From jcruff at gmail.com  Thu Apr  1 21:00:59 2010
From: jcruff at gmail.com (Chris Ruff)
Date: Thu, 01 Apr 2010 15:00:59 -0400
Subject: poldi-ctrl error - No public key
Message-ID: <4BB4ED6B.7050601@gmail.com>

I recently configured poldi-0.4 on OpenSuSE and cannot successfully run
'poldi-ctrl -d'.  My openpgp v2.0 smartcard with fine gnupg and 'gpg
--card-status' has no problems.  Any ideas?

$ poldi-ctrl -s
D2760001240102000005000003740000

$ poldi-ctrl -d --debug
poldi-ctrl: debug: got scdaemon socket name from gpg-agent, connected to
socket '/tmp/gpg-rtKTrS/S.scdaemon'
poldi-ctrl: error: failed to retrieve key from card: No public key
poldi-ctrl: error: failed to retrieve key from card: No public key


Thanks
-- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x052A4FAD
gpg fgpr: 6530 8DA8 805C 707F 3611
          9851 D057 FC41 052A 4FAD

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5583 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20100401/c96f6242/attachment-0001.bin>

From jcruff at gmail.com  Fri Apr  2 01:33:31 2010
From: jcruff at gmail.com (Chris Ruff)
Date: Thu, 01 Apr 2010 19:33:31 -0400
Subject: poldi-ctrl error - No public key
In-Reply-To: <4BB4ED6B.7050601@gmail.com>
References: <4BB4ED6B.7050601@gmail.com>
Message-ID: <4BB52D4B.90401@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/01/2010 03:00 PM, Chris Ruff wrote:
> I recently configured poldi-0.4 on OpenSuSE and cannot successfully run
> 'poldi-ctrl -d'.  My openpgp v2.0 smartcard with fine gnupg and 'gpg
> --card-status' has no problems.  Any ideas?
> 
> $ poldi-ctrl -s
> D2760001240102000005000003740000
> 
> $ poldi-ctrl -d --debug
> poldi-ctrl: debug: got scdaemon socket name from gpg-agent, connected to
> socket '/tmp/gpg-rtKTrS/S.scdaemon'
> poldi-ctrl: error: failed to retrieve key from card: No public key
> poldi-ctrl: error: failed to retrieve key from card: No public key
> 
> 
> Thanks

Here's the scdaemon debug output:

scdaemon[27120.0] DBG: <- GETINFO socket_name
scdaemon[27120.0] DBG: -> D /tmp/gpg-s3IPzO/S.scdaemon
scdaemon[27120.0] DBG: -> OK
2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 started
scdaemon[27120.10] DBG: -> OK GNU Privacy Guard's Smartcard server ready
scdaemon[27120.0] DBG: <- RESTART
scdaemon[27120.0] DBG: -> OK
scdaemon[27120.10] DBG: <- SERIALNO
scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
scdaemon[27120.10] DBG: -> OK
scdaemon[27120.10] DBG: <- LEARN --force
scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
scdaemon[27120.10] DBG: -> S APPTYPE OPENPGP
scdaemon[27120.10] DBG: -> S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0
scdaemon[27120.10] DBG: -> S DISP-NAME Ruff<<John
scdaemon[27120.10] DBG: -> S DISP-LANG en
scdaemon[27120.10] DBG: -> S DISP-SEX 1
scdaemon[27120.10] DBG: -> S PUBKEY-URL pool.sks-keyservers.net
scdaemon[27120.10] DBG: -> S LOGIN-DATA techniq
scdaemon[27120.10] DBG: -> S KEY-FPR 1
65308DA8805C707F36119851D057FC41052A4FAD
scdaemon[27120.10] DBG: -> S KEY-FPR 2
3A7B53782F1724779F97DD3FB592E49161225DF3
scdaemon[27120.10] DBG: -> S KEY-FPR 3
1DDC15D1FA25D0C4A72AAC5C862529C0116346E7
scdaemon[27120.10] DBG: -> S KEY-TIME 1 1264299016
scdaemon[27120.10] DBG: -> S KEY-TIME 2 1270162182
scdaemon[27120.10] DBG: -> S KEY-TIME 3 1270162439
2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
p2=C4 lc=-1 le=256 em=0
2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 C4 00
2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=7
2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  00 20 20 20 03 00 03
scdaemon[27120.10] DBG: -> S CHV-STATUS +0+32+32+32+3+0+3
2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
p2=7A lc=-1 le=256 em=0
2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 7A 00
2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=5
2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  93 03 00 00 7A
scdaemon[27120.10] DBG: -> S SIG-COUNTER 122
scdaemon[27120.10] DBG: -> OK
scdaemon[27120.10] DBG: <- READKEY OPENPGP.3
2010-04-01 19:32:51 scdaemon[27120] app_readkey failed: No public key
scdaemon[27120.10] DBG: -> ERR 100663305 No public key <SCD>
scdaemon[27120.10] DBG: <- RESTART
scdaemon[27120.10] DBG: -> OK
scdaemon[27120.10] DBG: <- BYE
scdaemon[27120.10] DBG: -> OK closing connection
2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 terminated


- -- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x052A4FAD
gpg fgpr: 6530 8DA8 805C 707F 3611
          9851 D057 FC41 052A 4FAD
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: OpenPGP Smartcard v2.0
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLtS1IAAoJENBX/EEFKk+tKQMH/0ehz9uRhdEGYSHDbPFI2Yyt
V5EeJEKz2+R8F+5BxrOW/wRe+vBcnUoeGubgfJX8fsgpO3zKNqzh07IPO7z4CsT0
dlmGqBGiHDhvyZmLVq2yvl2bz0eJxIp838EFOc6ZJaVQIpG3anzTqzf0aSGoeSMW
8g02Uw/y4KdDHh1pCReu3yFdw0RxKPa9EI9sc8BMAN5UMZqMhoNAHKvIqW7aLAFI
6BR3NVEXIVDgF3KCMn5FmrrvZeHSNvRK4z0wpzy9uxFbHL1Li+P2XPRXaYK9Vvi3
i9QS0l7fQUfJCrmwKdqY3DVu/qVQUa85j8naKq59KZeBVavPUdMNl0PcMroFhHo=
=2TnY
-----END PGP SIGNATURE-----


From john_espiro at yahoo.com  Fri Apr  2 07:34:52 2010
From: john_espiro at yahoo.com (john espiro)
Date: Thu, 1 Apr 2010 22:34:52 -0700 (PDT)
Subject: Paperkey (Was: Re: )
Message-ID: <331458.21344.qm@web46003.mail.sp1.yahoo.com>





So then it looks like dmtxwrite is the issue then?

;)
John





________________________________
From: john espiro <john_espiro at yahoo.com>
To: David Shaw <dshaw at jabberwocky.com>
Sent: Sat, March 20, 2010 11:56:30 PM
Subject: Re: Paperkey (Was: Re: )


Hi David -

If I do:

paperkey --secret-key 
./secring.gpg --output raw.paperkey --output-type raw
paperkey 
--pubring pubring.gpg --secrets raw.paperkey --output my-secret-key.gpg

It appears to create a new secret key, no complaining or 
anything...  

John
---




What happens if you export a raw version and then import that raw version right back in again?  Forget dmtxwrite for now.

David


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100401/de4ca921/attachment.htm>

From fabrice.rafart at efs.sante.fr  Fri Apr  2 11:17:10 2010
From: fabrice.rafart at efs.sante.fr (Fabrice RAFART)
Date: Fri, 2 Apr 2010 11:17:10 +0200
Subject: gpg on open file
In-Reply-To: <201003291358.10221.mailinglisten@hauke-laging.de>
References: <631E8BE18C924DB8A02916A70A886686@adidf.efs.sante.fr>
	<201003291358.10221.mailinglisten@hauke-laging.de>
Message-ID: <EAC850C982EE48A2926646C23FC0271B@adidf.efs.sante.fr>

Hi,

Thank for you answer.

My problem is not to prevent a file from being modified during gpg work but
to prevent gpg to work on an open file.

I understand there is no feature in gpg for this.

So I do :

sudo fuser -v ${fic} || gpg ...

Ps : I find snapshhot and chattr good ideas in your case.

Regards,

Cordialement,
-- 
Fabrice Rafart
DSI - Responsable infrastructure et production.
Etablissement Fran?ais du Sang, Ile de France. 

> -----Message d'origine-----
> De : gnupg-users-bounces at gnupg.org 
> [mailto:gnupg-users-bounces at gnupg.org] De la part de Hauke Laging
> Envoy? : lundi 29 mars 2010 13:58
> ? : gnupg-users at gnupg.org
> Objet : Re: gpg on open file
> 
> Am Montag 29 M?rz 2010 10:04:13 schrieb Fabrice RAFART:
> 
> > Can I prevent gpg to encrypt open file ?
> > 
> > I explain my situation : I have file dropped to filesystem 
> by Windows
> > program with samba share. I take (with a script launch by 
> cron) the file
> >  and encrypt it. It may append that gpg take the file 
> during the Windows
> >  programm copy it.
> > 
> > For the now, I looking to use fuser to check this before 
> encrypt the file
> > but it may be a better way to prevent this.
> 
> I don't think that there is any solution within gpg, simply 
> because gpg cannot 
> (easily) prevent other processes from modifying the file 
> while it reads it.
> 
> I see two solutions, a usable one and the perfect one:
> 
> a) Use mandatory locks. That's what I wanted to suggest 
> first. But a short 
> look at the documentation make me think that this may easily 
> become terrible. 
> So better look at
> 
> b) Create a snapshot volume This requires the file's 
> filesystem to reside on a 
> block device that is handled by the device mapper. Locking a 
> whole volume in 
> order to emulate a reliable file lock looks a bit like 
> overkill but without 
> better solutions... This requires superuser privilege, of 
> course (in contrast 
> to (a)).
> 
> c) One more comes to my mind: Given that the file resides on 
> a suitables file 
> system (like ext{2,3,4} and probably more) you could make the 
> file immutable 
> (chattr), execute the next step and remove the i bit then. 
> Again: Superuser 
> only.
> 
> The snapshot's advantage is that is causes the shortest block 
> (if the file has 
> a relevant size) and that applications do not notice this 
> action. If an 
> application is not prepared for being denied access due to 
> mandatory locking 
> or the immutable bit, additional problems may arise.
> 
> 
> CU
> 
> Hauke
> 



From jcruff at gmail.com  Sat Apr  3 21:01:55 2010
From: jcruff at gmail.com (Chris Ruff)
Date: Sat, 03 Apr 2010 15:01:55 -0400
Subject: poldi-ctrl error - No public key
In-Reply-To: <4BB52D4B.90401@gmail.com>
References: <4BB4ED6B.7050601@gmail.com> <4BB52D4B.90401@gmail.com>
Message-ID: <4BB790A3.6020302@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/01/2010 07:33 PM, Chris Ruff wrote:
> On 04/01/2010 03:00 PM, Chris Ruff wrote:
>> I recently configured poldi-0.4 on OpenSuSE and cannot successfully run
>> 'poldi-ctrl -d'.  My openpgp v2.0 smartcard with fine gnupg and 'gpg
>> --card-status' has no problems.  Any ideas?
> 
>> $ poldi-ctrl -s
>> D2760001240102000005000003740000
> 
>> $ poldi-ctrl -d --debug
>> poldi-ctrl: debug: got scdaemon socket name from gpg-agent, connected to
>> socket '/tmp/gpg-rtKTrS/S.scdaemon'
>> poldi-ctrl: error: failed to retrieve key from card: No public key
>> poldi-ctrl: error: failed to retrieve key from card: No public key
> 
> 
>> Thanks
> 
> Here's the scdaemon debug output:
> 
> scdaemon[27120.0] DBG: <- GETINFO socket_name
> scdaemon[27120.0] DBG: -> D /tmp/gpg-s3IPzO/S.scdaemon
> scdaemon[27120.0] DBG: -> OK
> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 started
> scdaemon[27120.10] DBG: -> OK GNU Privacy Guard's Smartcard server ready
> scdaemon[27120.0] DBG: <- RESTART
> scdaemon[27120.0] DBG: -> OK
> scdaemon[27120.10] DBG: <- SERIALNO
> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
> scdaemon[27120.10] DBG: -> OK
> scdaemon[27120.10] DBG: <- LEARN --force
> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
> scdaemon[27120.10] DBG: -> S APPTYPE OPENPGP
> scdaemon[27120.10] DBG: -> S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0
> scdaemon[27120.10] DBG: -> S DISP-NAME Ruff<<John
> scdaemon[27120.10] DBG: -> S DISP-LANG en
> scdaemon[27120.10] DBG: -> S DISP-SEX 1
> scdaemon[27120.10] DBG: -> S PUBKEY-URL pool.sks-keyservers.net
> scdaemon[27120.10] DBG: -> S LOGIN-DATA techniq
> scdaemon[27120.10] DBG: -> S KEY-FPR 1
> 65308DA8805C707F36119851D057FC41052A4FAD
> scdaemon[27120.10] DBG: -> S KEY-FPR 2
> 3A7B53782F1724779F97DD3FB592E49161225DF3
> scdaemon[27120.10] DBG: -> S KEY-FPR 3
> 1DDC15D1FA25D0C4A72AAC5C862529C0116346E7
> scdaemon[27120.10] DBG: -> S KEY-TIME 1 1264299016
> scdaemon[27120.10] DBG: -> S KEY-TIME 2 1270162182
> scdaemon[27120.10] DBG: -> S KEY-TIME 3 1270162439
> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
> p2=C4 lc=-1 le=256 em=0
> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 C4 00
> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=7
> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  00 20 20 20 03 00 03
> scdaemon[27120.10] DBG: -> S CHV-STATUS +0+32+32+32+3+0+3
> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
> p2=7A lc=-1 le=256 em=0
> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 7A 00
> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=5
> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  93 03 00 00 7A
> scdaemon[27120.10] DBG: -> S SIG-COUNTER 122
> scdaemon[27120.10] DBG: -> OK
> scdaemon[27120.10] DBG: <- READKEY OPENPGP.3
> 2010-04-01 19:32:51 scdaemon[27120] app_readkey failed: No public key
> scdaemon[27120.10] DBG: -> ERR 100663305 No public key <SCD>
> scdaemon[27120.10] DBG: <- RESTART
> scdaemon[27120.10] DBG: -> OK
> scdaemon[27120.10] DBG: <- BYE
> scdaemon[27120.10] DBG: -> OK closing connection
> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 terminated
> 
> 

OK, so the OpenSuSE build of gnupg is 2.0.12 and would fail when trying
to issue the command 'SCD READKEY OPENPGP.3' via gpg-connect-agent.  I
don't know if this was a incomplete build or what.  Not surprised though
since generation a key on the smartcard didn't prompt for the RSA key
size.  So I built gnupg-2.0.15 and whola! It works!

For OpenSuSE 11.x you'll want to edit '/etc/pam.d/common-auth-smartcard'
to contain only the line:

    auth    required    pam_poldi.so

Then unlink 'common-auth' from 'common-auth-pc' and then link to
'common-auth-smartcard'.

The only thing I can't figure out is how to get this to work for the
screensaver unlock.  I'm using Gnome/GDM.  Any ideas?
- -- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x0621F585
gpg fgpr: E3C4 0E2E AD99 59A2 E4D0
          DC1B FD21 25BC 0621 F585
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: OpenPGP Smartcard v2.0
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLt5CfAAoJEP0hJbwGIfWFp2UH/i1zlE6/s1D991eubTFldekI
J+wvPp9wDLtL2kbhNJ6z8zfiHyNGAFE4UGm8K5lvvXoT9fzyBKVMg/DWXK/0I2u8
lzHJBy0+KV5j7YSFQQuq8dX3P2Cn8CdsXt9ax+yXPchSsmYBAGhMRu+z2fh7j6Rr
0tVtCxGdyGS+LoAhg2vj5Lzf7v11eaCElAHoxRisDjQ3t+2IIzdM4dUCZo4qs4EM
1QiikzN5way9T/NYaj/re3LFS3183UBHEoitHfgbX6yz0J/63uvxuOXdGZAP/sU0
hA+0di4gzdNRt5L1xL/LO/PjSIVUnI8+7Lhi0WFy9ZzN+OnlYkTjsz2gjY2pe3g=
=p8Vh
-----END PGP SIGNATURE-----


From jcruff at gmail.com  Sun Apr  4 02:28:19 2010
From: jcruff at gmail.com (Chris Ruff)
Date: Sat, 03 Apr 2010 20:28:19 -0400
Subject: poldi-ctrl error - No public key
In-Reply-To: <4BB790A3.6020302@gmail.com>
References: <4BB4ED6B.7050601@gmail.com> <4BB52D4B.90401@gmail.com>
	<4BB790A3.6020302@gmail.com>
Message-ID: <4BB7DD23.9000203@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/03/2010 03:01 PM, Chris Ruff wrote:
> On 04/01/2010 07:33 PM, Chris Ruff wrote:
>> On 04/01/2010 03:00 PM, Chris Ruff wrote:
>>> I recently configured poldi-0.4 on OpenSuSE and cannot successfully run
>>> 'poldi-ctrl -d'.  My openpgp v2.0 smartcard with fine gnupg and 'gpg
>>> --card-status' has no problems.  Any ideas?
> 
>>> $ poldi-ctrl -s
>>> D2760001240102000005000003740000
> 
>>> $ poldi-ctrl -d --debug
>>> poldi-ctrl: debug: got scdaemon socket name from gpg-agent, connected to
>>> socket '/tmp/gpg-rtKTrS/S.scdaemon'
>>> poldi-ctrl: error: failed to retrieve key from card: No public key
>>> poldi-ctrl: error: failed to retrieve key from card: No public key
> 
> 
>>> Thanks
> 
>> Here's the scdaemon debug output:
> 
>> scdaemon[27120.0] DBG: <- GETINFO socket_name
>> scdaemon[27120.0] DBG: -> D /tmp/gpg-s3IPzO/S.scdaemon
>> scdaemon[27120.0] DBG: -> OK
>> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 started
>> scdaemon[27120.10] DBG: -> OK GNU Privacy Guard's Smartcard server ready
>> scdaemon[27120.0] DBG: <- RESTART
>> scdaemon[27120.0] DBG: -> OK
>> scdaemon[27120.10] DBG: <- SERIALNO
>> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
>> scdaemon[27120.10] DBG: -> OK
>> scdaemon[27120.10] DBG: <- LEARN --force
>> scdaemon[27120.10] DBG: -> S SERIALNO D2760001240102000005000003740000 0
>> scdaemon[27120.10] DBG: -> S APPTYPE OPENPGP
>> scdaemon[27120.10] DBG: -> S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0
>> scdaemon[27120.10] DBG: -> S DISP-NAME Ruff<<John
>> scdaemon[27120.10] DBG: -> S DISP-LANG en
>> scdaemon[27120.10] DBG: -> S DISP-SEX 1
>> scdaemon[27120.10] DBG: -> S PUBKEY-URL pool.sks-keyservers.net
>> scdaemon[27120.10] DBG: -> S LOGIN-DATA techniq
>> scdaemon[27120.10] DBG: -> S KEY-FPR 1
>> 65308DA8805C707F36119851D057FC41052A4FAD
>> scdaemon[27120.10] DBG: -> S KEY-FPR 2
>> 3A7B53782F1724779F97DD3FB592E49161225DF3
>> scdaemon[27120.10] DBG: -> S KEY-FPR 3
>> 1DDC15D1FA25D0C4A72AAC5C862529C0116346E7
>> scdaemon[27120.10] DBG: -> S KEY-TIME 1 1264299016
>> scdaemon[27120.10] DBG: -> S KEY-TIME 2 1270162182
>> scdaemon[27120.10] DBG: -> S KEY-TIME 3 1270162439
>> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
>> p2=C4 lc=-1 le=256 em=0
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 C4 00
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=7
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  00 20 20 20 03 00 03
>> scdaemon[27120.10] DBG: -> S CHV-STATUS +0+32+32+32+3+0+3
>> 2010-04-01 19:32:51 scdaemon[27120] DBG: send apdu: c=00 i=CA p1=00
>> p2=7A lc=-1 le=256 em=0
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:   PCSC_data: 00 CA 00 7A 00
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:  response: sw=9000  datalen=5
>> 2010-04-01 19:32:51 scdaemon[27120] DBG:       dump:  93 03 00 00 7A
>> scdaemon[27120.10] DBG: -> S SIG-COUNTER 122
>> scdaemon[27120.10] DBG: -> OK
>> scdaemon[27120.10] DBG: <- READKEY OPENPGP.3
>> 2010-04-01 19:32:51 scdaemon[27120] app_readkey failed: No public key
>> scdaemon[27120.10] DBG: -> ERR 100663305 No public key <SCD>
>> scdaemon[27120.10] DBG: <- RESTART
>> scdaemon[27120.10] DBG: -> OK
>> scdaemon[27120.10] DBG: <- BYE
>> scdaemon[27120.10] DBG: -> OK closing connection
>> 2010-04-01 19:32:51 scdaemon[27120] handler for fd 10 terminated
> 
> 
> 
> OK, so the OpenSuSE build of gnupg is 2.0.12 and would fail when trying
> to issue the command 'SCD READKEY OPENPGP.3' via gpg-connect-agent.  I
> don't know if this was a incomplete build or what.  Not surprised though
> since generation a key on the smartcard didn't prompt for the RSA key
> size.  So I built gnupg-2.0.15 and whola! It works!
> 
> For OpenSuSE 11.x you'll want to edit '/etc/pam.d/common-auth-smartcard'
> to contain only the line:
> 
>     auth    required    pam_poldi.so
> 
> Then unlink 'common-auth' from 'common-auth-pc' and then link to
> 'common-auth-smartcard'.
> 
> The only thing I can't figure out is how to get this to work for the
> screensaver unlock.  I'm using Gnome/GDM.  Any ideas?

Well, it appears the screensaver does work except the prompt does ask
for "PIN" as does the gdm login prompt, so it just say "Password".
however, inputting the PIN does unlock the screensaver.

Sometimes typing/explaining the issue(s) enlightens one to the
resolution.  Hope this helps someone else.

- -- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x0621F585
gpg fgpr: E3C4 0E2E AD99 59A2 E4D0
          DC1B FD21 25BC 0621 F585
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: OpenPGP Smartcard v2.0
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLt90bAAoJEP0hJbwGIfWF2E4H/A3iT3be6apEgdLNrlOEl8xA
FF7UTdE09F95EUAhepNKSVyttknDbtoRzqPWJE13l84mH95Qadm2F5lGf2Mw2z0p
zkl9xZCvfOPT1CIiEd8s4owv9XngbuJAr1Gj84iCTCkT+ssd4L3Ip5fJOilO9eAl
X/4giBKr8jvlH8MpyK5562DAcvmfb4T4D96lR5ieJLVDvL+UyF3Moc+LjTme9z5J
RYYHz3AUFedqzJgId5LlPP23X643zWxBZefZ8ywQHz2Wv2XVNfSVRi3N1s8ChKM6
p+Yff7LhgwYv7Qn79BBygV4ubSVA1T5luR8dIuxVPXFU1dh1sWHCFrokeWIgaaw=
=Aubw
-----END PGP SIGNATURE-----


From jcruff at gmail.com  Sun Apr  4 02:30:16 2010
From: jcruff at gmail.com (Chris Ruff)
Date: Sat, 03 Apr 2010 20:30:16 -0400
Subject: poldi-ctrl error - No public key
In-Reply-To: <4BB7DD23.9000203@gmail.com>
References: <4BB4ED6B.7050601@gmail.com> <4BB52D4B.90401@gmail.com>
	<4BB790A3.6020302@gmail.com> <4BB7DD23.9000203@gmail.com>
Message-ID: <4BB7DD98.6020502@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/03/2010 08:28 PM, Chris Ruff wrote:
> 
> Well, it appears the screensaver does work except the prompt does ask

*Correction: "...the prompt doesn't ask..."

> for "PIN" as does the gdm login prompt, so it just say "Password".
> however, inputting the PIN does unlock the screensaver.
> 
> Sometimes typing/explaining the issue(s) enlightens one to the
> resolution.  Hope this helps someone else.
> 

- -- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x0621F585
gpg fgpr: E3C4 0E2E AD99 59A2 E4D0
          DC1B FD21 25BC 0621 F585
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: OpenPGP Smartcard v2.0
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLt92VAAoJEP0hJbwGIfWFNZQH/iS4GaijN278iNeKR0kwTuO9
1aptKPlfbjBA/MhKVrPKRr0Nbe8OoClKgyihIjLPM3p3txXpqqVWv6E2y8L0RrVy
rnPj76PYo0D3oPqEqbm3CozvoSH6C9TyS7tBTgsoAcQ+7lFOXFFNYk5LWF3spVXf
Q62Nz/fxBOAICdjZXawalIEtBsxfbebCYYb9EN9Ck1PT2Mm2fBbO1RoAKGLF3pyk
IUsmS8BnVkzC5i8ouDIksC/snJs9CWDh+BiTd2m6rKeUvLoodg/Urlj7YamZbAmt
auV3MHJqiITg0VXMO8HCfi3sZflr9nVCfFpfpzXW4wQ+PR8t7sKCko8Jj3HLkwg=
=l0su
-----END PGP SIGNATURE-----


From jcruff at gmail.com  Mon Apr  5 22:46:42 2010
From: jcruff at gmail.com (Chris Ruff)
Date: Mon, 05 Apr 2010 16:46:42 -0400
Subject: poldi-ctrl error - No public key
In-Reply-To: <4BB7DD98.6020502@gmail.com>
References: <4BB4ED6B.7050601@gmail.com> <4BB52D4B.90401@gmail.com>
	<4BB790A3.6020302@gmail.com> <4BB7DD23.9000203@gmail.com>
	<4BB7DD98.6020502@gmail.com>
Message-ID: <4BBA4C32.3020305@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/03/2010 08:30 PM, Chris Ruff wrote:
> On 04/03/2010 08:28 PM, Chris Ruff wrote:
> 
>> Well, it appears the screensaver does work except the prompt does ask
> 
> *Correction: "...the prompt doesn't ask..."
> 
>> for "PIN" as does the gdm login prompt, so it just say "Password".
>> however, inputting the PIN does unlock the screensaver.
> 
>> Sometimes typing/explaining the issue(s) enlightens one to the
>> resolution.  Hope this helps someone else.
> 
> 

I stand corrected.  It seems gnome-screensaver has a different behavior
if the process has been restarted.  Apparently the gnome-screensaver
doesn't work the same as the login screen (ie I assume it doesn't
implement PAM correctly?).

Under Gnome/GDM it works better to select "Switch User" from the
gnome screensaver authentication prompt, then select the existing user
session and perform an authentication.  This way PAM/Poldi work properly
and you are prompted for your smartcard's PIN#.  Authentication works
fine and you're back in your original session.

- -- 
__________________________________
Chris Ruff
email: jcruff at gmail.com
gpg key: 0x0621F585
gpg fgpr: E3C4 0E2E AD99 59A2 E4D0
          DC1B FD21 25BC 0621 F585
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: OpenPGP Smartcard v2.0
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLukwuAAoJEP0hJbwGIfWFwL4H/3NLGNurYSSxjt8XshYCOPHz
G+Nr3I1l4J1fpW8yLFwKHC5AoXnXufhr4CT/DyxTBrE4RT8wZP1LAHyoBZvnf9Ro
18jVZakyyLMafxNdVtw81dpL/VPu7WZ3rH0k9s3qIH9alOr/LcAjBHOiXVnvZUVC
Udb/zQ+fLse5DKNBzQwW3i3kIsIEQryRavm1lToIMgjZE7YtgIoVQdJz4rXqDTIS
m4xlcOGPfCp1Ko+M8TTA3Z7jej5apeR0Sp+8e2+xehBTLvGPxHgopmarAtiQpz2U
EOXVDe42Gx8fK3uGZVSVTLx0wF5Baiy3dUTbrG9dPlXpWJubLXRz0So1C48ilPI=
=758N
-----END PGP SIGNATURE-----


From bmearns at ieee.org  Tue Apr  6 02:20:06 2010
From: bmearns at ieee.org (Brian Mearns)
Date: Mon, 5 Apr 2010 20:20:06 -0400
Subject: What to do when subkey expires?
Message-ID: <l2q4df3a1331004051720pacad2b4an19f6d260587a5d74@mail.gmail.com>

Sorry for such a simple question, but I can't find a simple answer. My
signing and encryption subkeys have expired, so do I just create new
subkeys, and upload to the SKS servers? Do I have to delete the
subkeys, or revoke them?

Thanks,
-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net


From kgo at grant-olson.net  Tue Apr  6 03:38:45 2010
From: kgo at grant-olson.net (Grant Olson)
Date: Mon, 05 Apr 2010 21:38:45 -0400
Subject: What to do when subkey expires?
In-Reply-To: <l2q4df3a1331004051720pacad2b4an19f6d260587a5d74@mail.gmail.com>
References: <l2q4df3a1331004051720pacad2b4an19f6d260587a5d74@mail.gmail.com>
Message-ID: <4BBA90A5.2030405@grant-olson.net>

On 04/05/2010 08:20 PM, Brian Mearns wrote:
> Sorry for such a simple question, but I can't find a simple answer. My
> signing and encryption subkeys have expired, so do I just create new
> subkeys, and upload to the SKS servers? Do I have to delete the
> subkeys, or revoke them?
> 
> Thanks,
> -Brian
> 

You could create new subkeys and upload them and just let the old ones
expire.

If you feel the keys are still safe and uncompromised, you could also
just change the expiration date and upload the latest version of the
keys to the servers.

You probably don't want or need to revoke them.

You really don't want to delete them if you want to read your previously
encrypted data.  Also, deleting them will mean they're still out there
on the keyservers.  You'll just get them back if/when you run an update
from the keyservers, as will anyone who has your key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100405/134eee2c/attachment.pgp>

From dshaw at jabberwocky.com  Tue Apr  6 03:47:02 2010
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 5 Apr 2010 21:47:02 -0400
Subject: What to do when subkey expires?
In-Reply-To: <l2q4df3a1331004051720pacad2b4an19f6d260587a5d74@mail.gmail.com>
References: <l2q4df3a1331004051720pacad2b4an19f6d260587a5d74@mail.gmail.com>
Message-ID: <AA6D04B2-A407-4C29-9CA8-A4382167DC9E@jabberwocky.com>

On Apr 5, 2010, at 8:20 PM, Brian Mearns wrote:

> Sorry for such a simple question, but I can't find a simple answer. My
> signing and encryption subkeys have expired, so do I just create new
> subkeys, and upload to the SKS servers? Do I have to delete the
> subkeys, or revoke them?

If they've expired, you don't need to do anything special: just make some new subkeys and upload to the servers.  Alternately, you can extend the expiration on your current keys and upload them to the servers.

Many people use key expiration as an opportunity to make new keys, but the choice is yours.

David



From free10pro at gmail.com  Tue Apr  6 03:37:31 2010
From: free10pro at gmail.com (Paul Richard Ramer)
Date: Mon, 05 Apr 2010 18:37:31 -0700
Subject: What to do when subkey expires?
In-Reply-To: <l2q4df3a1331004051720pacad2b4an19f6d260587a5d74@mail.gmail.com>
References: <l2q4df3a1331004051720pacad2b4an19f6d260587a5d74@mail.gmail.com>
Message-ID: <4BBA905B.4060401@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 5 Apr 2010 20:20:06 -0400, Brian Mearns wrote:
> Sorry for such a simple question, but I can't find a simple answer. My
> signing and encryption subkeys have expired, so do I just create new
> subkeys, and upload to the SKS servers? Do I have to delete the
> subkeys, or revoke them?

Create new ones.  You don't need to delete or revoke them, because no
one is going to use them now that they have expired.


- -Paul

- --
New Windows 7: Double the DRM, Double the fun! Learn more:
<http://windows7sins.org>

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCAAGBQJLupBIAAoJEJhBiuhgbQLIGgQMAIinK9gsub6vrZzdJnIliau0
kouwvV4PQjEMlxGT8nIPfuWXjI0yub2vMx+QbwbxO92YKsTBQvTknp1MlXzXw1kv
nuR7KcrwaOtLvFGYHGfG1r/MaIyD0Z0QS1foHwzd6HPKCrWiF0CUgG6ZuNrweEGB
auIRjUud6RmD3Xzk3F1HhvSRr9vP7N2VyjP6ZSVPCeOOCGkCXQgR2uGiDuhFmMmI
DLnmQmtXApDAbQq3+K04MYyX6iItMBp0T0WKDo99C3mk3UUQ1WqhlYy+T7Oj+v/q
ioNDrRCEmgBi54Ell7qqWkIJv6IIs00841lVAc+Ij9KyU2SbOWV+C/+qDtgL481W
ePwiU2aA/yyRgfNfaFlEbUBSOWWkXdy3PQEnRXcmDVpAEP6z5Dt5U1NhL6NnqvaQ
ytwvIEaCSIZTfHEJpEBrrhHwUKD6k1o9vTp2rn/Cpx45JFwjwA0/IedRkTKanUFf
/bruZ+CODyButJX70Head8/FmVC4GAOUWvCcqkitmw==
=6yJm
-----END PGP SIGNATURE-----


From wk at gnupg.org  Tue Apr  6 11:28:33 2010
From: wk at gnupg.org (Werner Koch)
Date: Tue, 06 Apr 2010 11:28:33 +0200
Subject: Where to find g13?
In-Reply-To: <4BA13036.1020005@gmail.com> (C. Andrews Lavarre's message of
	"Wed, 17 Mar 2010 15:40:38 -0400")
References: <4BA13036.1020005@gmail.com>
Message-ID: <87d3ydq69q.fsf@vigenere.g10code.de>

On Wed, 17 Mar 2010 20:40, alavarre at gmail.com said:

> Hello. Can someone please show me a link to download and install *G13*,
> the LUKS replacement? Alternatively, would you suggest an exit to the
> quagmire below... Extensive googling has not succeeded.

This is in the development branch of GnuPG.  As of now it only supports
EncFS as a backend and thus you can't use it as a replacement.

  svn co svn://cvs.gnupg.org/gnupg/trunk

> Compiling gpgme 1.3.0 from source fails with a warning that g13 is not
> available. I cannot find a copy on my system or in its repositories.

That is should be just a warning and gpgme should build fine.

> It is just a *configure* warning, so I can proceed to *make*, but then
> that then fails with
> 	error: assuan.h: No such file or directory

Yeah, you need to install the development package for libassuan 2.0


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From SeidlS at schneider.com  Tue Apr  6 21:25:09 2010
From: SeidlS at schneider.com (Seidl, Scott)
Date: Tue, 6 Apr 2010 14:25:09 -0500
Subject: Receiving invalid packet errors when decryption Ascii Armored data
Message-ID: <1F1743D578302F4E8E698B09863791F2103551B675@WSCMS022.Dom1.Schneider.Com>

I am sending data to a vendor for processing and they are at times having issues decrypting our files.  We are ASCII armoring the file before we send it, and they are receiving a error of:

gpg: [don't know]: invalid packet (ctb=2d)

gpg: [don't know]: invalid packet (ctb=2d)



I've look at the file we sent to them and see no issues or extra data around the ASCII Armor header/trailer records.

Can someone provide more details on what would be causing this error?  I've seen this with Binary (non- ASCII armored) files.

I am using GNUPG v 1.4.9 to encrypt the files on a Linux box.  I can tell that the vendor is also using GNUPG from the error email I get, but I don't know the version.

Thanks

Scott Seidl
Schneider National, Inc.
Application Development

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100406/b4841bd8/attachment-0001.htm>

From free10pro at gmail.com  Wed Apr  7 01:44:34 2010
From: free10pro at gmail.com (Paul Richard Ramer)
Date: Tue, 06 Apr 2010 16:44:34 -0700
Subject: Receiving invalid packet errors when decryption Ascii Armored data
In-Reply-To: <1F1743D578302F4E8E698B09863791F2103551B675@WSCMS022.Dom1.Schneider.Com>
References: <1F1743D578302F4E8E698B09863791F2103551B675@WSCMS022.Dom1.Schneider.Com>
Message-ID: <4BBBC762.7080703@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 6 Apr 2010 14:25:09 -0500, Seidl, Scott wrote:
> I am sending data to a vendor for processing and they are at times having 
issues decrypting our files.  We are ASCII armoring the file before we send
it, and they are receiving a error of:
> 
> gpg: [don't know]: invalid packet (ctb=2d)
> 
> gpg: [don't know]: invalid packet (ctb=2d)
> 
> 
> 
> I've look at the file we sent to them and see no issues or extra data 
around the ASCII Armor header/trailer records.
> 
> Can someone provide more details on what would be causing this error?  
I've seen this with Binary (non- ASCII armored) files.
> 
> I am using GNUPG v 1.4.9 to encrypt the files on a Linux box.  I can tell 
that the vendor is also using GNUPG from the error email I get, but I don't
know the version.

Have you and the vendor compared checksums on the ASCII-armored files to
confirm that the files that you sent and the files that they received
are identical?


- -Paul

- --
You wouldn't send all of your mail written on the back of postcards
would you?  Then why would you send your e-mail the same way?
<http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html>

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCAAGBQJLu8dRAAoJEJhBiuhgbQLIW+EL/06DQg1qhFvED1CbfZJkebXO
5i2SPVrTkkr+iR9DsLxHWTItoq79FrxEdGgTf8PVR1rTy/Ejb5xHYrVgbzKAA1eK
2hMApNH8t4ujUH8fkG37H+eHhcLTMfdPoywzl/ybUlxBZ0P0UvTRQke8zTrxvMal
+SsSgy0opwt+yqQUwf23sXU11V1HyQuQ/wVFTOpbUSCHHaKV0m2lY/Rf4mvsq8w6
7fbPnu+jDIvhewIzZAbfT/rGP/Bg1PcGiFjTjtL4ao54xCaQrj2TL2mvc3jC+hmO
A0VeDvGwZQjxQAgn5yHXBTsaPLHgCKsZhEKD8IyXKcHfdJRi/o6WUdZwuOEygzWl
BmhmciOm1pgZ+YglZD1QwnRfubyjADtEM4rxGyBbU2qLOG2Ro9vrCZEVwernZJg4
I9p5RCcYhVvlsW83f91LGwaqwM817Ak5ssJO8jRiAeX5z0MgbxpSXuH4QSg+VSJM
0YjP42gPxgu7RD935GCaRyWQ2ww3gQMODOWMmdLf8w==
=G8RZ
-----END PGP SIGNATURE-----


From andre at amorim.me  Wed Apr  7 09:18:16 2010
From: andre at amorim.me (Andre Amorim)
Date: Wed, 7 Apr 2010 08:18:16 +0100
Subject: WikiLeaks Crackers
Message-ID: <z2wcd1e5a341004070018z96fd9c40q9b499e15796a539a@mail.gmail.com>

What type of encryption the WikiLeaks said to have broken? AES ?

Source:
http://www.nytimes.com/2010/04/07/world/07wikileaks.html

ps.> I thought it was april fool.
-- 
Andre Amorim
GnuPG KEY ID: 0x587B1970
FingerPrint:  42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970
Download: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x587B1970


From dshaw at JABBERWOCKY.COM  Wed Apr  7 16:54:16 2010
From: dshaw at JABBERWOCKY.COM (David Shaw)
Date: Wed, 7 Apr 2010 10:54:16 -0400
Subject: WikiLeaks Crackers
In-Reply-To: <z2wcd1e5a341004070018z96fd9c40q9b499e15796a539a@mail.gmail.com>
References: <z2wcd1e5a341004070018z96fd9c40q9b499e15796a539a@mail.gmail.com>
Message-ID: <51022366-DBA9-4808-BF5D-DD3225528092@JABBERWOCKY.COM>

On Apr 7, 2010, at 3:18 AM, Andre Amorim wrote:

> What type of encryption the WikiLeaks said to have broken? AES ?
> 
> Source:
> http://www.nytimes.com/2010/04/07/world/07wikileaks.html

Nobody who knows is talking, at least not yet.  This is early days for this particular story, so perhaps more will come out later.

Without any real information at this stage, it is hard to make useful statements on the subject.  For all we know, the original leaker who provided the data to WikiLeaks gave it to them in an encrypted zip file and the "break" was just running it through a password guesser for a few days or weeks.

I do not think that this is a break of any serious crypto, though.  If someone could arrange for AES or any other strong cipher to be broken simply by asking for it on a web site, this would be news.

David



From SeidlS at schneider.com  Wed Apr  7 18:23:20 2010
From: SeidlS at schneider.com (Seidl, Scott)
Date: Wed, 7 Apr 2010 11:23:20 -0500
Subject: Receiving invalid packet errors when decryption Ascii Armored data
In-Reply-To: <4BBBC762.7080703@gmail.com>
References: <1F1743D578302F4E8E698B09863791F2103551B675@WSCMS022.Dom1.Schneider.Com>
	<4BBBC762.7080703@gmail.com>
Message-ID: <1F1743D578302F4E8E698B09863791F2103556735E@WSCMS022.Dom1.Schneider.Com>

No, I haven't done that.  What is the command for doing that (I assume cksum will work)?

Also, assuming the checksums match, what would the next steps be?

Thanks

Scott Seidl
Schneider National, Inc.
Application Development
US.GRB.01.03.03
3101 S. Packerland Dr.
Green Bay, WI  54313
Work: 920.592.2163
seidls at schneider.com

The information contained in this e-mail is privileged and confidential, and for use only of the addressees of same and/or those who might have been specifically authorized to read it.  If you have received this e-mail by error, please destroy it and notify the sender, to his/her e-mail address.  Any non-authorized dissemination, distribution or reproduction of this message is strictly prohibited, and subject to the sanctions established in the applicable laws.


-----Original Message-----
From: Paul Richard Ramer [mailto:free10pro at gmail.com] 
Sent: Tuesday, April 06, 2010 6:45 PM
To: Seidl, Scott
Cc: gnupg-users at gnupg.org
Subject: Re: Receiving invalid packet errors when decryption Ascii Armored data

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 6 Apr 2010 14:25:09 -0500, Seidl, Scott wrote:
> I am sending data to a vendor for processing and they are at times having 
issues decrypting our files.  We are ASCII armoring the file before we send
it, and they are receiving a error of:
> 
> gpg: [don't know]: invalid packet (ctb=2d)
> 
> gpg: [don't know]: invalid packet (ctb=2d)
> 
> 
> 
> I've look at the file we sent to them and see no issues or extra data 
around the ASCII Armor header/trailer records.
> 
> Can someone provide more details on what would be causing this error?  
I've seen this with Binary (non- ASCII armored) files.
> 
> I am using GNUPG v 1.4.9 to encrypt the files on a Linux box.  I can tell 
that the vendor is also using GNUPG from the error email I get, but I don't
know the version.

Have you and the vendor compared checksums on the ASCII-armored files to
confirm that the files that you sent and the files that they received
are identical?


- -Paul

- --
You wouldn't send all of your mail written on the back of postcards
would you?  Then why would you send your e-mail the same way?
<http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html>

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCAAGBQJLu8dRAAoJEJhBiuhgbQLIW+EL/06DQg1qhFvED1CbfZJkebXO
5i2SPVrTkkr+iR9DsLxHWTItoq79FrxEdGgTf8PVR1rTy/Ejb5xHYrVgbzKAA1eK
2hMApNH8t4ujUH8fkG37H+eHhcLTMfdPoywzl/ybUlxBZ0P0UvTRQke8zTrxvMal
+SsSgy0opwt+yqQUwf23sXU11V1HyQuQ/wVFTOpbUSCHHaKV0m2lY/Rf4mvsq8w6
7fbPnu+jDIvhewIzZAbfT/rGP/Bg1PcGiFjTjtL4ao54xCaQrj2TL2mvc3jC+hmO
A0VeDvGwZQjxQAgn5yHXBTsaPLHgCKsZhEKD8IyXKcHfdJRi/o6WUdZwuOEygzWl
BmhmciOm1pgZ+YglZD1QwnRfubyjADtEM4rxGyBbU2qLOG2Ro9vrCZEVwernZJg4
I9p5RCcYhVvlsW83f91LGwaqwM817Ak5ssJO8jRiAeX5z0MgbxpSXuH4QSg+VSJM
0YjP42gPxgu7RD935GCaRyWQ2ww3gQMODOWMmdLf8w==
=G8RZ
-----END PGP SIGNATURE-----


From sascha-ml-cryptography-gnupg-users at silbe.org  Wed Apr  7 17:28:23 2010
From: sascha-ml-cryptography-gnupg-users at silbe.org (Sascha Silbe)
Date: Wed, 7 Apr 2010 17:28:23 +0200
Subject: gpg-agent forwarding / create stub keys from full key
Message-ID: <20100407152823.GG472@twin.sascha.silbe.org>

Hi!

I'm trying to use gpg-agent to sign/decrypt data on a remote host 
without storing a copy of the secret anywhere except on the local host. 
In general this should be possible since it's more or less how the 
smartcard support works.
Unfortunately gpg refuses to operate without a copy of the secret key in 
the keyring. From some mailing list posts I gather that gpg creates 
"stub keys" for keys on smartcards. Is there a way to generate and 
export such stub keys for "regular" secret keys in the keyring?

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20100407/e8cf59b8/attachment.pgp>

From kgo at grant-olson.net  Wed Apr  7 19:21:00 2010
From: kgo at grant-olson.net (Grant Olson)
Date: Wed, 07 Apr 2010 13:21:00 -0400
Subject: Receiving invalid packet errors when decryption Ascii Armored data
In-Reply-To: <1F1743D578302F4E8E698B09863791F2103556735E@WSCMS022.Dom1.Schneider.Com>
References: <1F1743D578302F4E8E698B09863791F2103551B675@WSCMS022.Dom1.Schneider.Com>	<4BBBC762.7080703@gmail.com>
	<1F1743D578302F4E8E698B09863791F2103556735E@WSCMS022.Dom1.Schneider.Com>
Message-ID: <4BBCBEFC.6010900@grant-olson.net>

On 4/7/2010 12:23 PM, Seidl, Scott wrote:
> No, I haven't done that.  What is the command for doing that (I assume cksum will work)?
> 

That's a CRC checksum.  It's probably good enough for what you're doing,
but 'md5sum' would calculate the md5.

> Also, assuming the checksums match, what would the next steps be?
> 

Hopefully they won't be. ;-)  But if they are, I'd get the version of
gnupg that the vendor is using.

It might also help if you let us know how exactly you're sending the
files to the vendor.  Email?  Ftp?  Etc...

> Thanks
> 
> Scott Seidl
> Schneider National, Inc.
> Application Development

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100407/5045a997/attachment.pgp>

From alfa5 at centrum.cz  Wed Apr  7 20:08:11 2010
From: alfa5 at centrum.cz (alfa5 at centrum.cz)
Date: Wed, 07 Apr 2010 20:08:11 +0200
Subject: Removing signatures from key
Message-ID: <1270663691.876458.4875.nullmailer@mail1010.cent>


Hi,
I am wondering if it is possible to remove some specific signature from given key. I can remove all signatures by using minimize command (when editing the key), but I did not find any command to select the signature I want to remove. 

Best regards,
Tom


From dshaw at jabberwocky.com  Wed Apr  7 21:26:21 2010
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 7 Apr 2010 15:26:21 -0400
Subject: Removing signatures from key
In-Reply-To: <1270663691.876458.4875.nullmailer@mail1010.cent>
References: <1270663691.876458.4875.nullmailer@mail1010.cent>
Message-ID: <5827B476-D8DB-40EC-8CFA-948374D772C0@jabberwocky.com>

On Apr 7, 2010, at 2:08 PM, <alfa5 at centrum.cz> wrote:

> 
> Hi,
> I am wondering if it is possible to remove some specific signature from given key. I can remove all signatures by using minimize command (when editing the key), but I did not find any command to select the signature I want to remove. 

When editing the key, you can use the "delsig" command to delete a particular signature (it will ask you for each signature if you want to delete it or not).  You may need to issue "uid (number)" to specify which UID you want to delete the signature from.

Note that if you have this key on a keyserver, deleting the signature won't change the copy on the server.  Once a signature is on a keyserver, it's pretty much there forever.

Alternately, if this is a signature that you issued (as opposed to getting from someone else), you could use "revsig" to issue a revocation for that signature.

David



From kgo at grant-olson.net  Wed Apr  7 22:41:45 2010
From: kgo at grant-olson.net (Grant Olson)
Date: Wed, 07 Apr 2010 16:41:45 -0400
Subject: WikiLeaks Crackers
In-Reply-To: <z2wcd1e5a341004070018z96fd9c40q9b499e15796a539a@mail.gmail.com>
References: <z2wcd1e5a341004070018z96fd9c40q9b499e15796a539a@mail.gmail.com>
Message-ID: <4BBCEE09.6010801@grant-olson.net>

On 4/7/2010 3:18 AM, Andre Amorim wrote:
> What type of encryption the WikiLeaks said to have broken? AES ?
> 
> Source:
> http://www.nytimes.com/2010/04/07/world/07wikileaks.html
> 
> ps.> I thought it was april fool.


http://ask.slashdot.org/comments.pl?sid=1610792&cid=31765168

According to the above thread, it was encrypted via OpenSSL with a
(presumably weak) passphrase, not public/private key encryption.

Thread might be a hoax.  There's no way I'm downloading the encrypted
version of the file to verify the headers.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100407/99cae061/attachment-0001.pgp>

From mailinglisten at hauke-laging.de  Thu Apr  8 02:31:33 2010
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 8 Apr 2010 02:31:33 +0200
Subject: secret keys are not imported
Message-ID: <201004080231.47686.mailinglisten@hauke-laging.de>

Hello,

I have tried to copy my new secret subkeys to another system. Though no error 
message 
appears this does not work:

# gpg hauke__0xECCB5814.sec.asc
sec  1024D/ECCB5814 2005-09-05 Hauke Laging <hauke at laging.de>
uid                            Hauke Laging <mail at hauke-laging.de>
uid                            Hauke Laging <mailinglisten at hauke-laging.de>
ssb  2048g/E623EF88 2005-09-05
ssb  2048R/51B279FA 2010-03-04
ssb  2048R/3A403251 2010-03-04

That looks good to me.

# LC_ALL=C gpg --import hauke__0xECCB5814.sec.asc
gpg: key ECCB5814: already in secret keyring
gpg: Total number processed: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

This does not.

I do have the public keys (from an earlier import):

# gpg --list-keys eccb5814
pub   1024D/ECCB5814 2005-09-05
uid                  Hauke Laging <hauke at laging.de>
uid                  Hauke Laging <mail at hauke-laging.de>
uid                  Hauke Laging <mailinglisten at hauke-laging.de>
sub   2048R/51B279FA 2010-03-04 [verf?llt: 2013-03-03]
sub   2048R/3A403251 2010-03-04 [verf?llt: 2013-03-03]
sub   2048R/2282921E 2010-03-08 [verf?llt: 2013-03-07]

But not the secret ones (except for those which were there before already):

# gpg --list-secret-keys eccb5814
sec   1024D/ECCB5814 2005-09-05
uid                  Hauke Laging <hauke at laging.de>
uid                  Hauke Laging <mail at hauke-laging.de>
uid                  Hauke Laging <mailinglisten at hauke-laging.de>
ssb   2048g/E623EF88 2005-09-05 [verf?llt: 2010-04-03]

# gpg --version
gpg (GnuPG) 2.0.15
libgcrypt 1.4.4


Thus trying to decrypt a file fails though the smartcard with the keys can be 
read (so in fact there are two problems):

# LC_ALL=C gpg testfile.tar.bz2.gpg
gpg: encrypted with 2048-bit RSA key, ID 51B279FA, created 2010-03-04
      "Hauke Laging <hauke at laging.de>"
gpg: decryption failed: No secret key

# gpg --card-status
[...]
Encryption key....: F831 934A CD0D 5092 D1FC  53E9 8E3D D37A 51B2 79FA
      created ....: 2010-03-04 02:13:27
[...]


CU

Hauke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100408/a24bfb92/attachment.pgp>

From wk at gnupg.org  Thu Apr  8 12:03:09 2010
From: wk at gnupg.org (Werner Koch)
Date: Thu, 08 Apr 2010 12:03:09 +0200
Subject: secret keys are not imported
In-Reply-To: <201004080231.47686.mailinglisten@hauke-laging.de> (Hauke
	Laging's message of "Thu, 8 Apr 2010 02:31:33 +0200")
References: <201004080231.47686.mailinglisten@hauke-laging.de>
Message-ID: <87fx36p8gy.fsf@vigenere.g10code.de>

On Thu,  8 Apr 2010 02:31, mailinglisten at hauke-laging.de said:

> # LC_ALL=C gpg --import hauke__0xECCB5814.sec.asc
> gpg: key ECCB5814: already in secret keyring
> gpg: Total number processed: 1
> gpg:       secret keys read: 1
> gpg:  secret keys unchanged: 1
>
> This does not.

Merging secret keys is not yet supported.  Delete the secret keys on the target
box first.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From mailinglisten at hauke-laging.de  Thu Apr  8 12:28:38 2010
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 8 Apr 2010 12:28:38 +0200
Subject: secret keys are not imported
In-Reply-To: <87fx36p8gy.fsf@vigenere.g10code.de>
References: <201004080231.47686.mailinglisten@hauke-laging.de>
	<87fx36p8gy.fsf@vigenere.g10code.de>
Message-ID: <201004081228.43385.mailinglisten@hauke-laging.de>

Am Donnerstag 08 April 2010 12:03:09 schrieb Werner Koch:

> Merging secret keys is not yet supported.  Delete the secret keys on the
>  target box first.

OK... I did this:

# gpg --delete-secret-key ECCB5814
[...]

# LC_ALL=C gpg --list-secret-keys eccb5814
gpg: error reading key: No secret key

And then I tried to import again:

# LC_ALL=C gpg --import hauke__0xECCB5814.sec.asc
gpg: key ECCB5814: secret key imported
gpg: key ECCB5814: "Hauke Laging <hauke at laging.de>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

This works:

# LC_ALL=C gpg --list-secret-keys eccb5814
sec   1024D/ECCB5814 2005-09-05
uid                  Hauke Laging <hauke at laging.de>
uid                  Hauke Laging <mail at hauke-laging.de>
uid                  Hauke Laging <mailinglisten at hauke-laging.de>
ssb   2048R/51B279FA 2010-03-04 [expires: 2013-03-03]
ssb   2048R/3A403251 2010-03-04 [expires: 2013-03-03]
ssb   2048g/E623EF88 2005-09-05 [expires: 2010-04-03]

But why does the import command say 1 everywhere though obviously not one but 
three subkeys have been read and imported?


CU

Hauke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100408/b1a40b36/attachment.pgp>

From dshaw at jabberwocky.com  Thu Apr  8 14:30:25 2010
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 8 Apr 2010 08:30:25 -0400
Subject: secret keys are not imported
In-Reply-To: <201004081228.43385.mailinglisten@hauke-laging.de>
References: <201004080231.47686.mailinglisten@hauke-laging.de>
	<87fx36p8gy.fsf@vigenere.g10code.de>
	<201004081228.43385.mailinglisten@hauke-laging.de>
Message-ID: <66C7DE81-B120-4ED1-94A0-5816ADCD7AEC@jabberwocky.com>

On Apr 8, 2010, at 6:28 AM, Hauke Laging wrote:

> # LC_ALL=C gpg --list-secret-keys eccb5814
> sec   1024D/ECCB5814 2005-09-05
> uid                  Hauke Laging <hauke at laging.de>
> uid                  Hauke Laging <mail at hauke-laging.de>
> uid                  Hauke Laging <mailinglisten at hauke-laging.de>
> ssb   2048R/51B279FA 2010-03-04 [expires: 2013-03-03]
> ssb   2048R/3A403251 2010-03-04 [expires: 2013-03-03]
> ssb   2048g/E623EF88 2005-09-05 [expires: 2010-04-03]
> 
> But why does the import command say 1 everywhere though obviously not one but 
> three subkeys have been read and imported?

This is normal behavior.  Only primary keys are counted when importing keys, even though there may be multiple subkeys attached.

David



From mailinglisten at hauke-laging.de  Thu Apr  8 19:19:03 2010
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 8 Apr 2010 19:19:03 +0200
Subject: secret keys are not imported
In-Reply-To: <87fx36p8gy.fsf@vigenere.g10code.de>
References: <201004080231.47686.mailinglisten@hauke-laging.de>
	<87fx36p8gy.fsf@vigenere.g10code.de>
Message-ID: <201004081919.13157.mailinglisten@hauke-laging.de>

Am Donnerstag 08 April 2010 12:03:09 schrieb Werner Koch:

> Merging secret keys is not yet supported.  Delete the secret keys on the
>  target box first.

I had one (ElG) subkey before I started using a smartcard. Is it impossible to 
combine the old secret subkey and the smartcard keys?

It seems so to me. I have to delete the secret keys in order to make gpg use 
the smartcard. But after that I cannot import the old subkey andy more.

I should be able to use it by using seperate key rings though.


CU

Hauke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100408/43b1a9c2/attachment.pgp>

From faramir.cl at gmail.com  Fri Apr  9 05:50:39 2010
From: faramir.cl at gmail.com (Faramir)
Date: Thu, 08 Apr 2010 23:50:39 -0400
Subject: WikiLeaks Crackers
In-Reply-To: <51022366-DBA9-4808-BF5D-DD3225528092@JABBERWOCKY.COM>
References: <z2wcd1e5a341004070018z96fd9c40q9b499e15796a539a@mail.gmail.com>
	<51022366-DBA9-4808-BF5D-DD3225528092@JABBERWOCKY.COM>
Message-ID: <4BBEA40F.1020405@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw escribi?:
> On Apr 7, 2010, at 3:18 AM, Andre Amorim wrote:
> 
>> What type of encryption the WikiLeaks said to have broken? AES ?
...
> I do not think that this is a break of any serious crypto, though.  If someone could arrange for AES or any other strong cipher to be broken simply by asking for it on a web site, this would be news.

  Right, I was interested on the subject too, and wondering what kind of
encryption could have been used to encrypt the file. I guess David is
right and the key chosen was too weak... but it would be nice to hear
about what was actually the method used to encrypt and how did they
break it.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJLvqQPAAoJEMV4f6PvczxAjOAH/jDp7ulZBawjbVdQRh8whCCi
127y4D6OD4Y2ED0CQqw6Jw9jM39SjsbHoVc9V7AYhYbyCzMY/5KuQ+FoqA9oSo3m
j85clajh9clIluABEJHAWHjn0uTCPwMQ8Xv7AgpUvvZh73ImIP9VWPIt1lDWe9Cw
5qqPc2LtQIDCa9mBogKyqbArta4UuSax0ihmA9g758aUz/aZ6/uqHhXx0O1vOQZp
Tv+8jRQHN9emYoGwF3scFsb904PnfO/YU1rWF9kaMfgHpQ9MOjNM7iIom7iBOv4h
sV1An581e2CcPGVQq8yPTGz2pXRsWkmcNQYQqpvHwxAgFQ9Sa4UBotceFojZw2w=
=KU4+
-----END PGP SIGNATURE-----


From John at Mozilla-Enigmail.org  Fri Apr  9 06:23:45 2010
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Thu, 08 Apr 2010 23:23:45 -0500
Subject: WikiLeaks Crackers
In-Reply-To: <4BBEA40F.1020405@gmail.com>
References: <z2wcd1e5a341004070018z96fd9c40q9b499e15796a539a@mail.gmail.com>	<51022366-DBA9-4808-BF5D-DD3225528092@JABBERWOCKY.COM>
	<4BBEA40F.1020405@gmail.com>
Message-ID: <4BBEABD1.5090708@Mozilla-Enigmail.org>

Faramir wrote:
> David Shaw escribi?:
>> On Apr 7, 2010, at 3:18 AM, Andre Amorim wrote:
> 
>>> What type of encryption the WikiLeaks said to have broken? AES ?
> ...
>> I do not think that this is a break of any serious crypto, though. If 
>> someonecould arrange for AES or any other strong cipher to be broken simply
>> by asking for it on a web site, this would be news.
> 
>   Right, I was interested on the subject too, and wondering what kind of
> encryption could have been used to encrypt the file. I guess David is
> right and the key chosen was too weak... but it would be nice to hear
> about what was actually the method used to encrypt and how did they
> break it.

There was a comment in Schneier's blog pointing to an article at
http://www.sueddeutsche.de/ saying that it was a plain old run-of-the-mill
dictionary attack of several million entries.

*yawn* Not really crypto news

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 499 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100408/ee5c41d0/attachment.pgp>

From dougb at dougbarton.us  Mon Apr 12 06:18:55 2010
From: dougb at dougbarton.us (Doug Barton)
Date: Sun, 11 Apr 2010 21:18:55 -0700 (PDT)
Subject: New version of pine-pgp-filters
Message-ID: <alpine.BSF.2.00.1004112118290.1547@qbhto.arg>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Greetings,

First, apologies to those who receive 2 copies of this message, or those
for whom this message is unwelcome in any way.

I wanted to send a quick note for those who are using, or may be
interested in using my scripts to integrate GnuPG with Alpine. I've
released version 1.7 which has the following two small updates:

1. Use a more reliable method to find the signature and message parts
    in the ppf_mime script.

2. Add support for the OpenPGP header in ppf_sign and ppf_encrypt, and
    use the same method to sanitize the key ID as was already done for
    the other headers.

You can find the scripts themselves, and more information about them at
http://dougbarton.us/PGP/ppf/


Regards,

Doug

- -- 

 	Improve the effectiveness of your Internet presence with
 	a domain name makeover!    http://SupersetSolutions.com/

 	Computers are useless. They can only give you answers.
 			-- Pablo Picasso

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBCAAGBQJLwp8vAAoJEFzGhvEaGryEcEgH/iezjOMTEerz7Z+k5cU1KgcR
ji58ZYbshCSy0TokHKzuRjwDaZpKBPo2GPQm5StKqW0D8ff2dHGjMX2t2wWTgJHo
D1ne4+d7MBG7jTer/gUGLCjYKTtR7OtIbvwOrRC85pn6MVV2oHgRMLjVphPhXIxS
i9RvdeoSETdSfmfrUvxj64L0Au5Y9ai+u12MDjCYI79fDXPrJfSV9kS1Ery3mXOM
+k/Ij4EoV6FGTWYzRKQZic15oQL/wUVeuyXD31RsEyvPNrhTQtTOh0bY6YspHRXN
I6w9MezUanAZ5XGQENFoVrz55JZUceXOLMvKW94NfGY6Wb+F+tdgcO8OInG9GJY=
=CGYq
-----END PGP SIGNATURE-----


From marcio.barbado at gmail.com  Mon Apr 12 20:33:19 2010
From: marcio.barbado at gmail.com (M.B.Jr.)
Date: Mon, 12 Apr 2010 15:33:19 -0300
Subject: DRM -- digital rights management
Message-ID: <t2t2df3b0cb1004121133k699075f0k86db341b412eda7e@mail.gmail.com>

Hi,
I have this simple question (sorry for it), regarding "digital rights
management".

As I understand, DRM in essence is the use of asymmetric cryptography,
which turns simple public keys into not-publicly-available public
keys.

Is it correct?


Regards,



Marcio Barbado, Jr.


From dshaw at jabberwocky.com  Mon Apr 12 21:58:39 2010
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 12 Apr 2010 15:58:39 -0400
Subject: DRM -- digital rights management
In-Reply-To: <t2t2df3b0cb1004121133k699075f0k86db341b412eda7e@mail.gmail.com>
References: <t2t2df3b0cb1004121133k699075f0k86db341b412eda7e@mail.gmail.com>
Message-ID: <4E1E7149-2AB7-45A7-836C-20894252451A@jabberwocky.com>

On Apr 12, 2010, at 2:33 PM, M.B.Jr. wrote:

> Hi,
> I have this simple question (sorry for it), regarding "digital rights
> management".
> 
> As I understand, DRM in essence is the use of asymmetric cryptography,
> which turns simple public keys into not-publicly-available public
> keys.
> 
> Is it correct?

No.  DRM is a collective term for the various means of controlling use of media in one way or another.  It's possible to use asymmetric crypto as part of a DRM scheme, but this is not a requirement, or inherent in the idea of DRM.

David



From Michael.Strout at clearstructure.com  Mon Apr 12 18:45:31 2010
From: Michael.Strout at clearstructure.com (Michael E. Strout)
Date: Mon, 12 Apr 2010 12:45:31 -0400
Subject: Invalid Marker Packet issue using PGP to encrypt using GnuPG
	certificate
Message-ID: <4CD30F44D3D9A14B868D82DFB99929F62325552B66@Mail.AIS.atlanticinfo.com>

Hi all,

                We're using GnuPG to both create an asynchronous key pair, the public key of which we provide to clients, and to decrypt the files encrypted with that certificate after its been transfered.  One particular client is uploading files which return an "Invalid Marker Packet" error when I try to decrypt them.



I've tried installing the newest versions of gpg, but it doesn't matter whether I'm using 1.4.9 or 2.0.12, I get an "invalid marker packet" error.



I've opened up an older upload which I was able to decrypt and the most recent upload in a hex editor and can see that the bytes following the PGP in the marker packet are different,



 i.e. the one in the old file is 50 47 50 c1 c0 4c which reads as P G P 193 192 76 or PGP 12697676 or PGP??L

While the one in the new file is 50 47 50 C1 C1 4E  which reads as P G P 193 193 78 or PGP 12697934 or PGP??N

I figure the client is using PGP software (hence the marker packet) and may have upgraded their software since the last successfully decrypted upload, but I thought they could put anything they wanted in the marker packet and gpg would be fine...

Has anyone else seen this and know of a way past it?

~Michael


________________________________
- CONFIDENTIALITY NOTICE -
This e-mail message from ClearStructure Financial Technology, LLC is intended only for the individual or entity to which it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it. We take steps to protect against viruses but advise you to carry out your own checks and precautions as we accept no liability for any which remain. We may monitor emails sent to and from our server(s) to ensure regulatory compliance to protect our clients and business.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100412/431ca0c2/attachment.htm>

From dshaw at jabberwocky.com  Tue Apr 13 00:00:30 2010
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 12 Apr 2010 18:00:30 -0400
Subject: Invalid Marker Packet issue using PGP to encrypt using GnuPG
	certificate
In-Reply-To: <4CD30F44D3D9A14B868D82DFB99929F62325552B66@Mail.AIS.atlanticinfo.com>
References: <4CD30F44D3D9A14B868D82DFB99929F62325552B66@Mail.AIS.atlanticinfo.com>
Message-ID: <C1BEBA2F-A6D2-4AFF-9054-6DC4EE7AA24E@jabberwocky.com>

On Apr 12, 2010, at 12:45 PM, Michael E. Strout wrote:

> Hi all,
>                 We're using GnuPG to both create an asynchronous key pair, the public key of which we provide to clients, and to decrypt the files encrypted with that certificate after its been transfered.  One particular client is uploading files which return an "Invalid Marker Packet" error when I try to decrypt them.
>  
> I've tried installing the newest versions of gpg, but it doesn't matter whether I'm using 1.4.9 or 2.0.12, I get an "invalid marker packet" error. 
>  
> I've opened up an older upload which I was able to decrypt and the most recent upload in a hex editor and can see that the bytes following the PGP in the marker packet are different,
>  
>  i.e. the one in the old file is 50 47 50 c1 c0 4c which reads as P G P 193 192 76 or PGP 12697676 or PGP??L
> While the one in the new file is 50 47 50 C1 C1 4E  which reads as P G P 193 193 78 or PGP 12697934 or PGP??N

The only valid marker packet contains exactly 3 bytes: P, G, and P.  Given that the following byte is C1, it looks like that's the beginning of the next packet, rather than part of the marker packet.  C1 would be the encrypted session key packet, which makes sense at that point in the document.

Can you tell me a few bytes from *before* the P, G, P?  Perhaps the length is wrong.

David



From dshaw at jabberwocky.com  Tue Apr 13 00:12:03 2010
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon, 12 Apr 2010 18:12:03 -0400
Subject: Invalid Marker Packet issue using PGP to encrypt using GnuPG
	certificate
In-Reply-To: <4CD30F44D3D9A14B868D82DFB99929F62325552BEE@Mail.AIS.atlanticinfo.com>
References: <4CD30F44D3D9A14B868D82DFB99929F62325552B66@Mail.AIS.atlanticinfo.com>
	<C1BEBA2F-A6D2-4AFF-9054-6DC4EE7AA24E@jabberwocky.com>
	<4CD30F44D3D9A14B868D82DFB99929F62325552BEE@Mail.AIS.atlanticinfo.com>
Message-ID: <94C7EA3B-2B8F-42EB-A194-7336AB79A86E@jabberwocky.com>

> On Apr 12, 2010, at 12:45 PM, Michael E. Strout wrote:
> 
>> Hi all,
>>                We're using GnuPG to both create an asynchronous key pair, the public key of which we provide to clients, and to decrypt the files encrypted with that certificate after its been transfered.  One particular client is uploading files which return an "Invalid Marker Packet" error when I try to decrypt them.
>> 
>> I've tried installing the newest versions of gpg, but it doesn't matter whether I'm using 1.4.9 or 2.0.12, I get an "invalid marker packet" error.
>> 
>> I've opened up an older upload which I was able to decrypt and the most recent upload in a hex editor and can see that the bytes following the PGP in the marker packet are different,
>> 
>> i.e. the one in the old file is 50 47 50 c1 c0 4c which reads as P G P 193 192 76 or PGP 12697676 or PGP??L
>> While the one in the new file is 50 47 50 C1 C1 4E  which reads as P G P 193 193 78 or PGP 12697934 or PGP??N
> 
> The only valid marker packet contains exactly 3 bytes: P, G, and P.  Given that the following byte is C1, it looks like that's the beginning of the next packet, rather than part of the marker packet.  C1 would be the encrypted session key packet, which makes sense at that point in the document.
> 
> Can you tell me a few bytes from *before* the P, G, P?  Perhaps the length is wrong.

On Apr 12, 2010, at 6:07 PM, Michael E. Strout wrote:

> Both Files begin with A8 03 50 47 50

A8 == Marker packet
03 == Length (3 bytes)
50 == 'P'
47 == 'G'
50 == 'P'

That looks fine.  It's possible there is corruption elsewhere in the file so that there is something that looks like a (mangled) marker packet, but this one is valid.

I'd check into how the client is sending you the files. If they're using FTP, make sure they are sending in binary or image mode and not ascii or text mode.

David



From faramir.cl at gmail.com  Tue Apr 13 05:26:38 2010
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 12 Apr 2010 23:26:38 -0400
Subject: Invalid selfsignature
Message-ID: <4BC3E46E.6080100@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,
      I just imported one of my public keys (after receiving it signed
by other person), and when I was importing, I saw a message about
"invalid self signature" for one of the UIDs. Is that serious? How could
it happen? and... how can I solve it?

      Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJLw+RuAAoJEMV4f6PvczxAPR4IAJlzibX1BY6RmocI0XArvL8p
O2IxtXzuwx9mjWMWIZyRe5mRH3rinHDb5HYQP+7H+EctyhTOhqDUJATJhgCHCKJe
S2vXhp2ODbevGCizvDQs92EvqdcDNRkGBHRC8eQRm/eeQ1AoekymmD7TZ8jTldyB
02roktlg3L24dSZtIMwZ6Esl5U214J/xbuAsAhF1uovLtJtOwLhaHOZegYontOYS
ZRkVCWWDJi0rXu3w0H/QBMlkewTpXnNsMZ9Yx56qbpC30ymyDqtktNresQ+kfuX1
r5JciZ4E6fc/ESFBdkw0dYpH7vC29i0VgfP7LHcaq4dSWXMoFiK3MHCzD4Yy0V0=
=1/qL
-----END PGP SIGNATURE-----


From bhouse1273 at gmail.com  Tue Apr 13 22:06:51 2010
From: bhouse1273 at gmail.com (Bill House)
Date: Tue, 13 Apr 2010 13:06:51 -0700
Subject: How to NOT Use IDEA?
Message-ID: <y2nf5228dec1004131306l880d114cl4441d75af0b5f894@mail.gmail.com>

Surely this is a newbie question, but I have been trying for some time to
get GPG to create a signed and encrypted file.  Not wanting to go through
the whole recompile thing and not caring to use the IDEA cipher, it seems to
me that GPG should simply work by default.  Sadly, it does not seem to work
for me.

I created a new RSA/RSA 2048 key in my keyring.  So long as I only want to
encrypt, it works fine.  When I want to encrypt AND sign, it complains that
I need the IDEA algorithm.  When I specify the cipher-algo, it either claims
the cipher is invalid, or it complains that it cannot use IDEA  -- which is
it?  I have tried all the ciphers reported by using gpg --list-packets on
the exported keyfile, to no avail.  Here is the example of my command line:

gpg --armor --cipher-algo cast5 --sign --passphrase yadayada --user
someHexID --recipient someHexID --output "output.asc" --encrypt "input.csv"

I am running the Windows version of gpg 1.4.10b

Where have I gone wrong?

Thanks,

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100413/627f2d66/attachment-0001.htm>

From dshaw at jabberwocky.com  Tue Apr 13 23:19:49 2010
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue, 13 Apr 2010 17:19:49 -0400
Subject: How to NOT Use IDEA?
In-Reply-To: <y2nf5228dec1004131306l880d114cl4441d75af0b5f894@mail.gmail.com>
References: <y2nf5228dec1004131306l880d114cl4441d75af0b5f894@mail.gmail.com>
Message-ID: <A7A6F1A3-C672-49B7-B0AF-C66B85DA50FB@jabberwocky.com>

On Apr 13, 2010, at 4:06 PM, Bill House wrote:

> Surely this is a newbie question, but I have been trying for some time to get GPG to create a signed and encrypted file.  Not wanting to go through the whole recompile thing and not caring to use the IDEA cipher, it seems to me that GPG should simply work by default.  Sadly, it does not seem to work for me.
> 
> I created a new RSA/RSA 2048 key in my keyring.  So long as I only want to encrypt, it works fine.  When I want to encrypt AND sign, it complains that I need the IDEA algorithm.  When I specify the cipher-algo, it either claims the cipher is invalid, or it complains that it cannot use IDEA  -- which is it?  I have tried all the ciphers reported by using gpg --list-packets on the exported keyfile, to no avail.  Here is the example of my command line:
> 
> gpg --armor --cipher-algo cast5 --sign --passphrase yadayada --user someHexID --recipient someHexID --output "output.asc" --encrypt "input.csv"
> 
> I am running the Windows version of gpg 1.4.10b
> 
> Where have I gone wrong?

The --sign command belongs at the end of the line, next to --encrypt.  Also, what program did you use to create that new RSA/RSA 2048-bit key?

David



From kgo at grant-olson.net  Tue Apr 13 23:28:26 2010
From: kgo at grant-olson.net (Grant Olson)
Date: Tue, 13 Apr 2010 17:28:26 -0400
Subject: How to NOT Use IDEA?
In-Reply-To: <y2nf5228dec1004131306l880d114cl4441d75af0b5f894@mail.gmail.com>
References: <y2nf5228dec1004131306l880d114cl4441d75af0b5f894@mail.gmail.com>
Message-ID: <4BC4E1FA.3050001@grant-olson.net>

On 4/13/2010 4:06 PM, Bill House wrote:
> 
> I created a new RSA/RSA 2048 key in my keyring.  So long as I only want
> to encrypt, it works fine.  When I want to encrypt AND sign, it
> complains that I need the IDEA algorithm.  When I specify the
> cipher-algo, it either claims the cipher is invalid, or it complains
> that it cannot use IDEA  -- which is it?  I have tried all the ciphers
> reported by using gpg --list-packets on the exported keyfile, to no
> avail.  Here is the example of my command line:
> 
> gpg --armor --cipher-algo cast5 --sign --passphrase yadayada --user
> someHexID --recipient someHexID --output "output.asc" --encrypt "input.csv"
> 
> I am running the Windows version of gpg 1.4.10b
> 
> Where have I gone wrong?
> 

Does this happen for any recipient?  Like if you encrypt to yourself, or
me?  Maybe that particular recipient has IDEA in his preferences.  You
can look at his (or your own) preferences by running 'gpg --edit-key
key_id' and then 'showpref'.  Do either of these have IDEA listed as a
cipher?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100413/ce0631af/attachment.pgp>

From bhouse1273 at gmail.com  Wed Apr 14 01:34:13 2010
From: bhouse1273 at gmail.com (Bill House)
Date: Tue, 13 Apr 2010 16:34:13 -0700
Subject: How to NOT Use IDEA?
Message-ID: <v2tf5228dec1004131634n8474feaam9d353861e0c91e53@mail.gmail.com>

The showpref on the key does not mention IDEA, which leaves me also
with no idea how IDEA is in the mix.

???? Cipher: AES256, AES192, AES, CAST5, 3DES
???? Digest: SHA256, SHA1, SHA384, SHA512, SHA224
???? Compression: ZLIB, BZIP2, ZIP, Uncompressed
???? Features: MDC, Keyserver no-modify

Bill

> Does this happen for any recipient? ?Like if you encrypt to yourself, or
> me? ?Maybe that particular recipient has IDEA in his preferences. ?You
> can look at his (or your own) preferences by running 'gpg --edit-key
> key_id' and then 'showpref'. ?Do either of these have IDEA listed as a
> cipher?


From laurent.jumet at skynet.be  Wed Apr 14 07:53:58 2010
From: laurent.jumet at skynet.be (Laurent Jumet)
Date: Wed, 14 Apr 2010 07:53:58 +0200
Subject: How to NOT Use IDEA?
In-Reply-To: <v2tf5228dec1004131634n8474feaam9d353861e0c91e53@mail.gmail.com>
Message-ID: <GED4BC559EA@laurent.jumet.skynet.be>


Hello Bill !

Bill House <bhouse1273 at gmail.com> wrote:

> The showpref on the key does not mention IDEA, which leaves me also
> with no idea how IDEA is in the mix.

> ???? Cipher: AES256, AES192, AES, CAST5, 3DES
> ???? Digest: SHA256, SHA1, SHA384, SHA512, SHA224
> ???? Compression: ZLIB, BZIP2, ZIP, Uncompressed
> ???? Features: MDC, Keyserver no-modify

    If IDEA is set in preferences, list is like mine:

     Cipher: AES, CAMELLIA128, CAMELLIA192, CAMELLIA256, IDEA, TWOFISH, CAST5, BLOWFIS
H, 3DES, AES256, AES192
     Digest: RIPEMD160, SHA256, SHA384, SHA512, SHA224, SHA1, MD5
     Compression: ZIP, ZLIB, BZIP2, Uncompressed
     Features: MDC, Keyserver no-modify


    But may be GPG.CONF *alone* as a reference to IDEA:
load-extension c:\lib\gnupg\idea.dll

    Be aware that a user must set his preferences in his key, save it, and then export it on keyservers. Otherwise IDEA may be set and used when encrypting, but other people are not aware of it.

-- 
Laurent Jumet
      KeyID: 0xCFAF704C


From Michael.Strout at clearstructure.com  Tue Apr 13 00:07:03 2010
From: Michael.Strout at clearstructure.com (Michael E. Strout)
Date: Mon, 12 Apr 2010 18:07:03 -0400
Subject: Invalid Marker Packet issue using PGP to encrypt using GnuPG
	certificate
In-Reply-To: <C1BEBA2F-A6D2-4AFF-9054-6DC4EE7AA24E@jabberwocky.com>
References: <4CD30F44D3D9A14B868D82DFB99929F62325552B66@Mail.AIS.atlanticinfo.com>
	<C1BEBA2F-A6D2-4AFF-9054-6DC4EE7AA24E@jabberwocky.com>
Message-ID: <4CD30F44D3D9A14B868D82DFB99929F62325552BEE@Mail.AIS.atlanticinfo.com>

Both Files begin with A8 03 50 47 50

Michael Everett Strout
Systems Administrator & Software Engineer
ClearStructure Financial Technology, LLC
Michael.Strout at clearstructure.com
+1 203 205 2720 (direct)
+1 203 942 5031 (mobile)
+1 203 205 2700 (main)
+1 203 205 2739 (fax)


Transparent is Good. Clear is Better.
www.clearstructure.com

-----Original Message-----
From: David Shaw [mailto:dshaw at jabberwocky.com]
Sent: Monday, April 12, 2010 18:01
To: Michael E. Strout
Cc: gnupg-users at gnupg.org
Subject: Re: Invalid Marker Packet issue using PGP to encrypt using GnuPG certificate

On Apr 12, 2010, at 12:45 PM, Michael E. Strout wrote:

> Hi all,
>                 We're using GnuPG to both create an asynchronous key pair, the public key of which we provide to clients, and to decrypt the files encrypted with that certificate after its been transfered.  One particular client is uploading files which return an "Invalid Marker Packet" error when I try to decrypt them.
>
> I've tried installing the newest versions of gpg, but it doesn't matter whether I'm using 1.4.9 or 2.0.12, I get an "invalid marker packet" error.
>
> I've opened up an older upload which I was able to decrypt and the most recent upload in a hex editor and can see that the bytes following the PGP in the marker packet are different,
>
>  i.e. the one in the old file is 50 47 50 c1 c0 4c which reads as P G P 193 192 76 or PGP 12697676 or PGP??L
> While the one in the new file is 50 47 50 C1 C1 4E  which reads as P G P 193 193 78 or PGP 12697934 or PGP??N

The only valid marker packet contains exactly 3 bytes: P, G, and P.  Given that the following byte is C1, it looks like that's the beginning of the next packet, rather than part of the marker packet.  C1 would be the encrypted session key packet, which makes sense at that point in the document.

Can you tell me a few bytes from *before* the P, G, P?  Perhaps the length is wrong.

David


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

- CONFIDENTIALITY NOTICE -
This e-mail message from ClearStructure Financial Technology, LLC is intended only for the individual or entity to which it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it. We take steps to protect against viruses but advise you to carry out your own checks and precautions as we accept no liability for any which remain. We may monitor emails sent to and from our server(s) to ensure regulatory compliance to protect our clients and business.


From bhouse1273 at gmail.com  Wed Apr 14 21:49:00 2010
From: bhouse1273 at gmail.com (Bill House)
Date: Wed, 14 Apr 2010 12:49:00 -0700
Subject: How to NOT Use IDEA?
Message-ID: <r2lf5228dec1004141249geb7e3e7an566c7469c819a7e@mail.gmail.com>

The initial install had written a gpg.conf file that seems to have
been the problem.  I replaced it with a new gpg.conf that has the
default-key set to the new keyid I made and the problem is solved.

Thanks to all for the help!

Bill House


From holtzm at cox.net  Thu Apr 15 02:49:20 2010
From: holtzm at cox.net (Robert Holtzman)
Date: Wed, 14 Apr 2010 17:49:20 -0700 (MST)
Subject: New version of pine-pgp-filters
In-Reply-To: <alpine.BSF.2.00.1004112118290.1547@qbhto.arg>
References: <alpine.BSF.2.00.1004112118290.1547@qbhto.arg>
Message-ID: <alpine.DEB.2.00.1004141743580.12899@localhost>

On Sun, 11 Apr 2010, Doug Barton wrote:

> I wanted to send a quick note for those who are using, or may be
> interested in using my scripts to integrate GnuPG with Alpine. I've
> released version 1.7 which has the following two small updates:

Your INSTALL file says:

"The configure script will look for your gpg2 binary......"

Is gpg2 required or will it work with older versions ie 1.4.6?

-- 
Bob Holtzman
Key ID: 8D549279
"If you think you're getting free lunch,
  check the price of the beer"


From dougb at dougbarton.us  Thu Apr 15 04:46:46 2010
From: dougb at dougbarton.us (Doug Barton)
Date: Wed, 14 Apr 2010 19:46:46 -0700
Subject: New version of pine-pgp-filters
In-Reply-To: <alpine.DEB.2.00.1004141743580.12899@localhost>
References: <alpine.BSF.2.00.1004112118290.1547@qbhto.arg>
	<alpine.DEB.2.00.1004141743580.12899@localhost>
Message-ID: <4BC67E16.7020407@dougbarton.us>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 04/14/10 17:49, Robert Holtzman wrote:
> On Sun, 11 Apr 2010, Doug Barton wrote:
> 
>> I wanted to send a quick note for those who are using, or may be
>> interested in using my scripts to integrate GnuPG with Alpine. I've
>> released version 1.7 which has the following two small updates:
> 
> Your INSTALL file says:
> 
> "The configure script will look for your gpg2 binary......"
> 
> Is gpg2 required or will it work with older versions ie 1.4.6?

Read the rest of the paragraph. :)

... gpg2 binary in PREFIX/bin, /usr/bin, and /bin, in that order, then
repeat the search for gpg 1.x if version 2 is not found. The option
exists to specify one version or the other if you have both installed.

As for the specific version 1.4.6 I'm at least 90% sure it will work,
the gpg commands don't include any exotic options. If you have any
problems let me know and I'll see what I can do.


hth,

Doug

- -- 

	... and that's just a little bit of history repeating.
			-- Propellerheads

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iQEcBAEBCAAGBQJLxn4WAAoJEFzGhvEaGryEqVIIAMY0KCdW5+GDdxceKYl0NpLd
bt37tLjZC3BERr/PH5x31FLY2CMRnvr589P/QY4pQBMua43Y17m3YewLFKNI/erj
ItvW5V2rlm7PilA1q5CvR1y0XOGg6JHgBARRPbAB9bMWxzEgJMbcrgX4ERdoRd5d
mhXnkH+H1KDZxgui75LcKxFSboJhkO1JnwoTazfPndqinBXISruX95QXdRKXo//H
Y/MZRAAyZqjH7eiZDp+DcessHqMP0hPSfJaIbxm0MibBaC/UFKlmPiv3o6b7wExk
hY6H05gwNPrm6puyGZGYhWWoDzNvtLaeQTGVw95ot3hdMEY8MMtU/XTpM0l2zVk=
=/9La
-----END PGP SIGNATURE-----


From holtzm at cox.net  Thu Apr 15 08:43:02 2010
From: holtzm at cox.net (Robert Holtzman)
Date: Wed, 14 Apr 2010 23:43:02 -0700 (MST)
Subject: New version of pine-pgp-filters
In-Reply-To: <4BC67E16.7020407@dougbarton.us>
References: <alpine.BSF.2.00.1004112118290.1547@qbhto.arg>
	<alpine.DEB.2.00.1004141743580.12899@localhost>
	<4BC67E16.7020407@dougbarton.us>
Message-ID: <alpine.DEB.2.00.1004142341450.17381@localhost>

On Wed, 14 Apr 2010, Doug Barton wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 04/14/10 17:49, Robert Holtzman wrote:
>> On Sun, 11 Apr 2010, Doug Barton wrote:
>>
>>> I wanted to send a quick note for those who are using, or may be
>>> interested in using my scripts to integrate GnuPG with Alpine. I've
>>> released version 1.7 which has the following two small updates:
>>
>> Your INSTALL file says:
>>
>> "The configure script will look for your gpg2 binary......"
>>
>> Is gpg2 required or will it work with older versions ie 1.4.6?
>
> Read the rest of the paragraph. :)

Ouch!

>
> ... gpg2 binary in PREFIX/bin, /usr/bin, and /bin, in that order, then
> repeat the search for gpg 1.x if version 2 is not found. The option
> exists to specify one version or the other if you have both installed.
>
> As for the specific version 1.4.6 I'm at least 90% sure it will work,
> the gpg commands don't include any exotic options. If you have any
> problems let me know and I'll see what I can do.

Thanks.

-- 
Bob Holtzman
Key ID: 8D549279
"If you think you're getting free lunch,
  check the price of the beer"


From joke at seiken.de  Fri Apr 16 14:37:30 2010
From: joke at seiken.de (Joke de Buhr)
Date: Fri, 16 Apr 2010 14:37:30 +0200
Subject: gpg-agent and ssh-keys not working anymore
Message-ID: <201004161437.30494.joke@seiken.de>

Usually I use the gpg-agent to manage my ssh keys. But now it doesn't work 
anymore. 

A few days ago I lost homedir and everything got lost. I rebuild the gnupg 
configuration to use the agent and the has ssh support enabled. I generated a 
new ssh key and added it to the agent via ssh-add.

Now every time I try to connect via ssh the pinentry window pops up and asks 
for a password to unlock the key. But pinentry always says the password is 
wrong and I keep getting the error message "Agent admitted failure to sign 
using the key.". 

The passwords are enter correctly and the ssh public key was added to 
authorized_keys. I tried generating new ssh keys but the problem is always the 
same.

Anyone any ideas?
Thanks


From wk at gnupg.org  Mon Apr 19 08:35:03 2010
From: wk at gnupg.org (Werner Koch)
Date: Mon, 19 Apr 2010 08:35:03 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <201004161437.30494.joke@seiken.de> (Joke de Buhr's message of
	"Fri, 16 Apr 2010 14:37:30 +0200")
References: <201004161437.30494.joke@seiken.de>
Message-ID: <87d3xwj6g8.fsf@vigenere.g10code.de>

On Fri, 16 Apr 2010 14:37, joke at seiken.de said:

> The passwords are enter correctly and the ssh public key was added to 
> authorized_keys. I tried generating new ssh keys but the problem is
> always the

You might be hampered a bug fixed in 2.0.15:

 * Fixes a regression in 2.0.14 which prevented unprotection of new
   or changed gpg-agent passphrases.

It is possible to write a tool to fix such a bad passphrases.  However
there are only a very few reports and thus I believe it is easier to
generate a new key instead.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From joke at seiken.de  Mon Apr 19 09:20:06 2010
From: joke at seiken.de (Joke de Buhr)
Date: Mon, 19 Apr 2010 09:20:06 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <87d3xwj6g8.fsf@vigenere.g10code.de>
References: <201004161437.30494.joke@seiken.de>
	<87d3xwj6g8.fsf@vigenere.g10code.de>
Message-ID: <201004190920.06265.joke@seiken.de>

I didn't have a host with gnupg version 2.0.15 ready so I regenerated the key 
on a host with gnupg version 2.0.12 transfered my gnupg configuration back and 
everything is working now with gnupg version 2.0.14.

Thank for a hint how to solve the problem.


The new ubuntu lucid which will be released in a few days and has a gpg-agent 
version of 2.0.14. Though gpg-agent is not the default ssh-agent this problem 
might cause trouble more in the next few months.



On Monday, 19. April 2010 08:35:03 Werner Koch wrote:
> On Fri, 16 Apr 2010 14:37, joke at seiken.de said:
> > The passwords are enter correctly and the ssh public key was added to
> > authorized_keys. I tried generating new ssh keys but the problem is
> > always the
> 
> You might be hampered a bug fixed in 2.0.15:
> 
>  * Fixes a regression in 2.0.14 which prevented unprotection of new
>    or changed gpg-agent passphrases.
> 
> It is possible to write a tool to fix such a bad passphrases.  However
> there are only a very few reports and thus I believe it is easier to
> generate a new key instead.
> 
> 
> Salam-Shalom,
> 
>    Werner
> 


From wk at gnupg.org  Mon Apr 19 09:58:11 2010
From: wk at gnupg.org (Werner Koch)
Date: Mon, 19 Apr 2010 09:58:11 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <201004190920.06265.joke@seiken.de> (Joke de Buhr's message of
	"Mon, 19 Apr 2010 09:20:06 +0200")
References: <201004161437.30494.joke@seiken.de>
	<87d3xwj6g8.fsf@vigenere.g10code.de>
	<201004190920.06265.joke@seiken.de>
Message-ID: <8739yrkh64.fsf@vigenere.g10code.de>

On Mon, 19 Apr 2010 09:20, joke at seiken.de said:

> The new ubuntu lucid which will be released in a few days and has a gpg-agent 
> version of 2.0.14. Though gpg-agent is not the default ssh-agent this problem 
> might cause trouble more in the next few months.

Ubuntu should have patched 2.0.14.  I posted a patch quite some time
ago.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From joke at seiken.de  Mon Apr 19 10:23:37 2010
From: joke at seiken.de (Joke de Buhr)
Date: Mon, 19 Apr 2010 10:23:37 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <8739yrkh64.fsf@vigenere.g10code.de>
References: <201004161437.30494.joke@seiken.de>
	<201004190920.06265.joke@seiken.de>
	<8739yrkh64.fsf@vigenere.g10code.de>
Message-ID: <201004191023.37404.joke@seiken.de>

I'm running the latest lucid version. Unless the patch was submitted only a 
few hours ago and the package hasn't been built yet the problem still exists 
in lucid.
I just updated and ran a test. Still the same error.

On Monday, 19. April 2010 09:58:11 Werner Koch wrote:
> On Mon, 19 Apr 2010 09:20, joke at seiken.de said:
> > The new ubuntu lucid which will be released in a few days and has a
> > gpg-agent version of 2.0.14. Though gpg-agent is not the default
> > ssh-agent this problem might cause trouble more in the next few months.
> 
> Ubuntu should have patched 2.0.14.  I posted a patch quite some time
> ago.
> 
> 
> Salam-Shalom,
> 
>    Werner
> 


From joke at seiken.de  Mon Apr 19 10:26:28 2010
From: joke at seiken.de (Joke de Buhr)
Date: Mon, 19 Apr 2010 10:26:28 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <8739yrkh64.fsf@vigenere.g10code.de>
References: <201004161437.30494.joke@seiken.de>
	<201004190920.06265.joke@seiken.de>
	<8739yrkh64.fsf@vigenere.g10code.de>
Message-ID: <201004191026.28491.joke@seiken.de>

It would be pretty bad if ubuntu releases gnupg with this bug since lucid is a 
long term support release and gnupg might receive up to 5 years of reports of 
regarding this bug on their mailing lists.

On Monday, 19. April 2010 09:58:11 Werner Koch wrote:
> On Mon, 19 Apr 2010 09:20, joke at seiken.de said:
> > The new ubuntu lucid which will be released in a few days and has a
> > gpg-agent version of 2.0.14. Though gpg-agent is not the default
> > ssh-agent this problem might cause trouble more in the next few months.
> 
> Ubuntu should have patched 2.0.14.  I posted a patch quite some time
> ago.
> 
> 
> Salam-Shalom,
> 
>    Werner
> 


From wk at gnupg.org  Tue Apr 20 09:22:26 2010
From: wk at gnupg.org (Werner Koch)
Date: Tue, 20 Apr 2010 09:22:26 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <201004191026.28491.joke@seiken.de> (Joke de Buhr's message of
	"Mon, 19 Apr 2010 10:26:28 +0200")
References: <201004161437.30494.joke@seiken.de>
	<201004190920.06265.joke@seiken.de>
	<8739yrkh64.fsf@vigenere.g10code.de>
	<201004191026.28491.joke@seiken.de>
Message-ID: <87sk6qio5p.fsf@vigenere.g10code.de>

On Mon, 19 Apr 2010 10:26, joke at seiken.de said:
> It would be pretty bad if ubuntu releases gnupg with this bug since lucid is a 
> long term support release and gnupg might receive up to 5 years of reports of 
> regarding this bug on their mailing lists.

I posted the patch on January 26.  Find it attached.  Will you be so
kind and forward it to the Ubuntu folks?


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg-2.0.14-encode-s2k.patch
Type: text/x-patch
Size: 1384 bytes
Desc: not available
URL: </pipermail/attachments/20100420/54f988ce/attachment.bin>

From joke at seiken.de  Tue Apr 20 10:31:27 2010
From: joke at seiken.de (Joke de Buhr)
Date: Tue, 20 Apr 2010 10:31:27 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <87sk6qio5p.fsf@vigenere.g10code.de>
References: <201004161437.30494.joke@seiken.de>
	<201004191026.28491.joke@seiken.de>
	<87sk6qio5p.fsf@vigenere.g10code.de>
Message-ID: <201004201031.27281.joke@seiken.de>

I filled a launchpad bug report for this problem and attached the patch. The 
report refers to the new ubuntu lucid release version of the gnupg.

https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/567106

I don't know if the maintainer of the package is going to react and integrate 
the patch any time soon.

On Tuesday, 20. April 2010 09:22:26 Werner Koch wrote:
> On Mon, 19 Apr 2010 10:26, joke at seiken.de said:
> > It would be pretty bad if ubuntu releases gnupg with this bug since lucid
> > is a long term support release and gnupg might receive up to 5 years of
> > reports of regarding this bug on their mailing lists.
> 
> I posted the patch on January 26.  Find it attached.  Will you be so
> kind and forward it to the Ubuntu folks?
> 
> 
> Salam-Shalom,
> 
>    Werner
> 


From wk at gnupg.org  Tue Apr 20 11:10:41 2010
From: wk at gnupg.org (Werner Koch)
Date: Tue, 20 Apr 2010 11:10:41 +0200
Subject: gpg-agent and ssh-keys not working anymore
In-Reply-To: <201004201031.27281.joke@seiken.de> (Joke de Buhr's message of
	"Tue, 20 Apr 2010 10:31:27 +0200")
References: <201004161437.30494.joke@seiken.de>
	<201004191026.28491.joke@seiken.de>
	<87sk6qio5p.fsf@vigenere.g10code.de>
	<201004201031.27281.joke@seiken.de>
Message-ID: <87k4s2ij5a.fsf@vigenere.g10code.de>

On Tue, 20 Apr 2010 10:31, joke at seiken.de said:
> I filled a launchpad bug report for this problem and attached the patch. The 
> report refers to the new ubuntu lucid release version of the gnupg.
>
> https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/567106
>
> I don't know if the maintainer of the package is going to react and integrate 
> the patch any time soon.

I just checked Debian and noticed that they neither applied the patch.
However I hope they will go with 2.0.15 anyway.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From segler_alex at web.de  Wed Apr 21 12:52:17 2010
From: segler_alex at web.de (Alexander Murauer)
Date: Wed, 21 Apr 2010 12:52:17 +0200
Subject: Elliptic curves in gnupg status?
Message-ID: <4BCED8E1.9000207@web.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

i recently read about ecc (elliptic curves crypt)
after googling, i found this:
http://www.calcurco.cat/eccGnuPG/descobj.en.html

is there any plan to get ecc in mainstream gnupg?
most stuff i found about gnupg and ecc is outdated.
does somebody know something about this?

i own a OpenPGP Smartcard v2.
does it / will it support ECC, or do i have to wait for an
OpenPGP Smartcard v3 ? :)

thanks in advance
alex

- -- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGcBAEBAgAGBQJLztjfAAoJENw7bU/hr2eSEnsL/2rkjEvpoPTzxjgztcuboF22
cirg6C2JNaU/5CqTIL9yh4awqHk5fWsLlRGweU0BKLhg//WSEjjmtfbUrdqudN7D
B+gXGdzDff5EsqdJ2ovleJb8xFGjU+RIKtd5wV9ppi24L0stCK6LfaafjNU2y/r0
cG4usWz/qiZSYFLylvEdoqIk6HH7Em+mjXJZ/U1Y+99DUv3bxhprqBULdQUkF5tM
0U2RsFfSAExomrO1ZWtj3E7kMir20aI8YPK+6AhB9WEhn11MLV1seA3fr8FPiVTK
nt4K8QdMPEaY0G5vmSoXxM6RK4H5uRCKoyh0Crc1X2yeQpzInjz+2gdrqaOwWFlr
aXoeTrS+sRY7Ato0DtDjAgheixrhCIJmknAnWR004ZmKdouW+dentgWwh15C3JcX
BbRTGh7IRf+gSee6+ibBW0h5znOEPTa0sKBN6YcCJa0WqkvpmLQe3k8Yx7tdX9g/
/XQhc2wAHcCKMHYjRnGq9DKPLh9wIpTS9jpX5ycO0Q==
=g7yj
-----END PGP SIGNATURE-----


From VP1024 at att.com  Wed Apr 21 20:04:03 2010
From: VP1024 at att.com (PATEL, VIJAY (ATTSI))
Date: Wed, 21 Apr 2010 14:04:03 -0400
Subject: Help needed to resolve entropy error
Message-ID: <6FF8434A09F071498FF1AB8F675DEE9703A280F4@WWDCEXCH26.US.Cingular.Net>

 Hello everyone,

 

   uname -r= B.11.11

   Error: Fatal: no entropy gathering module detected

   Please let me know how to resolve it.

   

   I have installed egd.pl. Perl is installed with SHA module.

   Process is running as root: /opt/perl_64/bin/perl -w
/usr/local/bin/egd.pl /home/rootg/.gnupg/entropy

   Ls -l /home/rootg/.gnupg/entropy:  srwxrwxrwx   1 root       sys
0 Apr 21 13:54 /home/rootg/.gnupg/entropy

 

   I am receiving following error:

   /usr/local/bin/gpg2  --gen-key


gpg: NOTE: old default options file `/home/rootg/.gnupg/options' ignored

gpg (GnuPG) 2.0.15; Copyright (C) 2009 Free Software Foundation, Inc.

 

Please select what kind of key you want:

Your selection? 2

DSA keys may be between 1024 and 3072 bits long.

What keysize do you want? (2048) 

Key is valid for? (0) 

Is this correct? (y/N) y

 

GnuPG needs to construct a user ID to identify your key.

 

Real name: Vijay

Email address: vp102 at att.com

Comment: rep

Fatal: no entropy gathering module detected

Abort

 

 

Thanks,

Vijay Patel

#678-893-2664 (O)

#678-925-2213 (C)

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100421/a07de70a/attachment-0001.htm>

From b.tenhumberg at web.de  Thu Apr 22 13:24:26 2010
From: b.tenhumberg at web.de (b.tenhumberg at web.de)
Date: Thu, 22 Apr 2010 13:24:26 +0200
Subject: can't connect to `C://Program Files//GNU//GnuPG/S.gpg-agent': No
	such file or directory
Message-ID: <4BD031EA.8060600@web.de>

Hello! I'm new to this Mailing-List...

When trying to send signed emails with Thunderbird 3.0.4 with Enigmail 1.0.1 and Gpg4Win 2.0.2 on
Windows 7 Ultimate, I always get the error message.

Curiously, the signed and sent with Outlook GpgOL however works perfectly. Therefore, I conclude on
a path or Enigmail problem ...

Does anyone have a solution? What gpg.exe must be used (in witch directory)?
What HomeDir etc. must be set as additional parameter?

The following has been translated from German to English by me...:


The transmission was interrupted.

Error - encryption failed

gpg command line and output:
C:\Program Files\GNU\GnuPG\pub\gpg.exe
can't connect to `C://Program Files//GNU//GnuPG/S.gpg-agent': No such file or directory
can't connect to `C://Program Files//GNU//GnuPG/S.gpg-agent': No such file or directory
gpg: can't connect to the agent: IPC "connect" Call failed
gpg: problem with the agent: agent not running
gpg: skipped "0xC9...": general error
gpg: [stdin]: clearsign failed: general error




The following is from gpg-agent.log-File (parts in german):

2010-04-22 10:03:25 gpg-agent[5820] Es wird auf Socket
`C:\Users\XX\AppData\Roaming\gnupg\S.gpg-agent' geh?rt
2010-04-22 10:03:25 gpg-agent[5820] gpg-agent (GnuPG) 2.0.14 started
2010-04-22 10:03:25 gpg-agent[5820] DBG: returning notify handle 000000E0
2010-04-22 10:03:28 gpg-agent[5820] Handhabungsroutine 0x13c4 f?r fd 236 gestartet
gpg-agent[5820.236] DBG: -> OK Pleased to meet you
gpg-agent[5820.236] DBG: <- RESET
gpg-agent[5820.236] DBG: -> OK
gpg-agent[5820.236] DBG: <- NOP
gpg-agent[5820.236] DBG: -> OK
gpg-agent[5820.236] DBG: <- [Error: Input/output error]
2010-04-22 10:03:28 gpg-agent[5820] Assuan processing failed: IPC Lesefehler
2010-04-22 10:03:28 gpg-agent[5820] Handhabungsroutine 0x13c4 f?r den fd 236 beendet
2010-04-22 10:04:32 gpg-agent[5820] Handhabungsroutine 0x10f4 f?r fd 248 gestartet
gpg-agent[5820.248] DBG: -> OK Pleased to meet you
gpg-agent[5820.248] DBG: <- GETINFO pid
gpg-agent[5820.248] DBG: -> D 5820
gpg-agent[5820.248] DBG: -> OK
2010-04-22 10:04:32 gpg-agent[5820] socket is still served by this server
gpg-agent[5820.248] DBG: <- BYE
gpg-agent[5820.248] DBG: -> OK closing connection
2010-04-22 10:04:32 gpg-agent[5820] Handhabungsroutine 0x10f4 f?r den fd 248 beendet
2010-04-22 10:05:32 gpg-agent[5820] Handhabungsroutine 0x17c0 f?r fd 264 gestartet
gpg-agent[5820.264] DBG: -> OK Pleased to meet you
gpg-agent[5820.264] DBG: <- GETINFO pid
gpg-agent[5820.264] DBG: -> D 5820
gpg-agent[5820.264] DBG: -> OK
2010-04-22 10:05:32 gpg-agent[5820] socket is still served by this server
gpg-agent[5820.264] DBG: <- BYE
gpg-agent[5820.264] DBG: -> OK closing connection
2010-04-22 10:05:32 gpg-agent[5820] Handhabungsroutine 0x17c0 f?r den fd 264 beendet
2010-04-22 10:06:32 gpg-agent[5820] Handhabungsroutine 0xeb4 f?r fd 268 gestartet
gpg-agent[5820.268] DBG: -> OK Pleased to meet you
gpg-agent[5820.268] DBG: <- GETINFO pid
gpg-agent[5820.268] DBG: -> D 5820
gpg-agent[5820.268] DBG: -> OK
...

Greetings
Berthold



From eh1474 at att.com  Fri Apr 23 20:43:23 2010
From: eh1474 at att.com (HORNBOSTEL, LIBBY A (ATTSI))
Date: Fri, 23 Apr 2010 14:43:23 -0400
Subject: gpg: mpi larger than indicated length ERROR
Message-ID: <17C7468560D4B341BC8C89114FE479E40497C976@misout7msgusr83.ITServices.sbc.com>

I have installed gpg4win version 1.1.4 with the following
details/versions:
GnuPG:  1.4.9
GnuPG2: 2.0.10
DirMngr: 1.0.3-svn310
GPA:    0.8.0
GPGol:  0.9.92
GPGee:  1.3.1
WinPT:  1.2.0
Claws-Mail: 3.0.0-rc2
Novices:        1.0.0
Einsteiger:     2.0.2
Durchblicker:   2.0.2

I have installed GPGShell version 3.7.2 on top to maintain the keys with
a gui interface.  I have created many keys without issue and have no
issues decrypting any files. Until yesterday; I created a key pair,
distributed the public key, and received a test file from my partner.  I
received the following error: 'gpg: mpi larger than indicated length
(258 bytes)'.
I have found the only references to this error back in the 2005-2006
timeframe and involving GnuPG version 1.4.2.  I assume that version
1.4.9 (that I am using) would contain the fix that was used to correct
this issue.
Any ideas?  Do I need to delete the key and create a new one?


Libby Hornbostel 




From ml at mareichelt.de  Fri Apr 23 23:18:04 2010
From: ml at mareichelt.de (markus reichelt)
Date: Fri, 23 Apr 2010 23:18:04 +0200
Subject: Elliptic curves in gnupg status?
In-Reply-To: <4BCED8E1.9000207@web.de>
References: <4BCED8E1.9000207@web.de>
Message-ID: <20100423211804.GF6029@tatooine.rebelbase.local>

* Alexander Murauer <segler_alex at web.de> wrote:

> is there any plan to get ecc in mainstream gnupg? most stuff i
> found about gnupg and ecc is outdated. does somebody know something
> about this?

search the archives of the devel mailinglist. ecdsa. don't expect any
real info, tho.


> i own a OpenPGP Smartcard v2. does it / will it support ECC, or do
> i have to wait for an OpenPGP Smartcard v3 ? :)

you bought the wrong card. v5 is the one you want.

-- 
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20100423/7826da38/attachment.pgp>

From faramir.cl at gmail.com  Sat Apr 24 05:14:56 2010
From: faramir.cl at gmail.com (Faramir)
Date: Fri, 23 Apr 2010 23:14:56 -0400
Subject: gpg: mpi larger than indicated length ERROR
In-Reply-To: <17C7468560D4B341BC8C89114FE479E40497C976@misout7msgusr83.ITServices.sbc.com>
References: <17C7468560D4B341BC8C89114FE479E40497C976@misout7msgusr83.ITServices.sbc.com>
Message-ID: <4BD26230.2010702@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

HORNBOSTEL, LIBBY A (ATTSI) escribi?:
> I have installed gpg4win version 1.1.4 with the following
> details/versions:
> GnuPG:  1.4.9
...
> I have installed GPGShell version 3.7.2 on top to maintain the keys with
> a gui interface.  I have created many keys without issue and have no
...

  I don't have any idea about your problem, but maybe you should know
the current version of GnuPG v1.x serie is 1.4.10b, and last version of
GPGShell is 3.76

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJL0mIwAAoJEMV4f6PvczxAr2cH/0nSwU9/pcr+cWExu16J1uYT
5aQK2bTRoneQEHrZqGRkAcQSrbDvUrinCg0RXILU61K/cP/gDoEFw6KPmPV1iGRu
727CkPzNHqD7XYkyxg4mTGGOxK81bTgPrUCw8j09IGUXmU/nHbbv6eh5zqSfWuce
UPaRFpnyW3LfXv2ljZVdt/lv6kpGAFj4+1FLkj8UKoJA+6sGE6kVHLY55w63FD2X
aYfyZmYNwPNtd3ybYRXhlI9e3xZF9ygItCKmGPWdtcKn7OpoGlKCnOTzOJbiVnZB
6fz13NTzU6vJ4cpRkuzXQAqfB4YBB8thkvZtOQWAmFBimTZu671oExgvUjgtgsQ=
=qC/P
-----END PGP SIGNATURE-----


From faramir.cl at gmail.com  Sat Apr 24 05:24:02 2010
From: faramir.cl at gmail.com (Faramir)
Date: Fri, 23 Apr 2010 23:24:02 -0400
Subject: Elliptic curves in gnupg status?
In-Reply-To: <20100423211804.GF6029@tatooine.rebelbase.local>
References: <4BCED8E1.9000207@web.de>
	<20100423211804.GF6029@tatooine.rebelbase.local>
Message-ID: <4BD26452.4010804@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

markus reichelt escribi?:
> * Alexander Murauer <segler_alex at web.de> wrote:
> 
>> is there any plan to get ecc in mainstream gnupg? most stuff i
>> found about gnupg and ecc is outdated. does somebody know something
>> about this?
> 
> search the archives of the devel mailinglist. ecdsa. don't expect any
> real info, tho.

  Well, I don't know anything about development plans, I think it is
very likely we won't see ecc implemented in GnuPG _unless_ it is
included first in OpenPGP standard. If GnuPG implements ecc before it
becomes standard, we would get keys that would only work with GnuPG
versions including ecc.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJL0mRSAAoJEMV4f6PvczxAgnYH/10YdE1TV3yKVkZOumx68zeG
x7GqeB/PYYI4myETemSsDEhjqa7DqQdinMRthuwnXwLAS6hGjOx+AdpwrCvn807H
QZGMowlKoE/hmQSf1XOHvjPzbrtyMdBzWx0JkNDUSqYBHedfZnLgfFbnfaKOV1ps
LhLIpRZQ88ijt9e0cMDibIVlEW86sQnghL9Mte6UsfOZRT9+3zCR+o1Cgbjgg9kJ
zR2rh6y8L9C7bZSF5vqw3HEwEB99/rlUQOXsklxvwr0ycq41l05nsf6rYrFeyJtd
nm+IiT3BRo23g1CV7BrYNlS5aNsqTsHy3bHGRKIaJk01pyLORwoOvc51G16P9xk=
=Az31
-----END PGP SIGNATURE-----


From DChristian at mcg-ins.com  Fri Apr 23 18:27:44 2010
From: DChristian at mcg-ins.com (Christian, Darrell)
Date: Fri, 23 Apr 2010 12:27:44 -0400
Subject: gnupg version 1.2.4
Message-ID: <FECA36F2C0CA8F4BB27DA62D0AA04824065867BBDB@CVGEXCEMAIL02.ga.afginc.com>

To Whom it may concern,
We currently have an old version of the GNUPG software version 1.2.4.  We don't do much encrypting.  Only have one vendor that we encrypt the data.  This was done back in 2004.  We have a current vendor that needs to have their file encrypted.  Tried importing their public key into the system, but get an error
Message "Public key not found", when I try to encrypt the data.   I've searched the internet for a resolution, but can't find anything.  We have not updated this software since loading it on the system in 2004!!!  No one here, has a clue of how to get this to work.  Do I just need to get a more updated version of encryption software, or can you give me some direction?????
Thanks,
Darrell Christi

Darrell Christian
dchristian at mcg-ins.com
Phone: 918-587-7221
Extension: 304




**********************************************************************
The content of this e-mail message and any attachments are confidential and may be
legally privileged, intended solely for the addressee.  If you are not the intended
recipient, be advised that any use, dissemination, distribution, or copying of this
e-mail is strictly prohibited.  If you receive this message in error, please notify
the sender immediately by reply email and destroy the message and its attachments.
**********************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100423/a79eb814/attachment.htm>

From segler_alex at web.de  Sat Apr 24 13:00:05 2010
From: segler_alex at web.de (Alexander Murauer)
Date: Sat, 24 Apr 2010 13:00:05 +0200
Subject: gnupg version 1.2.4
In-Reply-To: <FECA36F2C0CA8F4BB27DA62D0AA04824065867BBDB@CVGEXCEMAIL02.ga.afginc.com>
References: <FECA36F2C0CA8F4BB27DA62D0AA04824065867BBDB@CVGEXCEMAIL02.ga.afginc.com>
Message-ID: <4BD2CF35.2090204@web.de>

Hi,

it would be nice to know, which commands you used, for better
understanding what error you are having.

greetings

Am 2010-04-23 18:27, schrieb Christian, Darrell:
> To Whom it may concern,
> We currently have an old version of the GNUPG software version 1.2.4.  We don't do much encrypting.  Only have one vendor that we encrypt the data.  This was done back in 2004.  We have a current vendor that needs to have their file encrypted.  Tried importing their public key into the system, but get an error
> Message "Public key not found", when I try to encrypt the data.   I've searched the internet for a resolution, but can't find anything.  We have not updated this software since loading it on the system in 2004!!!  No one here, has a clue of how to get this to work.  Do I just need to get a more updated version of encryption software, or can you give me some direction?????
> Thanks,
> Darrell Christi
> 
> Darrell Christian
> dchristian at mcg-ins.com
> Phone: 918-587-7221
> Extension: 304
> 
> 
> 
> 
> **********************************************************************
> The content of this e-mail message and any attachments are confidential and may be
> legally privileged, intended solely for the addressee.  If you are not the intended
> recipient, be advised that any use, dissemination, distribution, or copying of this
> e-mail is strictly prohibited.  If you receive this message in error, please notify
> the sender immediately by reply email and destroy the message and its attachments.
> **********************************************************************
> 
> 
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From dkg at fifthhorseman.net  Sat Apr 24 17:16:41 2010
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Sat, 24 Apr 2010 11:16:41 -0400
Subject: Elliptic curves in gnupg status?
In-Reply-To: <4BD26452.4010804@gmail.com>
References: <4BCED8E1.9000207@web.de>	<20100423211804.GF6029@tatooine.rebelbase.local>
	<4BD26452.4010804@gmail.com>
Message-ID: <4BD30B59.7010105@fifthhorseman.net>

On 04/23/2010 11:24 PM, Faramir wrote:
>   Well, I don't know anything about development plans, I think it is
> very likely we won't see ecc implemented in GnuPG _unless_ it is
> included first in OpenPGP standard. If GnuPG implements ecc before it
> becomes standard, we would get keys that would only work with GnuPG
> versions including ecc.

So, if you're interested in getting this support underway, you should
pprobably offer feedback on the I-D outlining how ecc should work with
OpenPGP:

  http://tools.ietf.org/html/draft-jivsov-openpgp-ecc

the IETF OpenPGP Working Group is probably a good place to offer feedback:

 http://www.imc.org/ietf-tls/mail-archive/

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100424/1830993b/attachment.pgp>

From segler_alex at web.de  Sat Apr 24 20:33:04 2010
From: segler_alex at web.de (Alexander Murauer)
Date: Sat, 24 Apr 2010 20:33:04 +0200
Subject: Passphrase problem in gpgsm 2.0.14
In-Reply-To: <874om9vsq1.fsf@vigenere.g10code.de>
References: <874om9vsq1.fsf@vigenere.g10code.de>
Message-ID: <4BD33960.50008@web.de>

Hi,

i am wondering if https://bugs.g10code.com/gnupg/issue1184 will get
fixed any time soon?
i wanted to ask this on the bugtracker's page but i think it is not
possible to comment on bugs, other people reported. is this true?
i really think this is a important bug, because i cannot use it as drop
in replacement for ssh-agent. and need to use gpg-agent instead of
ssh-agent, because of the smartcard support, which works nicely. but
sometimes i need also ssh-support for gpg-keys without smartcard, and i
don't want to change to ssh-agent anytime i need this feature.

also i want to point out, gpg-agent 2.0.14 is in lucid with long term
support. it would be nice, if a patch for this problem would get into lucid.

thanks
alex



From joke at seiken.de  Sat Apr 24 21:51:22 2010
From: joke at seiken.de (Joke de Buhr)
Date: Sat, 24 Apr 2010 21:51:22 +0200
Subject: Passphrase problem in gpgsm 2.0.14
In-Reply-To: <4BD33960.50008@web.de>
References: <874om9vsq1.fsf@vigenere.g10code.de> <4BD33960.50008@web.de>
Message-ID: <201004242151.22628.joke@seiken.de>

It's fixed in gpg-agent 2.0.15 and an ubuntu bug report is filled.
Please mark you are being affected by this bug so maybe the ubuntu maintainer 
will build a new package and include the patch.

https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/567106

On Saturday, 24. April 2010 20:33:04 Alexander Murauer wrote:
> Hi,
> 
> i am wondering if https://bugs.g10code.com/gnupg/issue1184 will get
> fixed any time soon?
> i wanted to ask this on the bugtracker's page but i think it is not
> possible to comment on bugs, other people reported. is this true?
> i really think this is a important bug, because i cannot use it as drop
> in replacement for ssh-agent. and need to use gpg-agent instead of
> ssh-agent, because of the smartcard support, which works nicely. but
> sometimes i need also ssh-support for gpg-keys without smartcard, and i
> don't want to change to ssh-agent anytime i need this feature.
> 
> also i want to point out, gpg-agent 2.0.14 is in lucid with long term
> support. it would be nice, if a patch for this problem would get into
>  lucid.
> 
> thanks
> alex
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 


From wk at gnupg.org  Mon Apr 26 08:57:11 2010
From: wk at gnupg.org (Werner Koch)
Date: Mon, 26 Apr 2010 08:57:11 +0200
Subject: Elliptic curves in gnupg status?
In-Reply-To: <4BD30B59.7010105@fifthhorseman.net> (Daniel Kahn Gillmor's
	message of "Sat, 24 Apr 2010 11:16:41 -0400")
References: <4BCED8E1.9000207@web.de>
	<20100423211804.GF6029@tatooine.rebelbase.local>
	<4BD26452.4010804@gmail.com> <4BD30B59.7010105@fifthhorseman.net>
Message-ID: <8739yig0qg.fsf@vigenere.g10code.de>

On Sat, 24 Apr 2010 17:16, dkg at fifthhorseman.net said:

>   http://tools.ietf.org/html/draft-jivsov-openpgp-ecc

Actually the working group informally agreed on this draft after we
changed a few US centric things.

It is just a matter of implementing it in GnuPG.  Sergi started with
that but I have seen fully working code so far.  I spend most of the
last week to remove the secring.gpg related code in gpg and move the
secret key processing entirely to gpg-agent.  It is far from being
finished but it helps to integrate new algorithms more easily (we don't
have to keep pubring and secring in sync).  My idea of implementing ECC
is to first work on the signing part (ECDSA) before moving to the
encryption part with a later version.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From christoph.anton.mitterer at physik.uni-muenchen.de  Mon Apr 26 12:18:26 2010
From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer)
Date: Mon, 26 Apr 2010 12:18:26 +0200
Subject: Elliptic curves in gnupg status?
In-Reply-To: <8739yig0qg.fsf@vigenere.g10code.de>
References: <4BCED8E1.9000207@web.de>
	<20100423211804.GF6029@tatooine.rebelbase.local>
	<4BD26452.4010804@gmail.com> <4BD30B59.7010105@fifthhorseman.net>
	<8739yig0qg.fsf@vigenere.g10code.de>
Message-ID: <1272277106.5289.6.camel@fermat.scientia.net>

On Mon, 2010-04-26 at 08:57 +0200, Werner Koch wrote:
> Actually the working group informally agreed on this draft after we
> changed a few US centric things.
Nice to read. I was just about to reply, that it might make sense to
start implementation in gpg even if standardisation has not yet fully
finished.
Implementation probably takes quite some time and effort, and in the end
phase of standardisation processes there's usually not that much what
changes.
And I guess, the earlier ECC is available in gpg, the better.


> My idea of implementing ECC
> is to first work on the signing part (ECDSA)
Sounds reasonable, especially as people can already start to "collect"
signatures then...


What rough timescale do you expect to have ECC productively available in
gpg? I mean including security audits, well done tests etc.?

Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20100426/30f49239/attachment.bin>

From halim.sahin at freenet.de  Mon Apr 26 14:13:08 2010
From: halim.sahin at freenet.de (Halim Sahin)
Date: Mon, 26 Apr 2010 14:13:08 +0200
Subject: changing pin fails on pgpg card
Message-ID: <20100426121308.GA6223@gentoo.local>

Hi Folks,

I am currently testing to setup my new card for gpg.

First I have installed pcscd and the card seems working
gpg --card-status shows some data :-).

I was able to change Name and sex but not the pin/adminpin.
Admin commands are allowed

Command> passwd
gpg: OpenPGP card no. D2760001240102000005000004750000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
Q - quit

Your selection? 1

PIN

New PIN

New PIN
Error changing the PIN: invalid argument

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
Q - quit

Your selection?


My cardreader is an old towitoko micro.
Any Ideas what's going wrong???
BR.
Halim




From mf at dca.net  Tue Apr 27 03:10:12 2010
From: mf at dca.net (Michael Feinberg)
Date: Mon, 26 Apr 2010 21:10:12 -0400
Subject: Moving from PGP to GPG
Message-ID: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>

I have been using PGP on Windows for some time, and am now trying to  
move to Fedora.  That implies a move to GPG, which is fine, but I want  
to have access to my PGP files without converting every single one.  I  
imported my secret keys, could not get a confirmation for importing  
public keys.

So do I just use PGP for Fedora, if it exists?  Am I missing the easy  
way to access PGP files using GPG?


From mohanr at fss.co.in  Tue Apr 27 12:33:56 2010
From: mohanr at fss.co.in (Mohan Radhakrishnan)
Date: Tue, 27 Apr 2010 16:03:56 +0530
Subject: Split keys
In-Reply-To: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
Message-ID: <0EE14841E1FD8545B7E084F22AEF968102273DA7@fssbemail.fss.india>

Hi,
     We have PCI regulations that mandate certain key storage
procedures. Split keys are one such requirement. 

What is the experience of this forum with split keys and storage ?

Thanks,
Mohan


From joke at seiken.de  Tue Apr 27 12:21:19 2010
From: joke at seiken.de (Joke de Buhr)
Date: Tue, 27 Apr 2010 12:21:19 +0200
Subject: Moving from PGP to GPG
In-Reply-To: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
References: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
Message-ID: <201004271221.25955.joke@seiken.de>

You can access the files with gpg if you imported your private keys correctly. 
If you haven't been able to export you public keys from pgp and import them in 
gpg you can use the keyserver to refetch your the public keys this way.

Als long as you are able to access your windows partition were should be no 
problem working with pgp encrypted files.

If you are asking for a gui program for managing your gpg files just stick to 
the program of your desktop environment. For example if you are using KDE you 
can use kgpg to manage your keyring. You can access gpg encrypted files via 
dolphin.


On Tuesday, 27. April 2010 03:10:12 Michael Feinberg wrote:
> I have been using PGP on Windows for some time, and am now trying to
> move to Fedora.  That implies a move to GPG, which is fine, but I want
> to have access to my PGP files without converting every single one.  I
> imported my secret keys, could not get a confirmation for importing
> public keys.
> 
> So do I just use PGP for Fedora, if it exists?  Am I missing the easy
> way to access PGP files using GPG?
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100427/cf78471c/attachment-0001.pgp>

From kotavaraprasad at gmail.com  Mon Apr 26 15:27:15 2010
From: kotavaraprasad at gmail.com (Varaprasad Kota)
Date: Mon, 26 Apr 2010 18:57:15 +0530
Subject: PGP Installation Problems on Sun OS
Message-ID: <u2s407948731004260627h1def7fddtf330247d180b6d4@mail.gmail.com>

Hi ALL!

I have downloaded "gnupg-2.0.15.tar.bz2" and done the below steps to install
them on SunOS.

Step1: unzipped it
Step2: Moved into the parent directory(gnupg/gnupg-2.0.15.tar.bz2) and types
"./configure".
Step3: I have also tried checking whether gpg is already installed or not.

For all the above commands I get "KSH: NOT FOUND" reply.

It will be a great help if any one can send me the installation guide.


Thanks in advance,
Varaprasad Kota.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100426/4d79fd65/attachment.htm>

From faramir.cl at gmail.com  Tue Apr 27 19:33:41 2010
From: faramir.cl at gmail.com (Faramir)
Date: Tue, 27 Apr 2010 13:33:41 -0400
Subject: Moving from PGP to GPG
In-Reply-To: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
References: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
Message-ID: <4BD71FF5.5000805@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Michael Feinberg escribi?:
...
> So do I just use PGP for Fedora, if it exists?  Am I missing the easy
> way to access PGP files using GPG?

  Well, unless your files are encrypted using IDEA algorithm, GnuPG
should not have any problem to decrypt them. If the GUI tool for GnuPG
in Fedora recognises pgp files as compatible with GnuPG, you should not
have problems to access them, and should not need to convert or rename
them. Unless I'm wrong, files with .pgp extension are the same than
files with .gpg extension, since both should follow OpenPGP standard
(unless your version of PGP is older than the standard).

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJL1x/1AAoJEMV4f6PvczxAQL0H/27DNS5Wh22J8FVSElzS3V1v
TG71Yr1e0XUAHm/B+0/Sglvadr1BImVqgLBxcF58iWv50sXOlhNqy2K95DsHopRS
LabqmwCiQ8V14uxiU0d48g5s1EglAgSDZavLzW3U6aKs7KRjVXI/CLu0aDbd47pH
eqkgm4ArWYr/VCx0qwX4HXFuhP23SfAXeeh+EclZPLOCIt9RJmqRNfmgiIwziYe1
FclHT655UNiSqesANjptgLd3+CunqYKzOTp8LY8OYYi5X6l2/JrecVfuZgmSMFbf
mKnKyifrte+By2wQItWKhf/dQSl1F+591E7zYX84D93LTl2yqf0o5PlD9GMReeg=
=aAjn
-----END PGP SIGNATURE-----


From jeff.sadowski at gmail.com  Tue Apr 27 20:52:58 2010
From: jeff.sadowski at gmail.com (Jeff Sadowski)
Date: Tue, 27 Apr 2010 12:52:58 -0600
Subject: Time output format
Message-ID: <l2v259313d71004271152q25d1b25cg2883faa0b9393aa7@mail.gmail.com>

when I run something like so
"cat test.email |gpg"
where test.email is an email that was signed I get output like so

<--- begin
The verified signed text
...
gpg: Signature made <3 letter Day of Week> <Day of Month> <3 letter
Month> <year> <time> <AM/PM> <time zone> using DSA key ID <DSA key ID>
gpg: <Good|Bad?> signature from "<key sender>"
Primary key fingerprint: <Key fingerprint>
<--- end

Is there an option to change the format of the time?
While reading the manual I could not find it.

I'd like it in a time stamp format so its easy to compare against current time.
Or is there an option to validate that the text was signed within xx hours?


From dkg at fifthhorseman.net  Tue Apr 27 22:10:25 2010
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 27 Apr 2010 16:10:25 -0400
Subject: Time output format
In-Reply-To: <l2v259313d71004271152q25d1b25cg2883faa0b9393aa7@mail.gmail.com>
References: <l2v259313d71004271152q25d1b25cg2883faa0b9393aa7@mail.gmail.com>
Message-ID: <4BD744B1.7000903@fifthhorseman.net>

Hi Jeff--

On 04/27/2010 02:52 PM, Jeff Sadowski wrote:
> Is there an option to change the format of the time?
> While reading the manual I could not find it.

if you are mechanically parsing the output of gpg, you probably want to
use --status-fd or --status-file and compare the info from there.  You
might want to read the DETAILS file (/usr/share/doc/gnupg/DETAILS.gz on
debian and debian-derived systems) for more information if the stuff in
the man page isn't sufficient.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100427/7bb7500c/attachment.pgp>

From joke at seiken.de  Tue Apr 27 22:50:14 2010
From: joke at seiken.de (Joke de Buhr)
Date: Tue, 27 Apr 2010 22:50:14 +0200
Subject: Time output format
In-Reply-To: <l2v259313d71004271152q25d1b25cg2883faa0b9393aa7@mail.gmail.com>
References: <l2v259313d71004271152q25d1b25cg2883faa0b9393aa7@mail.gmail.com>
Message-ID: <201004272250.14885.joke@seiken.de>

The format of the time stamp can be change according to your locale. Just 
specify an individual setting for LC_TIME.

On Tuesday, 27. April 2010 20:52:58 Jeff Sadowski wrote:
> when I run something like so
> "cat test.email |gpg"
> where test.email is an email that was signed I get output like so
> 
> <--- begin
> The verified signed text
> ...
> gpg: Signature made <3 letter Day of Week> <Day of Month> <3 letter
> Month> <year> <time> <AM/PM> <time zone> using DSA key ID <DSA key ID>
> gpg: <Good|Bad?> signature from "<key sender>"
> Primary key fingerprint: <Key fingerprint>
> <--- end
> 
> Is there an option to change the format of the time?
> While reading the manual I could not find it.
> 
> I'd like it in a time stamp format so its easy to compare against current
> time. Or is there an option to validate that the text was signed within xx
> hours?
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100427/dd68f61b/attachment.pgp>

From ml at mareichelt.de  Tue Apr 27 21:42:54 2010
From: ml at mareichelt.de (markus reichelt)
Date: Tue, 27 Apr 2010 21:42:54 +0200
Subject: Split keys
In-Reply-To: <0EE14841E1FD8545B7E084F22AEF968102273DA7@fssbemail.fss.india>
References: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
	<0EE14841E1FD8545B7E084F22AEF968102273DA7@fssbemail.fss.india>
Message-ID: <20100427194254.GU14677@tatooine.rebelbase.local>

* Mohan Radhakrishnan <mohanr at fss.co.in> wrote:

> What is the experience of this forum with split keys and storage ?

Great success.

-- 
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20100427/8372d16f/attachment.pgp>

From free10pro at gmail.com  Tue Apr 27 22:09:38 2010
From: free10pro at gmail.com (Paul Richard Ramer)
Date: Tue, 27 Apr 2010 13:09:38 -0700
Subject: Moving from PGP to GPG
In-Reply-To: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
References: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
Message-ID: <4BD74482.3060907@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 26 Apr 2010 21:10:12 -0400, Michael Feinberg wrote:
> I have been using PGP on Windows for some time, and am now trying to
> move to Fedora.  That implies a move to GPG, which is fine, but I want
> to have access to my PGP files without converting every single one.  I
> imported my secret keys, could not get a confirmation for importing
> public keys.
> 
> So do I just use PGP for Fedora, if it exists?  Am I missing the easy
> way to access PGP files using GPG?

Well first, you can use GnuPG without converting your existing
PGP-encrypted files.  PGP and GnuPG both implement the same protocol
(i.e. set of rules) called OpenPGP, and because of that, they both use
the same file formats.

Secondly, are you sure that your public keys haven't been imported?
When you import your private keys, the public keys are imported with
them.  The reason is that a copy of the public key is kept with the
secret key.  You should be able to list your public and secret keys with
the following commands:

*List public keys
gpg --list-keys <your key ID>

*List secret keys
gpg --list-secret-keys

The first command will list keys which have user IDs matching <your key
ID>, and the second will list all of your secret keys.

If you would like a GUI program for using GnuPG, there are Seahorse, Gnu
Privacy Assistant (GPA), and KGpg (for KDE).  If you are using Fedora
with the GNOME desktop environment (which is the default), then Seahorse
is probably installed.

If any of this is unclear to you or you found your solution, please let
us know.


- -Paul

- --
New Windows 7: Double the DRM, Double the fun! Learn more:
<http://windows7sins.org>

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCAAGBQJL10RlAAoJEJhBiuhgbQLIc/IL/1DFgSA7e+qLYL2N8ViMInDb
8r0C003zI6q6mVRzicDKDZUU6W/IPbGOm/5oAYxNRitKwCcc8NFGp+6tLpkGaCPw
ypnxPohqpY76QOLy6QJAVsft8jgDc9A4y+rNFD8ad1k+KjBO17H8XCfUb1CPypF9
YbzU1f+oqCVZLfZGLa50qMx9SudRa3vG3y0+T5uUVrsMTR+n19nWoJZFNIrnrWhb
MZSVUl5UwG4uwChbPqdxMvqnfNRaMKyaOC/0YcYAEDhEeXLEAiK9b4qS1FyS2tJm
BSm9qhqztXonEkI1N22R88abUNJ4MhtMKDZnp6yoBQR3OUY59vj12MBNVr7EhU5O
bHSwGqJuZPzafWhbQIryPfkEhFNLyDlItA4ML03KuuKOQDAsJr+KeTrHs4NXNoVr
noIPHy0S9G7oMpq9RDuwuEof0xxA1r9a5meYKHfsh3rIi1yPhW+5ho7FyMUNEZej
DgV+4O+PJq54X3QndHUddYJs+Xm0ln7rYgfo84wYyw==
=22wf
-----END PGP SIGNATURE-----


From faramir.cl at gmail.com  Tue Apr 27 23:05:45 2010
From: faramir.cl at gmail.com (Faramir)
Date: Tue, 27 Apr 2010 17:05:45 -0400
Subject: Split keys
In-Reply-To: <20100427194254.GU14677@tatooine.rebelbase.local>
References: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>	<0EE14841E1FD8545B7E084F22AEF968102273DA7@fssbemail.fss.india>
	<20100427194254.GU14677@tatooine.rebelbase.local>
Message-ID: <4BD751A9.3030002@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

markus reichelt escribi?:
> * Mohan Radhakrishnan <mohanr at fss.co.in> wrote:
> 
>> What is the experience of this forum with split keys and storage ?
> 
> Great success.

  By the way, I suppose the idea behind splitting the keys is to create
several shares, which individually are useless, right? If so, what is
the method used to archive that? I know how to split passphrases (like
using SSSS), but I don't have any idea about what to use to split keys.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJL11GoAAoJEMV4f6PvczxAhzgIAKsj0iXvCxCfIqugN9zX91PS
WNGXESaKukwtWBTLHS4jFji3orC9QDX5qm7nAlV1lp4qXGw1i253ZpurKaBRMzKE
RUCrgkQC1HEmjrQqu1+FRQZ+KTw++VcDr/mjD4cFl+6I9AY8m/2uXmTF2a6/PYwT
nWX6vl2AnaGRIWqNmuYvgY6jvIcTm1BwkIAJekCI84eAzMvCjATsVxkFP4yZbyH1
4LDLaYhXj65lI4dzK3h8odJdC7Jr8icj4d6pMpNak3EVMOgG8+qbD0CAebu1Bmh+
p45RqsYV/GEraMWxs3HGVp8Slm4Pf0ExJtOw9vKCxb8ZXf23p2rTF27ShemdPYk=
=3MWg
-----END PGP SIGNATURE-----


From free10pro at gmail.com  Tue Apr 27 23:12:16 2010
From: free10pro at gmail.com (Paul Richard Ramer)
Date: Tue, 27 Apr 2010 14:12:16 -0700
Subject: PGP Installation Problems on Sun OS
In-Reply-To: <u2s407948731004260627h1def7fddtf330247d180b6d4@mail.gmail.com>
References: <u2s407948731004260627h1def7fddtf330247d180b6d4@mail.gmail.com>
Message-ID: <4BD75330.7040303@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 26 Apr 2010 18:57:15 +0530, Varaprasad Kota wrote:
> I have downloaded "gnupg-2.0.15.tar.bz2" and done the below steps to install
> them on SunOS.
> 
> Step1: unzipped it
> Step2: Moved into the parent directory(gnupg/gnupg-2.0.15.tar.bz2) and types
> "./configure".
> Step3: I have also tried checking whether gpg is already installed or not.
> 
> For all the above commands I get "KSH: NOT FOUND" reply.

So by that last line, do you mean that each time that you typed a
command you got a "KSH: NOT FOUND" error? For example:

> Step1: unzipped it
KSH: NOT FOUND

> Step2: Moved into the parent directory(gnupg/gnupg-2.0.15.tar.bz2) and types
> "./configure".
KSH: NOT FOUND

> Step3: I have also tried checking whether gpg is already installed or not.
KSH: NOT FOUND

Or do you mean that ./configure gives you a "KSH: NOT FOUND" error?
Also, did ./configure succeed and did it fail and give an error?  If
./configure failed, please reply with the contents of the error.  It
will make a big difference in determining what went wrong.


- -Paul

- --
"Karl Marx, a famous deadbeat dad." --self

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCAAGBQJL11MeAAoJEJhBiuhgbQLIfRkL/1VAZZQOADGsCv1YW9rsbJ96
OPJvv82w97lednVu3du535kNaUKjwwOazuxgfPEqTZHK8vub3VC/xcmAPLc5AV2t
HLM4ErkLP4MWOgsZMnhRmS2T+4en0jwQqi5BehzXSaqmKCRYGlEfWJpC2n0aEIKQ
cRKnrh2huf52pDv178YeotbDnvCn47Y4L7ttt+3RJHBUr88nx78a0mgfBEDiL5R6
rjdRNARbNQr7tcw06A837KL57vcVbXjwZYo9kWveWT1t5YTH/hCTfeZ9i8IVsafS
iJkN2HTmXZOnaXgJ+/y+t2lo0vbiZIZHrN5VTM3ZpBPxkqMbXaJeY3hL3xFkf7AL
Y/mrZLbKyBwaxCrOaTONAxLxEox7Ym/+WIEAWyAm+GE77gESK0OIV51HV8bqHAJn
YOoCS0FnwWoTw7OrMKmqRJNSn48anmjSV+WIaXsQqecMgbBsXeAobgza6KQIerju
pkm6PJubnrvylkynua//3cM0UJ9+e7XxPZScxCKafw==
=yDfM
-----END PGP SIGNATURE-----


From ml at mareichelt.de  Tue Apr 27 23:16:52 2010
From: ml at mareichelt.de (markus reichelt)
Date: Tue, 27 Apr 2010 23:16:52 +0200
Subject: Split keys
In-Reply-To: <4BD751A9.3030002@gmail.com>
References: <20100426211012.ejt7svye0c4oowo0-avy@webmail.spamcop.net>
	<0EE14841E1FD8545B7E084F22AEF968102273DA7@fssbemail.fss.india>
	<20100427194254.GU14677@tatooine.rebelbase.local>
	<4BD751A9.3030002@gmail.com>
Message-ID: <20100427211652.GY14677@tatooine.rebelbase.local>

* Faramir <faramir.cl at gmail.com> wrote:

> markus reichelt escribi?:
> > * Mohan Radhakrishnan <mohanr at fss.co.in> wrote:
> > 
> >> What is the experience of this forum with split keys and storage
> >> ?
> > 
> > Great success.
> 
>   By the way, I suppose the idea behind splitting the keys is to
> create several shares, which individually are useless, right? If
> so, what is the method used to archive that? I know how to split
> passphrases (like using SSSS), but I don't have any idea about what
> to use to split keys.

man split

HTH

-- 
left blank, right bald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20100427/8b43c7f4/attachment.pgp>

From mohanr at fss.co.in  Wed Apr 28 11:42:41 2010
From: mohanr at fss.co.in (Mohan Radhakrishnan)
Date: Wed, 28 Apr 2010 15:12:41 +0530
Subject: Split keys
In-Reply-To: <20100427211652.GY14677@tatooine.rebelbase.local>
Message-ID: <0EE14841E1FD8545B7E084F22AEF968102274414@fssbemail.fss.india>

Hi,
    We have come across tools like SSSS. Can I use these in Windows ? I am trying to split the public key. We are the encryptors. Does that make sense ?

Looks like according to PCI, GPG is not compliant because there is no mechanism to split keys using GPG. Is there a way ?

Thanks,
Mohan

-----Original Message-----
From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of markus reichelt
Sent: Wednesday, April 28, 2010 2:47 AM
To: gnupg-users at gnupg.org
Subject: Re: Split keys

* Faramir <faramir.cl at gmail.com> wrote:

> markus reichelt escribi?:
> > * Mohan Radhakrishnan <mohanr at fss.co.in> wrote:
> > 
> >> What is the experience of this forum with split keys and storage
> >> ?
> > 
> > Great success.
> 
>   By the way, I suppose the idea behind splitting the keys is to
> create several shares, which individually are useless, right? If
> so, what is the method used to archive that? I know how to split
> passphrases (like using SSSS), but I don't have any idea about what
> to use to split keys.

man split

HTH

-- 
left blank, right bald


From arthur.gordon at sabic-ip.com  Tue Apr 27 22:01:20 2010
From: arthur.gordon at sabic-ip.com (ArtG8233)
Date: Tue, 27 Apr 2010 13:01:20 -0700 (PDT)
Subject: GPG using key ring in D:\Documents and Settings\Default
	User\Application Data\gnupg
Message-ID: <28381361.post@talk.nabble.com>


I have Gpg4Win installed on a server and imported keys using GPA.  When my
batch job runs via an automated scheduler and calls GPG it is looking for
the key rings in "Default User".  Is there a way to configure GPG to go to a
different directory?
-- 
View this message in context: http://old.nabble.com/GPG-using-key-ring-in-D%3A%5CDocuments-and-Settings%5CDefault-User%5CApplication-Data%5Cgnupg-tp28381361p28381361.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From arthur.gordon at sabic-ip.com  Wed Apr 28 13:10:54 2010
From: arthur.gordon at sabic-ip.com (ArtG8233)
Date: Wed, 28 Apr 2010 04:10:54 -0700 (PDT)
Subject: GPG using key ring in D:\Documents and Settings\Default
	User\Application Data\gnupg
Message-ID: <28381361.post@talk.nabble.com>


I have Gpg4Win installed on a server and imported keys using GPA.  When my
batch job runs via an automated scheduler and calls GPG it is looking for
the key rings in "Default User".  Is there a way to configure GPG to go to a
different directory?
-- 
View this message in context: http://old.nabble.com/GPG-using-key-ring-in-D%3A%5CDocuments-and-Settings%5CDefault-User%5CApplication-Data%5Cgnupg-tp28381361p28381361.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From kgo at grant-olson.net  Wed Apr 28 14:31:12 2010
From: kgo at grant-olson.net (Grant Olson)
Date: Wed, 28 Apr 2010 08:31:12 -0400
Subject: GPG using key ring in D:\Documents and Settings\Default
	User\Application Data\gnupg
In-Reply-To: <28381361.post@talk.nabble.com>
References: <28381361.post@talk.nabble.com>
Message-ID: <4BD82A90.4090204@grant-olson.net>

On 4/28/2010 7:10 AM, ArtG8233 wrote:
> 
> I have Gpg4Win installed on a server and imported keys using GPA.  When my
> batch job runs via an automated scheduler and calls GPG it is looking for
> the key rings in "Default User".  Is there a way to configure GPG to go to a
> different directory?

You can use "gpg --homedir c:\foo\bar" to specify a directory.

Alternately, you can configure the automated scheduler to run the job
under an account that has an existing profile with a good keyring.  I
imagine right now it's running as SYSTEM.

-- 
Grant

"Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100428/6b1baf09/attachment.pgp>

From gnupg at olo.org.pl  Wed Apr 28 16:52:51 2010
From: gnupg at olo.org.pl (Aleksander Adamowski)
Date: Wed, 28 Apr 2010 16:52:51 +0200
Subject: Encrypting/decrypting large amounts of data in parallel using GnuPG 
	with a HSM ?
Message-ID: <x2h1c690d741004280752od1144504jc1550c416112434e@mail.gmail.com>

Hi!
Does anyone here on the list have experience with encrypting large
files with GnuPG using a private key stored on HSM, with many
encryptions going on in parallel?

As far as I understand:
1) unless the --symmetric option is employed, data encryption employs
a randomly generated one time symmetric key, which is encrypted by
recipient's public key. Data decryption obtains the symmetric key
embedded in the message and decrypts it using the private key - this
is the step where a SmartCard or HSM can be potentially employed
AFAIU.
2) If the --symmetric option is used, symmetric data encryption using
a password-based key is used and no SmartCard nor HSM can be employed.
3) SmartCards / HSMs must employ the OpenPGP standard
(http://g10code.com/p-card.html)
4) PKCS#11 interface to HSMs is not supported by the official GnuPG
distribution due to personal options of Werner Koch, but an
independent SmartCard daemon has been developed:
http://gnupg-pkcs11.sourceforge.net/

>From looking at that standard mentioned in 3), it seems to me that the
only way to use hardware assisted encryption and key management by the
official GnuPG is through the use of SmartCard devices.

As far as I understand, SmartCards generally don't support
multithreading or parallel processing, and any cryptographic
operations involving them must be carried out sequentially.

In the crypto security world of financial institutions, when massive
amounts of crypto operations are to be performed in parallel, usually
HSMs from companies like Thales or SafeNet are employed, and PKCS#11
is the usual programming interface of choice in accessing them. This
handles massive amounts of parallel cryptographic operations
gracefully.

Keeping that in mind, did anyone try to use GnuPG in a massively
parallel crypto processing scenario with hardware assisted decryption?

How did you accomplish that?
Did you go the OpenPGP card way (e.g. a massive array of redundant
SmartCards?) or the PKCS#11 way (which vendor's HSMs did you use?)?
What performance did you get out of your setup (number of parallel
encryptions/decryptions, number of decryptions/second, data file sizes
involved)?


--
Best Regards,
?Aleksander Adamowski
?http://olo.org.pl


From joke at seiken.de  Wed Apr 28 19:37:49 2010
From: joke at seiken.de (Joke de Buhr)
Date: Wed, 28 Apr 2010 19:37:49 +0200
Subject: smart card with 4096 bit keys
Message-ID: <201004281938.12497.joke@seiken.de>

hi,

I recently purchased this usb gnupg smart card 
https://www.privacyfoundation.de/crypto_stick/

Within an email developers stated the usb stick itself could handle keys with 
a length of 4096 but gnupg doesn't support these key lengths.

Is there any way of transferring my existing 4096 bit keys to the card. 
Generating new 3072 bit keys worked fine but it would be a lot better if I 
could stick to my 4096 keys.


Thanks
Joke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100428/16c9f3da/attachment.pgp>

From dougb at dougbarton.us  Wed Apr 28 19:41:55 2010
From: dougb at dougbarton.us (Doug Barton)
Date: Wed, 28 Apr 2010 10:41:55 -0700
Subject: GPG using key ring in D:\Documents and
	Settings\Default	User\Application Data\gnupg
In-Reply-To: <28381361.post@talk.nabble.com>
References: <28381361.post@talk.nabble.com>
Message-ID: <4BD87363.5020804@dougbarton.us>

On 04/27/10 13:01, ArtG8233 wrote:
> 
> I have Gpg4Win installed on a server and imported keys using GPA.  When my
> batch job runs via an automated scheduler and calls GPG it is looking for
> the key rings in "Default User".  Is there a way to configure GPG to go to a
> different directory?

While you're reading the manual look for references to "home."


hth,

Doug

-- 

	... and that's just a little bit of history repeating.
			-- Propellerheads

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/



From christoph.anton.mitterer at physik.uni-muenchen.de  Wed Apr 28 20:45:39 2010
From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer)
Date: Wed, 28 Apr 2010 20:45:39 +0200
Subject: smart card with 4096 bit keys
In-Reply-To: <201004281938.12497.joke@seiken.de>
References: <201004281938.12497.joke@seiken.de>
Message-ID: <1272480339.16870.18.camel@fermat.scientia.net>

On Wed, 2010-04-28 at 19:37 +0200, Joke de Buhr wrote:
> Is there any way of transferring my existing 4096 bit keys to the card. 
> Generating new 3072 bit keys worked fine but it would be a lot better if I 
> could stick to my 4096 keys.
Obviously not...


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20100428/13457eb3/attachment.bin>

From faramir.cl at gmail.com  Wed Apr 28 21:30:14 2010
From: faramir.cl at gmail.com (Faramir)
Date: Wed, 28 Apr 2010 15:30:14 -0400
Subject: Split keys
In-Reply-To: <0EE14841E1FD8545B7E084F22AEF968102274414@fssbemail.fss.india>
References: <0EE14841E1FD8545B7E084F22AEF968102274414@fssbemail.fss.india>
Message-ID: <4BD88CC6.6020703@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mohan Radhakrishnan escribi?:
> Hi,
>     We have come across tools like SSSS. Can I use these in Windows ? I am trying to split the public key. We are the encryptors. Does that make sense ?

  Well, there are tools implementing SSSS in Windows, but I think
different implementations are not compatible with each other. The only
open source implementation I have found is the one available at
http://point-at-infinity.org/ssss/

  I was told the souce code is simple enough to make an updated version
for windows, but I lack the skill needed to do it, and the person that
told me it won't do it unless the organization in which we are involved
require the tool. So maybe the easiest way would be to install ubuntu in
a machine (maybe a virtual machine), install SSSS from ubuntu's
repositories, and use it on that platform.

  I think people would find SSSS a lot more reliable if GnuPG includes
(and maintain it) as a complement of GnuPG, that way we would know it
will be available as long as GnuPG is available, but I understand they
can't implement each and every tool somebody thinks desirable to have.

  Now, about splitting the public key, it doesn't make sense to me,
since the public key is, by definition, public, you don't need to keep
it secret or safe. What you MUST keep secret and safe is the private key.

  I took a look at PCI DSS v1.2.1, and found:

3.6.6 Split knowledge and
establishment of dual control of
cryptographic keys.

3.6.6 Verify that key-management procedures are
implemented to require split knowledge and dual control of
keys (for example, requiring two or three people, each
knowing only their own part of the key, to reconstruct the
whole key).

IMHO, it refers to the secret part of the key, not to the public part.

  When you say you are the encryptor, I suppose you mean you are the
party sending the information, which, at first sight, don't require to
handle private keys, unless you are also signing the message.

> Looks like according to PCI, GPG is not compliant because there is no mechanism to split keys using GPG. Is there a way ?

  If I understood it right, yes, GPG is not compliant because it doesn't
include an "out of the box" tool to archive that. But maybe we can be
creative and find a way to solve the problem.

  Private keys can be protected by a passphrase, and if the passphrase
is strong enough, _maybe_ the key will be protected with an encryption
stronger than the key itself. With that in mind, why don't we split the
passphrase, instead of splitting the key? That workaround looks fine _to
me_, but I'm not an expert, and I'm not an auditor of PCI DSS
compliance, so I don't really know if it would be a good solution.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJL2IzFAAoJEMV4f6PvczxABpIH/277OWwrwqC5uqTMfdepCpOl
xbn/dNFghWFrwnJ4cMhv049sB3RMmmmaONFeGDDs0SUarC6S5lUCG4jr7lpg2p0F
0zxg7E5ddDhs1MNxSkAZVnXm1pLIl4Y3vYskyEh0W7b4iShLXC700clSk7m4fnWY
EzKCzTvOhfvatMHsifNNAyeCPEaqsbKPOxSq/sVqa/173NMz7xb9coPyca2CQeKT
va6Uf+AFvxgy+W60ymWKKzzKi15DkmAQNgtmbQOkBF9xvEZPsNtKepqfjX6CNRn2
Eo7+kHUBusL8zb/XtYfwVYckFKk7ApY58QpTLilTdEi06gwMSpg/pxGggG3KIWw=
=JhoP
-----END PGP SIGNATURE-----


From Simon.Richter at hogyros.de  Wed Apr 28 21:44:16 2010
From: Simon.Richter at hogyros.de (Simon Richter)
Date: Wed, 28 Apr 2010 21:44:16 +0200
Subject: smart card with 4096 bit keys
In-Reply-To: <201004281938.12497.joke@seiken.de>
References: <201004281938.12497.joke@seiken.de>
Message-ID: <20100428194416.GC4690@honey.hogyros.de>

Hi,

On Wed, Apr 28, 2010 at 07:37:49PM +0200, Joke de Buhr wrote:

> https://www.privacyfoundation.de/crypto_stick/

> Within an email developers stated the usb stick itself could handle keys with 
> a length of 4096 but gnupg doesn't support these key lengths.

The key length is limited by the card firmware. For each crypto
operation, a data block with the same size as the key needs to be
transferred to the card, which needs to have buffer space available for
the data.

While the crypto processor itself can handle 4096 bit keys, the code
running on the card that implements the card "file system" and prods the
crypto unit to work cannot handle that (and a bug in the decryption code
also precludes using 3072 bit "encryption" keys).

> Is there any way of transferring my existing 4096 bit keys to the card. 
> Generating new 3072 bit keys worked fine but it would be a lot better if I 
> could stick to my 4096 keys.

You can use the card for subkeys only.

   Simon


From jeff.sadowski at gmail.com  Thu Apr 29 01:14:16 2010
From: jeff.sadowski at gmail.com (Jeff Sadowski)
Date: Wed, 28 Apr 2010 17:14:16 -0600
Subject: Time output format
In-Reply-To: <201004272250.14885.joke@seiken.de>
References: <l2v259313d71004271152q25d1b25cg2883faa0b9393aa7@mail.gmail.com>
	<201004272250.14885.joke@seiken.de>
Message-ID: <j2j259313d71004281614l8dc025d3j61f3fbdcb0718c68@mail.gmail.com>

I came up with an elaborate script to check the time and run a command
that was emailed to me. I run this in a cron job every minute.  Maybe
others might find this useful.

<----------------------------------------------------- begin
#!/bin/bash

From="FirstName LastName <email_address at webaddress>"
key="XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX"

onemail(){
cat /var/spool/mail/${USER} >> .onemail
echo -n >  /var/spool/mail/${USER}
Next=`grep -n "^From " .onemail|head -n 2|tail -n 1|cut -d: -f1`
if [ "${Next}" = "" ];then
 Next=0
fi
if [ "${Next}" -lt "3" ]; then
 cat .onemail
 echo -n > .onemail
else
 let Next=${Next}-2
 Lines=`wc -l .onemail| cut -d" " -f1`
 let Left=${Lines}-${Next}
 head -n $Next .onemail
 tail -n $Left .onemail > .onemail.tmp
 cat .onemail.tmp > .onemail
 rm -rf .onemail.tmp
fi
}

rlz(){ echo $1|sed 's/^0*//';}

Time(){
 HOUR=`rlz \`echo $1|cut -d: -f1\``
 MINUTES=`rlz \`echo $1|cut -d: -f2\``
 if [ "${MINUTES}" = "" ];then MINUTES=0;fi
 Seconds=`rlz \`echo $1|cut -d: -f3\``
 if [ "${Seconds}" = "" ];then Seconds=0;fi
 if [ "${HOUR}" = "12" ];then HOUR=0;fi
 if [ "$2" = "PM" ]; then let HOUR=${HOUR}+12;fi
 let Seconds=${HOUR}*60*60+${MINUTES}*60+${Seconds}
 echo ${Seconds}
}

leap_year(){
ly=0;let x=$1%400;
if [ "$x" = "0" ];then ly=1 ;else let x=$1%100;
if [ "$x" != "0" ];then let x=$1%4;
if [ "$x" = "0" ];then ly=1;fi;fi;fi
echo ${ly}
}

#day of year
doy()
{
ly=`leap_year $1`;
case "$2" in
1|Jan) let x=$3 ;;
2|Feb) let x=31+$3 ;;
3|Mar) let x=59+$ly+$3 ;;
4|Apr) let x=90+$ly+$3 ;;
5|May) let x=120+$ly+$3 ;;
6|Jun) let x=151+$ly+$3 ;;
7|Jul) let x=181+$ly+$3 ;;
8|Aug) let x=212+$ly+$3 ;;
9|Sep) let x=243+$ly+$3 ;;
10|Oct) let x=273+$ly+$3 ;;
11|Nov) let x=304+$ly+$3 ;;
12|Dec) let x=334+$ly+$3 ;;
esac
let y=365+$ly
echo $x of $y
}

#days of years in between
days_of_yib(){
 if [ $1 = $2 ];then
 echo 0
 elif [ $1 -gt $2 ];then
 let x=$1-$2-1
 if [ ${x} -gt 0 ];then
 let minus_one=$1-1
 let y=365+`leap_year ${minus_one}`+`days_of_yib ${minus_one} $2`
 echo $y
 else
 echo 0
 fi
 else
 days_of_yib $2 $1
 fi
}

days_apart()
{
 one=`doy $1 $2 $3`
 two=`doy $4 $5 $6`
 if [ "$1" = "$4" ];then
 let x=`echo $one $two|awk '{print $1-$4}'`
 echo ${x}
 else
 plus=`days_of_yib $1 $4`
 if [ $1 -gt $4 ];then
 let all=`echo $two $one $plus| awk '{print $7+$4+$3-$1}'`
 else
 let all=`echo $one $two $plus| awk '{print $7+$4+$3-$1}'`
 let all=0-$all
 fi
 echo ${all}
 fi
}

seconds_apart(){
 days=`days_apart \`rlz $1\` \`rlz $2\` \`rlz $3\` \`rlz $6\` \`rlz
$7\` \`rlz $8\``
 let x=`Time $4 $5`-`Time $9 ${10}`+$days*86400
 echo $x
}

seconds_ago(){ seconds_apart `date "+%Y %m %d %I:%M:%S %p"` $1 $2 $3 $4 $5;}

while [ "`cat ${HOME}/.onemail /var/spool/mail/${USER}`" != "" ]; do
 verify=`onemail |gpg 2>&1 1> ${HOME}/.command`
 if [ "`cat ${HOME}/.command`" != "" ];then
 seconds_ago=`seconds_ago \`echo -e "${verify}"|grep "^gpg: Signature made"|
              awk '{print $7 " " $6 " " $5 " " $8 " " $9}'\``
 if [ "$seconds_ago -lt 3600" ]; then
  Good=`echo -e "${verify}"|grep "^gpg: Good signature from"`
  Primary=`echo -e "${verify}"|grep "^Primary key fingerprint:"`
  if [ "${Good}" = "gpg: Good signature from \"${From}\"" ] &&
     [ "${Primary}" = "Primary key fingerprint: ${key}" ]; then
   `cat ${HOME}/.command` &
  else
   echo `date` Bad Signature >> logfile
   echo -e "$verify" >> logfile
fi;fi;fi;done
<-------------------- End

On Tue, Apr 27, 2010 at 2:50 PM, Joke de Buhr <joke at seiken.de> wrote:
> The format of the time stamp can be change according to your locale. Just
> specify an individual setting for LC_TIME.
>
> On Tuesday, 27. April 2010 20:52:58 Jeff Sadowski wrote:
>> when I run something like so
>> "cat test.email |gpg"
>> where test.email is an email that was signed I get output like so
>>
>> <--- begin
>> The verified signed text
>> ...
>> gpg: Signature made <3 letter Day of Week> <Day of Month> <3 letter
>> Month> <year> <time> <AM/PM> <time zone> using DSA key ID <DSA key ID>
>> gpg: <Good|Bad?> signature from "<key sender>"
>> Primary key fingerprint: <Key fingerprint>
>> <--- end
>>
>> Is there an option to change the format of the time?
>> While reading the manual I could not find it.
>>
>> I'd like it in a time stamp format so its easy to compare against current
>> time. Or is there an option to validate that the text was signed within xx
>> hours?
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>


From stefanxe at gmx.net  Thu Apr 29 12:58:47 2010
From: stefanxe at gmx.net (Stefan Xenon)
Date: Thu, 29 Apr 2010 12:58:47 +0200
Subject: Encrypting/decrypting large amounts of data in parallel using
	GnuPG 	with a HSM ?
In-Reply-To: <x2h1c690d741004280752od1144504jc1550c416112434e@mail.gmail.com>
References: <x2h1c690d741004280752od1144504jc1550c416112434e@mail.gmail.com>
Message-ID: <4BD96667.9070301@gmx.net>

Am 28.04.2010 16:52, schrieb Aleksander Adamowski:
> From looking at that standard mentioned in 3), it seems to me that the
> only way to use hardware assisted encryption and key management by the
> official GnuPG is through the use of SmartCard devices.

As you know OpenPGP relies on a combination of symmetric (e.g. AES) and
asymmetric (e.g. RSA) encryption. GnuPG uses smart cards for
*asymmetric* encryption only. Also AFAIK gnupg-pkcs11 does the same but
uses a standardized interface (PKCS#11). The general approach is fine,
protecting the secret keys in hardware and computing the intense
operations on the main computer. In case of large amount of data, the
*symmetric* encryption may be the bottle neck, instead of the
*asymmetric* encryption. Therefore an array of several smart cards may
not be the right approach.

To me your question would make sense if the main computer is not capable
to handle the symmetric encryption only. In current times of multi core
CPUs I doubt that this may really the case. Also you should consider
that you have to start separate GnuPG instances for each file/user. This
would scale very well on any multi core system nomatter whether a single
GnuPG process separates its workload to several threads or not (what I
don't know).

Regards
Stefan


From arthur.gordon at sabic-ip.com  Thu Apr 29 15:13:06 2010
From: arthur.gordon at sabic-ip.com (ArtG8233)
Date: Thu, 29 Apr 2010 06:13:06 -0700 (PDT)
Subject: GPG using key ring in D:\Documents and Settings\Default
	User\Application Data\gnupg
In-Reply-To: <28381361.post@talk.nabble.com>
References: <28381361.post@talk.nabble.com>
Message-ID: <28400379.post@talk.nabble.com>


I was able to point to the proper key ring by using "--keyring ..."


ArtG8233 wrote:
> 
> I have Gpg4Win installed on a server and imported keys using GPA.  When my
> batch job runs via an automated scheduler and calls GPG it is looking for
> the key rings in "Default User".  Is there a way to configure GPG to go to
> a different directory?
> 

-- 
View this message in context: http://old.nabble.com/GPG-using-key-ring-in-D%3A%5CDocuments-and-Settings%5CDefault-User%5CApplication-Data%5Cgnupg-tp28381361p28400379.html
Sent from the GnuPG - User mailing list archive at Nabble.com.



From kotavaraprasad at gmail.com  Wed Apr 28 18:42:00 2010
From: kotavaraprasad at gmail.com (Varaprasad Kota)
Date: Wed, 28 Apr 2010 22:12:00 +0530
Subject: PGP Installation Problems on Sun OS
In-Reply-To: <4BD75330.7040303@gmail.com>
References: <u2s407948731004260627h1def7fddtf330247d180b6d4@mail.gmail.com>
	<4BD75330.7040303@gmail.com>
Message-ID: <j2u407948731004280942p62d3df8bp51c75e8a1860bf05@mail.gmail.com>

Hi Paul!

First, Thank you very much for your response.

After trying with different options, I was able to compile it with the
command "./configure AR=gar". I have also GCC compiler installed readily. I
tried compiling it and it gave me a error message saying that I need to
install library file "*libgpg-error, libgcrypt, libassuan, libksba,
Pth.........Required libraries not found. Please consult the above messages
*** and install them before running configure again.*".

I have downloaded them, unzipped and placed in the home directory of GNUPG.
I have tried recompiling again with the command "./configure AR-gar". I
still get the same message.

Pls advised me what needs to be done on this.  After unzipping the above lib
files what needs to be done. Pls send me step by step instructions.

I have attached the error message.

Thanks in advance,
Vara Prasad Kota


On Wed, Apr 28, 2010 at 2:42 AM, Paul Richard Ramer <free10pro at gmail.com>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Mon, 26 Apr 2010 18:57:15 +0530, Varaprasad Kota wrote:
> > I have downloaded "gnupg-2.0.15.tar.bz2" and done the below steps to
> install
> > them on SunOS.
> >
> > Step1: unzipped it
> > Step2: Moved into the parent directory(gnupg/gnupg-2.0.15.tar.bz2) and
> types
> > "./configure".
> > Step3: I have also tried checking whether gpg is already installed or
> not.
> >
> > For all the above commands I get "KSH: NOT FOUND" reply.
>
> So by that last line, do you mean that each time that you typed a
> command you got a "KSH: NOT FOUND" error? For example:
>
> > Step1: unzipped it
> KSH: NOT FOUND
>
> > Step2: Moved into the parent directory(gnupg/gnupg-2.0.15.tar.bz2) and
> types
> > "./configure".
> KSH: NOT FOUND
>
> > Step3: I have also tried checking whether gpg is already installed or
> not.
> KSH: NOT FOUND
>
> Or do you mean that ./configure gives you a "KSH: NOT FOUND" error?
> Also, did ./configure succeed and did it fail and give an error?  If
> ./configure failed, please reply with the contents of the error.  It
> will make a big difference in determining what went wrong.
>
>
> - -Paul
>
> - --
> "Karl Marx, a famous deadbeat dad." --self
>
> +---------------------------------------------------------------------+
> | PGP Key ID: 0x3DB6D884                                              |
> | PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
> +---------------------------------------------------------------------+
> -----BEGIN PGP SIGNATURE-----
>
> iQGcBAEBCAAGBQJL11MeAAoJEJhBiuhgbQLIfRkL/1VAZZQOADGsCv1YW9rsbJ96
> OPJvv82w97lednVu3du535kNaUKjwwOazuxgfPEqTZHK8vub3VC/xcmAPLc5AV2t
> HLM4ErkLP4MWOgsZMnhRmS2T+4en0jwQqi5BehzXSaqmKCRYGlEfWJpC2n0aEIKQ
> cRKnrh2huf52pDv178YeotbDnvCn47Y4L7ttt+3RJHBUr88nx78a0mgfBEDiL5R6
> rjdRNARbNQr7tcw06A837KL57vcVbXjwZYo9kWveWT1t5YTH/hCTfeZ9i8IVsafS
> iJkN2HTmXZOnaXgJ+/y+t2lo0vbiZIZHrN5VTM3ZpBPxkqMbXaJeY3hL3xFkf7AL
> Y/mrZLbKyBwaxCrOaTONAxLxEox7Ym/+WIEAWyAm+GE77gESK0OIV51HV8bqHAJn
> YOoCS0FnwWoTw7OrMKmqRJNSn48anmjSV+WIaXsQqecMgbBsXeAobgza6KQIerju
> pkm6PJubnrvylkynua//3cM0UJ9+e7XxPZScxCKafw==
> =yDfM
> -----END PGP SIGNATURE-----
>



-- 
Varaprasad Kota.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100428/da64421e/attachment.htm>
-------------- next part --------------
18:26:29vkotaYou need libgpg-error to build this program.
** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libgpg-error
*** (at least version 1.4 is required.)
***
configure:
***
*** You need libgcrypt to build this program.
** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
*** (at least version 1.4.0 using API 1 is required.)
***
configure:
***
*** You need libassuan to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version 2.0.0 (API 2) is required).
***
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libksba/
*** (at least version 1.0.2 using API 1 is required).
***
configure:
***
*** It is now required to build with support for the
*** GNU Portable Threads Library (Pth). Please install this
*** library first. The library is for example available at
*** ftp://ftp.gnu.org/gnu/pth/
*** On a Debian GNU/Linux system you can install it using
*** apt-get install libpth-dev
*** To build GnuPG for Windows you need to use the W32PTH
*** package; available at:
*** ftp://ftp.g10code.com/g10code/w32pth/
***
configure: error: 
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
 
19:42:20:: Sirigiri,Ramana Reddy would like to send you a file... ::
19:42:20:: Ppt0000001.ppt: File sent. ::
19:42:36:: You have received this file. C:\Documents and Settings\vkota.CORP\Desktop\UNO.ppt ::

From skala at steiner.cz  Thu Apr 29 11:11:51 2010
From: skala at steiner.cz (skala at steiner.cz)
Date: Thu, 29 Apr 2010 11:11:51 +0200 (CEST)
Subject: =?us-ascii?Q?windows=20version=20support?=
Message-ID: <53543.6534.24103-4298-329363284-1272532311@seznam.cz>

Hi,
I have a question.

Work GnuPG on Windows server 2008?

Thanks.

Kamil.                                 


From gnupg at olo.org.pl  Thu Apr 29 14:57:33 2010
From: gnupg at olo.org.pl (Aleksander Adamowski)
Date: Thu, 29 Apr 2010 14:57:33 +0200
Subject: Encrypting/decrypting large amounts of data in parallel using 
	GnuPG with a HSM ?
In-Reply-To: <4BD96667.9070301@gmx.net>
References: <x2h1c690d741004280752od1144504jc1550c416112434e@mail.gmail.com> 
	<4BD96667.9070301@gmx.net>
Message-ID: <o2n1c690d741004290557p71685b23w8af374980357fcf2@mail.gmail.com>

On Thu, Apr 29, 2010 at 12:58, Stefan Xenon <stefanxe at gmx.net> wrote:
> As you know OpenPGP relies on a combination of symmetric (e.g. AES) and
> asymmetric (e.g. RSA) encryption. GnuPG uses smart cards for
> *asymmetric* encryption only. Also AFAIK gnupg-pkcs11 does the same but
> uses a standardized interface (PKCS#11). The general approach is fine,
> protecting the secret keys in hardware and computing the intense
> operations on the main computer. In case of large amount of data, the
> *symmetric* encryption may be the bottle neck, instead of the
> *asymmetric* encryption. Therefore an array of several smart cards may
> not be the right approach.

I'd tend to disagree. When symmetric encryption becomes a bottleneck,
we can usually add more CPU cores to process more encryptions in
parallel.
Also, for small portions of data, this should not become a concern.
However, depending on a single SmartCard to realize asymmetric crypto
ops is a bottleneck which seems much harder to overcome.

> To me your question would make sense if the main computer is not capable
> to handle the symmetric encryption only. In current times of multi core
> CPUs I doubt that this may really the case. Also you should consider
> that you have to start separate GnuPG instances for each file/user. This
> would scale very well on any multi core system nomatter whether a single
> GnuPG process separates its workload to several threads or not (what I
> don't know).

I'm not talking about symmetric crypto, and, specifically, not about
PGP encryption at all, since it doesn't involve the private asymmetric
key.
I suppose that host-handled, purely software crypto is not a concern,
exactly for the reasons you have listed - it's quite easy to scale
that.

What I'm talking about, is PGP *decryption* and *signing* (the
operations which have to involve the secret key) using a SmartCard or
HSM.

I want to have the private key securely stored in the hardware
(SmartCard or HSM), asymmetric crypto ops securely performed in the
hardware and I'm concerned with the hardware becoming a bottleneck.

I suspect that handling e.g. 50 PGP signatures and/or decryptions per
second may be too much for this kind of setup - am I right?

In such a case, I'd like to know what behaviour would gpg agent
exhibit under high load:
* will it queue the crypto requests?
* will these requests wait indefinitely if the queue grows faster than
it is processed or will they timeout?
* is there a way to add more SmartCards with readers with the same
keypair loaded onto them, and load balance them?

As an alternative, I'd like to know whether anyone tried using
gnupg-pkcs11 and a HSM (like Thawte/nCipher/nShield or SafeNet Luna)
for handling large loads with GnuPG.


-- 
Best Regards,
  Aleksander Adamowski
  http://olo.org.pl


From Simon.Richter at hogyros.de  Thu Apr 29 16:38:51 2010
From: Simon.Richter at hogyros.de (Simon Richter)
Date: Thu, 29 Apr 2010 16:38:51 +0200
Subject: Encrypting/decrypting large amounts of data in parallel using
	GnuPG with a HSM ?
In-Reply-To: <o2n1c690d741004290557p71685b23w8af374980357fcf2@mail.gmail.com>
References: <x2h1c690d741004280752od1144504jc1550c416112434e@mail.gmail.com>
	<4BD96667.9070301@gmx.net>
	<o2n1c690d741004290557p71685b23w8af374980357fcf2@mail.gmail.com>
Message-ID: <20100429143851.GE7046@honey.hogyros.de>

Hi,

On Thu, Apr 29, 2010 at 02:57:33PM +0200, Aleksander Adamowski wrote:

> I want to have the private key securely stored in the hardware
> (SmartCard or HSM), asymmetric crypto ops securely performed in the
> hardware and I'm concerned with the hardware becoming a bottleneck.

> I suspect that handling e.g. 50 PGP signatures and/or decryptions per
> second may be too much for this kind of setup - am I right?

For a SmartCard setup, yes. There may be other HSM solutions that have
higher performance, but these are not as tamperproof as a SmartCard.

   Simon


From dan at geer.org  Thu Apr 29 16:18:06 2010
From: dan at geer.org (dan at geer.org)
Date: Thu, 29 Apr 2010 10:18:06 -0400
Subject: Symantec buys PGP and Guardian Edge
Message-ID: <20100429141806.7F32A33CCE@absinthe.tinho.net>


By Jeremy Kirk, IDG News Service

http://www.pcworld.com/businesscenter/article/195217/symantec_buys_encryption_specialist_pgp_for_300m.html

Symantec will acquire encryption specialist PGP and endpoint security
vendor GuardianEdge Technologies for US$300 million and $70 million
respectively, the company said on Thursday.

<snip>


From free10pro at gmail.com  Fri Apr 30 11:48:36 2010
From: free10pro at gmail.com (Paul Richard Ramer)
Date: Fri, 30 Apr 2010 02:48:36 -0700
Subject: PGP Installation Problems on Sun OS
In-Reply-To: <j2u407948731004280942p62d3df8bp51c75e8a1860bf05@mail.gmail.com>
References: <u2s407948731004260627h1def7fddtf330247d180b6d4@mail.gmail.com>	
	<4BD75330.7040303@gmail.com>
	<j2u407948731004280942p62d3df8bp51c75e8a1860bf05@mail.gmail.com>
Message-ID: <4BDAA774.9090809@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 28 Apr 2010 22:12:00 +0530, Varaprasad Kota wrote:
> After trying with different options, I was able to compile it with the
> command "./configure AR=gar". I have also GCC compiler installed
> readily. I tried compiling it and it gave me a error message saying that
> I need to install library file "*libgpg-error, libgcrypt, libassuan,
> libksba, Pth.........Required libraries not found. Please consult the
> above messages
> *** and install them before running configure again.*".
> 
> I have downloaded them, unzipped and placed in the home directory of
> GNUPG. I have tried recompiling again with the command "./configure
> AR-gar". I still get the same message.
> 
> Pls advised me what needs to be done on this.  After unzipping the above
> lib files what needs to be done. Pls send me step by step instructions.

Well, the trouble that you're having is that the libraries that Gnupg
2.0.15 needs aren't installed.  The purpose of libraries is to make it
possible for programmers to separate certain instructions from their
programs so that they and other programmers can easily reuse those
instructions in different programs.  When installed, those libraries are
contained in directories such as /lib, /usr/lib, and /usr/local/lib.

Since you don't have those libraries, you have to install them.  You can
either do this by installing them by using a package manager or by
building the libraries yourself and installing them.

Those library tar files that you downloaded contain the source code for
each of those libraries.  You need unpack each of them into some
temporary place.  Then one by one, you will need to cd into each of them
and run ./configure, make, and make install.

You should build and install the GNU Pth library first, because you will
need it for when you compile libassuan.

If you have problems compiling, reply the details of the steps that you
took and the error messages that you got.

Cheers,


- -Paul

- --
You are not authorized to read this e-mail.  Destroy this message and
contact the sender immediately.

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iQGcBAEBCAAGBQJL2qdfAAoJEJhBiuhgbQLInvgMAInrsfzC+Yx+Yc2fB46IJfAP
I45sn6e/q9GGoBkD6W5vi7GKU62ZJIui1v3AKt1Y57bkI/lsYA4Z/B+vIdEBx1BU
50t2/qc2GJsBO5tdkJgTkGseMdeePiuxUNof7K3pqc0ItsD613rugkreJerDhAs3
Wq4c5MQ31twd+u7GoaDVf76R79Dl12Xcgd0sozgkL6LAyi6AnGWy/6rfViiWfxNC
O9nUpYh1sZ/lZ9eV36Rx9A2njX7yjLuf8raWAOr2HZANhaJ+AoEqF8rhwzhSB5Nr
xKT2vsg8chkQASYeCQNEibPM+0Pe8CS+LNa72sMT0hTqDLHzRCil4V9KimyYSFKz
IxsIpDoAkMRAIEh+ZF9fMeE9GCaV7lzdvEYLRnY0ZJaegtYWwPNLbhGmJWblg557
HyGejB+jGKqm9+9YYqMqIj1RmgEmnQLRKwU3meu2abkQAeFxOZwfPRGg0kcAfVWM
+o96pDPzRR1x5OIMTJUXGh+yq26KoB0/U74nbI+7EA==
=POjD
-----END PGP SIGNATURE-----


From cryptostick at privacyfoundation.de  Fri Apr 30 17:02:33 2010
From: cryptostick at privacyfoundation.de (Crypto Stick)
Date: Fri, 30 Apr 2010 17:02:33 +0200
Subject: Crypto Stick released!
Message-ID: <4BDAF109.2000800@privacyfoundation.de>

Recently the German Privacy Foundation released the open source Crypto
Stick!

The GPF Crypto Stick is a USB stick in a small form factor containing an
integrated OpenPGP smart card to allow easy and high-secure encryption
e.g. of e-mail or for authentication in network environments. As opposed
to ordinary software solutions, private keys are always inside the
Crypto Stick so that their exposure is impossible. All cryptographic
operations (precisely: decryption and signature because of public key
cryptography) are executed on the PIN-protected Crypto Stick. In case
the Crypto Stick was stolen, got lost, or is used on a
virus-contaminated computer (e.g. Trojan horse) no attacker is able to
access the private keys so that all encrypted data stays secure.

The Crypto Stick is developed as a non-profit open source project and
ensures a very high level of security due to verifiability and an
attractive price. The open interface of the used OpenPGP smart card
allows optimal compatibility with various software applications (e.g.
GnuPG, Mozilla Thunderbird + Enigmail, OpenSSH, Linux PAM, OpenVPN,
Mozilla Firefox).

You can find more information at:
http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/

The Online Shop is currently in German only. Please mail me if you want
to purchase a Crypto Stick and have trouble placing the order.


From cryptostick at privacyfoundation.de  Fri Apr 30 17:02:33 2010
From: cryptostick at privacyfoundation.de (Crypto Stick)
Date: Fri, 30 Apr 2010 17:02:33 +0200
Subject: Crypto Stick released!
Message-ID: <4BDAF109.2000800@privacyfoundation.de>

Recently the German Privacy Foundation released the open source Crypto
Stick!

The GPF Crypto Stick is a USB stick in a small form factor containing an
integrated OpenPGP smart card to allow easy and high-secure encryption
e.g. of e-mail or for authentication in network environments. As opposed
to ordinary software solutions, private keys are always inside the
Crypto Stick so that their exposure is impossible. All cryptographic
operations (precisely: decryption and signature because of public key
cryptography) are executed on the PIN-protected Crypto Stick. In case
the Crypto Stick was stolen, got lost, or is used on a
virus-contaminated computer (e.g. Trojan horse) no attacker is able to
access the private keys so that all encrypted data stays secure.

The Crypto Stick is developed as a non-profit open source project and
ensures a very high level of security due to verifiability and an
attractive price. The open interface of the used OpenPGP smart card
allows optimal compatibility with various software applications (e.g.
GnuPG, Mozilla Thunderbird + Enigmail, OpenSSH, Linux PAM, OpenVPN,
Mozilla Firefox).

You can find more information at:
http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/

The Online Shop is currently in German only. Please mail me if you want
to purchase a Crypto Stick and have trouble placing the order.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel


From nboullis at debian.org  Fri Apr 30 22:49:56 2010
From: nboullis at debian.org (Nicolas Boullis)
Date: Fri, 30 Apr 2010 22:49:56 +0200
Subject: new tool: gpg-edit-recipients
Message-ID: <20100430204954.GA3615@debian>

Hi,

About 2 months ago, I asked this list if there was a tool to add new 
recipients (technically public-key encrypted session key packets) to an 
encrypted message. As a reminder I need such a tool because I replaced 
my old ElGamal encryption key with a new RSA one that is stored on a 
smartcard.

Since no such tool seemed to exist, I decided to write my own, using as 
much as possible of the source code for GnuPG, and here it is.

Currently, is is very GnuPG-dependant, so I distribute is with a copy of 
GnuPG 2.0.15.

Anyone who is interested (even remotely) by such a tool is welcome to 
test it and make comments or suggestions.

I'd also like to gather opinions about the best way to maintain and 
distribute such a tool in the future. I'm not really willing to maintain 
for gpg-edit-recipients a copy of all the functions I need from GnuPG. 
There are the options I've seen:
 * maintain and distribute it within GnuPG, in an extra directory (that 
   would be my prefered choice, but as I understand it the GnuPG 
   maintainers might not want to bloat GnuPG)
 * maintain it separately from GnuPG, but require the source- and 
   build-directory of GnuPG to build (I think that would be quite 
   unconvenient for users or packagers)
 * accept to maintain my own copy of all the functions I need.

Those who are interested can grab gnupg-edit-recipients at
  http://nicolas.boullis.free.fr/downloads/


Regards,

Nicolas Boullis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
URL: </pipermail/attachments/20100430/711a075d/attachment.pgp>

From andre at amorim.me  Fri Apr 30 23:41:47 2010
From: andre at amorim.me (Andre Amorim)
Date: Fri, 30 Apr 2010 22:41:47 +0100
Subject: Crypto Stick released!
In-Reply-To: <4BDAF109.2000800@privacyfoundation.de>
References: <4BDAF109.2000800@privacyfoundation.de>
Message-ID: <m2qcd1e5a341004301441tf81fb374rff21818719c06813@mail.gmail.com>

Thats what I'm looking for...
but the shop is all in german, so does anyone knows if
privacyfoundation.de a trustable company? (I mean, there are so many
scams these days) But if it's ok I will be happy to buy one and give a
try.
Thanks
AA.

On 30 April 2010 16:02, Crypto Stick <cryptostick at privacyfoundation.de> wrote:
> Recently the German Privacy Foundation released the open source Crypto
> Stick!
>
> The GPF Crypto Stick is a USB stick in a small form factor containing an
> integrated OpenPGP smart card to allow easy and high-secure encryption
> e.g. of e-mail or for authentication in network environments. As opposed
> to ordinary software solutions, private keys are always inside the
> Crypto Stick so that their exposure is impossible. All cryptographic
> operations (precisely: decryption and signature because of public key
> cryptography) are executed on the PIN-protected Crypto Stick. In case
> the Crypto Stick was stolen, got lost, or is used on a
> virus-contaminated computer (e.g. Trojan horse) no attacker is able to
> access the private keys so that all encrypted data stays secure.
>
> The Crypto Stick is developed as a non-profit open source project and
> ensures a very high level of security due to verifiability and an
> attractive price. The open interface of the used OpenPGP smart card
> allows optimal compatibility with various software applications (e.g.
> GnuPG, Mozilla Thunderbird + Enigmail, OpenSSH, Linux PAM, OpenVPN,
> Mozilla Firefox).
>
> You can find more information at:
> http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/
>
> The Online Shop is currently in German only. Please mail me if you want
> to purchase a Crypto Stick and have trouble placing the order.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



-- 
Andre Amorim
GnuPG KEY ID: 0x587B1970
FingerPrint:  42AE C929 4D91 4591 4E75 430F 78D9 53B4 587B 1970
Download: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x587B1970