >> list of everyone who signed that key, and everyone who that key >> signed. > > >> Note that this only works if those keys (and sigs) were uploaded to >> the keyserver net. ...*And* your key must be in the strong set to be included in statistics. > Is that net linked somehow with pool.sks-keyservers.net ? I searched > my key, but nothing was found... Then I searched my keys at > http://wwwkeys.ch.pgp.net:11371/pks/searchkey.html and I found > them... I am a bit confused (I mean, probably I did something wrong, > but right now I don't know what could it be). Looks like your key doesn't have a signature from a key from the strong set. > Best Regards -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com From faramir.cl at gmail.com Tue Oct 14 22:07:18 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 14 Oct 2008 17:07:18 -0300 Subject: Is there an easy way to know...? In-Reply-To: <48F4FA40.3090501@pgpru.com> References: <48F2CF73.7080808@gmail.com> <20081013194753.GA20163@jabberwocky.com> <48F3B55B.6060104@gmail.com> <48F4FA40.3090501@pgpru.com> Message-ID: <48F4FBF6.8010609@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Vlad "SATtva" Miller escribi?: >>> Note that this only works if those keys (and sigs) were uploaded to >>> the keyserver net. > > ...*And* your key must be in the strong set to be included in statistics. That explains it... I don't have strong signatures... > Looks like your key doesn't have a signature from a key from the strong set. No, I don't, maybe if I get assured by CAcert I can get some signature... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI9Pv2AAoJEMV4f6PvczxAXwAH/iwVWosUzcTREivwPpltIEh1 6lKAw3HixeoaZKVvtIy4I9D2oGxBw/YTsfJnr1f2yFnGWh9+AAvaNlqRynkGw+n0 xwi0MzxMcXYhweyRHKcdCEigypRm+HLW2h6+Z30uKNXS7PueOZkl5qVtJ3E86Qbu 4y6ZazJA7VAjxPyn/0sGsCdOkDTlW+EzSsq4b96PfOqAjNe6LEIZJ/zBXfTD9HXB v/a2SvSDn3rSmUG9kR4jn+PNd2z1RJb7byur03ivb6xS8cdyzT8UmZr2G6K1n4hZ 75RxHIN+8URMWls5qwvuwU7iyeXLsKBlTBFvFU30luQBf2SE6HZrXCRKRzlLMrk= =C6Td -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Oct 15 00:22:18 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 14 Oct 2008 19:22:18 -0300 Subject: About UIDs Message-ID: <48F51B9A.2040900@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I have a question about the UID associated to the key: Are they placed in the public key, or in both private and public keys? And, if I have a key with 2 UIDs, and I sign another key (lets say, I sign Alice's key), will be both UIDs be displayed in the signatures, or just the one that was my primary UID at the moment when I signed Alice's key? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI9RuaAAoJEMV4f6PvczxAFO4IAJarSWmcMCHR5N7KUiYAC2P9 tc/A8xdnx5OIoCLaHgA0m+HWJUoDyMXW4ILoNhq5pJ2z4lGOVVXEltHX5VZZkUAj 8cN74Q65Z10vrG0bplbSgz5EXc6Va/frxDdrzU5CtWFlLYyB8b+gqFR4NQYFIvqG x4XSI0XSwMBXUdv8k83O0IwssEv1vxHqUCHtew0uSTe6F65W8n5gMYiLOUZXaIv9 n+DCzxzBGpbgx05rUEHHKp1gi8Ebr6j1rSiGV7gnUDGfXLoA4BZ09GRYxT8qUlYt z9Kg37nTVXBmjDJWpVQh5G6hlfxkcbfTkWgf7HdSmN/EwQKS0jW/AdBv2i4O8K0= =EGiE -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Wed Oct 15 00:30:41 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Tue, 14 Oct 2008 18:30:41 -0400 Subject: Greetings Message-ID: <48F51D91.6080605@gmail.com> Just an email to say hello to the list Been using Linux since 2002, but never found any my email folks interested in PGP or GPG. So finally thought join the email list -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= "I may kid around about drugs, but really, I take them seriously." - Doctor Graper From dshaw at jabberwocky.com Wed Oct 15 01:39:41 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 14 Oct 2008 19:39:41 -0400 Subject: About UIDs In-Reply-To: <48F51B9A.2040900@gmail.com> References: <48F51B9A.2040900@gmail.com> Message-ID: <88DB398A-9988-4F45-96B0-D83189867576@jabberwocky.com> On Oct 14, 2008, at 6:22 PM, Faramir wrote: > I have a question about the UID associated to the key: Are they placed > in the public key, or in both private and public keys? > > And, if I have a key with 2 UIDs, and I sign another key (lets say, I > sign Alice's key), will be both UIDs be displayed in the signatures, > or > just the one that was my primary UID at the moment when I signed > Alice's > key? Neither. Signatures only contain the key ID of the key making the signature. When displaying signatures, GPG shows the primary UID of that key at display time. In other words, if you sign a key with one primary UID, then make another UID primary, the display will change to show the new primary. There is, incidentally, a way of encoding which UID the signer "meant" the signature to be from. It's part of the OpenPGP standard, but no software that I know of actually uses it. David From jmoore3rd at bellsouth.net Wed Oct 15 01:41:51 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 14 Oct 2008 19:41:51 -0400 Subject: Greetings In-Reply-To: <48F51D91.6080605@gmail.com> References: <48F51D91.6080605@gmail.com> Message-ID: <48F52E3F.4090602@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Werewolf wrote: > Just an email to say hello to the list > > Been using Linux since 2002, but never > found any my email folks interested in PGP > or GPG. So finally thought join the email > list Welcome! Since You're using Thunderbird I personally also hope You've discovered Enigmail too. :) JOHN ;) Timestamp: Tuesday 14 Oct 2008, 19:41 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI9S4+AAoJEBCGy9eAtCsPA9cH/2tr4gSDQ4QLa/nuD+N5lqlO xaI7vyxkIJL1dv+fixUzq0sSwIjMWlI/7rndgDKjl/ijFk3KAB5ot56DVnruZK1J y7E7IjbTDjt52q7GIg1FneaYLh/cu3Cr0PHEaa8+2GRTWbslOZo9L1UY6UIURf1K UB5eh9TGF0gITIyEQOSTx7cES+Fvn3DsM4fWnS9Nm8jNYQczpmQQGb/dtRs1P62+ YyL1uIgEj7Qouj0w4INst59XX/KYMB77ard4eilWLFLCp9cb3bULzNv7Z+4QMwRJ Qw2kHL8oU7F9H/HN3lUheL6Qt3RaoqmD9Q0p/b9hiN7HqbnlAJW2YD6bfknp1Hg= =UNn/ -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Wed Oct 15 02:04:56 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Tue, 14 Oct 2008 20:04:56 -0400 Subject: Greetings In-Reply-To: <48F52E3F.4090602@bellsouth.net> References: <48F51D91.6080605@gmail.com> <48F52E3F.4090602@bellsouth.net> Message-ID: <48F533A8.3060002@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oh Aye, have Enigmail plugged in as well. Before I was using mutt with gpg, but moved over to Thunderbird Portable so my email not tied to just one 'puter or OS. Though not had lot luck with the Portable run from wine. (more learning curve) And running it from inside a Truecrypt file container. I have gotten signature faults between messages from Firefox/firegpg and Thunderbird/enigmail with clear signing. Guess cause I was using inline PGP and not mime. - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Repel them. Repel them. Induce them to relinquish the spheroid. - - Indiana University fans' chant for their perennially bad football team John W. Moore III wrote: > Werewolf wrote: >> Just an email to say hello to the list > >> Been using Linux since 2002, but never >> found any my email folks interested in PGP >> or GPG. So finally thought join the email >> list > > Welcome! Since You're using Thunderbird I personally also hope You've > discovered Enigmail too. :) > > JOHN ;) > Timestamp: Tuesday 14 Oct 2008, 19:41 --400 (Eastern Daylight Time) > _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj1M6gACgkQLYy55nbmwbysbACgoL7ixN8AxyxbV8pytpToWK6o XXIAnA8jbPSmUp2Kmr79sBopsC8k7nDf =/1Fp -----END PGP SIGNATURE----- From yalla at fsfe.org Wed Oct 15 12:48:23 2008 From: yalla at fsfe.org (Alexander W. Janssen) Date: Wed, 15 Oct 2008 12:48:23 +0200 Subject: Greetings In-Reply-To: <48F533A8.3060002@gmail.com> References: <48F51D91.6080605@gmail.com> <48F52E3F.4090602@bellsouth.net> <48F533A8.3060002@gmail.com> Message-ID: <48F5CA77.1020006@fsfe.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werewolf wrote: > I have gotten signature faults between messages from Firefox/firegpg and > Thunderbird/enigmail with clear signing. Guess cause I was using inline > PGP and not mime. Try one of the nightly builds of Engimail. The stock Enigmail has some errors which don't seem to be corrected yet (at least the last time I've checked). HTH, Alex. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBSPXKdRYlVVSQ3uFxAQI6bwP/c8dSjml8ni33vBIsErfkv8+e/etD7Vwx OKxU8LltpAbLAwVhvnWsd7ELr4VabED/qZeql8qu7M81YIIP/Zyoo93n9u9v4NO9 U96MlBMuIefQvt1bNuNFdOreDwOUfmitOYpC+7vbb+UPOA/rnx1j95FuaEYlwNqE TaLBzFFrqQI= =1ZiV -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Wed Oct 15 14:52:11 2008 From: werewolf6851 at gmail.com (MD Keith) Date: Wed, 15 Oct 2008 08:52:11 -0400 Subject: Greetings In-Reply-To: <48F5CA77.1020006@fsfe.org> References: <48F51D91.6080605@gmail.com> <48F52E3F.4090602@bellsouth.net> <48F533A8.3060002@gmail.com> <48F5CA77.1020006@fsfe.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Tries using Firegpg to create a reply] Enigmail version 0.95.7 (20080808) Firefox Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Firegpg 0.5.2 Gmail set to plain formatting Guessing bet 10 to 1 signature fails On Wed, Oct 15, 2008 at 6:48 AM, Alexander W. Janssen wrote: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: http://getfiregpg.org iEYEARECAAYFAkj153kACgkQLYy55nbmwbz42gCfTfRPVsCVe8q8YlKdAd0uUmSQ oYQAoJgz9Ia1O04NMy1g6MSY3GAgavJc =zriy -----END PGP SIGNATURE----- > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Werewolf wrote: > > I have gotten signature faults between messages from Firefox/firegpg and > > Thunderbird/enigmail with clear signing. Guess cause I was using inline > > PGP and not mime. > > Try one of the nightly builds of Engimail. The stock Enigmail has some > errors which don't seem to be corrected yet (at least the last time I've > checked). > > HTH, > Alex. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > > iQCVAwUBSPXKdRYlVVSQ3uFxAQI6bwP/c8dSjml8ni33vBIsErfkv8+e/etD7Vwx > OKxU8LltpAbLAwVhvnWsd7ELr4VabED/qZeql8qu7M81YIIP/Zyoo93n9u9v4NO9 > U96MlBMuIefQvt1bNuNFdOreDwOUfmitOYpC+7vbb+UPOA/rnx1j95FuaEYlwNqE > TaLBzFFrqQI= > =1ZiV > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Later -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Charles M. Schulz - "All you need is love. But a little chocolate now and then doesn't hurt." From jmoore3rd at bellsouth.net Wed Oct 15 16:16:31 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 15 Oct 2008 10:16:31 -0400 Subject: Greetings In-Reply-To: References: <48F51D91.6080605@gmail.com> <48F52E3F.4090602@bellsouth.net> <48F533A8.3060002@gmail.com> <48F5CA77.1020006@fsfe.org> Message-ID: <48F5FB3F.3090601@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 MD Keith wrote: > [Tries using Firegpg to create a reply] > Enigmail version 0.95.7 (20080808) > Firefox Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) > Gecko/2008052906 Firefox/3.0 > Firegpg 0.5.2 > Gmail set to plain formatting > > Guessing bet 10 to 1 signature fails > > On Wed, Oct 15, 2008 at 6:48 AM, Alexander W. Janssen wrote: UNTRUSTED Good signature from Lover of Lycra Key ID: 0x76E6C1BC / Signed on: 10/15/2008 8:52 AM Key fingerprint: D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC JOHN ;) Timestamp: Wednesday 15 Oct 2008, 10:15 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI9fs9AAoJEBCGy9eAtCsP+LIH/ja+dTTAirg7ZBvCcqDt+50X OYD6HMeNrCpJFoHhZ07ByiLV/i4kdel4MmAAEL3PVuBE0W5+t/mpWlOStoh/HJx1 jXSESFpdmTsZ2CRv71ZQNWD/IizS41KcIZuiF06t/w7HemUVjyBLV/GDSKvMhWYZ nvxQjS5NqrMbh4cPi44rwTESW3wCsgNyNaBOE29NUlD1Jbx6rruGFh/p1P/1iU2S DQIWaLSBHoHFJrmEKTYNJ86xapeFWwZftnqez68ajdEP9DejnyXMKf4I+YXYBOFN fZ6wk0WisoUzQQlQlHKgLsTjqVuPEmeTjxo0k7eMh9EZYee2HmI0kTSWhmIRWCc= =ee/o -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Wed Oct 15 20:46:23 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Wed, 15 Oct 2008 14:46:23 -0400 Subject: Greetings In-Reply-To: <48F5FB3F.3090601@bellsouth.net> References: <48F51D91.6080605@gmail.com> <48F52E3F.4090602@bellsouth.net> <48F533A8.3060002@gmail.com> <48F5CA77.1020006@fsfe.org> <48F5FB3F.3090601@bellsouth.net> Message-ID: <48F63A7F.1070003@gmail.com> *Big Grin* One the few times I'm actually glad to have lost a bet -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= That's the thing about people who think they hate computers. What they really hate is lousy programmers. - Larry Niven and Jerry Pournelle in "Oath of Fealty" John W. Moore III wrote: > MD Keith wrote: >> [Tries using Firegpg to create a reply] >> Enigmail version 0.95.7 (20080808) >> Firefox Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) >> Gecko/2008052906 Firefox/3.0 >> Firegpg 0.5.2 >> Gmail set to plain formatting > >> Guessing bet 10 to 1 signature fails > >> On Wed, Oct 15, 2008 at 6:48 AM, Alexander W. Janssen wrote: > > UNTRUSTED Good signature from Lover of Lycra > Key ID: 0x76E6C1BC / Signed on: 10/15/2008 8:52 AM > Key fingerprint: D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC > > > JOHN ;) > Timestamp: Wednesday 15 Oct 2008, 10:15 --400 (Eastern Daylight Time) _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From werewolf6851 at gmail.com Wed Oct 15 21:00:52 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Wed, 15 Oct 2008 15:00:52 -0400 Subject: Greetings In-Reply-To: <48F5FB3F.3090601@bellsouth.net> References: <48F51D91.6080605@gmail.com> <48F52E3F.4090602@bellsouth.net> <48F533A8.3060002@gmail.com> <48F5CA77.1020006@fsfe.org> <48F5FB3F.3090601@bellsouth.net> Message-ID: <48F63DE4.508@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 *Big Grin* One the few times I'm actually glad to have lost a bet - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Simon: "Come on out, River. The nice man wants to kidnap you." --Episode #14, "Objects in Space" John W. Moore III wrote: > MD Keith wrote: >> [Tries using Firegpg to create a reply] >> Enigmail version 0.95.7 (20080808) >> Firefox Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9) >> Gecko/2008052906 Firefox/3.0 >> Firegpg 0.5.2 >> Gmail set to plain formatting > >> Guessing bet 10 to 1 signature fails > >> On Wed, Oct 15, 2008 at 6:48 AM, Alexander W. Janssen wrote: > > UNTRUSTED Good signature from Lover of Lycra > Key ID: 0x76E6C1BC / Signed on: 10/15/2008 8:52 AM > Key fingerprint: D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC > > > JOHN ;) > Timestamp: Wednesday 15 Oct 2008, 10:15 --400 (Eastern Daylight Time) _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj2PeQACgkQLYy55nbmwbxeYQCcDFrw9bvL7y3vnFUTvQXfQAau EtEAn3kMne8eTTZ3TWnfv9bBKsbYGAyN =+l2O -----END PGP SIGNATURE----- From gi185002 at ncr.com Wed Oct 15 22:54:59 2008 From: gi185002 at ncr.com (Guru_i) Date: Wed, 15 Oct 2008 13:54:59 -0700 (PDT) Subject: Decrypting with private key and public key is missing Message-ID: <19995558.post@talk.nabble.com> Hi Im using GPG CL 1.4.9. case is - 1)somebody (trusted) is generating key pair on my behalf(as proxy). But he is sending me only my secret key and NOT public key. 2) I was able to import the secret key in gpg keyring using --allow-secret-key-import command 3) But when I try to decrypt the file (which was encrypted using my public key its not with me though) I get error message such as gpg: decryption failed: secret key not available. Though I know I have secret key with me. Please help -- View this message in context: http://www.nabble.com/Decrypting-with-private-key-and-public-key-is-missing-tp19995558p19995558.html Sent from the GnuPG - User mailing list archive at Nabble.com. From werewolf6851 at gmail.com Thu Oct 16 01:11:30 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Wed, 15 Oct 2008 19:11:30 -0400 Subject: Decrypting with private key and public key is missing In-Reply-To: <19995558.post@talk.nabble.com> References: <19995558.post@talk.nabble.com> Message-ID: <48F678A2.1030002@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't know about you but this raises all kinds of red flags... If using enigmail check that it pointed to the keyrings You can verify it's on your secret keyring with gpg -K command There's way to split public key out of the secretkey I think with gpgsplit - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Mal: "You know, I hear tell they used to keelhaul traitors back in the day. I don't have a keel to haul you on, so..." --Episode #9, "Ariel" Guru_i wrote: > Hi Im using GPG CL 1.4.9. > case is - > 1)somebody (trusted) is generating key pair on my behalf(as proxy). But he > is sending me only my secret key and NOT public key. > 2) I was able to import the secret key in gpg keyring using > --allow-secret-key-import command > 3) But when I try to decrypt the file (which was encrypted using my public > key its not with me though) I get error message such as > > gpg: decryption failed: secret key not available. Though I know I have > secret key with me. > > Please help -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj2eKIACgkQLYy55nbmwbyquQCgn5EojKjOSGJZhXVpGeRvm0gv yAcAoI1GKjIzKJivxu34u4nS+68Gk5mm =EvSd -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Thu Oct 16 01:44:27 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 15 Oct 2008 18:44:27 -0500 Subject: Decrypting with private key and public key is missing In-Reply-To: <19995558.post@talk.nabble.com> References: <19995558.post@talk.nabble.com> Message-ID: <48F6805B.5060100@Mozilla-Enigmail.org> Guru_i wrote: > Hi Im using GPG CL 1.4.9. > case is - > 1)somebody (trusted) is generating key pair on my behalf(as proxy). But he > is sending me only my secret key and NOT public key. > 2) I was able to import the secret key in gpg keyring using > --allow-secret-key-import command > 3) But when I try to decrypt the file (which was encrypted using my public > key its not with me though) I get error message such as > > gpg: decryption failed: secret key not available. Though I know I have > secret key with me. > > Please help Use gpgsplit and generate a public key file to import: Syntax: gpgsplit [options] [files] Split an OpenPGP message into packets Options: -v, --verbose verbose -p, --prefix STRING Prepend filenames with STRING --uncompress uncompress a packet --secret-to-public convert secret keys to public keys --no-split write to stdout and don't actually split -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Thu Oct 16 02:36:36 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 15 Oct 2008 20:36:36 -0400 Subject: Decrypting with private key and public key is missing In-Reply-To: <19995558.post@talk.nabble.com> References: <19995558.post@talk.nabble.com> Message-ID: <3CE6ACD6-FD6D-4916-BE10-C54142521C46@jabberwocky.com> On Oct 15, 2008, at 4:54 PM, Guru_i wrote: > > Hi Im using GPG CL 1.4.9. > case is - > 1)somebody (trusted) is generating key pair on my behalf(as proxy). > But he > is sending me only my secret key and NOT public key. > 2) I was able to import the secret key in gpg keyring using > --allow-secret-key-import command > 3) But when I try to decrypt the file (which was encrypted using my > public > key its not with me though) I get error message such as > > gpg: decryption failed: secret key not available. Though I know I have > secret key with me. There is a lot that doesn't follow here. The --allow-secret-key- import command is a no-op in version 1.4.9, so if you had to use it to import your key, then you're not using 1.4.9. Also, if you were using 1.4.9, when you imported your secret key, it would automatically create a public key for you. This is built in, and is on by default. Finally, that error message means that your secret key was not, in fact, imported. It says nothing about your public key. Given all of that, I suspect you didn't import your secret key after all. To import a secret key, do: gpg --import (the secret key file) David From werewolf6851 at gmail.com Thu Oct 16 15:07:17 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Thu, 16 Oct 2008 09:07:17 -0400 Subject: About UIDs In-Reply-To: <88DB398A-9988-4F45-96B0-D83189867576@jabberwocky.com> References: <48F51B9A.2040900@gmail.com> <88DB398A-9988-4F45-96B0-D83189867576@jabberwocky.com> Message-ID: <48F73C85.8020603@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So does using --edit-key/uid #/primary/save combo just show what uid is displayed when the message is decrypted/verified by a recipient? - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Inara: "This is pointless, you know." Early: "200,000 seems fairly pointed to me." --Episode #14, "Objects in Space" David Shaw wrote: > On Oct 14, 2008, at 6:22 PM, Faramir wrote: > >> I have a question about the UID associated to the key: Are they placed >> in the public key, or in both private and public keys? >> >> And, if I have a key with 2 UIDs, and I sign another key (lets say, I >> sign Alice's key), will be both UIDs be displayed in the signatures, or >> just the one that was my primary UID at the moment when I signed Alice's >> key? > > Neither. Signatures only contain the key ID of the key making the > signature. When displaying signatures, GPG shows the primary UID of > that key at display time. In other words, if you sign a key with one > primary UID, then make another UID primary, the display will change to > show the new primary. > > There is, incidentally, a way of encoding which UID the signer "meant" > the signature to be from. It's part of the OpenPGP standard, but no > software that I know of actually uses it. > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj3PIUACgkQLYy55nbmwbz/kwCggmAYjwzXqcvYBLZDNcWK1nfD HuUAn1Zi+IU7FL5e2UG9d6EluQ72W0wO =Jbqs -----END PGP SIGNATURE----- From gi185002 at ncr.com Thu Oct 16 15:07:50 2008 From: gi185002 at ncr.com (Guru_i) Date: Thu, 16 Oct 2008 06:07:50 -0700 (PDT) Subject: Decrypting with private key and public key is missing In-Reply-To: <3CE6ACD6-FD6D-4916-BE10-C54142521C46@jabberwocky.com> References: <19995558.post@talk.nabble.com> <3CE6ACD6-FD6D-4916-BE10-C54142521C46@jabberwocky.com> Message-ID: <20013451.post@talk.nabble.com> Thank you all your response. I will try with "gpgsplit". But I do have secret key in my seckeyring C:/Documents and Settings/xxxxx/Application Data/gnupg\secring.gpg --------------------------------------------------------------------- sec 1024R/FBCFC5F9 2008-10-06 uid vijay But I am not sure why GPG can not see it during decryption. Besides the key that I got was generated using PGP CL. Thanks guru David Shaw wrote: > > On Oct 15, 2008, at 4:54 PM, Guru_i wrote: > >> >> Hi Im using GPG CL 1.4.9. >> case is - >> 1)somebody (trusted) is generating key pair on my behalf(as proxy). >> But he >> is sending me only my secret key and NOT public key. >> 2) I was able to import the secret key in gpg keyring using >> --allow-secret-key-import command >> 3) But when I try to decrypt the file (which was encrypted using my >> public >> key its not with me though) I get error message such as >> >> gpg: decryption failed: secret key not available. Though I know I have >> secret key with me. > > There is a lot that doesn't follow here. The --allow-secret-key- > import command is a no-op in version 1.4.9, so if you had to use it to > import your key, then you're not using 1.4.9. > > Also, if you were using 1.4.9, when you imported your secret key, it > would automatically create a public key for you. This is built in, > and is on by default. > > Finally, that error message means that your secret key was not, in > fact, imported. It says nothing about your public key. > > Given all of that, I suspect you didn't import your secret key after > all. > > To import a secret key, do: > gpg --import (the secret key file) > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- View this message in context: http://www.nabble.com/Decrypting-with-private-key-and-public-key-is-missing-tp19995558p20013451.html Sent from the GnuPG - User mailing list archive at Nabble.com. From gi185002 at ncr.com Thu Oct 16 15:24:16 2008 From: gi185002 at ncr.com (Inamdar, Guruprasad) Date: Thu, 16 Oct 2008 18:54:16 +0530 Subject: About UIDs In-Reply-To: <48F73C85.8020603@gmail.com> References: <48F51B9A.2040900@gmail.com><88DB398A-9988-4F45-96B0-D83189867576@jabberwocky.com> <48F73C85.8020603@gmail.com> Message-ID: <569B748C6EAB8F4399DB4EF0CCD4B1B0054D6580@sinesc250.corp.ncr.com> I am sorry but I didn't get your last message. 1) I tried to import the key again (I deleted all the keyring files first) C:\Documents and Settings\xxxxxx\Desktop>gpg --import newkey.asc gpg: keyring `C:/Documents and Settings/xxxxxx/Application Data/gnupg\secring.gpg' created gpg: keyring `C:/Documents and Settings/xxxxxx/Application Data/gnupg\pubring.gpg' created gpg: key FBCFC5F9: secret key imported gpg: key FBCFC5F9: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 2) And now If I try to see it using gpg --list-secret-key. I can see it. C:\Documents and Settings\xxxxxx\Desktop>gpg --list-secret-key gpg: C:/Documents and Settings/gi185002/Application Data/gnupg\trustdb.gpg: trustdb created C:/Documents and Settings/xxxxxx/Application Data/gnupg\secring.gpg --------------------------------------------------------------------- sec 1024R/FBCFC5F9 2008-10-06 uid vijay ssb 1024R/BE7137CF 2008-10-06 3) But if I try to decrypt the file using my private key - C:\Documents and Settings\xxxxxx\Desktop>gpg --decrypt file.pgp gpg: key FBCFC5F9: secret key without public key - skipped gpg: encrypted with RSA key, ID FBCFC5F9 gpg: decryption failed: secret key not available I know PGP can generate public key automatically if its missing from keyring. Is there any option with GPG. So Is there anything wrong with my key? And How can I use gpgsplit to create public key.? -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Werewolf Sent: Thursday, October 16, 2008 9:07 AM To: gnupg-users at gnupg.org Subject: Re: About UIDs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So does using --edit-key/uid #/primary/save combo just show what uid is displayed when the message is decrypted/verified by a recipient? - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Inara: "This is pointless, you know." Early: "200,000 seems fairly pointed to me." --Episode #14, "Objects in Space" David Shaw wrote: > On Oct 14, 2008, at 6:22 PM, Faramir wrote: > >> I have a question about the UID associated to the key: Are they >> placed in the public key, or in both private and public keys? >> >> And, if I have a key with 2 UIDs, and I sign another key (lets say, I >> sign Alice's key), will be both UIDs be displayed in the signatures, >> or just the one that was my primary UID at the moment when I signed >> Alice's key? > > Neither. Signatures only contain the key ID of the key making the > signature. When displaying signatures, GPG shows the primary UID of > that key at display time. In other words, if you sign a key with one > primary UID, then make another UID primary, the display will change to > show the new primary. > > There is, incidentally, a way of encoding which UID the signer "meant" > the signature to be from. It's part of the OpenPGP standard, but no > software that I know of actually uses it. > > David > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj3PIUACgkQLYy55nbmwbz/kwCggmAYjwzXqcvYBLZDNcWK1nfD HuUAn1Zi+IU7FL5e2UG9d6EluQ72W0wO =Jbqs -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From gi185002 at ncr.com Thu Oct 16 15:52:53 2008 From: gi185002 at ncr.com (Guru_i) Date: Thu, 16 Oct 2008 06:52:53 -0700 (PDT) Subject: Decrypting with private key and public key is missing In-Reply-To: <20013451.post@talk.nabble.com> References: <19995558.post@talk.nabble.com> <3CE6ACD6-FD6D-4916-BE10-C54142521C46@jabberwocky.com> <20013451.post@talk.nabble.com> Message-ID: <20014132.post@talk.nabble.com> Thank you all. Thanks "werewolf"..I got it done..and yes it was with gpgsplit. 1) I imported "secret" key only that I am getting from my client C:\Documents and Settings\xxxxxx\Application Data\gnupg>gpg --import newkey.asc gpg: keyring `C:/Documents and Settings/xxxxxx/Application Data/gnupg\secring.gpg' created gpg: keyring `C:/Documents and Settings/xxxxxx/Application Data/gnupg\pubring.gpg' created gpg: key FBCFC5F9: secret key imported gpg: key FBCFC5F9: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 2) Then I use gpgsplit as you guys said C:\Documents and Settings\xxxxxx\Application Data\gnupg>gpgsplit --no-split --verbose --secret-to-public secring.gpg > pubring.gpg 3) Then I use list-key command..wollaaa I can see my public key getting created now C:\Documents and Settings\xxxxxx\Application Data\gnupg>gpg --list-key gpg: C:/Documents and Settings/xxxxxx/Application Data/gnupg\trustdb.gpg: trustdb created C:/Documents and Settings/xxxxxx/Application Data/gnupg\pubring.gpg --------------------------------------------------------------------- pub 1024R/FBCFC5F9 2008-10-06 uid vijay sub 1024R/BE7137CF 2008-10-06 4) Finally to decryption C:\Documents and Settings\gi185002\Application Data\gnupg>gpg -o file.txt --decrypt "C:\Documents and Settings\gi185002\Desktop\file.pgp" gpg: encrypted with 1024-bit RSA key, ID FBCFC5F9, created 2008-10-06 "vijay" One more thing on my first question..I saw this just now and now I know why my decryption failed with only secret key http://www.gnupg.org/faq.html (See 4.6) I love this group!! ============================================================================== Guru_i wrote: > > Thank you all your response. I will try with "gpgsplit". But I do have > secret key in my seckeyring > > C:/Documents and Settings/xxxxx/Application Data/gnupg\secring.gpg > --------------------------------------------------------------------- > sec 1024R/FBCFC5F9 2008-10-06 > uid vijay > > But I am not sure why GPG can not see it during decryption. Besides the > key that I got was generated using PGP CL. > > Thanks > guru > > > David Shaw wrote: >> >> On Oct 15, 2008, at 4:54 PM, Guru_i wrote: >> >>> >>> Hi Im using GPG CL 1.4.9. >>> case is - >>> 1)somebody (trusted) is generating key pair on my behalf(as proxy). >>> But he >>> is sending me only my secret key and NOT public key. >>> 2) I was able to import the secret key in gpg keyring using >>> --allow-secret-key-import command >>> 3) But when I try to decrypt the file (which was encrypted using my >>> public >>> key its not with me though) I get error message such as >>> >>> gpg: decryption failed: secret key not available. Though I know I have >>> secret key with me. >> >> There is a lot that doesn't follow here. The --allow-secret-key- >> import command is a no-op in version 1.4.9, so if you had to use it to >> import your key, then you're not using 1.4.9. >> >> Also, if you were using 1.4.9, when you imported your secret key, it >> would automatically create a public key for you. This is built in, >> and is on by default. >> >> Finally, that error message means that your secret key was not, in >> fact, imported. It says nothing about your public key. >> >> Given all of that, I suspect you didn't import your secret key after >> all. >> >> To import a secret key, do: >> gpg --import (the secret key file) >> >> David >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> > > -- View this message in context: http://www.nabble.com/Decrypting-with-private-key-and-public-key-is-missing-tp19995558p20014132.html Sent from the GnuPG - User mailing list archive at Nabble.com. From faramir.cl at gmail.com Thu Oct 16 19:14:28 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 16 Oct 2008 14:14:28 -0300 Subject: Decrypting with private key and public key is missing In-Reply-To: <20013451.post@talk.nabble.com> References: <19995558.post@talk.nabble.com> <3CE6ACD6-FD6D-4916-BE10-C54142521C46@jabberwocky.com> <20013451.post@talk.nabble.com> Message-ID: <48F77674.1010703@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Guru_i escribi?: ... > But I am not sure why GPG can not see it during decryption. Besides the key > that I got was generated using PGP CL. ... >>> Hi Im using GPG CL 1.4.9. >>> case is - What does "CL" means? And... now I don't know if the key was generated with GPG or with PGP suite... It is just curiosity... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI93Z0AAoJEMV4f6PvczxAdm4H/RpnffL8ORKlhxLMUpSa3pfV JrzkCvgjJRcvUCM/Z1si9m/w2nE8VpKuWTuQZsbIV5BuLJQ8GmIx7/x1CM+6Nh+Q Znq0eoOO1g94YSSj1rvEAd9QMCrLg83bpMWe8iqvUPFAw+pDMcC3IeNYqzPnY4mG iDIBxgCI2Lph6q8vdH+TQXeR+XDWAZqmhzDjqegzxGTZLoHk5HiQZVXyAVBaC4vx ahfsWrvzwNe30YxAkF/9bOBqVAP+6QOLoiQ+AcD1Vqli2lZesqp2oZ63JV2FPsyL pD19id3V5PMAPswl3mAqDpGa9Qj1NQxmL4Tmm98qPcg7LsbITEzM0Flj+26EcSg= =Cm71 -----END PGP SIGNATURE----- From gi185002 at ncr.com Wed Oct 15 17:09:24 2008 From: gi185002 at ncr.com (Guru_i) Date: Wed, 15 Oct 2008 08:09:24 -0700 (PDT) Subject: Decrypting with private key and public key is missing Message-ID: <19995558.post@talk.nabble.com> Hi Im using GPG CL 1.4.9. case is - 1)somebody (trusted) is generating key pair on my behalf(as proxy). But he is sending me only my secret key and NOT public key. 2) I was able to import the secret key in gpg keyring using --allow-secret-key-import command 3) But when I try to decrypt the file (which was encrypted using my public key its not with me though) I get error message such as gpg: decryption failed: secret key not available. Though I know I have secret key with me. Please help -- View this message in context: http://www.nabble.com/Decrypting-with-private-key-and-public-key-is-missing-tp19995558p19995558.html Sent from the GnuPG - User mailing list archive at Nabble.com. From jmoore3rd at bellsouth.net Thu Oct 16 20:05:41 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 16 Oct 2008 14:05:41 -0400 Subject: Decrypting with private key and public key is missing In-Reply-To: <48F77674.1010703@gmail.com> References: <19995558.post@talk.nabble.com> <3CE6ACD6-FD6D-4916-BE10-C54142521C46@jabberwocky.com> <20013451.post@talk.nabble.com> <48F77674.1010703@gmail.com> Message-ID: <48F78275.7090602@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Faramir wrote: > What does "CL" means? Command Line > with GPG or with PGP suite... Shouldn't matter due to OpenPGP RFC compatibility JOHN ;) Timestamp: Thursday 16 Oct 2008, 14:05 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI94J0AAoJEBCGy9eAtCsPjBAH/33TL3vrNxYobMYUbVq+/Mxs C8L+7yvE0NZXHmkZIaUYmcxAGAOXvOzaV1xamlw5kZ5xbb5R3oR4eVK7xmaQo8b0 eptZKylgCprN80BlmWOIwqNRYaa5BMrlPEfjAjqxbZG67RrM5fb9nEF3JHegyJ1u BNqDutbxkCDcUmvo642n6rl2iz7pwzd+hU8RvICiK2fM+6JZ1PPMjsV14IewMBt7 2omqXj5F90hgRPdTim6stocbLEeJ/ChljqdsGQWsHG4g60s+NFph4XtaP+L9BvGd 9SLYLMGECmjrmAArQBJadXLic3R7NcG4aWS1WjbdtuYqRU+/FmJjNquxSEXl1Pk= =+JwM -----END PGP SIGNATURE----- From faramir.cl at gmail.com Thu Oct 16 21:44:30 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 16 Oct 2008 16:44:30 -0300 Subject: Decrypting with private key and public key is missing In-Reply-To: <48F78275.7090602@bellsouth.net> References: <19995558.post@talk.nabble.com> <3CE6ACD6-FD6D-4916-BE10-C54142521C46@jabberwocky.com> <20013451.post@talk.nabble.com> <48F77674.1010703@gmail.com> <48F78275.7090602@bellsouth.net> Message-ID: <48F7999E.9070800@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: > Faramir wrote: > >> What does "CL" means? > > Command Line I thought maybe it was modified version of GPG XD >> with GPG or with PGP suite... > > Shouldn't matter due to OpenPGP RFC compatibility Right, I know that.... but I thought maybe he was using a modified version, maybe not fully compatible... but I was wrong ;) Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI95meAAoJEMV4f6PvczxAdTQIAJOTlL5vsnS+hNCxqGgai19X gM78CPdKe5uibWnMI5jUqyFYLJaWvL7xPupGYOjpA6gfGZqhQKmRFvdQFqnGtvfT +y7QLHS0zoerbpZDK0gXAELledVCHu9WUEfYPzWIx5JtgDveLWBXhIiw3BfUNO6E icXicKYTSvq7qy9UwS5QLHL0dWpG8uYC2xDVkeN4pGuQv+3mQMtlaLDU3thobTd2 HMCvmqwFB3dRRMzFh5Ys7vln3ldPGx2nzUGWTRqKeu+z0J4vZhy3jKbI9VA7JqGH int3VgGUgA0Uf7b+/Y8XgqxYSzFqtekQ9hUH8gFqItzk1sgpXc5bAq5mr938UeU= =Vjoj -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Fri Oct 17 00:01:22 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Thu, 16 Oct 2008 18:01:22 -0400 Subject: add subkey vs generate new set? Message-ID: <48F7B9B2.4020800@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another Pondering as every year need bigger bit sized keys to be secure Benefits and Cons Wondering if adding a bigger encryption/signing sub keys to current key on keyserver leaves the benefit keeping the same finger print? So don't have inform all your corresondences to get a new key from you? They just have --refresh their public keyrings Over Just setting old key to expire and Generate a new set, collect signatures again, change info on web pages and/or bussiness cards? - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Inara: "What should I do?" Simon: (hands her bandages): "Tie it off." Inara: "Simon, I'm good with anatomy, but not like this..." --Unfilmed Episode, "Dead or Alive" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj3ubIACgkQLYy55nbmwbxmAgCdETbweCy8Yz4ST+r6peRJPnqD EHUAoMtPtPKg3ntgrPxvxcVfiAdwCRER =i70a -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Fri Oct 17 00:16:41 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 16 Oct 2008 18:16:41 -0400 Subject: add subkey vs generate new set? In-Reply-To: <48F7B9B2.4020800@gmail.com> References: <48F7B9B2.4020800@gmail.com> Message-ID: <48F7BD49.8030801@sixdemonbag.org> Werewolf wrote: > Another Pondering as every year need bigger bit sized keys to be secure > Benefits and Cons This is not true. 1kbit keys are generally considered safe for now, although they may become vulnerable to fantastically well-equipped adversaries within the next decade. 2kbit keys are considered secure for what is effectively the indefinite future. We will not break 2kbit keys until we have had such massive leaps in mathematics or engineering that they would deserve to be called science fiction. From faramir.cl at gmail.com Fri Oct 17 01:45:53 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 16 Oct 2008 20:45:53 -0300 Subject: add subkey vs generate new set? In-Reply-To: <48F7B9B2.4020800@gmail.com> References: <48F7B9B2.4020800@gmail.com> Message-ID: <48F7D231.5040302@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werewolf escribi?: > > Another Pondering as every year need bigger bit sized keys to be secure > Benefits and Cons IMHO, I would just use 2048 bits keys and focus in keeping the keys safe... and using good algorithms. But consider I am not an expert, and I am not even an experienced user... I found a document today, maybe it is worth taking a look at it: http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf > Wondering if adding a bigger encryption/signing sub keys to current key > on keyserver leaves the benefit keeping the same finger print? So don't > have inform all your corresondences to get a new key from you? They > just have --refresh their public keyrings Yes, you can keep the primary key and change the subkeys... you can even remove the primary key (and store it SAFE) and work with the subkeys... there is a tutorial about that, and was posted in this list a while ago... Look at "Secure Key Generation" in the site http://tjl73.altervista.org/index_en.html > Just setting old key to expire and Generate a new set, collect > signatures again, change info on web pages and/or bussiness cards? I have not collected a single strong signature in 5 months, so if I ever get one, I won't be happy if I have to revoke my key (lol). Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI99IxAAoJEMV4f6PvczxAbEAIAItqD7BMjL5zGcqSpID3EBb/ g+rMhPzOXGxdiHdKpWy8gVgGXvLRIlAR3CgxS8i/qx7ys/LJHUteupKwyrw295ge wdjtw0LSIVSlRw4u1I2WFo+cohsLsMO9ZZ0qjNlsNKpfMOWT3VovSJp/kIi9cUVX zvv4v3vEMOLmV1Vv1iMD3ffpAI3Ajmv8+nNgYFL/2KFUa4YXJ5xhO/j7cCudNhl6 jL4JwSCs+erefrMzeUrkT8c8dPZa8DP8AODMhMoAxjdRNNdY2w7ZybJca1IPtYtX O0eV4un9S7D7/a+WvfiseKkj6VkSIeAA6jXBRVL8f+tJst5mevbTryDD9H1qBwM= =zkuN -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Fri Oct 17 04:31:27 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Thu, 16 Oct 2008 22:31:27 -0400 Subject: add subkey vs generate new set? In-Reply-To: <48F7D231.5040302@gmail.com> References: <48F7B9B2.4020800@gmail.com> <48F7D231.5040302@gmail.com> Message-ID: <48F7F8FF.5070009@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for the informative Web site (wget a wonderful tool) But never got a signature myself. After made my first key, later I generated a second pair for signing RPM packages on my system. so used one to sign the other, etc. So have key with interesting email addresses. like one use for this list, then another more -business casual- type contacts. End of the month Moving to Wisconsin, and hope find a active LUG, then might actually acquire sigs. Using that methode kinda like having a keywallet that folks say is you, and can change out the inside keys as need be, and the outer ID with a Notarized Signature. Hmms, that be cool, if A Notary had a key signing service as well for pgp/gpg keys - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= ("The Man They Call Jayne" is being sung in the background) Mal: "Uh, Jayne?" Jayne: "Yeah, Mal?" Mal: "You got any light you'd like to shed on this development?" Jayne: "No, Mal." Simon: "No... *This* must be what going mad feels like..." --Episode #7, "Jaynestown" Faramir wrote: > Werewolf escribi?: >> Another Pondering as every year need bigger bit sized keys to be secure >> Benefits and Cons > > IMHO, I would just use 2048 bits keys and focus in keeping the keys > safe... and using good algorithms. But consider I am not an expert, and > I am not even an experienced user... > > I found a document today, maybe it is worth taking a look at it: > http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf > >> Wondering if adding a bigger encryption/signing sub keys to current key >> on keyserver leaves the benefit keeping the same finger print? So don't >> have inform all your corresondences to get a new key from you? They >> just have --refresh their public keyrings > > Yes, you can keep the primary key and change the subkeys... you can > even remove the primary key (and store it SAFE) and work with the > subkeys... there is a tutorial about that, and was posted in this list a > while ago... > > Look at "Secure Key Generation" in the site > http://tjl73.altervista.org/index_en.html > >> Just setting old key to expire and Generate a new set, collect >> signatures again, change info on web pages and/or bussiness cards? > > I have not collected a single strong signature in 5 months, so if I > ever get one, I won't be happy if I have to revoke my key (lol). > > Best Regards _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj3+P8ACgkQLYy55nbmwbyh1gCgz3ThBIaSMxvoRE57jnWLkZWg xo4AoMJ5haFwAhBSz9+Djm4rLovXB4eF =gSiP -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Oct 17 05:48:05 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 16 Oct 2008 23:48:05 -0400 Subject: add subkey vs generate new set? In-Reply-To: <48F7B9B2.4020800@gmail.com> References: <48F7B9B2.4020800@gmail.com> Message-ID: <8793A93E-4AC8-467F-9C62-55A8B34888AA@jabberwocky.com> On Oct 16, 2008, at 6:01 PM, Werewolf wrote: > Another Pondering as every year need bigger bit sized keys to be > secure > Benefits and Cons > > Wondering if adding a bigger encryption/signing sub keys to current > key > on keyserver leaves the benefit keeping the same finger print? So > don't > have inform all your corresondences to get a new key from you? They > just have --refresh their public keyrings > Over > Just setting old key to expire and Generate a new set, collect > signatures again, change info on web pages and/or bussiness cards? It depends on how many signatures you have. If you have none, or just a handful that could be easily gotten again, then it doesn't matter much. Otherwise, there is a real benefit to adding subkeys to your existing key. It is not true, though, that you need continually bigger keys to be secure. You just need (somewhat) bigger keys than the current best attack to be secure. The default size in GPG is 2048, which is extremely safe. When in doubt, use the default. David From faramir.cl at gmail.com Fri Oct 17 06:09:42 2008 From: faramir.cl at gmail.com (Faramir) Date: Fri, 17 Oct 2008 01:09:42 -0300 Subject: add subkey vs generate new set? In-Reply-To: <48F7F8FF.5070009@gmail.com> References: <48F7B9B2.4020800@gmail.com> <48F7D231.5040302@gmail.com> <48F7F8FF.5070009@gmail.com> Message-ID: <48F81006.5000409@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werewolf escribi?: > > Thanks for the informative Web site (wget a wonderful tool) I found the link in GPGShell download site... but I saw the author of that tutorial posting in this list too. > But never got a signature myself. After made my first key, later I > generated a second pair for signing RPM packages on my system. so used > one to sign the other, etc. So have key with interesting email Same here... I have a signature for the email account I use for lists, another one for the email account with my real name, and some other for specific purposes... > Using that methode kinda like having a keywallet that folks say is you, > and can change out the inside keys as need be, and the outer ID with a > Notarized Signature. Hmms, that be cool, if A Notary had a key signing > service as well for pgp/gpg keys CAcert.org does that, but you need to find some CAcert assurers to assure your identity first... I will have to rely on their trusted third party program, since there are not enough assurers in my city... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI+BAGAAoJEMV4f6PvczxAFbIH/0QPeUpffGGP1L6K9mc+sAy1 0sTzntcvVRFCCgrCiqrpjLztXUFx72WUVjUL3MHpAvhjWVzvVJUtpERuAIjjnjz6 hxGuPG/6T5ZxEAfXHM7AUfRHCZ0j3aUui92nyajHqHBBXnZhBXvkOpHT8pamoVZT dLuyBosbfqfhwzkLagFzsqU6OKxZZQmJzk8P3Yfu1fSivSS84QM3EGu4FiJxcKO6 i+ijNxo7ggixN9RQl+xnlbY4bRed5S7IE7Vm76j54LPDnNA6lGegz0916qGdmFwd Z31vNO4eXyJsSLH4ofHZ3ygaRCUT3HCpxcBPFFVH9KelasT3YWzbAWqg0fWtWLY= =fK2o -----END PGP SIGNATURE----- From faramir.cl at gmail.com Fri Oct 17 07:09:22 2008 From: faramir.cl at gmail.com (Faramir) Date: Fri, 17 Oct 2008 02:09:22 -0300 Subject: add subkey vs generate new set? In-Reply-To: <8793A93E-4AC8-467F-9C62-55A8B34888AA@jabberwocky.com> References: <48F7B9B2.4020800@gmail.com> <8793A93E-4AC8-467F-9C62-55A8B34888AA@jabberwocky.com> Message-ID: <48F81E02.3020104@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw escribi?: > It is not true, though, that you need continually bigger keys to be > secure. You just need (somewhat) bigger keys than the current best > attack to be secure. The default size in GPG is 2048, which is > extremely safe. When in doubt, use the default. Maybe setting sha256 as the default hash algo would improve security a bit, since sha1 is not as strong as it was supposed to be, and in future _maybe_ it could be more unwelcome discoveries... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI+B4CAAoJEMV4f6PvczxAhEkH/03oWAxJfTzls/S+HS7vUJpR kprcQr4JiH8gwH6aqaZGA+MZVb+GV0l/gKCvm7KocEC1zf3gYO8qRz3TfEVZYQLA EM3qDZcJPXdte61G2sArct/6qQps1ESCNPlc1ZbKnEtABFJpXq7XCcmFd6rw5Mff KfjMULXtmHcKdph3zN7mROLAco2zqOg4YQ/1eCqdEEj5TvDSLnpD8rIGeZx+iu8D 8+dOecSU9o74y13v5tmmZ3+tXorYxwhNaVzOJJwkl2oNYmUhJnVzQzR1xsLTAq3T YZPD6Fk27vZ0dDECLimG1vH1xdUFi3h+7SnlkeMelXCJ5MDN9tJB6wdoK1tR4QM= =RBh0 -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Fri Oct 17 16:19:53 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Fri, 17 Oct 2008 10:19:53 -0400 Subject: add subkey vs generate new set? In-Reply-To: <8793A93E-4AC8-467F-9C62-55A8B34888AA@jabberwocky.com> References: <48F7B9B2.4020800@gmail.com> <8793A93E-4AC8-467F-9C62-55A8B34888AA@jabberwocky.com> Message-ID: <48F89F09.4090908@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was just wandering, as I did use the 'default' settings for the key creation. But that was 4 years ago :) The info at the time if I remember right went on 1024 was more on the 'higher' side of the processor abilities etc lol - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Inara: "You could always pray they make it back safely." Book: "I don't think the captain would much like me praying for him." Inara: "So don't tell him. I never do." --Episode #2, "The Train Job" David Shaw wrote: > On Oct 16, 2008, at 6:01 PM, Werewolf wrote: > >> Another Pondering as every year need bigger bit sized keys to be secure >> Benefits and Cons >> >> Wondering if adding a bigger encryption/signing sub keys to current key >> on keyserver leaves the benefit keeping the same finger print? So don't >> have inform all your corresondences to get a new key from you? They >> just have --refresh their public keyrings >> Over >> Just setting old key to expire and Generate a new set, collect >> signatures again, change info on web pages and/or bussiness cards? > > It depends on how many signatures you have. If you have none, or just a > handful that could be easily gotten again, then it doesn't matter much. > Otherwise, there is a real benefit to adding subkeys to your existing key. > > It is not true, though, that you need continually bigger keys to be > secure. You just need (somewhat) bigger keys than the current best > attack to be secure. The default size in GPG is 2048, which is > extremely safe. When in doubt, use the default. > > David > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj4nwkACgkQLYy55nbmwbxPRgCfXQ0LPMGgt8z1HbtW18CPrKe0 SLEAn0bkvFDupY8S4c1tXDaVDY+BN1qP =HFPo -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Fri Oct 17 16:48:59 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 17 Oct 2008 10:48:59 -0400 Subject: add subkey vs generate new set? In-Reply-To: <48F89F09.4090908@gmail.com> References: <48F7B9B2.4020800@gmail.com> <8793A93E-4AC8-467F-9C62-55A8B34888AA@jabberwocky.com> <48F89F09.4090908@gmail.com> Message-ID: <20081017144859.GA34503@jabberwocky.com> On Fri, Oct 17, 2008 at 10:19:53AM -0400, Werewolf wrote: > > I was just wandering, as I did use the 'default' settings for the key > creation. But that was 4 years ago :) 4 years ago the default was different. We keep the defaults at reasonable settings as the world and GPG grows. David From marcus.brinkmann at ruhr-uni-bochum.de Fri Oct 17 22:03:23 2008 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 17 Oct 2008 22:03:23 +0200 Subject: [Announce] GPGME 1.1.7 released Message-ID: <48F8EF8B.6040101@ruhr-uni-bochum.de> Hi, We are pleased to announce version 1.1.7 of GnuPG Made Easy, a library designed to make access to GnuPG easier for applications. It may be found in the file (about 1017 KB/785 KB compressed) ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.gz ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.bz2 The following files are also available: ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.gz.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.7.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.1.6-1.1.7.diff.gz It should soon appear on the mirrors listed at: http://www.gnupg.org/mirrors.html Bug reports and requests for assistance should be sent to: gnupg-devel at gnupg.org The sha1sum checksums for this distibution are 6c8fb447c8ade06d4d22c9bf795843fdbe604a62 gpgme-1.1.6-1.1.7.diff.gz c735bb90431667e3d020aa3adcf0efa858c992af gpgme-1.1.7.tar.bz2 dba92eeb105e4307f7d7efa7df0622df440362af gpgme-1.1.7.tar.bz2.sig 88e461a570a8a10db26b20cd858932c91134af94 gpgme-1.1.7.tar.gz b75973297a1aae12695c2bc8f86ca77c6957b4d5 gpgme-1.1.7.tar.gz.sig Noteworthy changes in version 1.1.7 (2008-10-177) ------------------------------------------------ * Using GPGME_KEYLIST_MODE_LOCAL combined with GPGME_KEYLIST_MODE_EXTERN is now supported; it uses the --locate-keys feature of gpg (>= 2.0.10). * The encoding of gpgme_data_t objects can affect the output encoding of export, sign and encrypt operations now (the same operations that are also affected by the ASCII mode switch). We believe this change in the ABI is innocent enough not to break existing applications (it only affects the S/MIME backend on certain operations). * The reference manual now includes the specification of "The GnuPG UI Server protocol". * A new function gpgme_cancel_async can be used to asynchronously cancel any pending operation at any time, from any thread. * Interface changes relative to the 1.1.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_op_encrypt CHANGED: Output encoding can affect result. gpgme_op_encrypt_start CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign CHANGED: Output encoding can affect result. gpgme_op_encrypt_sign_start CHANGED: Output encoding can affect result. gpgme_op_sign CHANGED: Output encoding can affect result. gpgme_op_sign_start CHANGED: Output encoding can affect result. gpgme_op_export CHANGED: Output encoding can affect result. gpgme_op_export_start CHANGED: Output encoding can affect result. gpgme_op_export_ext CHANGED: Output encoding can affect result. gpgme_op_export_ext_start CHANGED: Output encoding can affect result. gpgme_cancel_async NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Marcus Brinkmann mb at g10code.de -- g10 Code GmbH http://g10code.com AmtsGer. Wuppertal HRB 14459 H?ttenstr. 61 Gesch?ftsf?hrung Werner Koch D-40699 Erkrath -=- The GnuPG Experts -=- USt-Id DE215605608 _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From erpo41 at gmail.com Sat Oct 18 09:48:58 2008 From: erpo41 at gmail.com (Eric Anopolsky) Date: Sat, 18 Oct 2008 01:48:58 -0600 Subject: SE New Mexico key signing? Message-ID: <1224316138.10276.4.camel@telesto> Hi all, I just switched to a new key and I have no signatures. :( Is there anyone in southeast New Mexico who would like to see my driver's license and sign my key? Cheers, Eric -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: This is a digitally signed message part URL: From dshaw at jabberwocky.com Sat Oct 18 15:10:10 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Sat, 18 Oct 2008 09:10:10 -0400 Subject: SE New Mexico key signing? In-Reply-To: <1224316138.10276.4.camel@telesto> References: <1224316138.10276.4.camel@telesto> Message-ID: On Oct 18, 2008, at 3:48 AM, Eric Anopolsky wrote: > Hi all, > > I just switched to a new key and I have no signatures. :( > > Is there anyone in southeast New Mexico who would like to see my > driver's license and sign my key? http://biglumber.com/x/web?qs=new+mexico David From f.schwind at chili-radiology.com Mon Oct 20 09:58:47 2008 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Mon, 20 Oct 2008 09:58:47 +0200 Subject: gpgme 1.1.7 and verify signature Message-ID: <48FC3A37.9060200@chili-radiology.com> Hello List. I tried to uses the new gpgme-1.1.7 on linux with gpg-1.4.9 and I now get a gpgme "Bad file descriptor" error when I try to verify a normal signature with "gpgme_op_verify(ctx, sig, NULL, plain);" which worked fine with gpgme-1.1.4. Anyone else discovered this behavior or can help me? Greetings Florian From faramir.cl at gmail.com Mon Oct 20 21:00:33 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 20 Oct 2008 16:00:33 -0300 Subject: gpg.conf in Gpg4win Message-ID: <48FCD551.3090202@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello! I have been testing (a very little bit) Gpg4win 1.1.3, and I noticed changes made in gpg.conf are not working... I changed my default preferences, but keys generated after the change still have the same preferences (gpg defaults). I tried to install idea.dll, but gpg.exe - --version doesn't show it... Any idea? I am doing the test in a virtual machine, Win XP pro sp3. And I overwrote gpg.exe and related files with the gpg 1.4.9 files, taken from my "real" machine. (Gpg4win 1.1.3 includes gpg 1.4.7). Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI/NVRAAoJEMV4f6PvczxAZI4IAK26SQyqw2ruHCaEkwLk9kQR H+gKebs5RT20ZA7fOl/wnyiyQznxrwiybe004ctPB0WaHScQirAIghqIGG2lYZGW ni5bPTVuPxHDSczmuwglqwUcfxC1hzSZJ1J8/RWz1ZFdT2B85MHd9ZGPgKnOVtLm 6pQ0D5YuPd4ZFlxev60uqwHg64IcmrgyYHz9yPkPEAGst7ue2wZ0IyiQWhdK/Cdr ypkb1hiCmK7vB4xlQz7uHM8R5y3w0LHej+Lhfsub+9rHV0IiX8vVHReFO63rRo+P 23FyvMsGNdosDzpUp8PSP4mZqRFNgQutZTDqDC0oPhVYbiG6s7/r4/zOmh5uaCU= =geTB -----END PGP SIGNATURE----- From wk at gnupg.org Mon Oct 20 21:13:52 2008 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Oct 2008 21:13:52 +0200 Subject: gpg.conf in Gpg4win In-Reply-To: <48FCD551.3090202@gmail.com> (faramir.cl@gmail.com's message of "Mon, 20 Oct 2008 16:00:33 -0300") References: <48FCD551.3090202@gmail.com> Message-ID: <87r66b84gf.fsf@wheatstone.g10code.de> On Mon, 20 Oct 2008 21:00, faramir.cl at gmail.com said: > I have been testing (a very little bit) Gpg4win 1.1.3, and I > noticed changes made in gpg.conf are not working... I changed my default > preferences, but keys generated after the change still have the same > preferences (gpg defaults). I tried to install idea.dll, but gpg.exe > --version doesn't show it... Any idea? Check that you are changing the right conf file. Runnign "gpg --version" shows you the homedir, where gpg expects its conf file. Also watch out for version specific conf files like "gpg.conf-1" which will be used if available only by gpg 1.x.y versions. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From faramir.cl at gmail.com Mon Oct 20 22:32:07 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 20 Oct 2008 17:32:07 -0300 Subject: gpg.conf in Gpg4win In-Reply-To: <87r66b84gf.fsf@wheatstone.g10code.de> References: <48FCD551.3090202@gmail.com> <87r66b84gf.fsf@wheatstone.g10code.de> Message-ID: <48FCEAC7.5030809@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werner Koch escribi?: > On Mon, 20 Oct 2008 21:00, faramir.cl at gmail.com said: > >> I have been testing (a very little bit) Gpg4win 1.1.3, and I >> noticed changes made in gpg.conf are not working... I changed my default > Check that you are changing the right conf file. Runnign "gpg --version" > shows you the homedir, where gpg expects its conf file. Also watch out Thanks, I was changing the gpg.conf in the wrong folder... problem solved. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI/OrHAAoJEMV4f6PvczxAMZIH/jnlSrQkVfL95yEmX9tRz4y8 XVX62Al9x2dHT+nBuls4ANXZOm/1Q63FrOlRP30WU/NMyM+DZka/HTDFOOQ9Jz/g nhBb/bJk6smS0OSoCttOF///Jw6kWH9xFQoTPU6Sd4RN12kYT0uHJV3r5zsIrEpP RN/F6HZGP5iukVvn+CSVyFcrJYlgo0hpB3sRdpeMyenUdtH4N2qlQTEYB3BCJd9d OMgEACaV0U9D2OqolMDFJJWZeZ5PsZvNtzcubr6V8MY96NCEz8agrBTdZ4xvLZVO 0Exc6Q0hpxRpZl9aOKnxPXYmzSgpq4WV+hHd59fORyI0iuiF9NN5kYEeV1YokNk= =QZuV -----END PGP SIGNATURE----- From classpath at arcor.de Tue Oct 21 04:15:00 2008 From: classpath at arcor.de (Morton D. Trace) Date: Tue, 21 Oct 2008 04:15:00 +0200 Subject: There is no limit on the length of a passphrase, Message-ID: <48FD3B24.3070403@arcor.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear List readers! http://www.gnupg.org/gph/en/manual/c14.html GnuPG needs a pass phrase to protect the primary and subordinate private keys that you keep in your possession. You need a Pass phrase to protect your private key. Enter passphrase: There is no limit on the length of a passphrase, === is this true? any file system always has a maximum file size. even ZFS has that. a Zetabyte cannot easily be neglected. The total sum of all elementary particles in the entire universe (open or closed) also is estimated to have an upper limit. This is astronomical units, but they are limited. === How many elementary particles in the universe? Our observable universe is approximately 30 Gigaparsecs across (or 95 billion light years). Using the equation for the volume of a sphere we can convert this into cubic centimeters, and get ~5x10^86 cc. Multiplying by the 500 particles per cc we found above (100 neutrinos and 400 photons) we finally get: 2.5 x 10^89 elementary particles in the visible universe. === So I feel safe if my pass phrase is approx one Gigaparsecond in size. Which exceeds the size of my monitor. ==> But this is not practical. not even in Sci Fiction. as an example for a nice 'n' cool trendy UTF-8 pass phrase ?????????+A]9??9'XK/qH???Bm`1g??{oKp5????????? ???????=WkU.E??????/qH?????v)-Gb<8D><81><95><82><8C><81><9F><84><9B><81> <81><98>+A]9<9B><9F>9'XK/qH<86> <82><92><90>Bm`1g<82><80><83><85>{oKp5<81> <81><81><84><81><81><84><81><86><80><82><99> <87><91><93><97><85><9B> <8F>=WkU.E<83><88><83><81> /qH<83><87><9B><98><9C>v)-Gb< <82><8C><81><9F>+A]9<81><9F><84><9B>c?VB9Bm`1g{oKH <83><87><9B>p5%z<81><81><81><84> <81><81><84>a<9B><8F><83> <88>O<9'XK/qHc+'${KW`=WkU.ES,6q<83><87><81>^ bash-3.00$ Since nothing is typed, a keylogger can have problems. Will the security increase linear with the length of a passphrase? Can I even use anothers public key as ctrl+v or paste from clipboard for the passphrase? More than 255 chars? since this is the weak point how long can it in theory and practise really be? UTF-8, UTF-16 included? I remember it was a discussion about it on the gnupg list. but I didn't notice or remember or recall the reply. What to do if the pass phrase needs to be stronger than what can be practically typed? save the passphrase in a file and decrypt from command line with the gpg --decrypt command ?????????????????????????????? displays as this bash-3.00$ ls -l unicode_test_01.txt - -rw-r--r-- 1 morten other 91 Oct 21 01:57 unicode_test_01.txt bash-3.00$ less unicode_test_01.txt "unicode_test_01.txt" may be a binary file. See it anyway? <94><8C><82><85><83><96><9B><81><93><8F><82> <82><8A><82><92><81><97><81><9F><80><82><83><9A><83><83><83><88><83> <9C><83><88><83><81><85><81><81><9F><82><92> <93><81><81><8B><81><91><81> bash-3.00$ can this file be used as input from command line passphrase? these passwords are recommended for wlan will they also work for gpg? https://www.grc.com/passwords.htm Are they useful for a gnupg passphrase? sufficiently random ? --passphrase-file file Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. - --passphrase-clipboard would be helpful. In the clipboard I can easily collect as much characters as any public key can contain. like this bash-3.00$ cat testpki-request.pem - -----BEGIN CERTIFICATE REQUEST----- MIICfzCCAWcCAQAwOjELMAkGA1UEBhMCREUxETAPBgNVBAoTCFRlc3QtUEtJMRgw FgYDVQQDEw9zdGVmYW5oZXVnZWwuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDFR4sGJvSuiAw+hwmZdNiqiEv+W49YOGk9YXtqMnfo3R6ntSLIpRkW sY9qf9jwFbw0Q6W0iHSX1W4LdHCK8/nyrsvlzQNJvhYTDaLQZZeDFZjIJY/v1PZz jm+K/zqwxTlE5KvgujTiLLEHu5GXOhuzoX3ZnfyAYUq1H4gE1PAbwRne09CTnohF gj35230KA5f6+oJ6ZJUfcHen7rOkwzYm/CEoIIbRXclc9geRcyF+NCRxppMmrwDk eVvRn+b8yEIvZXWSV7pylUZ6E27S1BKBgLsHNafzRuTiAk5q8GktR1yz6TFclMk8 U5zL0c3D7vjKLMZw6TC/5dJUa2n+D0qdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOC AQEADPDwAOtlgwSZwEuAqQVg2IcOTZniYQ4cvP1+h0z9YLaCZtX2nus3B98dOHN6 1fS5WQYglUTabLNFNwSguVABfzWqXk8tYT3jgw6BX/hU5tSISbnH1BHCSo7dZGr/ 5M0ce/sjCr9traLAlwfDJaA1h0YRTYQ0pNoSAzxgRCFU57zRBJ73Zwd22Yz+RXBv 5CneKAKZ4UqF7mkfCq+nBLuNn4SlPQ17sPGL4vYbgPgIj7EGnwhzYZUVmDiLtshV EEja6hjqu82pngztojWGDzhwKlc2lM3ri5ebnb3XsKF6XtAeWY09LmCYNrZ1xWyO Af3XNFEtHvjBLq4DPW4bHoCnwQ== - -----END CERTIFICATE REQUEST----- bash-3.00$ or even pass phrase from a cryptocard reader. If typed in on a Japanese keyboard, how many characters can it maximum be? Unlimited? 160 characters would be the maximum I could recall and type as a passphrase. But a generated and manipulated random arbitrary certificate file would also be fine. If I can use the clipboard and circumvent any key logger that would be an advantage. The clipboard is limited to my RAM of my video card. Practically two Gigabyte which gives 2 * 2^20 characters, if one char counts as one byte, as in ASCII. Sincerely yours, Morten Gulbrandsen ????????????? _____________________________________________________________________ Java programmer, C++ programmer CAcert Assurer, GSWoT introducer, thawte Notary Gossamer Spider Web of Trust http://www.gswot.org Please consider the environment before printing this e-mail! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (SunOS) Comment: For keyID and its URL see the OpenPGP message header iEYEARECAAYFAkj9OyQACgkQ9ymv2YGAKVQsxQCgvlpO6cZM5pT1lShh2KUOUzTP p3cAoOGS0TGXA3WBB9a/AVgogHlC+lNG =vEc2 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 21 04:55:50 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 20 Oct 2008 22:55:50 -0400 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FD3B24.3070403@arcor.de> References: <48FD3B24.3070403@arcor.de> Message-ID: <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> On Oct 20, 2008, at 10:15 PM, Morton D. Trace wrote: > Dear List readers! > > http://www.gnupg.org/gph/en/manual/c14.html > > > GnuPG needs a pass phrase to protect the primary and > subordinate private keys that you keep in your possession. > > You need a Pass phrase to protect your private key. > > Enter passphrase: > > There is no limit on the length of a passphrase, > > === > > > is this true? There is no limit in OpenPGP for a passphrase length, beyond that of the inherent limit imposed by the hash used for string-to-key conversion. So, for SHA-1, the passphrase can be up to 2^64-1 bits, or just under 2 exabytes. In practice, however, that's an insane size for a passphrase (around 457 million DVDs worth if my back of the envelope scribble is right) and no OpenPGP implementation supports anything near that. GnuPG in particular will take whatever you give it, but it must be able to fit in memory (and secure memory to boot, on those platforms that support it). You can probably get a few kb, but not much more. > What to do if the pass phrase needs to be stronger than what can be > practically typed? Rethink what you're trying to do. David From faramir.cl at gmail.com Tue Oct 21 05:37:15 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 21 Oct 2008 00:37:15 -0300 Subject: There is no limit on the length of a passphrase, In-Reply-To: <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> Message-ID: <48FD4E6B.5030703@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw escribi?: > On Oct 20, 2008, at 10:15 PM, Morton D. Trace wrote: ... >> GnuPG needs a pass phrase to protect the primary and >> subordinate private keys that you keep in your possession. ... >> What to do if the pass phrase needs to be stronger than what can be >> practically typed? > > Rethink what you're trying to do. IIRC, once I saw somebody saying 128 bits is more than enough for a good passphrase. And that beyond that lenght, there was no real strengh gains... But maybe I am not recalling it correctly... Anyway, bruteforcing an 8 characters long SHA1 password, in a home computer, would take months... even using several home computers to shorten the time would not be practical... so unless the threat comes from some first world government, or by somebody willing to spend a lot of money to break the passphrase... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/U5qAAoJEMV4f6PvczxAWw0H/j4xeLxkqKhk/fbFr0TNLUPh 5RrJgR7fwnjFGnGO4b2GnMcesS/R36RI54jNmNvwZJCTRF9dkj2pPrwZPel9rj75 ZYpfwUAY5hUHmjhvqaos/bv+dC1j5dz0MEYP1klpXMAjRaXK/yuM2q13pSFFsMs3 9zJmNAbYQLSXyujvOh38C47f4BANufo6hexfEqlcrA6R4yMKbQT/CZcFcIDpLv9V MgQULo5VXDBF3hhxgUS2WWyWy6pKG3j/MzINh0Z1YQIf7A2vOUCbvjQWeVKJbUr6 vsY9Fjl4lrDFhgdrlg/QvBkQyZVeR7fFdKpXfZJQSAT5LVEE9LmvSRkI+yBOGtw= =gOpS -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Oct 21 13:43:38 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 21 Oct 2008 07:43:38 -0400 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FD4E6B.5030703@gmail.com> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> Message-ID: <48FDC06A.3080507@sixdemonbag.org> Faramir wrote: > IIRC, once I saw somebody saying 128 bits is more than enough for a > good passphrase. And that beyond that lenght, there was no real strengh > gains... But maybe I am not recalling it correctly... This is something you've heard from a lot of people, probably, myself included. 128 bits is enough until we get some science fiction breakthroughs. Of course, the trick there is 128 bits _of entropy_, not 128 bits _of passphrase_. Conservatively speaking, there are probably about 1.5 bits of entropy per letter of English text, meaning you'd need about an 80-char English passphrase to max it out. Introducing alphanumeric characters, punctuation and the like will reduce this considerably. > Anyway, bruteforcing an 8 characters long SHA1 password, in a home > computer, would take months... even using several home computers to Think 'centuries.' The RC5/64 project brute-forced a 64-bit cipher using 18 months and a very large distributed computing system. From kevhilton at gmail.com Tue Oct 21 16:23:50 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Tue, 21 Oct 2008 09:23:50 -0500 Subject: Session Key Questions Message-ID: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> When the session key is randomly generated (asymmetric encryption), how large is the session key? Is the length set or does it depend on other parameter such as the length of the DSA/RSA key or hash? Thanks for clarification. -- Kevin Hilton From dshaw at jabberwocky.com Tue Oct 21 16:37:46 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 21 Oct 2008 10:37:46 -0400 Subject: Session Key Questions In-Reply-To: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> References: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> Message-ID: <279AA6BA-F76F-4B3B-8840-70F1BD839D9A@jabberwocky.com> On Oct 21, 2008, at 10:23 AM, Kevin Hilton wrote: > When the session key is randomly generated (asymmetric encryption), > how large is the session key? Is the length set or does it depend on > other parameter such as the length of the DSA/RSA key or hash? It is the key size of your symmetric cipher. So AES256 == 256 bits, AES128 == 128 bits, etc. David From wk at gnupg.org Tue Oct 21 16:37:59 2008 From: wk at gnupg.org (Werner Koch) Date: Tue, 21 Oct 2008 16:37:59 +0200 Subject: Session Key Questions In-Reply-To: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> (Kevin Hilton's message of "Tue, 21 Oct 2008 09:23:50 -0500") References: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> Message-ID: <878wsi814o.fsf@wheatstone.g10code.de> On Tue, 21 Oct 2008 16:23, kevhilton at gmail.com said: > When the session key is randomly generated (asymmetric encryption), > how large is the session key? Is the length set or does it depend on > other parameter such as the length of the DSA/RSA key or hash? It depends on the key length of the cipher algo. Thus it is 128 bit for AES, 256 bit for AES256, 128 bit for CAST 5 and so forth. Blowfish is used with 128 bit as specified by OpenPGP. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From kevhilton at gmail.com Tue Oct 21 16:48:47 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Tue, 21 Oct 2008 09:48:47 -0500 Subject: Session Key Questions In-Reply-To: <279AA6BA-F76F-4B3B-8840-70F1BD839D9A@jabberwocky.com> References: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> <279AA6BA-F76F-4B3B-8840-70F1BD839D9A@jabberwocky.com> Message-ID: <96c450350810210748od09f9ddwa08d7e3afa280220@mail.gmail.com> >Depends on what algorithm you're using for the symmetric cipher. A 128-bit cipher gets a 128-bit session key, a 256-bit cipher gets a 256-bit session key. The only exception might be 3DES, which >technically requires a 192-bit session key, but since only 168 bits get used, there could be some discrepancy there. > >> When the session key is randomly generated (asymmetric encryption), >> how large is the session key? Is the length set or does it depend on >> other parameter such as the length of the DSA/RSA key or hash? > > It is the key size of your symmetric cipher. So AES256 == 256 bits, AES128 > == 128 bits, etc. > Thanks for rapid response -- I guess I'm missing out on some of the more basic details. Just a quick followup. If I'm planning on using gpg to symmetrically encrypt a file for example, and choose a password. This password is salted and hashed. Say for theoretical reasons SHA512 was used to perform the hashing producing a 512 bit hash result. Would then hash then be rounded, or the right most bits excluded if it were to used with AES encryption (which requires a 128 bit key)? In the opposite situation, say SHA1 produced a 160 bit hash result and I wanted to use AES256 (which requires a 256 bit key) -- would "extra bits" be added onto the hash result to pad the results up to 256 bits? Using the defaults as provided in the standard gpg.conf file -- what hash is used in the normal salting/hashing process during symmetric encryption? I dont believe this is the s2k-digest-algo since this is for key protection. -- Kevin Hilton From sattva at pgpru.com Tue Oct 21 17:28:55 2008 From: sattva at pgpru.com (Vlad "SATtva" Miller) Date: Tue, 21 Oct 2008 22:28:55 +0700 Subject: Session Key Questions In-Reply-To: <96c450350810210748od09f9ddwa08d7e3afa280220@mail.gmail.com> References: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> <279AA6BA-F76F-4B3B-8840-70F1BD839D9A@jabberwocky.com> <96c450350810210748od09f9ddwa08d7e3afa280220@mail.gmail.com> Message-ID: <48FDF537.7030200@pgpru.com> Kevin Hilton (21.10.2008 21:48): >> Depends on what algorithm you're using for the symmetric cipher. A 128-bit cipher gets a 128-bit session key, a 256-bit cipher gets a 256-bit session key. The only exception might be 3DES, which >technically requires a 192-bit session key, but since only 168 bits get used, there could be some discrepancy there. >> >>> When the session key is randomly generated (asymmetric encryption), >>> how large is the session key? Is the length set or does it depend on >>> other parameter such as the length of the DSA/RSA key or hash? >> It is the key size of your symmetric cipher. So AES256 == 256 bits, AES128 >> == 128 bits, etc. >> > > Thanks for rapid response -- I guess I'm missing out on some of the > more basic details. Just a quick followup. If I'm planning on using > gpg to symmetrically encrypt a file for example, and choose a > password. This password is salted and hashed. Say for theoretical > reasons SHA512 was used to perform the hashing producing a 512 bit > hash result. Would then hash then be rounded, or the right most bits > excluded if it were to used with AES encryption (which requires a 128 Extra bits will be discarded from the hash function output. > bit key)? In the opposite situation, say SHA1 produced a 160 bit hash > result and I wanted to use AES256 (which requires a 256 bit key) -- > would "extra bits" be added onto the hash result to pad the results up > to 256 bits? If the hash output is not enough, then extra 0x00 byte will be added to your passphrase and hashed again to produce additional and different hashing output. If even this isn't enough, then two 0x00 bytes will be added and hashed again, and so on. > Using the defaults as provided in the standard gpg.conf file -- what > hash is used in the normal salting/hashing process during symmetric > encryption? I dont believe this is the s2k-digest-algo since this is > for key protection. Nevertheless, it is s2k-digest-algo, which is used for *all* passphrase crunching operations. -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 513 bytes Desc: OpenPGP digital signature URL: From dshaw at jabberwocky.com Tue Oct 21 17:49:02 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 21 Oct 2008 11:49:02 -0400 Subject: Session Key Questions In-Reply-To: <96c450350810210748od09f9ddwa08d7e3afa280220@mail.gmail.com> References: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> <279AA6BA-F76F-4B3B-8840-70F1BD839D9A@jabberwocky.com> <96c450350810210748od09f9ddwa08d7e3afa280220@mail.gmail.com> Message-ID: <20081021154901.GA2377@jabberwocky.com> On Tue, Oct 21, 2008 at 09:48:47AM -0500, Kevin Hilton wrote: > >> When the session key is randomly generated (asymmetric encryption), > >> how large is the session key? Is the length set or does it depend on > >> other parameter such as the length of the DSA/RSA key or hash? > > > > It is the key size of your symmetric cipher. So AES256 == 256 bits, AES128 > > == 128 bits, etc. > > > > Thanks for rapid response -- I guess I'm missing out on some of the > more basic details. Just a quick followup. If I'm planning on using > gpg to symmetrically encrypt a file for example, and choose a > password. This password is salted and hashed. Say for theoretical > reasons SHA512 was used to perform the hashing producing a 512 bit > hash result. Would then hash then be rounded, or the right most bits > excluded if it were to used with AES encryption (which requires a 128 > bit key)? You're close. It's the leftmost bits. RFC-4880, section 3.7.1.1: If the hash size is greater than the session key size, the high-order (leftmost) octets of the hash are used as the key. > In the opposite situation, say SHA1 produced a 160 bit hash > result and I wanted to use AES256 (which requires a 256 bit key) -- > would "extra bits" be added onto the hash result to pad the results up > to 256 bits? RFC-4880, section 3.7.1.1: If the hash size is less than the key size, multiple instances of the hash context are created -- enough to produce the required key data. These instances are preloaded with 0, 1, 2, ... octets of zeros (that is to say, the first instance has no preloading, the second gets preloaded with 1 octet of zero, the third is preloaded with two octets of zeros, and so forth). In other words, there are multiple hash contexts run, each responsible for a different part of of the key (0-159 & 159-255 in your SHA1 and AES256 example). > Using the defaults as provided in the standard gpg.conf file -- what > hash is used in the normal salting/hashing process during symmetric > encryption? I dont believe this is the s2k-digest-algo since this is > for key protection. SHA1, and yes, it is the s2k-digest-algo. S2K isn't only for key protection. It's for any time you need to convert a string to a key. David From kevhilton at gmail.com Tue Oct 21 17:52:49 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Tue, 21 Oct 2008 10:52:49 -0500 Subject: Session Key Questions In-Reply-To: <48FDF537.7030200@pgpru.com> References: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> <279AA6BA-F76F-4B3B-8840-70F1BD839D9A@jabberwocky.com> <96c450350810210748od09f9ddwa08d7e3afa280220@mail.gmail.com> <48FDF537.7030200@pgpru.com> Message-ID: <96c450350810210852t243cbbd0la7cd69783b043cd9@mail.gmail.com> > If the hash output is not enough, then extra 0x00 byte will be added to > your passphrase and hashed again to produce additional and different > hashing output. If even this isn't enough, then two 0x00 bytes will be > added and hashed again, and so on. Ok -- so just some points of clarification. What is the default s2k-digest-algo? Lets say its SHA1 or for the point of argument I set it to be SHA1. SHA1 always produces 160 bit resultants. Say I want to use the AES256 cipher. If I am understanding what has been reported previously, this requires a 256 bit key. If the process you described above works, wouldn't a 160 bit hash always be produced? Just to clarify in my own mind your process -- If the hash output is not enough and an extra 0x00 byte (which I think you are telling me 0x00 = 256 0 bits) is added to the passphrase and then rehashed with SHA1 - wouldn't another 160 bit hash be produced again? How would a 256 bit hash ever be produced is the SHA1 hash was always used. Thanks -- I have a feeling I'm getting off in left field here and missing some understanding of some basic concepts. -- Kevin Hilton From sattva at pgpru.com Tue Oct 21 18:00:51 2008 From: sattva at pgpru.com (Vlad "SATtva" Miller) Date: Tue, 21 Oct 2008 23:00:51 +0700 Subject: Session Key Questions In-Reply-To: <96c450350810210852m3d7794cbmbc6e42e5c03546d3@mail.gmail.com> References: <96c450350810210723q4fc20746x433b074976192db9@mail.gmail.com> <279AA6BA-F76F-4B3B-8840-70F1BD839D9A@jabberwocky.com> <96c450350810210748od09f9ddwa08d7e3afa280220@mail.gmail.com> <48FDF537.7030200@pgpru.com> <96c450350810210852m3d7794cbmbc6e42e5c03546d3@mail.gmail.com> Message-ID: <48FDFCB3.4040702@pgpru.com> Kevin Hilton (21.10.2008 22:52): >> If the hash output is not enough, then extra 0x00 byte will be added to >> your passphrase and hashed again to produce additional and different >> hashing output. If even this isn't enough, then two 0x00 bytes will be >> added and hashed again, and so on. > > > Ok -- so just some points of clarification. What is the default > s2k-digest-algo? Lets say its SHA1 or for the point of argument I set > it to be SHA1. SHA1 always produces 160 bit resultants. Say I want > to use the AES256 cipher. If I am understanding what has been > reported previously, this requires a 256 bit key. If the process you > described above works, wouldn't a 160 bit hash always be produced? > Just to clarify in my own mind your process -- If the hash output is > not enough and an extra 0x00 byte (which I think you are telling me > 0x00 = 256 0 bits) is added to the passphrase and then rehashed with > SHA1 - wouldn't another 160 bit hash be produced again? How would a > 256 bit hash ever be produced is the SHA1 hash was always used. Just use both processes one after another: first produce two SHA-1 hashes which will give you 320 bits of output, then take first 256 bits for the key and discard what's left. > Thanks -- I have a feeling I'm getting off in left field here and > missing some understanding of some basic concepts. -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 513 bytes Desc: OpenPGP digital signature URL: From kevhilton at gmail.com Tue Oct 21 18:04:21 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Tue, 21 Oct 2008 11:04:21 -0500 Subject: Session Key Questions Message-ID: <96c450350810210904w5778844cmf50e2d318ec98be1@mail.gmail.com> >RFC-4880, section 3.7.1.1: > If the hash size is less than the key size, multiple instances of > the hash context are created -- enough to produce the required key > data. These instances are preloaded with 0, 1, 2, ... octets of > zeros (that is to say, the first instance has no preloading, the > second gets preloaded with 1 octet of zero, the third is preloaded > with two octets of zeros, and so forth). >In other words, there are multiple hash contexts run, each responsible >for a different part of of the key (0-159 & 159-255 in your SHA1 and >AES256 example). Sorry about my last reply, went I sent my question, David had not responded as of yet. Ok, so just to clarify, say I have a 160bit hash product (produced from a salted password) Using the SHA1 hash. In my theoretical example, AES256 requires a 256 bit key. To construct this key Bits #1 0-159 = the salted hashed password (with 0 octects added) #2 159-255 = the leftmost 80 bits of the salted preloaded password with 1 octet zeros and then hased. To produce the full 256 bits, the results of operation 1 and operation 2 are combined -- meaning result #1 is shifted 80 bits and then #2 is added to #1? Randomly generated session keys -- once produced are these salted and hashed similiar to passwords? Or is the generated session key the required length for the chosen cipher? When passwords are salted -- how long is the salt? Is this appended or prepended to the chosen password? -- Kevin Hilton From faramir.cl at gmail.com Tue Oct 21 18:33:18 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 21 Oct 2008 13:33:18 -0300 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FDC06A.3080507@sixdemonbag.org> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> Message-ID: <48FE044E.7090205@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen escribi?: > Of course, the trick there is 128 bits _of entropy_, not 128 bits _of > passphrase_. Conservatively speaking, there are probably about 1.5 bits > of entropy per letter of English text, meaning you'd need about an > 80-char English passphrase to max it out. Introducing alphanumeric > characters, punctuation and the like will reduce this considerably. I use KeePass, and when I create a password, there is a bit counter, supposedly, it shows the real bit length of the password... is that what you mean when you talk about bits of entropy v/s bits of passphrase? It took 32 characters (mixing lowercase, uppercase and numbers) to get 129 bits (I bet it's not easy to get exactly 128 bits). The character 'r' just added 2 bits, while 'R' added 6 bits... interesting, probably people is used to think in terms of characters, and "1 character= 1 byte= 8 bits". The good thing is the 2 password cracker software I have seen, also "think" in terms of characters, maybe if they would use bits, they would be faster... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/gROAAoJEMV4f6PvczxAnL8H/1R/5Ge7qqfJFXK8rAow0Qui AuJDjKUnYS7ynR6Lr0MVCoX0vGJ/M5bkbNJGxdYTYJ53ysBIzeQzYnS5V9gAd/id mgUwvS/EvfAXYHp+IUXbDKVGm1pFJhnDFDDgsy1XT2gcoGCk2Yf9NgTWqHzry3Ow sqQc4Yy+3FZw2BJ0cttSyuX/DnClTR8+cRoR5WxFPxDOtbAVTJHH49E0O9mvRVYU RVj/6T5qcxQ0MrudGQQSvfniIZhHkJi7fsNQDXbzjWTowSiKehEgaiWpz3sm8lxx feSGnS1tEF570AEOwZJmQxe0B+VEKNnu7iIXvGmIJYJJ3GRkV61JeLq8UUQ41xw= =1jcR -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 21 19:32:35 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 21 Oct 2008 13:32:35 -0400 Subject: Session Key Questions In-Reply-To: <96c450350810210904w5778844cmf50e2d318ec98be1@mail.gmail.com> References: <96c450350810210904w5778844cmf50e2d318ec98be1@mail.gmail.com> Message-ID: <20081021173235.GC2377@jabberwocky.com> On Tue, Oct 21, 2008 at 11:04:21AM -0500, Kevin Hilton wrote: > >RFC-4880, section 3.7.1.1: > > > If the hash size is less than the key size, multiple instances of > > the hash context are created -- enough to produce the required key > > data. These instances are preloaded with 0, 1, 2, ... octets of > > zeros (that is to say, the first instance has no preloading, the > > second gets preloaded with 1 octet of zero, the third is preloaded > > with two octets of zeros, and so forth). > > >In other words, there are multiple hash contexts run, each responsible > >for a different part of of the key (0-159 & 159-255 in your SHA1 and > >AES256 example). > > Sorry about my last reply, went I sent my question, David had not > responded as of yet. > > Ok, so just to clarify, say I have a 160bit hash product (produced > from a salted password) Using the SHA1 hash. In my theoretical > example, AES256 requires a 256 bit key. To construct this key > > Bits > #1 0-159 = the salted hashed password (with 0 octects added) > #2 159-255 = the leftmost 80 bits of the salted preloaded password > with 1 octet zeros and then hased. > > To produce the full 256 bits, the results of operation 1 and operation > 2 are combined -- meaning result #1 is shifted 80 bits and then #2 is > added to #1? No. With SHA1 and AES256, you set up two SHA1 contexts. The first one (the one that will become 0-159) is left alone. The second one (the one that will become 160-255) gets a zero pushed in. Now, take the passphrase, add 8 bytes of random salt to the front of it. Take that blob and feed it to each hash context over and over until you reach the defined byte count (65536 by default). Section 3.7.1.3 of RFC-4880 gives the exact details. > Randomly generated session keys -- once produced are these salted and > hashed similiar to passwords? Or is the generated session key the > required length for the chosen cipher? No. They're just random. There is no point in salting and hashing already-random data. That is just for turning a passphrase into a key. > When passwords are salted -- how long is the salt? Is this appended > or prepended to the chosen password? 8 bytes, prepended. David From faramir.cl at gmail.com Tue Oct 21 20:11:29 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 21 Oct 2008 15:11:29 -0300 Subject: Key ID format: short or long? Message-ID: <48FE1B51.4070608@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was thinking... in case I want to put my key ID in a business card, what format should I use? Short format (8 characters) or long format (16 characters)? With or without the '0x' prefix? I suppose it is a matter of tastes, but maybe one way is better than the other one... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/htRAAoJEMV4f6PvczxA/PIH+wQdn0wkYlZ8n9t8OPlyIe0O 662vDuDai6njGEj14Z3oshA/kD9jlbkm8pDmceF4y6FvtRDyTImnnUWUQP/GBx2s E4zBlOqbfcfudE2f0+Hf0I/X3ARcc+gHhcysuw5C+5gnO8dWl/Ki9GdxnscnzvtM 8MvBFqWSbsXmM1qbmaji6kpVlj+WDNvuS3q922yupB7DTdyYMpmRToJEjSG1G/xD +PVW0djuy82MHhu5Aib2VBt5p1rvJn39M2RbhKW8OGP8lYV8oRhpEHKPsTX0GYq3 7R7fNidbTU6xhWyRbFioU0sSpLaD5zZ2sJqN3AKsQp9gKvAbTclXmSG1F5jzde0= =SPsZ -----END PGP SIGNATURE----- From dfn at MIT.EDU Tue Oct 21 20:21:26 2008 From: dfn at MIT.EDU (David Newman) Date: Tue, 21 Oct 2008 14:21:26 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FE1B51.4070608@gmail.com> References: <48FE1B51.4070608@gmail.com> Message-ID: > I was thinking... in case I want to put my key ID in a business card, > what format should I use? Short format (8 characters) or long format > (16 > characters)? With or without the '0x' prefix? > I would use the entire fingerprint in the same format as reported by --fingerprint (10 groups of 4 hex chars). The key ID is last 8 characters of the fingerprint. At one point I even had a rubber stamp made up with the fingerprint so I could just stamp my business cards with it. -Dave From dshaw at jabberwocky.com Tue Oct 21 20:59:18 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 21 Oct 2008 14:59:18 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FE1B51.4070608@gmail.com> References: <48FE1B51.4070608@gmail.com> Message-ID: <20081021185918.GD2377@jabberwocky.com> On Tue, Oct 21, 2008 at 03:11:29PM -0300, Faramir wrote: > I was thinking... in case I want to put my key ID in a business card, > what format should I use? Short format (8 characters) or long format (16 > characters)? With or without the '0x' prefix? > > I suppose it is a matter of tastes, but maybe one way is better than the > other one... Personally, I'd put the whole fingerprint on there (and in fact, that it what I do). It's not terribly long, and it is the most-specific way to specify a particular key in OpenPGP. David From jmoore3rd at bellsouth.net Tue Oct 21 21:06:11 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 21 Oct 2008 15:06:11 -0400 Subject: Key ID format: short or long? In-Reply-To: References: <48FE1B51.4070608@gmail.com> Message-ID: <48FE2823.10001@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Newman wrote: >> I was thinking... in case I want to put my key ID in a business card, >> what format should I use? Short format (8 characters) or long format >> (16 >> characters)? With or without the '0x' prefix? >> > > I would use the entire fingerprint in the same format as reported > by --fingerprint (10 groups of 4 hex chars). The key ID is last > 8 characters of the fingerprint. At one point I even had a rubber > stamp made up with the fingerprint so I could just stamp my business > cards with it. Since 'fingerprint exchange' is the most widely recognized form of Key Identification I concur with David. If space/character count affects Cost issues then I would default to the 16 0xformat and then, secondarily to the 8 character 0xformat position. David Shaw just Posted so I am gonna see what He recommends. JOHN ;) Timestamp: Tuesday 21 Oct 2008, 15:05 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI/iggAAoJEBCGy9eAtCsPUtkH/3DxpfUFghcmhbVWoa4jLD0p NleoTmwjtT0c7nAyQ+UrIpbKCkcw2oDAgiHl0DVLbGptXCjCKM1xnf6VgGNrlqfs EqjqZkjaHo7omL6n/z4YOGKndFIJ4eIryVen0htOobTSKBckWmrLQqcSxWxokW46 DSTDHskUywgTb6dE8zLFzsWAokfkUsd9vk17/Ut6xEU0OWKbYAq775riZrJiltnw qhlXj3CCSF0SNFutZMYXAqkMgcbGm7aEkAUR2yIEBN/wGzB5fM1N39mjNlNdImXW jsOKL9AS+TSuxI+MIWZIM+fGHyYFvjydqf05j0+W1ULUl7wAjweZ30tFyYFKbzw= =G6Mo -----END PGP SIGNATURE----- From faramir.cl at gmail.com Tue Oct 21 21:49:11 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 21 Oct 2008 16:49:11 -0300 Subject: Key ID format: short or long? In-Reply-To: References: <48FE1B51.4070608@gmail.com> Message-ID: <48FE3237.3000409@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Newman escribi?: >> I was thinking... in case I want to put my key ID in a business card, >> what format should I use? Short format (8 characters) or long format > I would use the entire fingerprint in the same format as reported > by --fingerprint (10 groups of 4 hex chars). The key ID is last > 8 characters of the fingerprint. At one point I even had a rubber I never noticed that before (the fact KeyID is the last 8 or 16 characters of the fingerprint). David Shaw escribi?: > Personally, I'd put the whole fingerprint on there (and in fact, that > it what I do). It's not terribly long, and it is the most-specific > way to specify a particular key in OpenPGP. Well, it is not terrible long if it is used to check a key already found, but to type it to do a search... I think maybe it can be a bit "scary" for new users... maybe I should put the KeyID short format, and in smaller text, the whole fingerprint... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/jI3AAoJEMV4f6PvczxAbg4H/1eTbv599bWIeJf9HyDz0+qV EyCY2geebs6uQc5YGwgLKvOY6/759/zwHM6CVYy0g+T/+I9+A93AugaxoWi51e/k KXvr3ngljcLCJYda6yE8PM5K8Ju3du6851X2dDxeZCodD6m13+TVtI2Br5Br6leG 7Pzegs5Q/oHKwgGayczbyxNoCfCEZ8ftTxvowD71hYeIq8mNL1/+HNQpeYtHtrlv mECtIUQOfmJVMsoFJ7wt1ik5jZKisRZj8VUNCZgvKytAQEQ4Jph+57t3ySWSK5+w +sEfdi51UVhgC02pGiDVAPlU7/MZWwQzViuUGdbIz2rynh8Ft9EznzGa8uZ3Ln0= =+u0k -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Tue Oct 21 22:00:43 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 21 Oct 2008 16:00:43 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FE3237.3000409@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE3237.3000409@gmail.com> Message-ID: <20081021200043.GE2377@jabberwocky.com> On Tue, Oct 21, 2008 at 04:49:11PM -0300, Faramir wrote: > David Newman escribi??: > >> I was thinking... in case I want to put my key ID in a business card, > >> what format should I use? Short format (8 characters) or long format > > > I would use the entire fingerprint in the same format as reported > > by --fingerprint (10 groups of 4 hex chars). The key ID is last > > 8 characters of the fingerprint. At one point I even had a rubber > > I never noticed that before (the fact KeyID is the last 8 or 16 > characters of the fingerprint). > > David Shaw escribi??: > > > Personally, I'd put the whole fingerprint on there (and in fact, that > > it what I do). It's not terribly long, and it is the most-specific > > way to specify a particular key in OpenPGP. > > Well, it is not terrible long if it is used to check a key already > found, but to type it to do a search... I think maybe it can be a bit > "scary" for new users... maybe I should put the KeyID short format, and > in smaller text, the whole fingerprint... That is the best of all worlds. I have both on my business cards. David From faramir.cl at gmail.com Tue Oct 21 22:18:31 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 21 Oct 2008 17:18:31 -0300 Subject: Key ID format: short or long? In-Reply-To: <48FE2823.10001@bellsouth.net> References: <48FE1B51.4070608@gmail.com> <48FE2823.10001@bellsouth.net> Message-ID: <48FE3917.9040204@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John W. Moore III escribi?: > If space/character count affects Cost issues then I would default to the > 16 0xformat and then, secondarily to the 8 character 0xformat position. It was more a problem of design... I have little use for business cards, since I don't do business yet, but they are useful when I want somebody to have my email and don't lose it so easily (handwritten papers use to 'vanish' in mysterious ways). So I print my cards in my printer... it's cheap, and easy. I just hope people can actually read the small font I used for the fingerprint (lol). Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/jkXAAoJEMV4f6PvczxAxigH/1nA3+f08YV77DrZwMKaJeKQ 8gKQgpRQuXCNyIabA8Rmb1IJMDE66oilpLqp/N+8pPeivx/K04flAazFdtcpNxXN afWIXWOIXdpTqXeOwthTPO+g0z+//rf7rlgB+KwX03vOSDLX2QXnhGEjEcdiTDhK 4GudGVSX+BGukO6NJsgJCnYPwM9e52NJ59Iyyv15PVLXl80HovPPvs29CDM2aAyj yRZl3827qXTiBmQ12B17LdHx7/1Ax/VUjacdcI8AjGJ41DMvydlmYHhDlt58ZNxz QLDLet06vPFpX0fmTR2SxDdCgLyaVCcddw5+gAHZfOOXyunB8XQq0nzqbIdYJ/4= =Wx9d -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Oct 21 22:42:36 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 21 Oct 2008 16:42:36 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FE3917.9040204@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE2823.10001@bellsouth.net> <48FE3917.9040204@gmail.com> Message-ID: <48FE3EBC.80108@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Faramir wrote: > I just hope people can actually read the small font I used for the > fingerprint (lol). In My experience; those that understand what they are seeing will have no problem 'dealing' with a full fingerprint. :) JOHN ;) Timestamp: Tuesday 21 Oct 2008, 16:42 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEbBAEBCgAGBQJI/j66AAoJEBCGy9eAtCsPgTcH+Mzc3mTC9LjCSAlcqVQubbom gg0LWp3nE2sUIdMr8meRpC6ZDFvfIjLpljT0Arci6g41mRtM1i0H3uw9IkhPhQD/ 63efxG+egEIUxCzmXeApHpCdPcOIsim5NU9qkiSmTD9x3L8TIUTiJtpmeI5N2vGV 9+7vYw++xLy32XnZCIK68QFWz4oicXK8SFCdguQ5rwyOODIcsLSB1dE3Qd4HAQj5 Y+c6epVtw/IP0Bo8ApT2fQfDeiTBf7XXPF5SXfqCinfTaeNLsqYRrZhJGU+GPcDB WwQgRDQShbwKhKiNguzEcHHD8Qfq7Kdtis7axpJETzh57jHhllOdCF7GxLBm4w== =fYdy -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Tue Oct 21 23:16:32 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 21 Oct 2008 16:16:32 -0500 Subject: Key ID format: short or long? In-Reply-To: <48FE3237.3000409@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE3237.3000409@gmail.com> Message-ID: <48FE46B0.1040700@Mozilla-Enigmail.org> Faramir wrote: > David Newman escribi?: >> Personally, I'd put the whole fingerprint on there (and in fact, that >> it what I do). It's not terribly long, and it is the most-specific >> way to specify a particular key in OpenPGP. It also facilitates folks signing your key. They've met you. Your key's fingerprint is in their wallet. > Well, it is not terrible long if it is used to check a key already > found, but to type it to do a search... I think maybe it can be a bit > "scary" for new users... maybe I should put the KeyID short format, and > in smaller text, the whole fingerprint... I list the entire fingerprint and bold the last eight (one could instead increase the font by one or two points). -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From classpath at arcor.de Wed Oct 22 01:00:18 2008 From: classpath at arcor.de (Morton D. Trace) Date: Wed, 22 Oct 2008 01:00:18 +0200 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FDC06A.3080507@sixdemonbag.org> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> Message-ID: <48FE5F02.6040306@arcor.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen wrote: > Faramir wrote: >> IIRC, once I saw somebody saying 128 bits is more than enough for a >> good passphrase. And that beyond that lenght, there was no real strengh >> gains... But maybe I am not recalling it correctly... > > This is something you've heard from a lot of people, probably, myself > included. 128 bits is enough until we get some science fiction > breakthroughs. > > Of course, the trick there is 128 bits _of entropy_, not 128 bits _of > passphrase_. Conservatively speaking, there are probably about 1.5 bits > of entropy per letter of English text, meaning you'd need about an > 80-char English passphrase to max it out. Introducing alphanumeric > characters, punctuation and the like will reduce this considerably. > >> Anyway, bruteforcing an 8 characters long SHA1 password, in a home >> computer, would take months... even using several home computers to > > Think 'centuries.' The RC5/64 project brute-forced a 64-bit cipher > using 18 months and a very large distributed computing system. > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Measuring the strength of a randomly selected password Dear list readers I just found this article. http://www.redkestrel.co.uk/Articles/RandomPasswordStrength.html Measuring the strength of a randomly selected password Calculating the entropy of a password is here well explained, I don't know if it is mathematically correct, no proof is delivered, but it is easy to understand. The entropy of a randomly selected password is based on its length and the entropy of each character. The entropy of each character is given by log-base-2 the size of the pool of characters the password is selected from - see the formula below: entropy per character = log2(n) password entropy = l * entropy per character Where n is the pool size of characters and l is the length of the password. Thus the entropy of a character selected at random from, say, the letters (a-z) would be log2 (26) or 4.7 bits. The table below gives the entropy per character for a number of different sized character pools. Character Pool Available Characters (n) Entropy Per Character digits 10 (0-9) 3.32 bits case insensitive letters 26 (a-z) 4.7 bits case sensitive letters and digits 62 (A-Z, a-z,0-9) 5.95 bits all standard keyboard characters 94 6.55 bits So, from the table above, we can see that a 20 character password chosen at random from the keyboard's set of 94 printable characters would have more than 128 bits (6.55 * 20) of entropy. A password with this much entropy is infeasible to break by brute force (exhaustively working through all possible character combinations). === I use the formula y= log a base b a=b ^ y hence log a base b = ln(a) / ln (b) base e=2.71828182846.... in I table I used the log function with pase 10 which is irrelevant as long as I use the same base in the nominator as in the denominator. IIRC Denominator is down. The Characters in Unicode http://www.tbray.org/ongoing/When/200x/2003/04/26/UTF Unicode currently defines just under 100,000 characters, the entrophy would increase for a 20 character unicode passphrase to be 20 * 19.93 bits = 398.6 bits. here is my table Character pool Available characters (n) Entropy per character in unit bits digits 10 (0-9) 3.32192809 case insensitive letters 26 (a-z) 4.70043972 case sensitive letters and digits 62 (A-Z, a-z,0-9) 5.95419631 all standard keyboard characters plus blank 95 The 95 graphic ASCII characters, numbered 32 to 126 (decimal) 6.56985561 Unicode Unicode currently defines just under 100,000 characters, Unicode and the ISO/IEC 10646 Universal Character Set (UCS) have a much wider array of characters, 1000000 19.93156857 one unicode character has approx three times the entropy as one ascii character. If I have done my homework correct. 6.56985561 * 3.0 = 19.71 bits of entropy for one character I'd really like to see UTF-8 supported in GnuPG and be able to type some characters from my keyboard, and additionally select some cool unicode letters from a language only I know. use the clipboard and insert that into the passphrase. Or as in windows posible alt + unicode number. hence 20 unicode letters would then have an entropy of 398.6 bits. With only 7 unicode letters I reach an entropy of 7 * 19.93 = 139.5 bits Entropy if I have understood it correct. Can GnuPG accept UTF-8 Characters as passphrase input? Please? will additional UTF-8 unicode passphrase support increase the entropy according to my entropy calculations? Sincerely yours, Morten Gulbrandsen ????????????? _____________________________________________________________________ Java programmer, C++ programmer CAcert Assurer, GSWoT introducer, thawte Notary Gossamer Spider Web of Trust http://www.gswot.org Please consider the environment before printing this e-mail! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (SunOS) Comment: For keyID and its URL see the OpenPGP message header iEYEARECAAYFAkj+XwIACgkQ9ymv2YGAKVRyFACfWRndfNNckLrhHkTrXHQ0sfD6 vs4AoKtHvuQxUEj8O9mAk1lNUaJRxBQW =lSeC -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Oct 22 02:26:16 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 21 Oct 2008 20:26:16 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FE1B51.4070608@gmail.com> References: <48FE1B51.4070608@gmail.com> Message-ID: <48FE7328.5080609@sixdemonbag.org> Faramir wrote: > I was thinking... in case I want to put my key ID in a business card, > what format should I use? Short format (8 characters) or long format (16 > characters)? With or without the '0x' prefix? Put the entire key fingerprint on the card. That way, if you give someone a business card, you're also giving them a known good copy of your key fingerprint. Yes, the entire fingerprint does fit on a standard business card; I have one of my key fingerprints on mine. From faramir.cl at gmail.com Wed Oct 22 03:58:47 2008 From: faramir.cl at gmail.com (Faramir) Date: Tue, 21 Oct 2008 22:58:47 -0300 Subject: Key ID format: short or long? In-Reply-To: <48FE7328.5080609@sixdemonbag.org> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> Message-ID: <48FE88D7.9090704@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen escribi?: > Faramir wrote: >> I was thinking... in case I want to put my key ID in a business card, >> what format should I use? Short format (8 characters) or long format (16 > Yes, the entire fingerprint does fit on a standard business card; I have > one of my key fingerprints on mine. Done, it fits ok if I put it on the bottom... I had thought the long key ID, plus my email address, should be enough, since 8 characters hexadecimal numbers are unlikely to produce a collision, and even in case of a malicious attempt to replace my key, if 2 keys are found at the search, I would expect a contact to write and say "which one is the good one?" (and... seriously, I don't think anybody would try to impersonate me). But since everybody thinks the "right thing" is to put the entire fingerprint, there is no reason to don't do it. Thanks for the advice. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/ojWAAoJEMV4f6PvczxA2BUH/AofNaFoUg6OvlnVVGJPMBKw 0bLNbiBmFNMGBwj20QDwlqdYLLFW9+Mf5QZCDNopFcY7ptjbMmNkMPOlm3BQPX1F 3lIWJI8otF8J9iOeyX/IU0PidCwr5nHo1vwCvCyseAsaVRiGhJxoC3iJdzQyTvwX eZPD25PWKuyI8XcXBamRQuRuI93pNCz+MVF/7gfUkwckkgU/gedpyrsctKZKR1Lb q39zUYN78jUcg9ttGxHKcDECO9LZck8ZjaYiZ349CuupzyTUVmj8Bu4xU12BtGmi 5vdfue2yNojp/s+mmq1XjORBFvr0pj8wiWpmiJH2/tuLsWg5CIdQ/cRUSM36eys= =CKLM -----END PGP SIGNATURE----- From erpo41 at gmail.com Wed Oct 22 04:02:52 2008 From: erpo41 at gmail.com (Eric Anopolsky) Date: Tue, 21 Oct 2008 20:02:52 -0600 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FE5F02.6040306@arcor.de> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> Message-ID: <1224640972.7189.10.camel@telesto> On Wed, 2008-10-22 at 01:00 +0200, Morton D. Trace wrote: > Measuring the strength of a randomly selected password > > > Dear list readers I just found this article. > > http://www.redkestrel.co.uk/Articles/RandomPasswordStrength.html > > > Measuring the strength of a randomly selected password > > > Calculating the entropy of a password is here well explained, > I don't know if it is mathematically correct, > no proof is delivered, but it is easy to understand. This is correct. I am a mathematician. :) However, the key (no pun intended) is that each character has to be truly randomly selected or you will end up with much less entropy per character. Cheers, Eric -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: This is a digitally signed message part URL: From rjh at sixdemonbag.org Wed Oct 22 05:10:01 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 21 Oct 2008 23:10:01 -0400 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FE5F02.6040306@arcor.de> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> Message-ID: <48FE9989.3060101@sixdemonbag.org> Morton D. Trace wrote: > Dear list readers I just found this article. Be careful of anything you get off the internet. This article is not especially good. > Calculating the entropy of a password is here well explained, > I don't know if it is mathematically correct, [shrugs] Yes. No. The reality is that very few people let a CSPRNG spit out a base-64 password for them to remember (six bits of entropy per glyph). They're hard to remember. Good passphrases are easy to remember but hard to guess, which means they need to be rather large pieces of text. Per Shannon's estimates, there are roughly 1.5 bits per glyph of English text. > one unicode character has approx three times the entropy as one ascii > character. That's assuming you're picking randomly from Unicode code pages. If you don't mind having "Tamil vowel sign au", "Linear B ideogram B182", "full outer join", "circled Hangul Pieup A" as your passphrase, then you can get some pretty good entropy. The problem comes from having to enter ... well ... Tamil vowel sign au, Linear B ideogram B182, full outer join and circled Hangul Pieup A as your passphrase. Good luck remembering it: I bet you'll forget it in under a month. > I'd really like to see UTF-8 supported in GnuPG and be able to type some > characters from my keyboard, UTF8 is supported. However, your OS may not support it. That's an OS-level issue, not a GnuPG issue. My Mac supports UTF-8 just fine, including exotics like "circled ideograph wood". > and additionally select some cool unicode letters from a language only I > know. If only you know it, then kiss randomness goodbye. Someone who wants to attack your passphrase will focus their attack on symbols from languages you know. The only defense is to pick randomly. > Can GnuPG accept UTF-8 Characters as passphrase input? Depends on your OS. > will additional UTF-8 unicode passphrase support increase the entropy > according to my entropy calculations? Yes, but this is a case of buying a few hundred yards of rope just to make _sure_ you have enough with which to hang yourself. From dfn at MIT.EDU Wed Oct 22 05:54:34 2008 From: dfn at MIT.EDU (David Newman) Date: Tue, 21 Oct 2008 23:54:34 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FE88D7.9090704@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> Message-ID: > I had thought the long key ID, plus my email address, should be > enough, since 8 characters hexadecimal numbers are unlikely to produce > a > collision, and even in case of a malicious attempt to replace my key, > if > 2 keys are found at the search, I would expect a contact to write and > say "which one is the good one?" (and... seriously, I don't think > anybody would try to impersonate me). But since everybody thinks the > "right thing" is to put the entire fingerprint, there is no reason to > don't do it. > The 8 char key ID is enough for one to retrieve your public key from any keyserver, however, if that person would like to sign your key they need 2 things from you. At least one picture ID and your key's fingerprint. Chances are, if someone has your business card they have met you in person so they could easily have checked your ID. So including it on your business card makes it more convenient. That's the real reason for including the fingerprint instead of just the keyID. They are not going to use the fingerprint to retrieve the key, only to verify that the retrieved key is yours. -Dave From jmoore3rd at bellsouth.net Wed Oct 22 05:58:38 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 21 Oct 2008 23:58:38 -0400 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FE9989.3060101@sixdemonbag.org> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> Message-ID: <48FEA4EE.3090506@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: > Morton D. Trace wrote: >> Dear list readers I just found this article. > > Be careful of anything you get off the internet. This article is not > especially good. Mega Dittos! [I know this sounds like Rush Limbaugh 'listener-speak' but it is _all_ too TRUE!] >> Calculating the entropy of a password is here well explained, >> I don't know if it is mathematically correct, > > [shrugs] Yes. No. Understand what [shrugs] really means.....You are proposing a mathematical challenge to a List that is really more focused upon facilitating the 'concerned User'. Robert is a professional Mathematician and actually _loves_ Numbers. If You truly want mathematics then Email Robert direct. Stand By to Stand By: He will Reply and address You as a mathematical Equal. Fair Warning: HE's GOOD! He fills His refrigerator, however, the same way You & I do....He earns a paycheck from someone who likes the way He applies His brain. Ya gotta understand that whenever You ask a Question that deals with 'Random Chance' Robert is gonna seriously consider it as a valid Question form a knowledgeable/teachable Interrogator. You _will_ learn if You read/study the Answer from a Guy who buys gas and I'm sure occasionally says to the Cashier "gimme a Quick Pick on the Fantasy 5" knowing full well that the odds of winning are a gazillion to 1. > The reality is that very few people let a CSPRNG spit out a base-64 > password for them to remember (six bits of entropy per glyph). They're > hard to remember. Good passphrases are easy to remember but hard to > guess, which means they need to be rather large pieces of text. entropy? CPRNG? glyph? Please bear in mind that this is a 'public' List and if at all possible Post in 'laymen's terms' or risk confusing Every One else who reads this forum. All the terms/words are valid but without Full explanation You are attempting to benefit without 'sharing' with everyone else. [soapbox put away] > Per Shannon's estimates, there are roughly 1.5 bits per glyph of English > text. > >> one unicode character has approx three times the entropy as one ascii >> character. Agreed! Gotta A-S-K again; Who are You attempting to 'share with? >> I'd really like to see UTF-8 supported in GnuPG and be able to type some >> characters from my keyboard, > > UTF8 is supported. However, your OS may not support it. That's an > OS-level issue, not a GnuPG issue. My Mac supports UTF-8 just fine, > including exotics like "circled ideograph wood". What O/S are You using? MUA? >> and additionally select some cool unicode letters from a language only I >> know. > > If only you know it, then kiss randomness goodbye. Someone who wants to > attack your passphrase will focus their attack on symbols from languages > you know. The only defense is to pick randomly. "only I know"? Then it ain't a Language! Language presupposes that Others speak it among themselves. Either it is completely 'Random' or it is available for a Social Engineering attack. >> Can GnuPG accept UTF-8 Characters as passphrase input? > > Depends on your OS. Short Answer = YES > Yes, but this is a case of buying a few hundred yards of rope just to > make _sure_ you have enough with which to hang yourself. I would say that a Man who jumps off of an 80 Story building thinks He is 'flying' for 79 stories. It is always the 'sudden stop' that is painful & permanent! No 'HTH' here simply because I don't care. I do believe that everyone is entitled to a 'Bad Attitude' day. :-\ JOHN ;) Timestamp: Tuesday 21 Oct 2008, 23:58 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI/qTpAAoJEBCGy9eAtCsPCfUH/Aqk7xLt+YBZpiXwUFwd1jk+ UGKHBDsGttgg5LOKuob89wt/aoerrMlz3gOrjLpMiQ2oeLxtlnOQtxfTnU5YOkHd Z3N5Yfuqdidv0WNds3iLWi5cj0rpo03eV7uTukAM8JiFO3QDKKV5P6STqxuyOw2j 2OPSUuuaKEx10Yv15UjQccl/DiLIRUDLpjp7kCDw16IRYOPr5Mjs4bP7UWSn1AuF dmQC/Mi/FA0y0kYPbLeZoHXcCinvGRdif2HLTtnlLBz/8pzico3C6crJRKFROsTo tXcUpAvsqHWz1OdFLYBT0df8wX6WYcbaqa8UGv2Jr3VnCvgTB/6GEyH+qfbVkog= =0p/t -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Oct 22 02:04:24 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 21 Oct 2008 20:04:24 -0400 Subject: Key ID format: short or long? In-Reply-To: References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> Message-ID: <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> > At least one picture ID and your key's fingerprint. This may be your policy; it is not a requirement of the system. > They are not going to use the fingerprint to retrieve > the key, only to verify that the retrieved key is yours. Sure they are. Where do you think the key ID comes from? It's the last eight hex digits of the fingerprint. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3996 bytes Desc: not available URL: From faramir.cl at gmail.com Wed Oct 22 07:41:16 2008 From: faramir.cl at gmail.com (Faramir) Date: Wed, 22 Oct 2008 02:41:16 -0300 Subject: Key ID format: short or long? In-Reply-To: References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> Message-ID: <48FEBCFC.9070101@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Newman escribi?: > The 8 char key ID is enough for one to retrieve your public key from > any keyserver, however, if that person would like to sign your key they That is what I thought, they would use the KeyID instead of the fingerprint (but then somebody pointed the Key ID is the last part of the fingerprint, a fact I had not noticed before). So I can either tell them the last part of the fingerprint can be used to retrieve the key, or give them my biglumber url... I chose to give my biglumber url, since if I ever have to change my email address, I can just update my key, and they could retrieve the update key, with the new UID linked to the new email address... > need 2 things from you. At least one picture ID and your key's > fingerprint. Chances are, if someone has your business card they have That is if we are talking about some kind of notary or assurer... But if I give the card to a cousin, he would not require my picture ID... And some other people would not really care if they know my real identity, as long as they know my real email address... As an example, I am in an alliance of players of some multiplayer game. While everybody was invited by somebody they know in real life, some just knew the one who invited them. So the first time I went to a barbecue with them, everybody was talking to the other people referring to them by their nicknames... However, it would be important to exchange our email addresses, and it would be a good thing to use gpg... sometimes a player send his "game sensitive information", like user and password... or even worst, they post them into the alliance forum (and we know there have been attempts to penetrate the forum...). Well, this was just a real example about situations where real ID is not important... > for including the fingerprint instead of just the keyID. They are not > going to use the fingerprint to retrieve the key, only to verify that the > retrieved key is yours. Right, now I am convinced the whole fingerprint is better... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/rz8AAoJEMV4f6PvczxAAc4H+wZPt5Hqs/vpeC6keddFDihd 64gSIosy6cI84pyd0rB4qJKBSfcNzKpFVz6Ow7JVvRlNyHQ8SDeIrKjlVSXsFhEJ YA9vuUPsZIDcIXEdDsbbVVm2RWDONXgtz4pdAOQReKPZN+9C5E4Tb2G5oyfNVLZW gtlIWIQ0m0JAzg97ZceXPp3Z9laH3+EzRz7zTEWXsSj9TH1WdkFkYr8n2MQ418Xh 6i1o5DZC8liC7qFtWJjMZJzJ5maqfOTheBXFqslVbN5KYfjxO4qW9RIzafM2pCUe E6MrF/R6Icp/ICALIxQ226px5q7ColB4tO4KfHeTXHzZE14KBLDNDFSb0JQZ2FY= =0B0A -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Oct 22 07:50:35 2008 From: faramir.cl at gmail.com (Faramir) Date: Wed, 22 Oct 2008 02:50:35 -0300 Subject: Key ID format: short or long? In-Reply-To: <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> Message-ID: <48FEBF2B.5010300@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen escribi?: >> They are not going to use the fingerprint to retrieve >> the key, only to verify that the retrieved key is yours. > > Sure they are. Where do you think the key ID comes from? It's the last > eight hex digits of the fingerprint. Yes, you are right, but remember newbies like me maybe don't know that, and maybe they think about fingerprints and Key IDs as 2 separated things... And the 2 GUIs I use ask for a Key ID to perform the searches... It seems we have another entry for the FAQ: Q: "I got a fingerprint, but not a Key ID, how do I search the key?" A: "The Key ID is the last part of the fingerprint, it can be 8 or 16 characters long (short and long formats). Use those last digits to do the search, and then use the whole fingerprint to check you found the right key". Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI/r8rAAoJEMV4f6PvczxArqwH/01Id8vA8UxIMTQpBMwjQO9a HuEMfEPHtkvAPBAZk16DcvA632D4XwIdIvfaJqk8YPxGyGB07HUrusGa4QvGBZAV anmr8GRqIyGIHpq38FMTTo/spXSSJqMp4Hw83F+cl+n/PtZ2Q1f4CtglggZhz3jN 2VVAt7CxebUuxf1d0QXpuQqh1BpMypbyj0a2dCgalKCELYZMzhQ7VnaAat1ww+NX HGaySdFDt+D0RhLGwnOGqeNsrLiMESiBdQXkjVzdwxjlOzbaijvoJXcmT4ng9PbB K3Ov4aYnEhsaKLxyC5+TFEbWFI2Bgr5IZMLYTtkc+ZW3UzF7S8hODn3D2fMJs9g= =X07s -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Oct 22 14:15:13 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 22 Oct 2008 08:15:13 -0400 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FEA4EE.3090506@bellsouth.net> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> Message-ID: <48FF1951.6060202@sixdemonbag.org> John W. Moore III wrote: > Robert is a professional Mathematician and actually _loves_ Numbers. I'm a software engineer nowadays, although my college degrees are on the math-heavy side of theoretical computer science. I think it's fair to call me a mathematician, but I'm not sure I can be said to do it professionally. > You _will_ learn if You read/study the Answer from a Guy who buys gas > and I'm sure occasionally says to the Cashier "gimme a Quick Pick on > the Fantasy 5" knowing full well that the odds of winning are a > gazillion to 1. Actually, there's a funny story about the last time I did that. I was delivering a paper on destructive visual cryptography, and was stumbling around to find a 'feelie' to distribute to the profs to make it more tangible for them. Then I figured it out: scratch-off lottery tickets, appropriately marked up. That led to my last lottery purchase. > entropy? CPRNG? glyph? Please bear in mind that this is a 'public' > List and if at all possible Post in 'laymen's terms' or risk > confusing Every One else who reads this forum. All the terms/words > are valid but without Full explanation You are attempting to benefit > without 'sharing' with everyone else. [soapbox put away] Sorry -- explanations follow. Entropy is uncertainty, represented as the logarithm base-two of how many possibilities there are. For a random person, their driver's license has either 'M' or 'F' as your sex, so they have one bit (log2 of 2) of entropy (uncertainty) in their gender. (Fun fact: you can tell mathematicians apart from computer scientists by asking them for the fundamental unit of entropy. A CS guy will say the 'bit'. A math guy will say the 'nat'. The mathematics version of entropy is found by computing the natural log of the possibilities, not the log-base-2 of the possibilities. Hence, 'nat'. There are about 1.44 bits per nat.) A good passphrase will have 64+ bits of entropy. A great passphrase will have 128 bits. There's not much point beyond that. Glyph = one symbol in a language. It could be a single English letter, a single Chinese ideogram, or a single Hangul phoneme. The more glyphs in your passphrase, the more entropy you have (usually). English accumulates about 1.5 bits of entropy per glyph. CSPRNG = cryptographically secure pseudorandom number generator. An algorithm that spits out random-looking garbage. Different from a PRNG, in that a cryptanalyst can often "break" (learn how to predict) PRNG outputs; but CSPRNGs are hardened against these attacks. From classpath at arcor.de Wed Oct 22 15:40:30 2008 From: classpath at arcor.de (Morton D. Trace) Date: Wed, 22 Oct 2008 15:40:30 +0200 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FF1951.6060202@sixdemonbag.org> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> <48FF1951.6060202@sixdemonbag.org> Message-ID: <48FF2D4E.5030701@arcor.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen wrote: > John W. Moore III wrote: >> Robert is a professional Mathematician and actually _loves_ Numbers. > > I'm a software engineer nowadays, although my college degrees are on the > math-heavy side of theoretical computer science. I think it's fair to > call me a mathematician, but I'm not sure I can be said to do it > professionally. > >> You _will_ learn if You read/study the Answer from a Guy who buys gas >> and I'm sure occasionally says to the Cashier "gimme a Quick Pick on >> the Fantasy 5" knowing full well that the odds of winning are a >> gazillion to 1. > > Actually, there's a funny story about the last time I did that. I was > delivering a paper on destructive visual cryptography, and was stumbling > around to find a 'feelie' to distribute to the profs to make it more > tangible for them. Then I figured it out: scratch-off lottery tickets, > appropriately marked up. That led to my last lottery purchase. > >> entropy? CPRNG? glyph? Please bear in mind that this is a 'public' >> List and if at all possible Post in 'laymen's terms' or risk >> confusing Every One else who reads this forum. All the terms/words >> are valid but without Full explanation You are attempting to benefit >> without 'sharing' with everyone else. [soapbox put away] > > Sorry -- explanations follow. > > Entropy is uncertainty, represented as the logarithm base-two of how > many possibilities there are. For a random person, their driver's > license has either 'M' or 'F' as your sex, so they have one bit (log2 of > 2) of entropy (uncertainty) in their gender. > > (Fun fact: you can tell mathematicians apart from computer > scientists by asking them for the fundamental unit of > entropy. A CS guy will say the 'bit'. A math guy will > say the 'nat'. The mathematics version of entropy is > found by computing the natural log of the possibilities, > not the log-base-2 of the possibilities. Hence, 'nat'. > There are about 1.44 bits per nat.) > > A good passphrase will have 64+ bits of entropy. A great passphrase > will have 128 bits. There's not much point beyond that. > > Glyph = one symbol in a language. It could be a single English letter, > a single Chinese ideogram, or a single Hangul phoneme. The more glyphs > in your passphrase, the more entropy you have (usually). English > accumulates about 1.5 bits of entropy per glyph. > > CSPRNG = cryptographically secure pseudorandom number generator. An > algorithm that spits out random-looking garbage. Different from a PRNG, > in that a cryptanalyst can often "break" (learn how to predict) PRNG > outputs; but CSPRNGs are hardened against these attacks. > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users Dear Mr. Hansen here are some random 20char ASCII pass phrases bash-3.00$ apg -a 1 -M S -n 20 -m 20 ^;@_*-<|./|;&/._;}.! ?<&!\+~&;[//.~_-!|+] %/<|;*=#&_).$<$;~.}* - -$/\&{%#$){. at -_~.:}] %\#`%%.[<&~!"*~}>.'_ &>$\({-`]$$``/^):|\^ :}$~$],|?)&>^`!>!:., )+'[,/=*':%("|-{.?/! !-_'/^?^?&>|?#'|& - -:,&~,}**[%%(*=<[&*? &'*+|]`|";/^*'!+#%`. /<:="$?(#&`([<)&:"|* \&.("^.#@>|/({(:%^;< [,`'[%>;\/"('`_$`:}~ *;!!/*=([`]/-?'.{^;* *"_`,{&`^+^[-):%@~.; %()"-*!@*{[?#=<-('{` (%(<`}{!!)#>#/*">(&@ ]+#$!&+/![\(/;}.";>! ]\/\+}./);_"$;|^>.)@ bash-3.00$ apg -v APG (Automated Password Generator) version 2.2.3 (PRNG: X9.17/CAST) Copyright (c) 1999, 2000, 2001, 2002, 2003 Adel I. Mirzazhanov What is the entropy ? of the passphrase and each glyph? If I insert one or more blanks the entropy will increase, but how much and regardless of one additional blank or 10 extra blanks? assuming I will not exceed 20 chars? How many bits of entropy per glyph and for the entire passphrase? What is my gain in entropy for {0,1,2,3....} randomly and ordered inserted blanks? Please? How much entropy can I at a maximum have for a 20 char ASCII pass phrase? which means 20 hits on the keyboard? for a C and PERL programmer used to read regular expression this should be pronounceable. &>$\({-`]$$``/^):|\^ and at the end it is piped to a backslashed power function? I can even see the warning of the PERL interpreter but lets assume this is regex from the next version of PERL. Sincerely yours, Morten Gulbrandsen ????????????? _____________________________________________________________________ Java programmer, C++ programmer CAcert Assurer, GSWoT introducer, thawte Notary Gossamer Spider Web of Trust http://www.gswot.org Please consider the environment before printing this e-mail! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (SunOS) Comment: For keyID and its URL see the OpenPGP message header iEYEARECAAYFAkj/LU4ACgkQ9ymv2YGAKVSrvACg4xWr2tUl0qOADF9VX8TJED+f cyIAnjoCiLgEaoLybTgQ4S21db5uq2Od =j1lt -----END PGP SIGNATURE----- From mwood at IUPUI.Edu Wed Oct 22 16:29:38 2008 From: mwood at IUPUI.Edu (Mark H. Wood) Date: Wed, 22 Oct 2008 10:29:38 -0400 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FF1951.6060202@sixdemonbag.org> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> <48FF1951.6060202@sixdemonbag.org> Message-ID: <20081022142938.GA5293@IUPUI.Edu> On Wed, Oct 22, 2008 at 08:15:13AM -0400, Robert J. Hansen wrote: > Glyph = one symbol in a language. It could be a single English letter, > a single Chinese ideogram, or a single Hangul phoneme. The more glyphs > in your passphrase, the more entropy you have (usually). English > accumulates about 1.5 bits of entropy per glyph. Nitpick: a glyph is a specific drawn letterform. There are many ways to draw, for example, a "Roman capital A" (serif/sans, upright/slant/italic, various degrees of boldness or extension, innumerable sizes and many artsy styles) but they all map to one Unicode code point and one encoding in e.g. ASCII. A glyph is a representation of a language symbol, but not the symbol itself. All of those variants are members of the class "Roman capital A". A passphrase *could* be an image, but usually is a sequence of character codes. So, although most readers probably understood "glyph" in the way I believe it was meant, I think we should be using some other word. -- Mark H. Wood, pedantic nitwit mwood at IUPUI.Edu Typically when a software vendor says that a product is "intuitive" he means the exact opposite. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From bernhard.kleine at gmx.net Wed Oct 22 18:11:23 2008 From: bernhard.kleine at gmx.net (Bernhard Kleine) Date: Wed, 22 Oct 2008 18:11:23 +0200 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FF2D4E.5030701@arcor.de> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> <48FF1951.6060202@sixdemonbag.org> <48FF2D4E.5030701@arcor.de> Message-ID: <1224691883.4374.27.camel@amd2000bk.kleinedaheim> Am Mittwoch, den 22.10.2008, 15:40 +0200 schrieb Morton D. Trace: > ^;@_*-<|./|;&/._;}.! > ?<&!\+~&;[//.~_-!|+] > %/<|;*=#&_).$<$;~.}* > - -$/\&{%#$){. at -_~.:}] > %\#`%%.[<&~!"*~}>.'_ > &>$\({-`]$$``/^):|\^ > :}$~$],|?)&>^`!>!:., > )+'[,/=*':%("|-{.?/! > !-_'/^?^?&>|?#'|& > - -:,&~,}**[%%(*=<[&*? > &'*+|]`|";/^*'!+#%`. > /<:="$?(#&`([<)&:"|* > \&.("^.#@>|/({(:%^;< > [,`'[%>;\/"('`_$`:}~ > *;!!/*=([`]/-?'.{^;* > *"_`,{&`^+^[-):%@~.; > %()"-*!@*{[?#=<-('{` > (%(<`}{!!)#>#/*">(&@ > ]+#$!&+/![\(/;}.";>! > ]\/\+}./);_"$;|^>.)@ Which one did you remember two hours later ;-) I count about 30 different entries, this is not much more than the alphabet. thus the complexity is only for the naked eye. using the proper glasses you might talk better write with these signs like with the latin alphabet. However, with lowercase and uppercase letters of the latter, the variation will be larger and you might even be able to repeat a passphrase from memory. With respect to randomness, do you have an idea how passphrases which use first letters of e.g. songs or poems (with lower and uppercase letters in german) are rated? Would be nice to know how often I have to change my favorite song. Cheers -- Bernhard Kleine -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: From werewolf6851 at gmail.com Wed Oct 22 18:59:12 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Wed, 22 Oct 2008 12:59:12 -0400 Subject: Key ID format: short or long? In-Reply-To: <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> Message-ID: <48FF5BE0.9070104@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 *Feeling like a newbie* You know, I never knew or noticed that the key ID was the last digits of the fingerprint. And I use to fit the key id on one line, and fingerprint right beneath it on the business cards I print out at home, like the notation on bottom of my signature. Guess with professional printing could set the last 8 digits BOLD or slightly bigger font. - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Inara: "What should I do?" Simon: (hands her bandages): "Tie it off." Inara: "Simon, I'm good with anatomy, but not like this..." --Unfilmed Episode, "Dead or Alive" Robert J. Hansen wrote: >> At least one picture ID and your key's fingerprint. > > This may be your policy; it is not a requirement of the system. > >> They are not going to use the fingerprint to retrieve >> the key, only to verify that the retrieved key is yours. > > Sure they are. Where do you think the key ID comes from? It's the last > eight hex digits of the fingerprint. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj/W+AACgkQLYy55nbmwbz0lgCfX8ohgIhkoU8j5XoxJFoV1qQI 2YIAoI65pFZd4eeonMfBoxiSuj6Gwmg5 =G3gj -----END PGP SIGNATURE----- From chd at chud.net Wed Oct 22 19:28:22 2008 From: chd at chud.net (Chris De Young) Date: Wed, 22 Oct 2008 10:28:22 -0700 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FF2D4E.5030701@arcor.de> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> <48FF1951.6060202@sixdemonbag.org> <48FF2D4E.5030701@arcor.de> Message-ID: <48FF62B6.7070607@chud.net> Morton D. Trace wrote: [...] > here are some random 20char ASCII pass phrases > > bash-3.00$ apg -a 1 -M S -n 20 -m 20 > ^;@_*-<|./|;&/._;}.! > ?<&!\+~&;[//.~_-!|+] [...] I do actually use some passphrases like this, though usually with more letters and numbers in them (generated with gpg --gen-random -a for the most part). I make no attempt to remember them; I keep them in an application designed for the purpose (PasswordSafe). Given that, there's really no need to limit the length to 20 - since you're never going to type it, you may as well use as long a password as your application will accept. The drawback to this is that if my password store is not available to me then none of the passwords in it are either. I also have more conventional passphrases that I can remember and type, since there are always some things you're going to have to produce from memory, and there may be some things you don't want to trust to permanent storage at all. Pick the right tool for the job. I find that randomly generated passwords work fine for 90+% of my password needs though. :-) -C -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From werewolf6851 at gmail.com Wed Oct 22 20:17:23 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Wed, 22 Oct 2008 14:17:23 -0400 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FF62B6.7070607@chud.net> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> <48FF1951.6060202@sixdemonbag.org> <48FF2D4E.5030701@arcor.de> <48FF62B6.7070607@chud.net> Message-ID: <48FF6E33.2020701@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Myself, use apg or wapg depending on what OS I'm on at the moment. wapg is a windows version of apg that'll run from a ubs drive, also run portable version of gpg from same usb drive, then just encrypt info to myself about password, url, username, etc. Down side, the secring.gpg ring stored on it as well. Will have invistigate making a secring only for decrypting, (sub keys) with the primary sec key stored else where. And Rockbox.org if your mp3 player supports it's replacement firmware has a 'keybox' to store usernames;passwords. - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Inara: "Come into my shuttle." Saffron: "You would lie with me?" (alarms sound) Inara: "I guess we've lied enough." --Episode #6, "Our Mrs Reynolds" Chris De Young wrote: > Morton D. Trace wrote: > [...] >> here are some random 20char ASCII pass phrases >> >> bash-3.00$ apg -a 1 -M S -n 20 -m 20 >> ^;@_*-<|./|;&/._;}.! >> ?<&!\+~&;[//.~_-!|+] > > [...] > > I do actually use some passphrases like this, though usually with more > letters and numbers in them (generated with gpg --gen-random -a for > the most part). I make no attempt to remember them; I keep them in an > application designed for the purpose (PasswordSafe). Given that, > there's really no need to limit the length to 20 - since you're never > going to type it, you may as well use as long a password as your > application will accept. > > The drawback to this is that if my password store is not available to > me then none of the passwords in it are either. I also have more > conventional passphrases that I can remember and type, since there are > always some things you're going to have to produce from memory, and > there may be some things you don't want to trust to permanent storage > at all. Pick the right tool for the job. > > I find that randomly generated passwords work fine for 90+% of my > password needs though. :-) > > -C > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj/bjIACgkQLYy55nbmwbyV1wCgh8JTAT4UgbI5iFFE+t080EXu KiYAoIC7PGlK4OZYUErxny2EddGXLIs8 =PICm -----END PGP SIGNATURE----- From nik at datasnok.org Wed Oct 22 22:40:22 2008 From: nik at datasnok.org (Nikola Pavlovic) Date: Wed, 22 Oct 2008 22:40:22 +0200 Subject: There is no limit on the length of a passphrase, In-Reply-To: <1224691883.4374.27.camel@amd2000bk.kleinedaheim> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> <48FF1951.6060202@sixdemonbag.org> <48FF2D4E.5030701@arcor.de> <1224691883.4374.27.camel@amd2000bk.kleinedaheim> Message-ID: <20081022204022.GA10466@sputnjik.localdomain> On Wed, Oct 22, 2008 at 06:11:23PM +0200, Bernhard Kleine wrote: > > With respect to randomness, do you have an idea how passphrases which > use first letters of e.g. songs or poems (with lower and uppercase > letters in german) are rated? > It all depends on how big a pool of songs/poems you have, I guess. Intuitively, I guess it's not that good, but it again depends on who is out to get you. :) My $0.02: I use Diceware for really important passphrases. 7 or 8 Diceware words is somewhere near 128 bits of entropy (I don't remember exactly, but I think 9 words is the first level above 128 bits). I have never had problems remembering even 8-word ones (after a few tries it just sticks in my muscle memory, I wouldn't be able to reproduce them without a querty keyboard :) I have hard copies of course, stored secure enough considering my needs and resources (can't really hire armed guards ;) So, presuming the actuall list from which you pick words is valid and you use a reasonably good set of dices to choose them, I think it is an optimal way of generating strong passphrases. --nik -- Be different: conform. http://datasnok.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 489 bytes Desc: not available URL: From werewolf6851 at gmail.com Thu Oct 23 03:56:09 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Wed, 22 Oct 2008 21:56:09 -0400 Subject: set type digest mode? Message-ID: <48FFD9B9.7020104@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Been trying find references on net etc Is there way to set which digest mode gpg uses for clear signed messages depending on which uid is set as the primary?? Tried edited the uid with setpref S9 S8 S7 S3 S2 H8 H3 H9 H10 Z2 Z3 Z1 but it still adds sha1 and messages are set with sha1 even while h8 (sha256) first in the list. - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Jayne: "Shiny. Lets be bad guys." --"Serenity" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj/2bkACgkQLYy55nbmwbx0GwCgjxHvLRofmDratb9zXOwExpNr 6u8An3FUi061dV7fTN+KNokMRhPjBiNe =al8L -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Oct 23 05:19:19 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 22 Oct 2008 23:19:19 -0400 Subject: set type digest mode? In-Reply-To: <48FFD9B9.7020104@gmail.com> References: <48FFD9B9.7020104@gmail.com> Message-ID: On Oct 22, 2008, at 9:56 PM, Werewolf wrote: > Been trying find references on net etc > Is there way to set which digest mode gpg uses for clear signed > messages > depending on which uid is set as the primary?? Tried edited the uid > with setpref S9 S8 S7 S3 S2 H8 H3 H9 H10 Z2 Z3 Z1 but it still adds > sha1 > and messages are set with sha1 even while h8 (sha256) first in the > list. personal-digest-preferences sha256 ripemd160 sha1 etc David From faramir.cl at gmail.com Thu Oct 23 05:41:28 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 23 Oct 2008 00:41:28 -0300 Subject: Key ID format: short or long? In-Reply-To: <48FF5BE0.9070104@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> <48FF5BE0.9070104@gmail.com> Message-ID: <48FFF268.1080206@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werewolf escribi?: > *Feeling like a newbie* You know, I never knew or noticed that the key > ID was the last digits of the fingerprint. And I use to fit the key id > on one line, and fingerprint right beneath it on the business cards I > print out at home, like the notation on bottom of my signature. Guess > with professional printing could set the last 8 digits BOLD or slightly > bigger font. I did the same (both to put KeyID _and_ fingerprint, and to print them at home). However, I modified the file... next cards will have the fingerprint with the last characters in bold, plus my biglumber url (using tinyurl). Today I gave one of my cards to a schoolmate I saw (I had not seen him for a very long time)...let's see if he ask about the "PGP Key" thing in my card... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJI//JoAAoJEMV4f6PvczxApNQIAIMoOaz71yjRTokocKPZCMWT 4a1+G9MMv65EUKG0xYzEMB4tgDJk0BBPcj11Jlfcahi1RDQ5FpBMy3MON1wdY0cr Vtc5Hl72Taac/uZ+xwP6eAPwt7zf7MCgCQAAWxM22yEznmBSF59Ky5TsIueSQt7a sSiXDIKVsX0R/0W4ThKd/LVqOVnIYovcxPJxJOE/x0TfsM3DCZ2YbHSRjUOxWREl QjJL8dNyOqszvd3xyOV+ezdDgJdZdhpGQLIKStyXmRbsENzUZVB1IJ+awQJTBRhD T7/zQWFJ8PGu9Vt6z/2Kj3ce54tuOmdYqp4VxCf8x3PVAU33bwum70Ak11O+1fg= =Drvp -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Thu Oct 23 05:42:57 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 22 Oct 2008 23:42:57 -0400 Subject: set type digest mode? In-Reply-To: <48FFD9B9.7020104@gmail.com> References: <48FFD9B9.7020104@gmail.com> Message-ID: <48FFF2C1.7000708@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Werewolf wrote: > Been trying find references on net etc > Is there way to set which digest mode gpg uses for clear signed messages > depending on which uid is set as the primary?? Tried edited the uid > with setpref S9 S8 S7 S3 S2 H8 H3 H9 H10 Z2 Z3 Z1 but it still adds sha1 > and messages are set with sha1 even while h8 (sha256) first in the list. In gpg.conf add the line: digest-algo SHA256 Or in Enigmail on the 'Additional Parameters' line/box under the 'Advanced Tab add --digest-algo SHA256 You can also add these lines to gpg.conf: personal-cipher-preferences S9 S2 S13 S10 S4 S12 S8 S11 S7 S3 S1 personal-digest-preferences H10 H9 H8 H11 H6 H3 H2 personal-compress-preferences Z3 Z2 Z1 FWIW; about 3 weeks ago there was a fairly extended thread on this List surrounding the 'benefits' of the 'personal -X-preferences' lines. JOHN ;) Timestamp: Wednesday 22 Oct 2008, 23:42 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI//K9AAoJEBCGy9eAtCsPD4MIAIhiwcwPemFW9KiCxeuGG16i Q4ocI6GdvzWSwlhUwi1g8y4YPDDVX0zLiq87blNOKdn+V7uh8+bv8Adib+kPGsv6 j0uG+tYWceeXPk7r8xQ1ApS/NEcrTOg3TokhoQChybQbdzyVFpwlJ6ycbYZnaT89 5D+lvbOBeQviFQs9GHyNwJvHccHpLlhgKrALTvyMLdCHeabQZA2RYkzUyA8cx66d x0w26tdY5PqnGN2VeRRX49sSvjZ5E9trtZTSDsqW6M0YhqEKh3KLriyo1FL2vok4 tHDUaDW6Pqfq20fl5HmdXYCRTljPVUnMghY/AmgOAmtV5lqHONhkcGEhgTt5CN8= =IkI2 -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Oct 23 05:55:13 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 22 Oct 2008 23:55:13 -0400 Subject: set type digest mode? In-Reply-To: <48FFF2C1.7000708@bellsouth.net> References: <48FFD9B9.7020104@gmail.com> <48FFF2C1.7000708@bellsouth.net> Message-ID: <85A415A0-7F8B-422C-BB12-24E3CFE9D46B@jabberwocky.com> On Oct 22, 2008, at 11:42 PM, John W. Moore III wrote: > Werewolf wrote: > >> Been trying find references on net etc >> Is there way to set which digest mode gpg uses for clear signed >> messages >> depending on which uid is set as the primary?? Tried edited the uid >> with setpref S9 S8 S7 S3 S2 H8 H3 H9 H10 Z2 Z3 Z1 but it still adds >> sha1 >> and messages are set with sha1 even while h8 (sha256) first in the >> list. > > In gpg.conf add the line: > > digest-algo SHA256 No. Do this and you shoot yourself in the foot. It violates the OpenPGP protocol. David From dshaw at jabberwocky.com Thu Oct 23 05:57:00 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 22 Oct 2008 23:57:00 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FEBF2B.5010300@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> <48FEBF2B.5010300@gmail.com> Message-ID: <6DDC23B2-95CD-4EFB-A09C-E09F42146146@jabberwocky.com> On Oct 22, 2008, at 1:50 AM, Faramir wrote: > Robert J. Hansen escribi?: > >>> They are not going to use the fingerprint to retrieve >>> the key, only to verify that the retrieved key is yours. >> >> Sure they are. Where do you think the key ID comes from? It's the >> last >> eight hex digits of the fingerprint. > > Yes, you are right, but remember newbies like me maybe don't know > that, and maybe they think about fingerprints and Key IDs as 2 > separated > things... And the 2 GUIs I use ask for a Key ID to perform the > searches... It seems we have another entry for the FAQ: > > Q: "I got a fingerprint, but not a Key ID, how do I search the key?" > > A: "The Key ID is the last part of the fingerprint, it can be 8 or 16 > characters long (short and long formats). Use those last digits to do > the search, and then use the whole fingerprint to check you found the > right key". Or just search on the fingerprint directly: gpg --recv-keys 7D92FD313AB6F3734CC59CA1DB698D7199242560 David From dshaw at jabberwocky.com Thu Oct 23 06:00:43 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 23 Oct 2008 00:00:43 -0400 Subject: Key ID format: short or long? In-Reply-To: <48FFF268.1080206@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> <26DA7093-20A4-4457-B037-4EAC74B6020D@sixdemonbag.org> <48FF5BE0.9070104@gmail.com> <48FFF268.1080206@gmail.com> Message-ID: <06EE0B25-94F7-41BC-8A83-E9C7A7472CDD@jabberwocky.com> On Oct 22, 2008, at 11:41 PM, Faramir wrote: > Werewolf escribi?: > >> *Feeling like a newbie* You know, I never knew or noticed that the >> key >> ID was the last digits of the fingerprint. And I use to fit the >> key id >> on one line, and fingerprint right beneath it on the business cards I >> print out at home, like the notation on bottom of my signature. >> Guess >> with professional printing could set the last 8 digits BOLD or >> slightly >> bigger font. > > I did the same (both to put KeyID _and_ fingerprint, and to print > them > at home). However, I modified the file... next cards will have the > fingerprint with the last characters in bold, plus my biglumber url > (using tinyurl). I use both key ID and fingerprint even though the key ID is redundant. It lets me avoid explaining to people that the last 8 digits are the key ID. As we've seen here, that's not widely understood. Plus, it may not be true forever. One of the proposals for future key formats has the key ID being the *first* 8 digits, rather than the *last*. David From jmoore3rd at bellsouth.net Thu Oct 23 06:06:32 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 23 Oct 2008 00:06:32 -0400 Subject: set type digest mode? In-Reply-To: <85A415A0-7F8B-422C-BB12-24E3CFE9D46B@jabberwocky.com> References: <48FFD9B9.7020104@gmail.com> <48FFF2C1.7000708@bellsouth.net> <85A415A0-7F8B-422C-BB12-24E3CFE9D46B@jabberwocky.com> Message-ID: <48FFF848.10805@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Shaw wrote: >> In gpg.conf add the line: >> >> digest-algo SHA256 > > No. Do this and you shoot yourself in the foot. It violates the > OpenPGP protocol. I didn't advocate the wisdom of this practice; merely answered the Question: "How to force SHA256?" I referenced the previous thread surrounding this issue in a lame attempt to make the arguments for the OpenPGP protocol. Then again, I would instruct anyone who asked in how to load a newly acquired firearm without ever pointing out the silliness of a lethal weapon in the hands of someone so obviously unfamiliar with it. :-D JOHN ;) Timestamp: Thursday 23 Oct 2008, 00:06 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI//hFAAoJEBCGy9eAtCsPY/4H/0GybtSlLog8D39J3Vevdcn+ ohcU+MTZI7K9KQV8hoP/UcqQOX80GTTLqr+Mnhzq7FJOgx/7VHa4vc+icKg1to9e uKU85DOrqX8y3SvexE3pSv2iS7673Mn+wRyOLNm33hswAUs22l3KeirLOPXhohja tiepYPJNPyJkrpafTxAsKI+3FUOJ0DD2fo9F5mBn4kl8Uw8icZurPpJpJYWSP7ee bWgGi8w0A7Qs67w2FvroRGIx3KgorPUcMQRRrgM9w1VFqzDyIhr+KTcrdDcvU/qA htjQXvGc1/LFG9ANq4zvbC07q7VtiMWaNl0qzGbg1NNloFCS4RR7Q772Kwzv7Eg= =f+ZH -----END PGP SIGNATURE----- From faramir.cl at gmail.com Thu Oct 23 06:47:29 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 23 Oct 2008 01:47:29 -0300 Subject: There is no limit on the length of a passphrase, In-Reply-To: <48FF6E33.2020701@gmail.com> References: <48FD3B24.3070403@arcor.de> <562C4FE4-5A29-4EED-AB91-9ACD2550B369@jabberwocky.com> <48FD4E6B.5030703@gmail.com> <48FDC06A.3080507@sixdemonbag.org> <48FE5F02.6040306@arcor.de> <48FE9989.3060101@sixdemonbag.org> <48FEA4EE.3090506@bellsouth.net> <48FF1951.6060202@sixdemonbag.org> <48FF2D4E.5030701@arcor.de> <48FF62B6.7070607@chud.net> <48FF6E33.2020701@gmail.com> Message-ID: <490001E1.60406@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werewolf escribi?: > myself about password, url, username, etc. Down side, the secring.gpg > ring stored on it as well. Will have invistigate making a secring only > for decrypting, (sub keys) with the primary sec key stored else where. http://tjl73.altervista.org/secure_keygen/en/index.html That is the tutorial about using "just" sub keys... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJJAAHhAAoJEMV4f6PvczxAfIoIAKsZe62hOYf53KEHWuZBwDOT 2NJs8kwbAB6OC/8p4z4zQMGMPhncqHXlll32fTB7U64TngXFlUMyu6PKMoYm6EnD wmdDYrBLd9b8Z6qdSu7Fre+GbuF8sIrGl7OWLVziAv/Fa2Mt56O7Z+Q0pznHI+W/ FS6V09eUpGgOP4BI2YV5kWfc5zdbLBobDq4QkxoODojqdXfhFCMPWH//C7/k4ATS mC4m+3PxVRkbiEcNX4sCoUGOauCHmIhU4XSR9wVrtlq4sAecKmWMcTnIKQa55wh8 w9zrYWOm7y5YnCauDvtfLY35WqVUKOP6CVXXNrlzSnvNDF1COkbu3MjqdfDgCvY= =/niP -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Thu Oct 23 08:07:38 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 23 Oct 2008 08:07:38 +0200 Subject: set type digest mode? In-Reply-To: <48FFD9B9.7020104@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Werewolf ! Werewolf wrote: > Been trying find references on net etc > Is there way to set which digest mode gpg uses for clear signed messages > depending on which uid is set as the primary?? Tried edited the uid > with setpref S9 S8 S7 S3 S2 H8 H3 H9 H10 Z2 Z3 Z1 but it still adds sha1 > and messages are set with sha1 even while h8 (sha256) first in the list. Here's from my GPG.CONF, in order to have RIPEMD160 default-preference-list S7 S1 S10 S3 S4 S2 S9 S8 H3 H8 H9 H10 H11 H2 H1 Z1 Z3 Z2 Z0 personal-cipher-preferences S7 S1 S10 S3 S4 S2 S9 S8 personal-digest-preferences H3 H8 H9 H10 H11 H2 H1 personal-compress-preferences Z1 Z3 Z2 Z0 - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iHEEAREDADEFAkkAFSkqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMlq4AoOzGmDT/yAY3jVpl4RFjvVF8AmbSAJwJ ZpF66bD5q85oIBf3dOGZ2NB8lA== =Pgux -----END PGP SIGNATURE----- From faramir.cl at gmail.com Thu Oct 23 08:36:17 2008 From: faramir.cl at gmail.com (Faramir) Date: Thu, 23 Oct 2008 03:36:17 -0300 Subject: set type digest mode? In-Reply-To: <48FFD9B9.7020104@gmail.com> References: <48FFD9B9.7020104@gmail.com> Message-ID: <49001B61.7020101@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Werewolf escribi?: > > Been trying find references on net etc > Is there way to set which digest mode gpg uses for clear signed messages > depending on which uid is set as the primary?? Tried edited the uid > with setpref S9 S8 S7 S3 S2 H8 H3 H9 H10 Z2 Z3 Z1 but it still adds sha1 > and messages are set with sha1 even while h8 (sha256) first in the list. If I am not wrong (but keep in mind I can be wrong), setpref has to do with what you can/prefer to receive (that is, when you are the recipient of the message). To change your preferences as a sender, try with personal-digest-preferences H8 H3 H9 H10 in your gpg.conf file. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJJABthAAoJEMV4f6PvczxAsZEIAKH5Gwd1xfeDY8+hIyy1WfGt y0ms79W35dbB1C3KtEL+1BIuHe24pAy1qnLgeQTMYN23jk0H2XOrPu8FMYJ0+zNJ 85Er07O4KNxzwmhQV2wBJ3XJow+ArK0vz2TgilZgxZBnuTcGc/Ka3mpWGkPg4BgA G4NrSYBwh0pVeIP+G0HPG7Bbtv5UOV7uS4RCvn103JcCV2jcdQ48x1fE5KhMNkB9 mbHMgIaTcwHBQXUf0gYR4tdbA90V9C+kSuDqo3PA8zaLmu+G47n/EhfjlXiG2gSG vYBMwg3iUfDZTAjV7Vx/KRqTJqwn4sKS6Uiqn4POMIL6pablByUq3xcTTkNhCgw= =FKpv -----END PGP SIGNATURE----- From werewolf6851 at gmail.com Thu Oct 23 18:53:06 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Thu, 23 Oct 2008 12:53:06 -0400 Subject: set type digest mode? plus other query In-Reply-To: <49001B61.7020101@gmail.com> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> Message-ID: <4900ABF2.4020702@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Faramir wrote: > Werewolf escribi?: >> Been trying find references on net etc >> Is there way to set which digest mode gpg uses for clear signed messages >> depending on which uid is set as the primary?? Tried edited the uid >> with setpref S9 S8 S7 S3 S2 H8 H3 H9 H10 Z2 Z3 Z1 but it still adds sha1 >> and messages are set with sha1 even while h8 (sha256) first in the list. > > If I am not wrong (but keep in mind I can be wrong), setpref has to do > with what you can/prefer to receive (that is, when you are the recipient > of the message). To change your preferences as a sender, try with > personal-digest-preferences H8 H3 H9 H10 in your gpg.conf file. > > Best Regards That brings up query for using Engimail with ThunderbirdPortable. It want the gpg binaries in Apps/gpg dir and the keyrings in Data/gpg. Am I to assume the gpg.conf should be with the keyrings (Data/gpg)? Secondly I wonder if since my key is 1024 bit DSA that limits the algo usable to say sha1, md5, etc? Saw a note about "--enable-dsa2" option, not all applications support this yet. Given latency of the net; is this note still very relevant or just slight relevant? - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Mal: "If anyone gets nosy, just...you know... shoot 'em." Zoe: "Shoot 'em?" Mal: "Politely." --Episode #1, "Serenity" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkAq/IACgkQLYy55nbmwbwYtACgtAP8JkQOS9vK9Jb6vfUw+Asc 5wMAn24MRVQfOJ+TnWokbH0goHN5VsJW =JNjX -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Thu Oct 23 20:40:14 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 23 Oct 2008 14:40:14 -0400 Subject: DSA2 (was Re: set type digest mode? plus other query) In-Reply-To: <4900ABF2.4020702@gmail.com> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> Message-ID: <20081023184013.GA9888@jabberwocky.com> On Thu, Oct 23, 2008 at 12:53:06PM -0400, Werewolf wrote: > That brings up query for using Engimail with ThunderbirdPortable. It > want the gpg binaries in Apps/gpg dir and the keyrings in Data/gpg. Am > I to assume the gpg.conf should be with the keyrings (Data/gpg)? That is the common setup. I'd go with it unless there is an active reason not to. > Secondly I wonder if since my key is 1024 bit DSA that limits the algo > usable to say sha1, md5, etc? Saw a note about "--enable-dsa2" option, > not all applications support this yet. Given latency of the net; is this > note still very relevant or just slight relevant? I'm not sure what your question is here. If your key is 1024 bit DSA, then you can only use a 160 bit hash with it, which means either SHA-1 or RIPEMD-160. If your key is 1024 bit DSA and you have --enable-dsa2 set you can use any hash you like that is 160 bits or greater. You can never use MD5 with any DSA, as it is only 128 bits long. Every other hash in OpenPGP is 160 bits or greater. David From thomas at bohnomat.de Thu Oct 23 20:57:47 2008 From: thomas at bohnomat.de (Thomas Bohn) Date: Thu, 23 Oct 2008 20:57:47 +0200 Subject: Send in Background Message-ID: <20081023185747.GA16160@proton.bohnomat.de> Hello, it is possible to send email in the background when I use the internal SMTP feature? Thomas From thomas at bohnomat.de Thu Oct 23 21:26:56 2008 From: thomas at bohnomat.de (Thomas Bohn) Date: Thu, 23 Oct 2008 21:26:56 +0200 Subject: Send in Background In-Reply-To: <20081023185747.GA16160@proton.bohnomat.de> References: <20081023185747.GA16160@proton.bohnomat.de> Message-ID: <20081023192656.GA18162@proton.bohnomat.de> On 20:57, Thu 23 Oct 08, Thomas Bohn wrote: > it is possible to send email in the background when I use the internal > SMTP feature? This was the wrong mailing list, I apologize. Thomas From rjh at sixdemonbag.org Thu Oct 23 21:29:08 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 23 Oct 2008 12:29:08 -0700 Subject: set type digest mode? plus other query In-Reply-To: <4900ABF2.4020702@gmail.com> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> Message-ID: <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> > Secondly I wonder if since my key is 1024 bit DSA that limits the algo > usable to say sha1, md5, etc? Saw a note about "--enable-dsa2" option, > not all applications support this yet. Given latency of the net; is this > note still very relevant or just slight relevant? Your question is not very clear. I will try to answer it nevertheless. Q: Without the --enable-dsa2 option, is DSA limited to SHA1, md5, etc.? A: The question cannot be answered. Q: Without the --enable-dsa2 option, what hashes may be used with DSA? A: SHA1 and RIPEMD160. Q: Is the note about app support of DSA2 still relevant? A: Depends on who you correspond with. There are still a lot of PGP 6 installs out there. Q: Should --enable-dsa2 be used? A: Probably. The sooner we can convince people using legacy systems to upgrade, the better off we'll all be. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From bahamutzero8825 at gmail.com Fri Oct 24 00:17:19 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Thu, 23 Oct 2008 17:17:19 -0500 Subject: set type digest mode? plus other query In-Reply-To: <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> Message-ID: <4900F7EF.8030201@gmail.com> Robert J. Hansen wrote: > A: Depends on who you correspond with. There are still a lot of PGP 6 > installs out there. 6.5.8 seems popular. Any idea why? -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18145 | GPG 1.4.9 | Thunderbird 2.0.0.17 | Enigmail 0.95.7 From rjh at sixdemonbag.org Fri Oct 24 01:06:35 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 23 Oct 2008 19:06:35 -0400 Subject: set type digest mode? plus other query In-Reply-To: <4900F7EF.8030201@gmail.com> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> <4900F7EF.8030201@gmail.com> Message-ID: <4901037B.4090701@sixdemonbag.org> Andrew Berg wrote: > 6.5.8 seems popular. Any idea why? It was the last version of PGP to be released freeware for UNIX. To this day, PGP has more brand recognition than GnuPG; people who only know "I need PGP to do $foo" will more often than not look around for PGP for UNIX and find 6.5.8. On the Win32 front, 6.5.8 is available for download from a great many sites. 7.x isn't available anywhere, you have to really look for 8.x, and 9.x requires registering with PGP.com, which many people are opposed to. On top of that, a lot of the OpenPGP software ecosystem (remailers, mixmasters, etc.) is hardcoded for PGP 6.5.8 support. PGP 6.5.8, like PGP 2.6, is "good enough for most people and purposes." Which means that no matter how much we want to get rid of them, they simply won't go away. From bahamutzero8825 at gmail.com Fri Oct 24 02:24:57 2008 From: bahamutzero8825 at gmail.com (Andrew Berg) Date: Thu, 23 Oct 2008 19:24:57 -0500 Subject: set type digest mode? plus other query In-Reply-To: <4901037B.4090701@sixdemonbag.org> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> <4900F7EF.8030201@gmail.com> <4901037B.4090701@sixdemonbag.org> Message-ID: <490115D9.4080104@gmail.com> Robert J. Hansen wrote: > Andrew Berg wrote: > > 6.5.8 seems popular. Any idea why? > > It was the last version of PGP to be released freeware for UNIX. Ah. > PGP 6.5.8, like PGP 2.6, is "good enough for most people and purposes." > Which means that no matter how much we want to get rid of them, they > simply won't go away. > Isn't 2.6 over 10 years old? Is it even compatible with the Windows NT kernel? -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18145 | GPG 1.4.9 | Thunderbird 2.0.0.17 | Enigmail 0.95.7 From rjh at sixdemonbag.org Fri Oct 24 02:33:09 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 23 Oct 2008 20:33:09 -0400 Subject: set type digest mode? plus other query In-Reply-To: <490115D9.4080104@gmail.com> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> <4900F7EF.8030201@gmail.com> <4901037B.4090701@sixdemonbag.org> <490115D9.4080104@gmail.com> Message-ID: <490117C5.4060501@sixdemonbag.org> Andrew Berg wrote: > Isn't 2.6 over 10 years old? Is it even compatible with the Windows NT > kernel? Try fifteen or more -- and yes, it is. It's a very, _very_ simple piece of software; it'll compile anywhere that's even faintly, vaguely, making noises about being POSIX conformant. Such as, say, DOS. From werewolf6851 at gmail.com Fri Oct 24 05:38:07 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Thu, 23 Oct 2008 23:38:07 -0400 Subject: set type digest mode? plus other query In-Reply-To: <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> <20081023122908.fdsuvwmkg4wc84cc@shards.monkeyblade.net> Message-ID: <4901431F.8090304@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: >> Secondly I wonder if since my key is 1024 bit DSA that limits the algo >> usable to say sha1, md5, etc? Saw a note about "--enable-dsa2" option, >> not all applications support this yet. Given latency of the net; is this >> note still very relevant or just slight relevant? > > Your question is not very clear. I will try to answer it nevertheless. > > Q: Without the --enable-dsa2 option, is DSA limited to SHA1, md5, etc.? > A: The question cannot be answered. > > Q: Without the --enable-dsa2 option, what hashes may be used with DSA? > A: SHA1 and RIPEMD160. > > Q: Is the note about app support of DSA2 still relevant? > A: Depends on who you correspond with. There are still a lot of PGP 6 > installs out there. > > Q: Should --enable-dsa2 be used? > A: Probably. The sooner we can convince people using legacy systems to > upgrade, the better off we'll all be. > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > Thanks for info :) Thinking next key I make going to be a 2048 dsa2 with rsa signing key and elg encrypt sub keys - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Harrow: "You didn't have to wound the man." Mal: "Yeah, I know, it was just funny." --Episode #4, "Shindig" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREKAAYFAkkBQx8ACgkQLYy55nbmwbxb5ACbBNhkqV3cfSE2WW/j8D2TRLcl EE0AnAz9T+15ieDKAECpw/6xWcslBTTV =OIfK -----END PGP SIGNATURE----- From kevhilton at gmail.com Fri Oct 24 06:12:13 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Thu, 23 Oct 2008 23:12:13 -0500 Subject: set type digest mode? plus other query Message-ID: <96c450350810232112o7f23be6fxe3584c870312122f@mail.gmail.com> Who was behind the pgp 6.5.8 ckt release? That seemed like a solid piece of software at the time. If your were using windows, it provided a good tray interface, and made encryption/decryption very easy. How does this piece of antiquated software compare to modern day gnupg as far as ciphers used, digests used, etc. -- Kevin Hilton From faramir.cl at gmail.com Fri Oct 24 08:18:51 2008 From: faramir.cl at gmail.com (Faramir) Date: Fri, 24 Oct 2008 03:18:51 -0300 Subject: set type digest mode? plus other query In-Reply-To: <4900ABF2.4020702@gmail.com> References: <48FFD9B9.7020104@gmail.com> <49001B61.7020101@gmail.com> <4900ABF2.4020702@gmail.com> Message-ID: <490168CB.7070908@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Werewolf escribi?: > That brings up query for using Engimail with ThunderbirdPortable. It > want the gpg binaries in Apps/gpg dir and the keyrings in Data/gpg. Am > I to assume the gpg.conf should be with the keyrings (Data/gpg)? I _think_ the gpg.conf should be in the same dir where the gpg.exe file is located... just try it, if it doesn't work, then move it to the other folder... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJAWjLAAoJEMV4f6PvczxAyXYH/30QuRnM+O2L5fFP1K1yLBGW PkH0UKXll0Qh2KGf6Sh2H4btPGk046PRU9y85hVsAlmkmfXWzbcLwnwl15vuUwmN 9NkJf3FXYNVjY8w9l7zdo+1NIgyX1foVHFybcVX1os6MP04TG/qeWoYsofLCfhFA jjw70iJzgvgselBnXGbbjPtz5CDGTRYOYXyXjy6s8Uh2+hOp3zyx5x3VkI0xnc5e CRkDWA4GWylHrGL9N08M+FloFqcpYvYE9x4lC347diXVOBGtrSvN/Bng9FeD2x+M Ch7VCM7WBAQUy1BSQB6dKd3oYNspcMSnWjttU5TUeRoSpvlVQE2+XPVeBUC1kk0= =IEvs -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Fri Oct 24 08:35:36 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Fri, 24 Oct 2008 08:35:36 +0200 Subject: set type digest mode? plus other query In-Reply-To: <490168CB.7070908@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Faramir ! Faramir wrote: >> That brings up query for using Engimail with ThunderbirdPortable. It >> want the gpg binaries in Apps/gpg dir and the keyrings in Data/gpg. Am >> I to assume the gpg.conf should be with the keyrings (Data/gpg)? > I _think_ the gpg.conf should be in the same dir where the gpg.exe > file is located... just try it, if it doesn't work, then move it to the > other folder... GPG.CONF is expected to be in the Keyring\ - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iHEEAREDADEFAkkBbOYqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BM9SkAoPdiiCMoqRJmQW2q98VNUWfV894nAKDH 6A+u6a8fsAWFn0vbB62UWFFEpA== =e/t2 -----END PGP SIGNATURE----- From mkesper at fsfe.org Wed Oct 22 14:46:41 2008 From: mkesper at fsfe.org (Michael Kesper) Date: Wed, 22 Oct 2008 14:46:41 +0200 Subject: Key ID format: short or long? In-Reply-To: <48FE88D7.9090704@gmail.com> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> Message-ID: <20081022124641.GB4536@localhost> Hi, * Faramir [2008-10-21 22:58:47 -0300]: ? > I had thought the long key ID, plus my email address, should be > enough, since 8 characters hexadecimal numbers are unlikely to produce a > collision, and even in case of a malicious attempt to replace my key, if > 2 keys are found at the search, I would expect a contact to write and > say "which one is the good one?" Well, keys cannot be identified by the 8 chars alone. I've once been to a key-signing-party with about 150 people and guess what: There were collisions with other existing keys if you only would have looked at the last 8 chars of the fingerprint. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Treten Sie der Fellowship bei! [][][] (http://fsfe.org/join) Ihre Spende erm?glicht unsere Arbeit! || (http://fsfeurope.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: Digital signature URL: From arobins at PharmaCentra.com Wed Oct 22 17:35:24 2008 From: arobins at PharmaCentra.com (Adam Robins) Date: Wed, 22 Oct 2008 11:35:24 -0400 Subject: Problem running automated gpg Message-ID: <56A9D552A9343A4E83F5CFE6CC99D1C1021FA948@ganges.PharmaCentra.com> Hello, I have a perl script called encrypt.pl that runs gpg as follows: system("gpg -r 'username' --batch --encrypt-files 'filename.ext' 2>gpgerr.log"); When I run this from the console as root it works fine. However, if I run it from cron as root: */1 * * * * root /home/user/scripts/encrypt.pl 2> gpgerr.log I get the following error: gpg: failed to create temporary file `~/.gnupg/.#lk0x9693868.server.domain.com.28416': No such file or directory gpg: fatal: ~/.gnupg: can't create directory: No such file or directory secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 The directory "/root/.gnupg" is there. Permissions are drwx------ root root. I also tried chmod 777. If I put a command in the perl script: System('echo ~'); I get "/root" as a result. This leads me to believe that gpg is trying to place the temp file in a directory other than "/root/.gnupg" when run from cron. Any ideas are appreciated. Thanks, Adam _____________________________________________________________ Adam Robins, CCP Executive Vice President / Chief Information Officer PHARMACENTRA, LLC 5901B Peachtree Dunwoody Road, Suite 380 Atlanta, GA 30328 Office: 770-395-0088 x2034 Mobile: 770-855-1360 Fax: 770-395-0989 E-mail: arobins at pharmacentra.com Web: www.pharmacentra.com _____________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From martin.wilck at fujitsu-siemens.com Thu Oct 23 18:53:53 2008 From: martin.wilck at fujitsu-siemens.com (Martin Wilck) Date: Thu, 23 Oct 2008 18:53:53 +0200 Subject: dirmngr SASL support Message-ID: <4900AC21.30109@fujitsu-siemens.com> Hello, I am trying to use dirmngr to download certificates from an AD server. Unfortunately the server accepts only SASL/GSSAPI bind operations. This is apparently unsupported in the current dirmngr (more precisely, dirmngr seems to support simple authenticfication only). Is SASL support planned for dirmngr any time soon? Regards Martin -- Martin Wilck PRIMERGY System Software Engineer FSC IP ESP DEV 6 Fujitsu Siemens Computers GmbH Heinz-Nixdorf-Ring 1 33106 Paderborn Germany Tel: ++49 5251 8 15113 Fax: ++49 5251 8 20209 Email: mailto:martin.wilck at fujitsu-siemens.com Internet: http://www.fujitsu-siemens.com Company Details: http://www.fujitsu-siemens.com/imprint.html From rjh at sixdemonbag.org Fri Oct 24 12:54:55 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 24 Oct 2008 06:54:55 -0400 Subject: set type digest mode? plus other query In-Reply-To: <96c450350810232112o7f23be6fxe3584c870312122f@mail.gmail.com> References: <96c450350810232112o7f23be6fxe3584c870312122f@mail.gmail.com> Message-ID: <4901A97F.1080407@sixdemonbag.org> Kevin Hilton wrote: > Who was behind the pgp 6.5.8 ckt release? http://sixdemonbag.org/cryptofaq.xhtml#ckt > How does this piece of antiquated software compare to modern > day gnupg as far as ciphers used, digests used, etc. IMO, badly. YMMV. From JuergenBader at o2online.de Fri Oct 24 12:16:32 2008 From: JuergenBader at o2online.de (Juergen Bader) Date: Fri, 24 Oct 2008 12:16:32 +0200 Subject: why people stick to pgp 6.5.8 Message-ID: <2FEB79A3-5A11-4D01-81C7-2A091333C385@O2Online.de> > From: "Kevin Hilton" > > Message-ID: > <96c450350810232112o7f23be6fxe3584c870312122f at mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Who was behind the pgp 6.5.8 ckt release? That seemed like a solid > piece of software at the time. If your were using windows, it > provided a good tray interface, and made encryption/decryption very > easy. How does this piece of antiquated software compare to modern > day gnupg as far as ciphers used, digests used, etc. > IMHO a lot of people are really glued to 6.5.8 because they want an easy GUI and quick access. The technology behind does not matter much to them as long as they are assured it is relatively safe. Before the existence of GUI software like seahorse such users who just want to encrypt, sign and decrypt their mail or files will not be easily convinced to change. More over: those who do not have smartcards to keep their keys safe, appreciated the easy way of setting a path to their keyrings which they might keep on a mobile device (floppy disk, usb-disk). Following the discussions in this list, there are a lot of interesting debates on how to secure data or to ensure the authenticity of a message. All is necessary - but IMHO I think relatively little is considered of enhancing the technology to make it safe to the inexperienced user who definitely will not use commandline etc. I hope I have posted to the right mail address - I am not used to participate actively in a list. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: Signierter Teil der Nachricht URL: From kevhilton at gmail.com Fri Oct 24 14:32:54 2008 From: kevhilton at gmail.com (Kevin Hilton) Date: Fri, 24 Oct 2008 07:32:54 -0500 Subject: set type digest mode? plus other query In-Reply-To: <4901A97F.1080407@sixdemonbag.org> References: <96c450350810232112o7f23be6fxe3584c870312122f@mail.gmail.com> <4901A97F.1080407@sixdemonbag.org> Message-ID: <96c450350810240532g5fbd61e7p531e09245c4a9b8b@mail.gmail.com> On Fri, Oct 24, 2008 at 5:54 AM, Robert J. Hansen wrote: > Kevin Hilton wrote: >> Who was behind the pgp 6.5.8 ckt release? > > http://sixdemonbag.org/cryptofaq.xhtml#ckt > >> How does this piece of antiquated software compare to modern >> day gnupg as far as ciphers used, digests used, etc. > > IMO, badly. YMMV. > Good link -- Thanks for info!!! -- Kevin Hilton From tchitwoo at us.ibm.com Fri Oct 24 16:10:02 2008 From: tchitwoo at us.ibm.com (Thomas Chitwood) Date: Fri, 24 Oct 2008 08:10:02 -0600 Subject: Out of office Message-ID: I will be out of the office starting 10/21/2008 and will not return until 10/28/2008. I will respond to your message when I return. If this is an FTP emergency, Please contact Doyle Hatfield or Danny Barba or send and email to ftpit at us.ibm.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at hush.com Fri Oct 24 16:41:48 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Fri, 24 Oct 2008 10:41:48 -0400 Subject: set type digest mode? plus other query Message-ID: <20081024144148.4C03D158045@smtp.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen rjh at sixdemonbag.org wrote on Fri Oct 24 12:54:55 CEST 2008: # >Kevin Hilton wrote: >> Who was behind the pgp 6.5.8 ckt release? # Imad Faiad was responsible for most of it, Disastry checked and wrote the code for the new revisions, i made suggestions as to the features, and did the bug testing # >http://sixdemonbag.org/cryptofaq.xhtml#ckt # there was only one bug, (btw, which i found), that affected all GUI versions of 6.5.8, not just ckt, and it involved a system crash when 6.5.8 tried to verify a clear-signed text with two simultaneous signatures, # i reported this to the open-pgp group, and to Imad, and it WAS corrected in the next ckt version, # the bug was not any worse than the bug in gnupg 1.0.6, which crashed when importing a v3 key that started with a zero octet, (immediately corrected in 1.0.7) bugs happen ;-(( but as long as they are acknowledged and corrected, the program is improved and moves on # >> How does this piece of antiquated software compare to modern >> day gnupg as far as ciphers used, digests used, etc. # >IMO, badly. YMMV. # IMO, ckt can use all ciphers used by gnupg except Camellia, and can use all hashes used by gnupg, # its major development was when NAI made pgp 7 closed-source, and there was no other open-source PGP that kept up with the advances of gnupg and pgp # it is an EXCELLENT intuitive GUI, and if Disastry were alive, (and if PGP followed my proposal, to *hire* Imad and Disastry as part of their development team, it could have become a superb user-friendly PGP build that would be fully compatible with gnupg) # all that being said, the way it stands now, i would *NOT* recommend it, because of the following: # [1] any ckt V4 rsa keys generated, have the rsa subkey as both sign and encrypt, and there is (as yet, afaik,) no way that gnupg can be used to get such a key to cross-certify the primary key, and since the subkey will be used by default by gnupg to sign, gnupg will give error messages about the verification # [2] the pgp disk program has become incompatible with symantec, (since win98) and a pgpdisk cannot be mounted unless norton anti-virus is turned off # [3] there is no support for the newer DH/DSA keys generated by gnupg # [4] the VPN software is incompatible with anything later than win98, and should not be installed # [5] potentially major legal hassles from the PGP corporation # # this is being double-signed so that people using any (non-CKT) GUI of 6.5.8, can see it crash on *any* windows platform # # vedaal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBAgAGBQJJAd17AAoJEFBvT6HTX7GGRXEQAI6BrCu8UocK02mkMuzfYuaV aY7MEBshxW+51B94AxZQm4tPCW3724uk2rLVMKr36Z6OHhonSvQu+SO2KjW7RrXg lnEMJT1S65md1bqxRxZ2VjyzQngju4ximrl/w1R350SFjX0uxDlQJdXytrbiUYZB VsFyhCZ6AonQS1i+PwYLGfnuYW5bnZeYVhUpFQNCbt8FgrRcRnArwHrTvsHea++v lW7g6rFRTbl5iqddhbvO9OrVnGoyTTYfCBHbcVHbqD/rvWaXTRFewGe8osxxGMDA EWbcyA7+2kdwLaMyV3GFKu+jR2ocS7IUCHK0ChM8onc6W560lc302Kyg+vrSCSK3 GeELdkXgMI/1Ak3+yFUJmPnmppCd8AEG5AoLmih71npZw5F6jmn84TC2gzZOfYkn OTqNKja9kGM0Javm1zO6PpI3DL5cuG885MiCqeggXKNzckrkqp4mvTlxsPU63+FP j9w6DL0MH+5TDi+U9QYgymqznjqtFvsm5d6tpDbteye2/t6xrSopVcGyleVlgIvg FnAvTVxUmcTd0fBOzKsK4yFjVG/22uPqA2WyXX6jzQIdqlvkK/iY/+fZy1Wr38/4 3i7uZqgls5AxcJA9PS16oWKFbv6UpZmVEoouxe6WFdzgQSNy6Ef7/DlNzGicSEVw C7k0lC3AbiQL6kgWjiapiQEVAwUBSQHde2oFoLeFMG0lAQL2Egf+K6YBY0VAtiBl hRMObdoJki4b5V03bdQmHmXMGDanD59SQGL7wcf10cIntqI8reysaJTBR87UcABH /FHuILV8clsORLSVOW2B8/Fh2F9iKRdt8FP6AZXiJggThUfl0cddmh20iSuqdIN/ XNHcdCkjhprLsRFhTByVxSqRD/4hH2eackG1IxaT72xM6hUX8pjf8nfTyHllJWJl bpxJ/MMmDuAD8aCiRPhsbTdCntV9YshVRCOjJw/X1UQ96C7Yfk7dXFoQVaoQbJfL eUaBXUx3nJm9VtV1R+mmN2FFdQLII5Rt5Swh/2OQFEB5DsJZiqFejRaGTkL6NUA5 bkurxFqagw== =qrip -----END PGP SIGNATURE----- any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Experience the sleep of a lifetime with a quality new mattress. Click now! http://tagline.hushmail.com/fc/Ioyw6h4dYo289IPhNeUlThcUwn9JhjH7lfWgeiMawEXRfIzBHM9kEv/ From vedaal at hush.com Fri Oct 24 16:59:07 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Fri, 24 Oct 2008 10:59:07 -0400 Subject: set type digest mode? plus other query // sorry, bad hushmail wrap wrecked sig Message-ID: <20081024145907.391FB15803E@smtp.hushmail.com> hushmail wrapped the signed cleartext and invalidated the sig, here it's tried again ;-| -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen rjh at sixdemonbag.org wrote on Fri Oct 24 12:54:55 CEST 2008: # >Kevin Hilton wrote: >> Who was behind the pgp 6.5.8 ckt release? # Imad Faiad was responsible for most of it, Disastry checked and wrote the code for the new revisions, i made suggestions as to the features, and did the bug testing # >http://sixdemonbag.org/cryptofaq.xhtml#ckt # there was only one bug, (btw, which i found), that affected all GUI versions of 6.5.8, not just ckt, and it involved a system crash when 6.5.8 tried to verify a clear-signed text with two simultaneous signatures, # i reported this to the open-pgp group, and to Imad, and it WAS corrected in the next ckt version, # the bug was not any worse than the bug in gnupg 1.0.6, which crashed when importing a v3 key that started with a zero octet, (immediately corrected in 1.0.7) bugs happen ;-(( but as long as they are acknowledged and corrected, the program is improved and moves on # >> How does this piece of antiquated software compare to modern >> day gnupg as far as ciphers used, digests used, etc. # >IMO, badly. YMMV. # IMO, ckt can use all ciphers used by gnupg except Camellia, and can use all hashes used by gnupg, # its major development was when NAI made pgp 7 closed-source, and there was no other open-source PGP that kept up with the advances of gnupg and pgp # it is an EXCELLENT intuitive GUI, and if Disastry were alive, (and if PGP followed my proposal, to *hire* Imad and Disastry as part of their development team, it could have become a superb user-friendly PGP build that would be fully compatible with gnupg) # all that being said, the way it stands now, i would *NOT* recommend it, because of the following: # [1] any ckt V4 rsa keys generated, have the rsa subkey as both sign and encrypt, and there is (as yet, afaik,) no way that gnupg can be used to get such a key to cross-certify the primary key, and since the subkey will be used by default by gnupg to sign, gnupg will give error messages about the verification # [2] the pgp disk program has become incompatible with symantec, (since win98) and a pgpdisk cannot be mounted unless norton anti-virus is turned off # [3] there is no support for the newer DH/DSA keys generated by gnupg # [4] the VPN software is incompatible with anything later than win98, and should not be installed # [5] potentially major legal hassles from the PGP corporation # # this is being double-signed so that people using any (non-CKT) GUI of 6.5.8, can see it crash on *any* windows platform # # vedaal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Acts of Kindness better the World, and protect the Soul iQIcBAEBCAAGBQJJAeHJAAoJEFBvT6HTX7GGQvUP/RxuTHeKlVJxv+ICq/aqCQW3 L3rFtjvM5M71BoT2024ovJG90+YZnw64PrPQBFbTG29qpt02QP+YglZWKvdLAb/S QgXbhRW0zyCtg33HIO3LEJeHLVST23Dg8y1V+lAXdKRak0re9XyI1uzWY8+LuN+n bxDKi0pFgr9l8jmhn9oQDi8PO2ekhTim8kZpQg7x9NwBHuQD5G4fYO569l/nj+e/ xzXxcbrCDaM3IL8GnZa6TbHihGhDkc9W2nogwCTojWHDm5ikm9M/vW5cbErEOD8S C/Rg+njQp5SOL3Il+HfC6jl5siRvCoWWBh0eJozkBNcI7k2TGiO8gEQoiKM3xyDA Ymf/UBHG3vWIwXV1bezsgBsOE8UPFapYfovgWlw+Nh/LG5YQNEue7VYOiL2RUgk/ tDmJ+BBTdzv5HGfD+HA4YAWF0zKt9dkL+WeNkHa1iqZPgeG0S1xAd4GxRUUIQ4o3 PRk3UF1aS6gFZNGpxGF/h3++jjv+89Hux/g0SGIrDgOy+qe2FG64QHAw9isgQ5dW XnRgxhqGr3wbDKkOiXCVq9HD9ubcfP07+Fs6vpjjLSzfJe0UiLNmhUH6EBZmvGhj r3MUL3X56LrgJLZ+B+KXpJBEH7LF8VOgBYFyxEYyThS+RpW903NUcDbBRcZtS/ze TRavl4kEKgIjlpZK9xPPiQEVAwUBSQHhyWoFoLeFMG0lAQjHbQf+IblQ6RPRjDpp bOvU8EdxMsJ7xI2N5ZSky2QbgoF046VgvC4dckJ28G2Pcf9SaR0dP2fBfSfpev44 0kYZnrbO2loBXCdVOzoQ7YoC45wq7NU4CuXjGuf/9GWlZbHzejajRcndb3olWhCB PgdHo6foa8SW/99adGJhJBF2MqebCSj4X5JHIhYynCtHY2aSLeIvtn89EZ9N4WiJ r3tykKF2hWql/BZiTc7CSZbDvvJsQXagcyTdGqcitbNCsmLo6sdq9TTzpi9DLzGU /mHeIsMA3R3Lq2PU3Lx8d7afZjPpQfAZu+TyhSQSbgVi/Ya5EIsIS8BtGBb8mGNk hEmplZI16Q== =p3lK -----END PGP SIGNATURE----- any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Need cash? Apply now for a credit loan with fast approval. http://tagline.hushmail.com/fc/Ioyw6h4d9Gyqaavx5tPd3S2yzh95ubimI30oOdbHUu04Vmfqk5No6b/ From faramir.cl at gmail.com Fri Oct 24 21:23:01 2008 From: faramir.cl at gmail.com (Faramir) Date: Fri, 24 Oct 2008 16:23:01 -0300 Subject: set type digest mode? plus other query In-Reply-To: References: Message-ID: <49022095.8040306@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Laurent Jumet escribi?: > > Hello Faramir ! Hello! > Faramir wrote: ... >> I _think_ the gpg.conf should be in the same dir where the gpg.exe >> file is located... just try it, if it doesn't work, then move it to the >> other folder... > > GPG.CONF is expected to be in the Keyring\ Ok, I'll try to remember that... Thanks for the clarification Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJAiCVAAoJEMV4f6PvczxAoHsH/RjytNJEFVp354+seWaMI0TI 9m2jWzqwZ7ZF9TGUNyNr9ftOvnOoqWlB8FcE7M794BaYffrmosGw+QdCHd+mczYe eRa0NX67wNMdvG1S4nleZ3OlMtnlLlS9VKw/APia41IAT/5wfv2TjnPW7JV0+rNk 9xnEvuUApICiDVit5JmlvXffR5QoDAaDNbIZ5i3/0fRAj0K4c+yBe6ESQhV9kAFS y1oc0e2b5cnVGs6sEcDStUTyT7sMq/QzokPhf3UJlbLQJLZeazTlO59fvdiI7Een 8R9TjBu1Ctssteu2B3QzONqzdZvpJHfXm8HLUGydibDwntjtl02eMWGHpupTpi4= =o5FX -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Oct 25 02:42:14 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 24 Oct 2008 20:42:14 -0400 Subject: PGP 6.5.8 ckt, just say no. (was: Re: set type digest mode? plus other query) In-Reply-To: <20081024144148.4C03D158045@smtp.hushmail.com> References: <20081024144148.4C03D158045@smtp.hushmail.com> Message-ID: <2D860DC0-89A8-459C-9CD7-E307D6464335@jabberwocky.com> On Oct 24, 2008, at 10:41 AM, vedaal at hush.com wrote: > [1] any ckt V4 rsa keys generated, > have the rsa subkey as both sign and encrypt, > and there is (as yet, afaik,) no way > that gnupg can be used to get such a key to cross-certify the > primary key, > and since the subkey will be used by default by gnupg to sign, > gnupg will give error messages about the verification gpg --edit-key (thekey) cross-certify save Please don't anyone take that to mean that I think people should use 6.5.8ckt. I really don't. David From stefanxe at gmx.net Sat Oct 25 12:42:49 2008 From: stefanxe at gmx.net (Stefan X) Date: Sat, 25 Oct 2008 12:42:49 +0200 Subject: GNUPGHOME for Linux? Message-ID: <4902F829.8080506@gmx.net> Hi! On Linux I would like to change the homedirectory from ~/.gnupg to /something/else. Defining GNUPGHOME has no effect on my Linux system while it worked on Windows. Does this option not exist in GnuPG for Linux? How to define something similar. Because I want to use gnupg indirectly through other porgrams I can NOT use a parameter such as "--homedir". The only workaround I found was setting HOME to /something/else and use /something/else/.gnupg . But this is ugly. Any ideas? From werewolf6851 at gmail.com Sat Oct 25 14:51:03 2008 From: werewolf6851 at gmail.com (Werewolf) Date: Sat, 25 Oct 2008 08:51:03 -0400 Subject: GNUPGHOME for Linux? In-Reply-To: <4902F829.8080506@gmx.net> References: <4902F829.8080506@gmx.net> Message-ID: <49031637.3030305@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Stefan X wrote: > Hi! > On Linux I would like to change the homedirectory from ~/.gnupg to > /something/else. > > Defining GNUPGHOME has no effect on my Linux system while it worked on > Windows. Does this option not exist in GnuPG for Linux? How to define > something similar. > > Because I want to use gnupg indirectly through other porgrams I can NOT > use a parameter such as "--homedir". > > The only workaround I found was setting HOME to /something/else and use > /something/else/.gnupg . But this is ugly. > > Any ideas? > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > That the beauty of Linux usually more than one way to do something Since I keep my keyrings on a usb drive, I use the command ln -s /path/to/keyrings .gnupg cavent that there's no current .gnupg dir. You could rename current .gnupg to .gnupg-old then anytime you wanted to point to it ln -sf .gnupg-old .gnupg this makes a symbiloc link between the two directories and gpg will see all /path/to/keyrings as .gnupg - -- Werewolf ======================================= http://spandex31095.tripod.com/ Skype: Werewolf6851 ===== Instant Messenger Accounts ====== Yahoo: lover_of_lycra ICQ: 304325894 MSN: lover_of_lycra at hotmail.com AIM: LycraloverWolf ======================================= GPG key 76E6C1BC with following fingerprint D508 2C9D B3A9 2F0E E472 95A8 2D8C B9E6 76E6 C1BC ======================================= Zoe: "You sanguine about the kind of reception we're apt to receive on an Alliance ship, Cap'n?" Mal: "Absolutely." (beat) "What's 'sanguine' mean?" Zoe: " 'Sanguine'. Hopeful. Plus -- point of interest -- it also means 'bloody'." Mal: "Well, that pretty much covers all the options, don't it?" --Episode #5, "Safe" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Portable Thunderbird version 2.0.0.17 (20080914) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREKAAYFAkkDFjYACgkQLYy55nbmwby9oQCfT/hOveDsNCRCPrMMm6GlBYre MY4AoJyEiPlIEbV9peTWzmM74yF6gg8P =io7E -----END PGP SIGNATURE----- From tmz at pobox.com Sat Oct 25 15:26:17 2008 From: tmz at pobox.com (Todd Zullinger) Date: Sat, 25 Oct 2008 09:26:17 -0400 Subject: GNUPGHOME for Linux? In-Reply-To: <4902F829.8080506@gmx.net> References: <4902F829.8080506@gmx.net> Message-ID: <20081025132617.GE8280@inocybe.teonanacatl.org> Stefan X wrote: > On Linux I would like to change the homedirectory from ~/.gnupg to > /something/else. > > Defining GNUPGHOME has no effect on my Linux system while it worked > on Windows. Does this option not exist in GnuPG for Linux? How to > define something similar. GNUPGHOME works fine on linux. How are you setting it? If your shell is bash, then you should use something like: export GNUPGHOME=/something/else Put this in ~/.bash_profile so that it gets set whenever you login. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am willing to make the mistakes if someone else is willing to learn from them. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From stefanxe at gmx.net Sat Oct 25 16:14:06 2008 From: stefanxe at gmx.net (Stefan X) Date: Sat, 25 Oct 2008 16:14:06 +0200 Subject: GNUPGHOME for Linux? In-Reply-To: <20081025132617.GE8280@inocybe.teonanacatl.org> References: <4902F829.8080506@gmx.net> <20081025132617.GE8280@inocybe.teonanacatl.org> Message-ID: <490329AE.3020709@gmx.net> Thanks, this was my mistake. Todd Zullinger schrieb: > Stefan X wrote: >> On Linux I would like to change the homedirectory from ~/.gnupg to >> /something/else. >> >> Defining GNUPGHOME has no effect on my Linux system while it worked >> on Windows. Does this option not exist in GnuPG for Linux? How to >> define something similar. > > GNUPGHOME works fine on linux. How are you setting it? If your shell > is bash, then you should use something like: > > export GNUPGHOME=/something/else > > Put this in ~/.bash_profile so that it gets set whenever you login. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From jpsecher at gmail.com Sun Oct 26 15:05:51 2008 From: jpsecher at gmail.com (Jens Peter Secher) Date: Sun, 26 Oct 2008 15:05:51 +0100 Subject: Key ID format: short or long? In-Reply-To: <20081022124641.GB4536@localhost> References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> <20081022124641.GB4536@localhost> Message-ID: 2008/10/22 Michael Kesper : > > Well, keys cannot be identified by the 8 chars alone. > I've once been to a key-signing-party with about 150 people and guess > what: There were collisions with other existing keys if you only would have > looked at the last 8 chars of the fingerprint. > That was quite unlucky, because there should be approximately 77000 people gathered together to get a probability of 50% of a collision, according to http://en.wikipedia.org/wiki/Birthday_attack. :-) -- Jens Peter Secher. _DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_. A. Because it breaks the logical sequence of discussion. Q. Why is top posting bad? From vedaal at hush.com Mon Oct 27 14:48:21 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Mon, 27 Oct 2008 09:48:21 -0400 Subject: =?UTF-8?B?UmU6ICBQR1AgNi41LjggY2t0LAlqdXN0IHNheSBuby4=?= Message-ID: <20081027134821.2DC9E15803E@smtp.hushmail.com> >Date: Fri, 24 Oct 2008 20:42:14 -0400 >From: David Shaw >Subject: PGP 6.5.8 ckt, just say no. (was: Re: set type digest >mode? >On Oct 24, 2008, at 10:41 AM, vedaal at hush.com wrote: > >> [1] any ckt V4 rsa keys generated, >> have the rsa subkey as both sign and encrypt, >> and there is (as yet, afaik,) no way >> that gnupg can be used to get such a key to cross-certify the >> primary key, >> and since the subkey will be used by default by gnupg to sign, >> gnupg will give error messages about the verification > >gpg --edit-key (thekey) >cross-certify >save > >Please don't anyone take that to mean that I think people should >use >6.5.8ckt. I really don't. OK, i won't but it *still* doesn't cross certify :-) (at least in 1.4.9 on windows) (if you can get it to work on linux, or gnupg 2.x, please let me know) here is an rsa v4 keypair generated in ckt to try to cross certify: -----BEGIN PGP PRIVATE KEY BLOCK----- Version: 6.5.8ckt Comment: passphrase: cktrsa lQdEBEkFv5IBEACt5cSV4jSKJmB1+s7fd4GaSlJMK+gN3EzdvQNWYtncGboEbuDT BsOeKkqxUQuyXpo6XT2L1/gStCWSWPsKHsvZcd6PZxw27RJbHhC4d8wq5+SleMkJ CCcSpZW1hocwr2i0kaE7zmnHSBKbMmFRBus0+il2167oMUDHa6AZJHt2ZcoNUOBe x1WvgDvye53BoWRJcxYKrF3zEFd7gtNSkFsXnLlzopXFGX5ET06695r7pProk5kA cQVkngn6U0mMxElojnDqWuRh/JaJH70XlbYkfdTB2GjyeL258caebmKMjZgRMWoN KWoSxmru5FvZNcKFWw6aNCrxT0zjiOxA343qwl0py8Q2Og7wuiiDieyQ5y7msP58 OIFiymZ8WCkC84QL4yCOSCCfwxKpaZL9+sdBIs4ad7gIcHgo2bjpxeb8LRnI4JBq QHYXiogYS2CFIHANe3TnlqQGgN8i/dV9QjQPnF4f2acsH8el60cWYTSnN/ZjpxMz kvC2jUsgpP+EL8qG0UlrC+Jl5mHxoxBjWoXmiy8ME7aq86FV6mP3pXCLVHFHtEvz 1NcQReZWjCKRk8qzp9XgnQw4sB0xoEaqvXNLvfnCxDHksFXTy8OkrKde8Dt9j+xT YAnA4+8ou0dvVFU0NGly+dB6z7Ft7q3oCQIFeCEywwmEijBIsBSSGZBgqwAFEf4J AwIUycp3ETYni2DdB3iRd5k7iimRjetf+mzcyna39kulUW5ojDN6ZvI7+JL173MW BeGjWgGTyn/voT2nQBGmodHFcYH8hEsIBo1saO9PwcYM6W4kaEeZO0vecc0HHzjg 28oyQ9/6/MrDv6BBCr19QxRr/tOrQO0AhYz/Z1k7sW27I3kPW71vNIRDZZwY3LWk V6pd+CA/QU5pJgrZ/idqdGU2rd+EUTtiVjn7hUcZIAHatckQPo3fIqHcvUWe4bTu vZquQrdVh8A8s71TTiO9BrnMNEqwn3fLxFC3uLlf/OQpNAL2OTjlH44pp3IUBojq Tto3ru3wGLnF0tpncpeNHtcP07FG0TxJ7b2e5Xz3glaBvTF1ujo+O/kg0HunmgR7 RSiHMSBjh0nxcNG2qWSg/HKw2n4txJfYWIVgXmbEqfOIB7nHih/xCnEgCSeFFVf6 kiC/GnoppDD0SxL1t4FfbJSWLKc3CgJISrxFus2vGhbx6lbs1kYd54p3HDcCeo5d pNkqC2pcMS/qj/zeh44uv3yUXMNC4uxsYoIAf88HpdoNCCikV2qo6JOOxvuz9RXE C/ZsJyLnL+hWu7Ws5B27Md8lxiNmh3fHPQnJz3dutFDEC0AyjRTAbqrNSRzeklOB s1Lk0Um16JzcPJHMOl71j1AP2OVVx86uB1a9y4Lql93lSgEtsZpHlW0bPuIVLVNd gNvTerSdJ0CGk9g1L7jGlh/6Llb0h2gSx6OcpZYubPTWWRviCpajiZjJbLBTGTF4 uONqngUwnzKPe7hCsTuQ07sBnnDlNy1659woyUekbC6C6drXRpwtjma3lMaImFvm tdNQvvKbO91+2zi1KSvubNNKIe2G7wjQqNuhxVVG7PIvqoZKyqTXYAORvA5kKMl5 aqxJCNZ+yYPq+TA4979Is8VhvfH7dOesgUfuErAuN6bqLR9ztMdzlDpQNaENmt5R esEOLd3RYhNEEe3+OeXD0Uke2fBRAKXmFX21s9AuqJf4tNTpgJ+xht9cjRH+81hx yJqVs7ImhQ0Tt60KsUdKnEq8mK9w/A41T2vLqWF4GPPSRZyr5NhjEQ5/HklokhhQ 8npD+sCEWIP4c8fcLChNdQ1advRopUcaNaYgfVLkZ8hCvLP7Z/xnPwfwQhdG68wu O1Nft9C7BPJwbyu41wk+fOUeIfvFrbN7N2/XjXfaJxWKV3zxwOn8bhaZbHPLHyTq C5pdi8OK/1G9tyL5LY1BL8ATVVzbXjk4bzOiNq4dJNIIVFveUqYsePe5Jrnfb7C8 E/VtGI0O0KbTFJl/fZ1rxgd7xfGuc4wYYKpt0qFuYa2O5DpZLe7dC2FSWCI6S1hm iuvyoxU0bt2HcaxAOZGWIMno0ryuqCSBo4fkY4IIrmwTFE53mCA/tsd7raCmvAFH vX1TSiqkdOkcbteNn2t9POqN/FOLxHSA/HH12qahPIcCSpWiWNqYem1DJuwZeQFp 8S7t4vHgO1/O5Mrs+s6epzrJsX5usKlHtcXK7yRLuS6apvFieaHJj6C+nJtBNcZ8 91UsRKjKgUvidWL2eVvlUsEvj+i4kt+s8yvG/t7d02IBxmnhc+Xis6KYT5WzEHW6 WkQaueyylDowWxQEfDPgBojEE728HEXLSEENNeQYzkdaiWsxGRbVphDKejIKrKr6 AflE+bLF4MJ9ay7jZ+oPodc+44Es3wu84ZOFDdzNODxNICwAlfBS4osi1WNG0hoM jXwsmXplOZVuBkVkuLl3afkKO8BoINRG+peGKFgXjrOoeDqAC3jWtBhja3Ryc2Eg PGNrdHJzYUBrZXkudGVzdD6dB0QESQU8wAEQAM/U2Ev+d8xdRVi3mbrvxdu7ccCM fZPp3mZ2wzVxZMWaGMuBZKJGSB4zFaYx5tcvl9MyiYvxfqXnLkixZbW/2TW38BTi YJx7JX3Q38G4QGTaH39KwH4EfgLIaUhV3Pvgx/obLKeHr3KNcJRyt3e71HLbd33K ORHP4FcfPRQW4cSmlMDjsZG/rR6hZqmMvp+LbS0IOevF0jzlBevSpuuoSqAs2OLZ VEdR1xzLMX4YFtvQKnBP14x+XGQm0jrCr3jpNROyo1LpgxtkDjXxEWnEpqFjjMbJ dqo0CeHPl4mV3NxM+rR0jHRjasOKabUV5cVY4/C9M55380ItuRmtr7IVlRaS3ZtM m0RiZI1pwBDrg7C57zjt66FJZckGJYuNXAjFZb3BaSkragD/WR3OEgO2mBTRgVDn OUf5cDzxF/ttEOs1xjPgOLi1PYy7tuMH0YaU93qbCDJ/op9Mm3X6frUmQcaziKPx dJSn3kR3o4glJh9gR8bhQkpcvLRUPBxlbo8ZumZjt2xF1dB/s7J9XuufK0MjAsnz o29m9eRfopcxzAAJ5xxTW9Dog1QjrOmEwBq1RnoWaylwaM0tczdxTzrEZrRO3z9R mqQTe+9vQggrwSZUpvEfm0Q3yYEA916JXjM3qemlWWA/jkbTxMBffs9hQaKU+eZD nL4/8USrYyqG40kDAAUR/gkDAipLq9B7FciMYDfGoZC5A68X7xO9G3BRQCXdXeAJ AKkiu+Z5wCpDpzTPMlFU5cDa3mkTmSVwAA4Cz54wLi/hYGObt1QMCjStIWXcfCVW St/zN130vkJ8yaUqRbzvDhkxjECzW0eVc3mn3RndxEfbXNtFhItbKpAOjn2n9sR2 zCADa8KPC261MNQZ4jXVVrcTZtQlLdArSd75Yd43i+Ybn0FEWta51keI+1VlkiWO dCIp8z3x8RX1Fl5zsRnjIiCCZjnO9PF8zNE2pYLiEMF4a+6CUZ7gq5DXVymq5R2L MTqgID+OhSQ9lXRJiE+0kMiymQdrX54rz1ENQ4a12yXZtZzGU+DauP+rxSgo9cUj XoicaYM5hMLKBIDrJ0nMkWUG4/gnhEcoxkQb/1UieDVdUz0XpOSMkbgknX3M1zQJ dwNRJAKt6QCsucbsihlC4g3rxRgalBY/sZlBc2cLlDbj5/0uxedk6sChK/wkbp2e FV0BTQ+xN2kl+hU8/Br2kSCemB9RGUnO3YK+KFdwAk6TNqiVRkHEQ8WmXkm54JTy ZFhKrWMB8hdsbdHNb6fXOIS3Y9Urq7OrTDVYcmAKWmorLWrjk467JqjTBZ9lOS83 fmxsktaR3RcP4fy4CNCAX6qcrJFy1C3voNo6y1kYcN1Bh58Mkva9iTNllaYJzwjk 7s/baEw3SKwjgcfGnFHxswoLRlUh2wNVLLB8gPUaqtthqAIgXG0rh0k86Ne/UF3l j2PvfIoTL68BbHRd/RPCy0c7+zF44VGiLbnx5KE8b8U7exdZeOwY3aYAe5OXlq1z fvNBZiu7UAY6yQ7aDXGr9N2hhixWkTOjrIXOIYD9EwHycRa7BnEs3zflZw5wkAK/ tZqpIJEqU7TI445qy7vROXP0o9JBkx+26SHD49EBR1+7fP4PUOU6O//xco/0KVxb OwJfFFitChWxFL9m5ATgnOUtghvXoDPWP9AlxTEV+ANyfn9KXtpdZJER+Syy28T8 b9QPg4k9Ld5tovPCgGukAN/3c5IHdjReXTGplA+SlnxQt0BrPWA2PueWOIFDpSIo rM9usNoojsNpF1SuBROXLhxFRPPGIZ7/utIcKDI0VcIQn6GqZl24UHrdEfr4zZeh g7dcWRHn2EXZR0yX4vJuOWMz04lHx78nJeeUMDZK/XhhCHlShjDFV8+FyIsHx1Z9 qKEBKn3zW6qg5T4FIw4bpk3zWkv4bQhpXEOlyIDlsvM8VOKZ2ZyqX7TO5XNFs7bu e4e2AQdOd9fXNtm6iWBq0dMKH1DFuqJu4patJ3ayWHLlnO6gPPw+ij9XEcPddVHN PADA3W4NlWWrDcpvfStOJ0NW90SPFZTZrgFwBMJ/8eVyEAeC6cNUOUuueAplfd/5 HRCq6m/2T0smTVARsKlJUvKx+08eonjA75ry3SWWPEISrgw4RrqCFXQd3soMu8ho djNrMwwEzcLKH+kgO04Hkr6tihL74WTzwMdpQgK0M2GQRE+nh03nlzpkMD/vZFse sAsxfNIvO8madXt+yToTWnMxmj1f6X5A3h9oKRClAihf+pPZbUmAU3gf3pHLJ0Mf atE4KknPmnP2ETp0dKSBZ1qjNUNUQ8HdilRQnv6tDXNHU9PhUEffuUk2LWh6c9ZZ KBcsAe7yBdu8Hj81z6qkNywDZ69s/F439Rr8oQwSFYI/M06vEX5e0/qSH6laq9gJ CV8dlxvtVZHJyfmeeT6ybRlmlIflC7at/QfxyAjRz81Uad+vH35WJd8c6E/zI/8X nvht/0XW1os= =1J6t -----END PGP PRIVATE KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 6.5.8ckt mQILBEkFv5IBEACt5cSV4jSKJmB1+s7fd4GaSlJMK+gN3EzdvQNWYtncGboEbuDT BsOeKkqxUQuyXpo6XT2L1/gStCWSWPsKHsvZcd6PZxw27RJbHhC4d8wq5+SleMkJ CCcSpZW1hocwr2i0kaE7zmnHSBKbMmFRBus0+il2167oMUDHa6AZJHt2ZcoNUOBe x1WvgDvye53BoWRJcxYKrF3zEFd7gtNSkFsXnLlzopXFGX5ET06695r7pProk5kA cQVkngn6U0mMxElojnDqWuRh/JaJH70XlbYkfdTB2GjyeL258caebmKMjZgRMWoN KWoSxmru5FvZNcKFWw6aNCrxT0zjiOxA343qwl0py8Q2Og7wuiiDieyQ5y7msP58 OIFiymZ8WCkC84QL4yCOSCCfwxKpaZL9+sdBIs4ad7gIcHgo2bjpxeb8LRnI4JBq QHYXiogYS2CFIHANe3TnlqQGgN8i/dV9QjQPnF4f2acsH8el60cWYTSnN/ZjpxMz kvC2jUsgpP+EL8qG0UlrC+Jl5mHxoxBjWoXmiy8ME7aq86FV6mP3pXCLVHFHtEvz 1NcQReZWjCKRk8qzp9XgnQw4sB0xoEaqvXNLvfnCxDHksFXTy8OkrKde8Dt9j+xT YAnA4+8ou0dvVFU0NGly+dB6z7Ft7q3oCQIFeCEywwmEijBIsBSSGZBgqwAFEbQY Y2t0cnNhIDxja3Ryc2FAa2V5LnRlc3Q+iQIpBBABCgATBQJJBb+SCQsJCggCBwMB BAIZAQAKCRCYkboBL+cpeV4mD/4kdWvAUJWlw3/AjrRrd9lFoE5a8E0D2Xa2quEY oJEbXKxygFiTEDw2bXeF4CUl2FZeH9Q3GlZEaHm8TuvcLW709WgsH0jZu5oJNFPG cvZwmTaaiN0wb9of10DOIuEboWIcN3fCwPtZahZobTXgjGLhqnstrvXtztB8FOqp g4hJjQPAoVC9wOIxnyptN8u8Gvb4JdJHaK9Nt22r1KMfLIhxljetwffAB1iRbpeZ KV25QCKqWe00aQizjEOHzZXCyRTLSENkCR8GYF1ogaRpOQDCXUlA7s8fXiWEn7yp cCnrLT5Xvi2dAYsMHTqBIwSsqUkGGX1c89Zfr5krNWngQD8p064DdXv8PEevQjw3 weXKg/C06iAme8fS0yOnbUysvfKvlvhgnchTDbTdxguINe3PwsHybXaEalqVaoMV hbDmcUse4GXPD4b4Y5KMBngUcv0n6S4hAfaaumsxW9w4fxwjj2TqKy0Wxf5FXm5/ 8y3WhCL0LBpaUCjennxTXRGs56npCTbY70QBLk+yh6qL0jjDK/j4v6LL5l2fC1I4 B9sBENOH5+JtFdCDzOwZDrt7JrfH46/P1c5lZbyef/FyPcxS0b3oMwgfTQLElIWW R0p0XPqZSC7WAqLBLUgkjNLW0khUzHWK+6ewnolYvuXyW09x36Q3eRxsOQmg2mkq H2A2EbkCCwRJBTzAARAAz9TYS/53zF1FWLeZuu/F27txwIx9k+neZnbDNXFkxZoY y4FkokZIHjMVpjHm1y+X0zKJi/F+pecuSLFltb/ZNbfwFOJgnHslfdDfwbhAZNof f0rAfgR+AshpSFXc++DH+hssp4evco1wlHK3d7vUctt3fco5Ec/gVx89FBbhxKaU wOOxkb+tHqFmqYy+n4ttLQg568XSPOUF69Km66hKoCzY4tlUR1HXHMsxfhgW29Aq cE/XjH5cZCbSOsKveOk1E7KjUumDG2QONfERacSmoWOMxsl2qjQJ4c+XiZXc3Ez6 tHSMdGNqw4pptRXlxVjj8L0znnfzQi25Ga2vshWVFpLdm0ybRGJkjWnAEOuDsLnv OO3roUllyQYli41cCMVlvcFpKStqAP9ZHc4SA7aYFNGBUOc5R/lwPPEX+20Q6zXG M+A4uLU9jLu24wfRhpT3epsIMn+in0ybdfp+tSZBxrOIo/F0lKfeRHejiCUmH2BH xuFCSly8tFQ8HGVujxm6ZmO3bEXV0H+zsn1e658rQyMCyfOjb2b15F+ilzHMAAnn HFNb0OiDVCOs6YTAGrVGehZrKXBozS1zN3FPOsRmtE7fP1GapBN7729CCCvBJlSm 8R+bRDfJgQD3XoleMzep6aVZYD+ORtPEwF9+z2FBopT55kOcvj/xRKtjKobjSQMA BRGJAhUDBRhJBcMLmJG6AS/nKXkBCod1D/92QIIWCEc7Ee9+X609fXPmn5QyRslT KnYgjtcP4mGTjAY04wV5qRLDZNztI8EX8qow6b9NeRxfIbKugcxP6dWT6afPghFl EsPJA6sa8mGYQ7uUWR46wcfd215Ui+3olWIZfMZ4XrgKNkmcNmwEXvpG3CJumID8 0LPvxe7OShNCHJk9KRwnsSKXwLpRhCe9+XeGHXpm2U0uwVsr1gMCPxXZRzMTZO9i q2+zS67OOVRY/r67RqcMAdov+UksbmhERwcL/Q4TO9/Q4YweVthsXSVZdR34SR9n oFNZByor0CTNbyiC1E4gho4zDLca6+wA0kOmCGJAekcMPT5goLt81e1XpmpPBHaO I0Gxx/CFes6CvYhYja0zg4PRv26/SAMzIyJap6EYbpXgO6Um671m0DM8+SCUmx9e 1DuKjBQt0yTOhWfqhQARRIoAewWBfX2Mb3yj62jyHyw7eGvc16xU2gPZAwczwRCn LtprEnRWv2sdR2c043SEWLSWouFfQHgis444/eUZ5iqjKZQ6RYGwS8n+xpcpsYK0 sBfXAl38FWnpNZkk4J24feZ4G6Z3FfBKitPbf3Y/6bv6T83mj4KkhCj+hPcgIVRE +WmC3u+Am7vP1AbPA7aKwIBKAZmpm2EI4NP7+OlBkWYL3LVwdbkYuToEKB0O9Yu1 S3EI/KEiRPJzNw== =jUoa -----END PGP PUBLIC KEY BLOCK----- btw, more than an academic issue for me, it's one of the reasons i had to generate a new rsa v4 key using gnupg, because i couldn't get gnupg to cross-certify my older key so if there *is* a way, please let me know, so i can cross-certify my older v4 key Thanks, vedaal -- Click now for great deals on quality business cards! http://tagline.hushmail.com/fc/Ioyw6h4dApHcfn1VaU6J6aIFV51xwugzJqda7euOdHvivqZ1ggNnB9/ From laurent.jumet at skynet.be Mon Oct 27 15:21:20 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Mon, 27 Oct 2008 16:21:20 +0200 Subject: STrange message... Message-ID: Hello ! I took a message on this list with Thunderbird, and a dialog box poped up asking me to introduce my passphrase or my card's pin... What's that? -- Laurent Jumet KeyID: 0xCFAF704C From rjh at sixdemonbag.org Mon Oct 27 15:29:00 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 27 Oct 2008 10:29:00 -0400 Subject: STrange message... In-Reply-To: References: Message-ID: <4905D02C.1080909@sixdemonbag.org> Laurent Jumet wrote: > I took a message on this list with Thunderbird, and a dialog box > poped up asking me to introduce my passphrase or my card's pin... > What's that? Do you mean "what's up with that window appearing"? Enigmail (a plugin for Thunderbird, one you apparently have installed) saw a PGP message header, assumed it contained an encrypted message, and prompted for a passphrase. Do you mean "what's a card PIN"? GnuPG allows keys to be stored on smartcards, where they are protected by a personal identification number (a PIN) instead of a passphrase. From laurent.jumet at skynet.be Mon Oct 27 15:34:00 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Mon, 27 Oct 2008 16:34:00 +0200 Subject: STrange message... In-Reply-To: <4905D02C.1080909@sixdemonbag.org> Message-ID: Hello Robert ! "Robert J. Hansen" wrote: >> I took a message on this list with Thunderbird, and a dialog box >> poped up asking me to introduce my passphrase or my card's pin... >> What's that? > Do you mean "what's up with that window appearing"? Enigmail (a plugin > for Thunderbird, one you apparently have installed) saw a PGP message > header, assumed it contained an encrypted message, and prompted for a > passphrase. May we assume that this kind of pop-up cannot be imitated by a hacker that wants us to type our passphrase in his box? -- Laurent Jumet KeyID: 0xCFAF704C From rjh at sixdemonbag.org Mon Oct 27 17:00:45 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 27 Oct 2008 12:00:45 -0400 Subject: STrange message... In-Reply-To: References: Message-ID: > May we assume that this kind of pop-up cannot be imitated by a > hacker that wants us to type our passphrase in his box? Of course not. If your box gets pwned, the person who pwns it can do whatever they want to it. If your box is compromised, you're in a game over state. From erpo41 at gmail.com Mon Oct 27 17:27:43 2008 From: erpo41 at gmail.com (Eric Anopolsky) Date: Mon, 27 Oct 2008 10:27:43 -0600 Subject: STrange message... In-Reply-To: References:

Message-ID: <1225124863.7241.17.camel@telesto> On Mon, 2008-10-27 at 12:00 -0400, Robert J. Hansen wrote: > > May we assume that this kind of pop-up cannot be imitated by a > > hacker that wants us to type our passphrase in his box? > > Of course not. If your box gets pwned, the person who pwns it can do > whatever they want to it. > I think what the original poster is asking is: Provided that a flaw in my client software is not being exploited, is it possible that this dialog box is not authentic? For example, it's no secret that web pages can pop up alert boxes (a capability that someone visiting from the past might think is the exclusive domain of client-side applications). So trusting anything that appears in an alert box would be foolish. > If your box is compromised, you're in a game over state. This is true. However, nobody takes the effort to sift through every byte of machine code on their computer before decrypting a file. It's also beyond nearly everyone to compile their own software, let alone audit gnupg, gpgme, and their email client of choice for bugs that could possibly be used to obtain private keys and passphrases. So the only thing a user can do in this case is to put a little effort into developing a sense of which dialog boxes might or might not be authentic based on how they look. This defeats some attacks. To answer the original poster's question: You are right to be concerned that the dialog box you are seeing might not be authentic, and kudos for being so security-conscious. You are doing better than 99% of the people out there. If you google "dialog spoofing", you can find out more about this problem. Cheers, Eric -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: This is a digitally signed message part URL: From faramir.cl at gmail.com Tue Oct 28 00:07:58 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 27 Oct 2008 20:07:58 -0300 Subject: STrange message... In-Reply-To: References: Message-ID: <490649CE.60805@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Laurent Jumet escribi?: > Hello ! > > I took a message on this list with Thunderbird, and a dialog box poped up asking me to > introduce my passphrase or my card's pin... > What's that? Was it the message from vedaal at hush.com, about "Re: PGP 6.5.8 ckt, just say no." If so, I think TB was asking you to enter the passphrase for the secret key he included in the message (he also included the passphrase). I was surprised because at first I thought I had received an encrypted message from the list... but once I opened the message (despite the error message saying the passphrase was wrong), I realized what was it about. By the way, he sent a test key, AFAIK, he has not compromised his own key... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJBknNAAoJEMV4f6PvczxA7IYH/0N+i68DDBY//N4jlGlSTQQV c1KaT6sMXAGHXR296BpxzimPbP64PD/JFI0LA8ApEzL6NbyivgN3So24mSMbHFGw 4D4axTt4Kscd9AnGfOmRXKBQaFFyIMYITjvcCc0EkBEJH0WCAd15qANqT9wzCIIy /mV3ywIebfnozaZMh8yZdv9FsOkcnO+j8vG0tAAglSOK/0OPgZOMh7bLNIRjyKcu 5AWDfwTvoH5yH/BeT9sY7hlwKh8Nv65ZJq/e4wrl0BhaGxTvLlDffMnc4ffyxtYb M2unVNdI1yui2W4g/ngHRHXuMhxVbuYoGqDdGFaiMshZdcPa8JUhNua5j/CSFCs= =kdaJ -----END PGP SIGNATURE----- From faramir.cl at gmail.com Tue Oct 28 00:16:07 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 27 Oct 2008 20:16:07 -0300 Subject: STrange message... In-Reply-To: References: Message-ID: <49064BB7.6090902@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Laurent Jumet escribi?: >> Do you mean "what's up with that window appearing"? Enigmail (a plugin >> for Thunderbird, one you apparently have installed) saw a PGP message >> header, assumed it contained an encrypted message, and prompted for a >> passphrase. > > May we assume that this kind of pop-up cannot be imitated by a hacker that wants us to type our passphrase in his box? I would not assume that, but also, we can't asume a hacker can't create a trojan resembling gpg.exe, for the same purpose... And if we are afraid of entering the passphrase of the secret key... then we can't read any encrypted message from any email client (we could still copy/paste the message and decrypt it with gpg... but that would be a bit laborious). Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJBku3AAoJEMV4f6PvczxAP5QIAIh2BA6J2vZs7IGwXiCPvr19 D2zJoMy18Xwq3dNgRN8FiF+wAfTlidCoimqBANyc8D9KNNaAMdBsJaMEsKDxDETJ l3ZEzO+okMxES0ZSkUyabfX9W8S8GLLfUAAZtLZm/ZjGxEAq0bB8o2xEIW+bVNpS e32r0bOH7EmD4fWA4VFLMH0R8Yqdj+SDbpB4LPV4awzzStqN7SnL/vO8Rj28EKlU wzUsn7SVImR1MKYOGMS76JhF5s2A2nAQw4rdh8YaJZV2bjHQucdM6ywjpIevwkOS Ge6xQSPG5apUiFLnxjoXcJ9xUi16bweTPV3wTvloNxzIWlx6LtqIoiIfONAsP0E= =I2hP -----END PGP SIGNATURE----- From laurent.jumet at skynet.be Tue Oct 28 02:00:36 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Tue, 28 Oct 2008 03:00:36 +0200 Subject: STrange message... In-Reply-To: <490649CE.60805@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Faramir ! Faramir wrote: >> I took a message on this list with Thunderbird, and a dialog box poped >> up asking me to introduce my passphrase or my card's pin... >> What's that? > Was it the message from vedaal at hush.com, about "Re: PGP 6.5.8 ckt, > just say no." ...yes. > If so, I think TB was asking you to enter the passphrase for the > secret key he included in the message (he also included the passphrase). > I was surprised because at first I though > t I had received an encrypted > message from the list... but once I opened the message (despite the > error message saying the passphrase was wrong), I realized what was it > about. > By the way, he sent a test key, AFAIK, he has not compromised his own > key... I think this is an interesting event; it could demonstrate some hole... :-) - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iHEEAREDADEFAkkGZK8qGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMUGQAoPiy96PyovzdO/DhK526ln4ATGSjAJ9l rfo21yFx5Tr2kgXKpenTbeOsDg== =H3Rn -----END PGP SIGNATURE----- From faramir.cl at gmail.com Tue Oct 28 03:23:52 2008 From: faramir.cl at gmail.com (Faramir) Date: Mon, 27 Oct 2008 23:23:52 -0300 Subject: STrange message... In-Reply-To: References: Message-ID: <490677B8.2080005@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Laurent Jumet escribi?: > > Hello Faramir ! Hello Laurent! >> Was it the message from vedaal at hush.com, about "Re: PGP 6.5.8 ckt, >> just say no." > > ...yes. ... > I think this is an interesting event; it could demonstrate some hole... :-) Well, I _suppose_ (and I can be very wrong about it) it is not a threat, probably, since GnuPG is "smart" and it can "decide" what to do, depending on the input it receives, probably enigmail detected a PGP block, and sent it to gpg... and gpg probably detected it was encrypted, and asked for a passphrase to decrypt it... I _suppose_ the worst thing that can happen, would the secret key being displayed unencrypted in the screen... but I doubt somebody would be able to look at it over your shoulder and memorize it ;) Anyway, since Thunderbird 2 can run javascript... would it be feasible to send a js file attached to a message, resembling Enigmail's passphrase dialog? Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJBne4AAoJEMV4f6PvczxA4bUH/iO6HB0gcfziO3nZwif/mixA uETHfow1WEQ+SwqzcowA+JdHvawBbpAgOpxFSI6+dR2cdN5l0p20TfR+d12Y6dJe VU8VA7TgtDtSZ3cI2zcKxO6fL3OuKDRbtOWnbKOXvyROb1WNVyMhUxI5y9Ourg7N Q/r9q81cy2iy+HNEt26znOVyMeZLj2EuXd97JsyOonguGkhQNjZ4F1EdXQKEsO31 ZHFh6SXC2pzD3Ox3D/VDjp9oqK+bsKmYdQDeS3poxgQiYq2Kw2Z0AhgLoqAZu0Z9 bEMO2Hj38pKsbdAkVW3432tpJf0/wGsySiGdV7dzMcDTFcoby9dHNWJ6sKWyfNA= =rHeV -----END PGP SIGNATURE----- From saltorr07 at gmail.com Tue Oct 28 01:52:56 2008 From: saltorr07 at gmail.com (Salvador Torres) Date: Mon, 27 Oct 2008 17:52:56 -0700 Subject: Encrypt / Decrypt Scripts Message-ID: <57aa0910810271752s616971f2o9f146f6aee2866d7@mail.gmail.com> Hi, I'm trying to run some Scripts to Encrypt and Decrypt files automatically.. now the questions are: How can I delete the *.ZIP files after this command is executed without errors ? gpg --batch --encrypt-files -r "KEY" c:\test2\*.zip Same case here: How can I delete the *.gpg files after this command is executed without errors and Successfully? gpg --passphrase-fd 0 --batch --decrypt-files *.gpg From laurent.jumet at skynet.be Tue Oct 28 07:55:43 2008 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Tue, 28 Oct 2008 08:55:43 +0200 Subject: STrange message... In-Reply-To: <490677B8.2080005@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Faramir ! Faramir wrote: > Well, I _suppose_ (and I can be very wrong about it) it is not a > threat, probably, since GnuPG is "smart" and it can "decide" what to do, > depending on the input it receives, probably enigmail detected > a PGP > block, and sent it to gpg... and gpg probably detected it was encrypted, > and asked for a passphrase to decrypt it... I _suppose_ the worst thing > that can happen, would the secret key being displayed unencrypted in the > screen... but I doubt somebody would be able to look at it over your > shoulder and memorize it ;) > Anyway, since Thunderbird 2 can run javascript... would it be feasible > to send a js file attached to a message, resembling Enigmail's > passphrase dialog? GnuPG is not involded. Everytime you use a shell, this shell can be: - -malicious itself, as it sees all your passwords and passphrases. - -imitated by a remote that sends a window that looks like the original one. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iHEEAREDADEFAkkGuGMqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMlLgAoMKx22a9OTIFzZgqXB/afKH9GR2qAKDg e9rt714qrLQB1pny0Ngxhfn1EQ== =xqRz -----END PGP SIGNATURE----- From hs2412 at gmail.com Tue Oct 28 13:56:30 2008 From: hs2412 at gmail.com (Hardeep Singh) Date: Tue, 28 Oct 2008 18:26:30 +0530 Subject: Problem running automated gpg In-Reply-To: <56A9D552A9343A4E83F5CFE6CC99D1C1021FA948@ganges.PharmaCentra.com> References: <56A9D552A9343A4E83F5CFE6CC99D1C1021FA948@ganges.PharmaCentra.com> Message-ID: Tried to figure this one out, but no direct clue. My suggestions: create a shell script and call the shell script from perl, rather than directly calling gpg with all the parameters. Second, try to print the current user from within perl similarly as printing ~. These two might give you some clue. Hardeep Singh http://blog.Hardeep.name 2008/10/22 Adam Robins : > Hello, > > > > I have a perl script called encrypt.pl that runs gpg as follows: > > > > system("gpg -r 'username' --batch --encrypt-files 'filename.ext' > 2>gpgerr.log"); > > > > When I run this from the console as root it works fine. However, if I run > it from cron as root: > > > > */1 * * * * root /home/user/scripts/encrypt.pl 2> gpgerr.log > > > > I get the following error: > > > > gpg: failed to create temporary file > `~/.gnupg/.#lk0x9693868.server.domain.com.28416': No such file or directory > > gpg: fatal: ~/.gnupg: can't create directory: No such file or directory > > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 > > > > The directory "/root/.gnupg" is there. Permissions are drwx------ root > root. I also tried chmod 777. > > > > If I put a command in the perl script: > > > > System('echo ~'); > > > > I get "/root" as a result. This leads me to believe that gpg is trying to > place the temp file in a directory other than "/root/.gnupg" when run from > cron. > > > > Any ideas are appreciated. > > > > Thanks, > > Adam > > > > _____________________________________________________________ > Adam Robins, CCP > Executive Vice President / Chief Information Officer > > PHARMACENTRA, LLC > 5901B Peachtree Dunwoody Road, Suite 380 > Atlanta, GA 30328 > > > > Office: 770-395-0088 x2034 > > Mobile: 770-855-1360 > Fax: 770-395-0989 > E-mail: arobins at pharmacentra.com > > Web: www.pharmacentra.com > > _____________________________________________________________ > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From hs2412 at gmail.com Tue Oct 28 13:50:07 2008 From: hs2412 at gmail.com (Hardeep Singh) Date: Tue, 28 Oct 2008 18:20:07 +0530 Subject: Encrypt / Decrypt Scripts In-Reply-To: <57aa0910810271752s616971f2o9f146f6aee2866d7@mail.gmail.com> References: <57aa0910810271752s616971f2o9f146f6aee2866d7@mail.gmail.com> Message-ID: This may be of help, although it doesnt apply directly: http://blog.hardeep.name/computer/20080904/auto-gpg/ Hardeep Singh http://blog.Hardeep.name 2008/10/28 Salvador Torres : > Hi, > I'm trying to run some Scripts to Encrypt and Decrypt files automatically.. > > now the questions are: > > How can I delete the *.ZIP files after this command is executed without > errors ? > > gpg --batch --encrypt-files -r "KEY" c:\test2\*.zip > > Same case here: > > How can I delete the *.gpg files after this command is executed without > errors and Successfully? > > gpg --passphrase-fd 0 --batch --decrypt-files *.gpg > Thanks, > SalTorr > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From mkesper at fsfe.org Sun Oct 26 20:33:05 2008 From: mkesper at fsfe.org (Michael Kesper) Date: Sun, 26 Oct 2008 20:33:05 +0100 Subject: Key ID format: short or long? In-Reply-To: References: <48FE1B51.4070608@gmail.com> <48FE7328.5080609@sixdemonbag.org> <48FE88D7.9090704@gmail.com> <20081022124641.GB4536@localhost> Message-ID: <20081026193304.GA7055@localhost> Hi, * Jens Peter Secher [2008-10-26 15:05:51 +0100]: ? > 2008/10/22 Michael Kesper : > > what: There were collisions with other existing keys if you only would have > > looked at the last 8 chars of the fingerprint. > > > > That was quite unlucky, because there should be approximately 77000 > people gathered together to get a probability of 50% of a collision, > according to http://en.wikipedia.org/wiki/Birthday_attack. :-) I double-checked. There were no collisions among the participating people but some of the participating keys short IDs collided with other existing short IDs. So, to be sure, always use 16 digits. Best wishes Michael -- Free Software Foundation Europe (FSFE) [] (http://fsfeurope.org) Treten Sie der Fellowship bei! [][][] (http://fsfe.org/join) Ihre Spende erm?glicht unsere Arbeit! || (http://fsfeurope.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 315 bytes Desc: Digital signature URL: From arobins at PharmaCentra.com Tue Oct 28 13:55:44 2008 From: arobins at PharmaCentra.com (Adam Robins) Date: Tue, 28 Oct 2008 08:55:44 -0400 Subject: Problem running automated gpg In-Reply-To: References: <56A9D552A9343A4E83F5CFE6CC99D1C1021FA948@ganges.PharmaCentra.com> Message-ID: <56A9D552A9343A4E83F5CFE6CC99D1C1021FB075@ganges.PharmaCentra.com> Thanks. This has been resolved by placing the parameter "--homedir /root/.gnupg" on the gpg command line. -----Original Message----- From: Hardeep Singh [mailto:hs2412 at gmail.com] Sent: Tuesday, October 28, 2008 8:57 AM To: Adam Robins Cc: gnupg-users at gnupg.org Subject: Re: Problem running automated gpg Tried to figure this one out, but no direct clue. My suggestions: create a shell script and call the shell script from perl, rather than directly calling gpg with all the parameters. Second, try to print the current user from within perl similarly as printing ~. These two might give you some clue. Hardeep Singh http://blog.Hardeep.name 2008/10/22 Adam Robins : > Hello, > > > > I have a perl script called encrypt.pl that runs gpg as follows: > > > > system("gpg -r 'username' --batch --encrypt-files 'filename.ext' > 2>gpgerr.log"); > > > > When I run this from the console as root it works fine. However, if I run > it from cron as root: > > > > */1 * * * * root /home/user/scripts/encrypt.pl 2> gpgerr.log > > > > I get the following error: > > > > gpg: failed to create temporary file > `~/.gnupg/.#lk0x9693868.server.domain.com.28416': No such file or directory > > gpg: fatal: ~/.gnupg: can't create directory: No such file or directory > > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 > > > > The directory "/root/.gnupg" is there. Permissions are drwx------ root > root. I also tried chmod 777. > > > > If I put a command in the perl script: > > > > System('echo ~'); > > > > I get "/root" as a result. This leads me to believe that gpg is trying to > place the temp file in a directory other than "/root/.gnupg" when run from > cron. > > > > Any ideas are appreciated. > > > > Thanks, > > Adam > > > > _____________________________________________________________ > Adam Robins, CCP > Executive Vice President / Chief Information Officer > > PHARMACENTRA, LLC > 5901B Peachtree Dunwoody Road, Suite 380 > Atlanta, GA 30328 > > > > Office: 770-395-0088 x2034 > > Mobile: 770-855-1360 > Fax: 770-395-0989 > E-mail: arobins at pharmacentra.com > > Web: www.pharmacentra.com > > _____________________________________________________________ > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > From kpahnke at appletonideas.com Tue Oct 28 15:48:08 2008 From: kpahnke at appletonideas.com (kpahnke at appletonideas.com) Date: Tue, 28 Oct 2008 09:48:08 -0500 Subject: No subject Message-ID: <8E3D78F6618D1C4BAF8FD51BDB55E2300661B3E1@hqexbp01.appletonpapers.com> Kevin Pahnke B2B Integration Team Lead Appleton 825 E. Wisconsin Ave. Appleton, WI 54912-0359 Helpdesk: (800) 345-8791 Phone: (920) 991-8453 Fax : (920) 991-7463 www.appletonideas.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From kpahnke at appletonideas.com Tue Oct 28 15:54:07 2008 From: kpahnke at appletonideas.com (kpahnke at appletonideas.com) Date: Tue, 28 Oct 2008 09:54:07 -0500 Subject: Decryption Error [don't know]:invalid packet (ctb=60) Message-ID: <8E3D78F6618D1C4BAF8FD51BDB55E2300661B3E3@hqexbp01.appletonpapers.com> I am attempting to decrypt a new file and keep getting this error message. I am able to decrypt the file successfully using WS_FTP Professional and the same key, but cannot using GPG. How can I determine what is causing the problem. I am new to using this tool, but we are successfully using it for other files. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kpahnke at appletonideas.com Tue Oct 28 15:49:37 2008 From: kpahnke at appletonideas.com (kpahnke at appletonideas.com) Date: Tue, 28 Oct 2008 09:49:37 -0500 Subject: No subject Message-ID: <8E3D78F6618D1C4BAF8FD51BDB55E2300661B3E2@hqexbp01.appletonpapers.com> Kevin Pahnke B2B Integration Team Lead Appleton 825 E. Wisconsin Ave. Appleton, WI 54912-0359 Helpdesk: (800) 345-8791 Phone: (920) 991-8453 Fax : (920) 991-7463 www.appletonideas.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Tue Oct 28 17:00:07 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Tue, 28 Oct 2008 12:00:07 -0400 Subject: PGP 6.5.8 ckt,?just say no. In-Reply-To: <20081027134821.2DC9E15803E@smtp.hushmail.com> References: <20081027134821.2DC9E15803E@smtp.hushmail.com> Message-ID: <20081028160007.GA8304@jabberwocky.com> On Mon, Oct 27, 2008 at 09:48:21AM -0400, vedaal at hush.com wrote: > >Date: Fri, 24 Oct 2008 20:42:14 -0400 > >From: David Shaw > >Subject: PGP 6.5.8 ckt, just say no. (was: Re: set type digest > >mode? > > >On Oct 24, 2008, at 10:41 AM, vedaal at hush.com wrote: > > > >> [1] any ckt V4 rsa keys generated, > >> have the rsa subkey as both sign and encrypt, > >> and there is (as yet, afaik,) no way > >> that gnupg can be used to get such a key to cross-certify the > >> primary key, > >> and since the subkey will be used by default by gnupg to sign, > >> gnupg will give error messages about the verification > > > >gpg --edit-key (thekey) > >cross-certify > >save > > > >Please don't anyone take that to mean that I think people should > >use > >6.5.8ckt. I really don't. > > > OK, i won't > > but it *still* doesn't cross certify :-) > > (at least in 1.4.9 on windows) > (if you can get it to work on linux, > or gnupg 2.x, please let me know) > > here is an rsa v4 keypair generated in ckt > to try to cross certify: Now that is an... interesting key. It's a V4 (OpenPGP) key with V3 (PGP 2.x) binding signature). GPG won't cross-certify such a key because it is a one-way change. Once cross-certified, the binding signature will be V4 (OpenPGP). Note that you can't change the expiration date of the subkey on that key either (for the same reason). David From vedaal at hush.com Tue Oct 28 19:49:29 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Tue, 28 Oct 2008 14:49:29 -0400 Subject: PGP 6.5.8 ckt,?just say no. Message-ID: <20081028184929.8B49520040@smtp.hushmail.com> David Shaw dshaw at jabberwocky.com wrote on Tue Oct 28 17:00:07 CET 2008 : >Now that is an... interesting key. It's a V4 (OpenPGP) key with V3 >(PGP 2.x) binding signature). GPG won't cross-certify such a key >because it is a one-way change. Once cross-certified, the binding >signature will be V4 (OpenPGP). well, it's a v4 key and i'm perfectly happy with it having a v4 binding sig ;-) > Note that you can't change the >expiration date of the subkey on that key either >(for the same reason). also OK so, is there any way that gnupg *could* do it? (i.e. --ignore-v3-signature --unchangeable-expiration-date --cross-certify-just-do-it-override) or any other really cool undocumented option ;-) *NOT* a feature request, i can live with it ;-) save the work on feature requests for features that are really useful to many people but if there is a workaround that can be done with existing options, please let me know Thanks, vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Find the apartment of your dreams by clicking here now! http://tagline.hushmail.com/fc/Ioyw6h4dn86Bapr4ZPNetRU1Q5Spett2QMxrN3ICcHsyIepSOgIo03/ From erpo41 at gmail.com Tue Oct 28 21:15:51 2008 From: erpo41 at gmail.com (Eric Anopolsky) Date: Tue, 28 Oct 2008 14:15:51 -0600 Subject: PGP 6.5.8 ckt,?just say no. In-Reply-To: <20081028184929.8B49520040@smtp.hushmail.com> References: <20081028184929.8B49520040@smtp.hushmail.com> Message-ID: <1225224951.7323.0.camel@telesto> On Tue, 2008-10-28 at 14:49 -0400, vedaal at hush.com wrote: > so, > is there any way that gnupg *could* do it? > (i.e. > --ignore-v3-signature > --unchangeable-expiration-date > --cross-certify-just-do-it-override) > > or any other really cool undocumented option ;-) > > *NOT* a feature request, > i can live with it ;-) > save the work on feature requests > for features that are really useful to many people > > but if there is a workaround that can be done with existing options, > please let me know If anyone decides to add this feature anyway, I vote for --cross-certify-just-do-it-override. Cheers, Eric -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: This is a digitally signed message part URL: From saltorr07 at gmail.com Wed Oct 29 04:49:18 2008 From: saltorr07 at gmail.com (Saltorr) Date: Tue, 28 Oct 2008 20:49:18 -0700 Subject: Encrypt / Decrypt Scripts References: <57aa0910810271752s616971f2o9f146f6aee2866d7@mail.gmail.com> Message-ID: <4AA17D53AB8846B785966F216AB18C16@PCSALTORR> Thanks Hardeep, I think I found a very simple solution.... if the Command ends successfully then the ERRORLEVEL will be ZERO (0) REM Encrypt gpg --batch --encrypt-files -r "KEY" *.zip echo.ERROR LEVEL: %ERRORLEVEL% IF %ERRORLEVEL% ==0 GOTO ZERO IF %ERRORLEVEL% ==2 GOTO TWO IF %ERRORLEVEL% ==1 GOTO ONE GOTO END :ZERO ECHO ENCRYPTION_OKAY !!!!! del *.zip GOTO END :TWO ECHO PROCESS FAIL SEND MAIL GOTO END :ONE ECHO PROCESS FAIL SEND MAIL :END Regards, Salvador Torres C. -------------------------------------------------- From: "Hardeep Singh" Sent: Tuesday, October 28, 2008 5:50 AM To: "Salvador Torres" Cc: Subject: Re: Encrypt / Decrypt Scripts > This may be of help, although it doesnt apply directly: > > http://blog.hardeep.name/computer/20080904/auto-gpg/ > > Hardeep Singh > http://blog.Hardeep.name > > > > 2008/10/28 Salvador Torres : >> Hi, >> I'm trying to run some Scripts to Encrypt and Decrypt files >> automatically.. >> >> now the questions are: >> >> How can I delete the *.ZIP files after this command is executed without >> errors ? >> >> gpg --batch --encrypt-files -r "KEY" c:\test2\*.zip >> >> Same case here: >> >> How can I delete the *.gpg files after this command is executed without >> errors and Successfully? >> >> gpg --passphrase-fd 0 --batch --decrypt-files *.gpg > >> Thanks, >> SalTorr >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users >> >> From gordian.klein at gmx.de Wed Oct 29 11:36:35 2008 From: gordian.klein at gmx.de (Gordian Klein) Date: Wed, 29 Oct 2008 11:36:35 +0100 Subject: Poldi and kdesu Message-ID: <49083CB3.8030504@gmx.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, im successfully using pam_poldi to authenticate myself with my openPGP card. Logon to KDE and su work just as expected. But there is a problem with kdesu. It only works when the PIN of my card is already cached. This is how it works for me: Login to KDE using my PIN. If i do kdesu now it doesnt work. I have to do a su in a terminal to enter my PIN so it is cached. Now kdesu works, it doesnt show up but it works. When i say kdesu doesnt work i mean the following: It doesnt show up plus if i do kdesu without a cached PIN i cannot do a normal su in terminal my more. su doesnt even fall back to pam_unix, it just waits for something.. Ejecting or reinserting the card doesnt help. I need to logoff and login again in order to get su to work again. Whats the problem with pam_poldi nd kdesu? And how can it be fixed? Regards, G. Klein -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iJwEAQECAAYFAkkIPLMACgkQJQ/nLhGdw578IAP+Jq5aGECTZFTdDpYCvyyFYwho 0iaYq2RYEn06wn7rPWkSGYcG+cgtSjLAdGhVbvtfy3kREJ/To2o7A1J7/WrB7F3w 1H0xflLNiZ6KcyCiGSFUanI6fCkDOBNTSYmAHITcOuOJOpHioCLXgBSz9lShUiHM HCnvA2xGMKi8YMOrtW0= =CxUI -----END PGP SIGNATURE----- From duwainer at srlcd.com Wed Oct 29 14:11:16 2008 From: duwainer at srlcd.com (Duwaine Robinson) Date: Wed, 29 Oct 2008 08:11:16 -0500 Subject: Decrypt multiple Encrypted files within a folder Message-ID: Hi All, I would like to be able to create a batch file or a script that allows me to decrypt multiple encrypted files within a given folder. Has anyone done this before? Any help would be greatly appreciated. Thank you -Duwaine Robinson -------------- next part -------------- An HTML attachment was scrubbed... URL: From vedaal at hush.com Wed Oct 29 15:50:14 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Wed, 29 Oct 2008 10:50:14 -0400 Subject: ? OT // just when hashes were getting to be straightforward ;-) Message-ID: <20081029145014.723AF158046@smtp.hushmail.com> NIST is holding a competition to submit hashes that will replace SHA Schneier, Jon Callas, et al have proposed a totally new hash function, SKEIN Ron Rivest proposed an MD6 details are here: http://www.schneier.com/blog/ the good news :-) selection of a NIST winner is expected to take 4 years, so, open-pgp and gnupg can hold off on plans to implement Whirpool, keep things as they are for now, and see who the winner is, and then take some more time for it to get vetted in the wild vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Find the apartment of your dreams by clicking here now! http://tagline.hushmail.com/fc/Ioyw6h4dn861ht3WXvlATDPoT3f48sZqK10GSQSUMmPpITSSaxrSNJ/ From dshaw at jabberwocky.com Wed Oct 29 20:22:39 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 29 Oct 2008 15:22:39 -0400 Subject: PGP 6.5.8 ckt,?just say no. In-Reply-To: <20081028184929.8B49520040@smtp.hushmail.com> References: <20081028184929.8B49520040@smtp.hushmail.com> Message-ID: On Oct 28, 2008, at 2:49 PM, vedaal at hush.com wrote: > David Shaw dshaw at jabberwocky.com > wrote on Tue Oct 28 17:00:07 CET 2008 : > >> Now that is an... interesting key. It's a V4 (OpenPGP) key with V3 >> (PGP 2.x) binding signature). GPG won't cross-certify such a key >> because it is a one-way change. Once cross-certified, the binding >> signature will be V4 (OpenPGP). > > well, it's a v4 key > and i'm perfectly happy > with it having a v4 binding sig ;-) > > >> Note that you can't change the >> expiration date of the subkey on that key either >> (for the same reason). > > also OK > > so, > is there any way that gnupg *could* do it? > (i.e. > --ignore-v3-signature > --unchangeable-expiration-date > --cross-certify-just-do-it-override) > > or any other really cool undocumented option ;-) Unfortunately not. It's doable via various hackery by modifying the GPG source, but there is no feature that will do that. David From fender0107401 at gmail.com Thu Oct 30 04:08:28 2008 From: fender0107401 at gmail.com (Li) Date: Thu, 30 Oct 2008 11:08:28 +0800 Subject: doc bug??? Message-ID: <1225336108.1153.6.camel@localhost> Hello everyone I am totally a newcomer for gnupg, and I am reading the "The GNU Privacy Handbook", the version string is "$Name: v1_1 $". In the handbook, all command options is begin with one dash, like this "-gen-key"; but on my system these options begin with two dash, like this "--gen-key". So, this is bug or other something? OS: FreeBSD Release 7.0 p5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: This is a digitally signed message part URL: From classpath at arcor.de Thu Oct 30 05:19:07 2008 From: classpath at arcor.de (Morton D. Trace) Date: Thu, 30 Oct 2008 05:19:07 +0100 Subject: doc bug??? In-Reply-To: <1225336108.1153.6.camel@localhost> References: <1225336108.1153.6.camel@localhost> Message-ID: <490935BB.70904@arcor.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Li wrote: > Hello everyone > > I am totally a newcomer for gnupg, and I am reading the "The GNU Privacy > Handbook", the version string is "$Name: v1_1 $". > > In the handbook, all command options is begin with one dash, like this > "-gen-key"; but on my system these options begin with two dash, like > this "--gen-key". > > So, this is bug or other something? > > OS: FreeBSD Release 7.0 p5 > Dear Li I use this one gpg --version gpg (GnuPG) 1.4.8 man gpg will do. --gen-key Generate a new key pair. This command is normally only used interactively. is my option from my man page, http://www.gnupg.org/documentation/manuals/gnupg/ is the one I use http://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-Management - --gen-key Generate a new key pair. This command is normally only used interactively. I did see some options i know I have to use with two dashes which has only one dash in the docu, but it is always better to try the man page or gpg --help Sincerely yours, Morten Gulbrandsen ????????????? _____________________________________________________________________ Java programmer, C++ programmer CAcert Assurer, GSWoT introducer, thawte Notary Gossamer Spider Web of Trust http://www.gswot.org Please consider the environment before printing this e-mail! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (SunOS) Comment: For keyID and its URL see the OpenPGP message header iEYEARECAAYFAkkJNboACgkQ9ymv2YGAKVQQywCgvXhzF1Hk1tSerymb/MxWdl2L DkAAn01t4dgPgdJ/3itPUUTJ9rVZiSte =hsFu -----END PGP SIGNATURE----- From erpo41 at gmail.com Thu Oct 30 04:58:00 2008 From: erpo41 at gmail.com (Eric Anopolsky) Date: Wed, 29 Oct 2008 21:58:00 -0600 Subject: doc bug??? In-Reply-To: <1225336108.1153.6.camel@localhost> References: <1225336108.1153.6.camel@localhost> Message-ID: <1225339080.7671.0.camel@telesto> On Thu, 2008-10-30 at 11:08 +0800, Li wrote: > Hello everyone > > I am totally a newcomer for gnupg, and I am reading the "The GNU Privacy > Handbook", the version string is "$Name: v1_1 $". > > In the handbook, all command options is begin with one dash, like this > "-gen-key"; but on my system these options begin with two dash, like > this "--gen-key". > > So, this is bug or other something? > > OS: FreeBSD Release 7.0 p5 When I look at the GNU Privacy Handbook I see two hyphens preceding options. Where are you getting your copy of the GPH? Cheers, Eric -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: This is a digitally signed message part URL: From sattva at pgpru.com Thu Oct 30 08:54:06 2008 From: sattva at pgpru.com (Vlad "SATtva" Miller) Date: Thu, 30 Oct 2008 13:54:06 +0600 Subject: Decrypt multiple Encrypted files within a folder In-Reply-To: References: Message-ID: <4909681E.9050007@pgpru.com> Duwaine Robinson (29.10.2008 19:11): > Hi All, > > I would like to be able to create a batch file or a script that allows > me to decrypt multiple encrypted files within a given folder. Has anyone > done this before? Any help would be greatly appreciated. On Linux that's easy. To encrypt: $ find -type f -execdir gpg -r -e {} \; To decrypt: $ find -type f -iname '*.gpg' -execdir gpg {} \; (Please note, that you'll be prompted for the passphrase for every file, unless you use gpg-agent with passphrase caching or provide passphrase on the command line.) > Thank you > -Duwaine Robinson -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 513 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Thu Oct 30 08:50:13 2008 From: wk at gnupg.org (Werner Koch) Date: Thu, 30 Oct 2008 08:50:13 +0100 Subject: doc bug??? In-Reply-To: <1225336108.1153.6.camel@localhost> (fender0107401@gmail.com's message of "Thu, 30 Oct 2008 11:08:28 +0800") References: <1225336108.1153.6.camel@localhost> Message-ID: <87skqezfm2.fsf@wheatstone.g10code.de> On Thu, 30 Oct 2008 04:08, fender0107401 at gmail.com said: > In the handbook, all command options is begin with one dash, like this > "-gen-key"; but on my system these options begin with two dash, like > this "--gen-key". That is a rendering problem in the man pages. It has recently been fixed. If in doubt use "gpg --help" or to get a raw list of all options use "gpg --dump-options". Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From ramon.loureiro at upf.edu Thu Oct 30 15:12:25 2008 From: ramon.loureiro at upf.edu (Ramon Loureiro) Date: Thu, 30 Oct 2008 15:12:25 +0100 Subject: deleting signatures Message-ID: <4909C0C9.5000409@upf.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi How can I delete my signature from a given keyID? With GPGshell, I type this sequence: > uid N delsig but here I enter in a one-per-one review of all the existing signatures! Imagine a KeyID signed by 100 people! 1.- How can I tell "delete MY sig on keyID " 2.- Why the system offers me the chance of deleting the other signatures? cheers! - -- Ramon Loureiro GPG BE8E 5136 6A32 B5EF 0105 0DFB C559 2ACB 80C7 D647 Thawte Notary Gossamer Web of Trust http://www.gswot.org _____________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJJCcDJAAoJEMVZKsuAx9ZHrpsH/3eHWMFSWHCwZY6P7mC7QVWU yPRMcFPpBT/pfSdXv6rYdqJWFBJSwg5FjxYcMw9AJS3qH8EvjDfvYTKhOxn0+Qtq Hl14z00GL3cN3G8Nrl7vw3ka0cZUUbwM1zmhCKkmC5ZpPeYj+Rhcw6ZIGVE3aMFC sQdi2WxUqdyijHKzv1ydrv5FQRLXciZU7CS0wqqm1oDmZCncB3TwKkG6WOrU7+Kd 348+t1M6AsWFWgxtZ9xIVVqBi5qLtQSNnxf603by8Od/Z+4iA/SHExCpxZrYq261 88wkxvsKEV78tVtpzPlW2+mwxbM8izmDWnbUBU14bcY9KSdLK5BRebsyNpFFWaQ= =Em/4 -----END PGP SIGNATURE----- From duwainer at srlcd.com Thu Oct 30 15:47:44 2008 From: duwainer at srlcd.com (Duwaine Robinson) Date: Thu, 30 Oct 2008 09:47:44 -0500 Subject: Decrypt multiple Encrypted files within a folder In-Reply-To: <4909681E.9050007@pgpru.com> References: <4909681E.9050007@pgpru.com> Message-ID: Seems easy enough. Happens that I am trying to get this done on windows -----Original Message----- From: Vlad "SATtva" Miller [mailto:sattva at pgpru.com] Sent: Thursday, October 30, 2008 2:54 AM To: Duwaine Robinson Cc: gnupg-users at gnupg.org Subject: Re: Decrypt multiple Encrypted files within a folder Duwaine Robinson (29.10.2008 19:11): > Hi All, > > I would like to be able to create a batch file or a script that allows > me to decrypt multiple encrypted files within a given folder. Has > anyone done this before? Any help would be greatly appreciated. On Linux that's easy. To encrypt: $ find -type f -execdir gpg -r -e {} \; To decrypt: $ find -type f -iname '*.gpg' -execdir gpg {} \; (Please note, that you'll be prompted for the passphrase for every file, unless you use gpg-agent with passphrase caching or provide passphrase on the command line.) > Thank you > -Duwaine Robinson -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com From jmoore3rd at bellsouth.net Thu Oct 30 16:56:48 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Thu, 30 Oct 2008 11:56:48 -0400 Subject: deleting signatures In-Reply-To: <4909C0C9.5000409@upf.edu> References: <4909C0C9.5000409@upf.edu> Message-ID: <4909D940.3080103@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ramon Loureiro wrote: > 1.- How can I tell "delete MY sig on keyID " In GPGshell; highlight the Key then Rt. click and choose 'Edit' >> 'All Settings' then simply type: delsig You will then need to answer y/N Questions through the list of existing Sigs until You arrive at the Signature You wish to delete. Then You answer 'y' instead of the 'N' You've been responding with. If the Key hasn't been Uploaded to a Keyserver then the Signature ceases to exist. If the deleted Signature /has/ been placed on Keyservers *prior* to deleting from Your Keyring then it is 'off' the Key only on Your Keyring until You refresh it. > 2.- Why the system offers me the chance of deleting the other signatures? You can delete other signatures from the Key existing on Your Keyring but it won't affect the Key on the Servers or "in the wild". Many folks do this to keep their Keyrings as small as possible. The same thing can be done by running the --minimize command on any Key and stripping it of everything *except* Self-Sigs. Very small Keyrings are helpful when using them on a thumb drive where space may be limited. HTH JOHN ;) Timestamp: Thursday 30 Oct 2008, 11:56 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJCdk9AAoJEBCGy9eAtCsPyWYIAKZBsmUK3oYw2mto/zAhToYD wU4WRFbzyjreomsclx+CznqLUHei+8N3n69WE2l9VtWNUR+AQdCYHGRTaXFT9yii r3jCjkbT/374IJMaryEkTMn6+O74DSjLPtqM7p/XNRzEgPZcn1YOiaXOETD9fZ6C Hc9j++1NSdtpDjM2U+YaUNEqQKjCJ9uO1JusLOKQAJiHubAIZdXl8cGy94SW9NCO 1OhJTh1sYPwyCtI9Z0A6FvW0XI3EEyG7YUUQRWh0OP34lAhGyhbsUd/WpJ78yABN xGa/n4jzSVlhLOujCQOlAxo7bZYT0tXAzG6EcLph3KAuGcNKsxhDEM0Pe4ZS4KQ= =qZXj -----END PGP SIGNATURE----- From kloecker at kde.org Thu Oct 30 17:31:53 2008 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Thu, 30 Oct 2008 17:31:53 +0100 Subject: deleting signatures In-Reply-To: <4909C0C9.5000409@upf.edu> References: <4909C0C9.5000409@upf.edu> Message-ID: <200810301732.19529@thufir.ingo-kloecker.de> On Thursday 30 October 2008, Ramon Loureiro wrote: > Hi > > How can I delete my signature from a given keyID? Why do you want to delete your signature? If the key (including your signature) has already been uploaded to a keyserver then removing your signature is pointless. Instead you might want to revoke your signature. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From ramon.loureiro at upf.edu Thu Oct 30 19:59:35 2008 From: ramon.loureiro at upf.edu (Ramon Loureiro) Date: Thu, 30 Oct 2008 19:59:35 +0100 Subject: deleting signatures In-Reply-To: <4909D940.3080103@bellsouth.net> References: <4909C0C9.5000409@upf.edu> <4909D940.3080103@bellsouth.net> Message-ID: <490A0417.6080606@upf.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John W. Moore III wrote: > Ramon Loureiro wrote: > >> 1.- How can I tell "delete MY sig on keyID " > > In GPGshell; highlight the Key then Rt. click and choose 'Edit' >> > 'All Settings' then simply type: > > delsig > > You will then need to answer y/N Questions through the list of > existing Sigs until You arrive at the Signature You wish to delete. > Then You answer 'y' instead of the 'N' You've been responding with. > that's what I wanted to avoid! Imagine a list with 150 signatures! ;-) I expect to find something like: delsig 0x80C7D647 >> 2.- Why the system offers me the chance of deleting the other > signatures? > > You can delete other signatures from the Key existing on Your > Keyring but it won't affect the Key on the Servers or "in the > wild". Many folks do this to keep their Keyrings as small as > possible. The same thing can be done by running the --minimize > command on any Key and stripping it of everything *except* > Self-Sigs. Very small Keyrings are helpful when using them on a > thumb drive where space may be limited. Very useful tip! cheers! - -- Ramon Loureiro GPG BE8E 5136 6A32 B5EF 0105 0DFB C559 2ACB 80C7 D647 Thawte Notary Gossamer Web of Trust http://www.gswot.org _____________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJJCgQXAAoJEMVZKsuAx9ZHjrMH/jRxMvPKKARpBFLdCDw9ekTU 9tZbay+tQSxvhI1YeU7bYFuHbX1EIqcQvWsOAcuDWmoVtcu4khsoJExdo+OSEivw 0guZAtIFfMBTTwXDjMgIQR1eFzW5tn6xYkeq4RJgZ52D7pkUhxk81o3bf08Q9wKu V9JlvDcGPswIXY0gOSFhoChVU8vhAPzFIzbxWfZ2/UitkkRnbQ/rfSxcRhTfL48v zSsH52RHDhTh/6CYe8mFV1Or22tB5jrF1gdW5lSdJMiWNoLljZKzIv9rs0P1ACyq yZFwRH+HAN4SIMZEGJmURG+fSxMXaEalFBeZvbkh6Jw2gM7oQsovR+nA4Pbrp7A= =bEY9 -----END PGP SIGNATURE----- From ramon.loureiro at upf.edu Thu Oct 30 20:01:14 2008 From: ramon.loureiro at upf.edu (Ramon Loureiro) Date: Thu, 30 Oct 2008 20:01:14 +0100 Subject: deleting signatures In-Reply-To: <200810301732.19529@thufir.ingo-kloecker.de> References: <4909C0C9.5000409@upf.edu> <200810301732.19529@thufir.ingo-kloecker.de> Message-ID: <490A047A.8040705@upf.edu> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ingo Kl?cker wrote: > On Thursday 30 October 2008, Ramon Loureiro wrote: >> Hi >> >> How can I delete my signature from a given keyID? > > Why do you want to delete your signature? because I have not set the right trust levels... > > If the key (including your signature) has already been uploaded to > a keyserver then removing your signature is pointless. Instead you > might want to revoke your signature. I see... cheers! - -- Ramon Loureiro GPG BE8E 5136 6A32 B5EF 0105 0DFB C559 2ACB 80C7 D647 Thawte Notary Gossamer Web of Trust http://www.gswot.org _____________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJJCgRVAAoJEMVZKsuAx9ZHMvMIAIKsU/cgF+0VXacZy+7dwXNt i1sjoyotOL6yRN958yfgEfqA8s1DvMaSb+q9hPyQ2UMwKqGOU9EG61oe6EWKE+Ro e4m+iu8On7GddmN84KQS+F2dZyCqJgoNvs7mvEx7AXJ2e0AUkFVPdAN0J9uSuaGy NU1Af1vSxXv6mDFYNlNklSsedpF1oC+/3s8xt0LQNElfez73WgTKgku6oj3CV19Y vXLw9t0RZqmmEsry+cEIFwdL8lWd7xRBijtTEYCQm8wUZ089wXNn+vjZJBGCNv7Q C4vQDTnwyOTotFxHhjXGj28JJ77QAkFCgVjHnED1242HcLeArkn6IpdA+eKOJBw= =fUKt -----END PGP SIGNATURE----- From vedaal at hush.com Fri Oct 31 15:28:03 2008 From: vedaal at hush.com (vedaal at hush.com) Date: Fri, 31 Oct 2008 10:28:03 -0400 Subject: Decrypt multiple Encrypted files within a folder Message-ID: <20081031142803.55E7B118048@smtp.hushmail.com> Duwaine Robinson duwainer at srlcd.com wrote on Thu Oct 30 15:47:44 CET 2008: >>> I would like to be able to create a batch file >>> or a script that allows >>> me to decrypt multiple encrypted files within a given folder. Vlad "SATtva" Miller [mailto:sattva at pgpru.com] wrote: >>On Linux that's easy. >>To encrypt: >>$ find -type f -execdir gpg -r -e {} \; >>To decrypt: >>$ find -type f -iname '*.gpg' -execdir gpg {} \; (Please >>note, that you'll be prompted for the passphrase for every file, >>unless >>you use gpg-agent with passphrase caching or provide passphrase on the >>command line.) Duwaine Robinson wrote: >Seems easy enough. Happens that I am trying to get this done on windows have tested Vlad's suggestions, and it can be done the same way on windows by installing cygwin http://www.cygwin.com/ and entering Vlad's commands at the cygwin $ prompt caveats: [1] after installing cygwin, add a copy of gpg.exe into the folder C:\cygwin\bin [2] cygwin needs the 'slashes' for the path *reversed* (i.e) for purposes of illustration, let's say that the directory whose files you want to encrypt, is c:\et and the directory whose files you want to decrypt, is c:\dt and your encryption keyname is Boo and the passphrase is Foo, then Vlad's commands on cygwin in windows, would be: To encrypt: $ find c:/et -type f -execdir gpg -r Boo -e {} \; To decrypt: $ find c:/dt -type f -iname '*.gpg' -execdir gpg --passphrase Foo {} \; n.b. it *must* be c:/et and c:/dt NOT c:\et and c:\dt otherwise, cygwin will give the following error message: find: c:et: No such file or directory vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Planning for retirement? Click for free information on 401(k) plans. http://tagline.hushmail.com/fc/Ioyw6h4dPk53k9dJqStLnuOF0m11J7ObOhbIDhCDIZBHBtLSz7cE1Z/ From mjkortve at optusnet.com.au Fri Oct 31 18:31:22 2008 From: mjkortve at optusnet.com.au (Michael) Date: Sat, 01 Nov 2008 03:31:22 +1000 Subject: Use of gen-random Message-ID: <490B40EA.7010503@optusnet.com.au> Hi all, I was trying out one of the options of gpg, as it arose during a discussion on the group. gpg --gen-random [012] n does what I would reasonably expect: generates 'n' random bits of data using one of three methods. However, on reading up the option in the man page it mentions the possibility of "removing entropy from your system". Actually, from the man page: --gen-random 0|1|2 Emit _____ random bytes of the given quality level. If count is not given or zero, an endless sequence of random bytes will be emitted. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system! Now I'll admit openly I don't always know /exactly/ what I am doing, but am prepared to make mistakes to learn. At first I thought perhaps the documentation writers were having a bit of a joke a la many unix man pages have a geeky sense of humour. But on reflection I realise that they are being serious here. So I am curious, how might I _lose_ entropy by _generating_ random numbers? What do each of the three methods do? So I experiment, and generate a small number (20 bits) of random numbers at the command line as per gpg --gen-random 0 20 and it outputs what looks like gibberish to me. I won't copy the actual output simply because anyone can do this experiment for themselves to see the sort of output you get. But when I use the 2 method, I get an error/warning about running diskperf in order to generate disk statistics. Well, I don't have diskperf on my windows system (though there may well be a win version, I don't know). What I am concerned about is why it might want disk statistics and have I "lost precious entropy" from my system? Let me say, I'm partly humorous here; if I understand roughly what is happening, then the danger is to not set a specific number of bits and hence run the risk of gen-random simply emitting random data until it eventually somehow 'overflows the available randomness' inherent in my system. But simply outputting 20 random bits wouldn't risk doing that, so my little experiment is fairly safe. Since it doesn't go much into the details in the man page about what the methods are, and what the risk actually is (it may be highly technical and hence beyond the scope of a manual) it seems appropriate to ask in this forum, since it came up. Although my background is technical, and I can understand mathematical expressions, I don't read source code for breakfast and am really more curious about the engineering details of what is going on rather than a mathematical description. Where does gpg "gather" it's randomness, and just how much is available in a simple system such as mine? And just finally, may I take the opportunity to say how much I enjoy the various discussions in this group, generally the quality of the questions and the help has consistently been excellent. Cheers for now, Michael Kortvelyesy. From rjh at sixdemonbag.org Fri Oct 31 18:17:25 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 31 Oct 2008 13:17:25 -0400 Subject: Use of gen-random In-Reply-To: <490B40EA.7010503@optusnet.com.au> References: <490B40EA.7010503@optusnet.com.au> Message-ID: <290EBD8A-67D8-470B-B62B-76983B88BD8B@sixdemonbag.org> > So I am curious, how might I _lose_ entropy by _generating_ random > numbers? What do each of the three methods do? Without knowing your OS and various other finicky details, it's hard to say. On many UNIX systems, the system keeps track of unpredictable inputs, does various mathemagic to them, and stores the results as a source of high quality random bits. These are as close to truly random as can easily be obtained with computers. Since they're the result of physical processes, there are only a finite number of them available. Using these random bits profligately can result in high quality randomness being unavailable to other applications that need it. Most systems also include a fairly good PRNG (pseudo-random number generator) which is good for most purposes. But for crypto, you want the best quality randomness you can get. From barry at fantasymail.de Fri Oct 31 17:59:22 2008 From: barry at fantasymail.de (Barry) Date: Fri, 31 Oct 2008 17:59:22 +0100 Subject: New GnuPT-Version and new WinPT-Website Message-ID: <490B396A.9020301@fantasymail.de> Hello, (Original quote from the german GnuPP mailing list) recently introduced a new version GnuPT published. New in this version: WinPT was to version 1.3.0 update. The main change in WinPT expected the merger of the two authors GnuPT and WinPT of his. The new official site of WinPT reads: http://winpt.gnupt.de It was also already been the site offered GnuPT Chm file to WinPT-integrated. This is now called by F1. In addition, many small bug fixes. Anyone GPGrelay want to use this also in German, along German CHM file on the GnuPT homepage. This allows everyone to special package after tie together its own needs. There is also offered portable version of GnuPT was also updated. What is new is the possibility here directly to the virtual keyboard Care of Windows - something very practical and safe in foreign PC's :-) -- Regards Barry From dshaw at jabberwocky.com Fri Oct 31 19:14:09 2008 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 31 Oct 2008 14:14:09 -0400 Subject: Use of gen-random In-Reply-To: <490B40EA.7010503@optusnet.com.au> References: <490B40EA.7010503@optusnet.com.au> Message-ID: <20081031181409.GB21351@jabberwocky.com> On Sat, Nov 01, 2008 at 03:31:22AM +1000, Michael wrote: > Hi all, I was trying out one of the options of gpg, as it arose during > a discussion on the group. > > gpg --gen-random [012] n > > does what I would reasonably expect: generates 'n' random bits of data > using one of three methods. However, on reading up the option in the man > page it mentions the possibility of "removing entropy from your system". > > Actually, from the man page: > > --gen-random 0|1|2 > Emit _____ random bytes of the given quality level. If > > count is not given or zero, an endless sequence of > random bytes will be emitted. PLEASE, don't use this > command unless you know > what you are doing; it may > remove precious entropy from the system! > > > Now I'll admit openly I don't always know /exactly/ what I am doing, > but am prepared to make mistakes to learn. At first I thought perhaps > the documentation writers were having a bit of a joke a la many unix > man pages have a geeky sense of humour. But on reflection I realise > that they are being serious here. > > So I am curious, how might I _lose_ entropy by _generating_ random > numbers? What do each of the three methods do? I think the confusion here is in the name "gen-random", which implies it generates randomness out of nothing. In fact, it generates (pseudo) randomness from an entropy pool. In the process, the contents of the pool are used up and need to be replaced. The details of that pool vary from platform to platform, and vary fairly widely between Unixish and Windows systems. Very basically, the computer watches for the timings and details of certain events (keyboard input, disk performance numbers, etc), and uses them as the source of what goes in the pool. When a random number is needed, data from the (well-stirred) pool is used to help deliver it. Thus, if you read random numbers, you are in fact tapping a limited, but renewable, resource. In practice, this isn't a particularly big deal. Keep using your computer, and the pool will refill itself. It's only a problem if you consume randomness faster than it can be "created". > Let me say, I'm partly humorous here; if I understand roughly what is > happening, then the danger is to not set a specific number of bits and > hence run the risk of gen-random simply emitting random data until it > eventually somehow 'overflows the available randomness' inherent in my > system. But simply outputting 20 random bits wouldn't risk doing that, so > my little experiment is fairly safe. Since it doesn't go much into the > details in the man page about what the methods are, and what the risk > actually is (it may be highly technical and hence beyond the scope of a > manual) it seems appropriate to ask in this forum, since it came up. An excellent source of information on random number generation: http://www.cypherpunks.to/~peter/06_random.pdf David