From dkg at fifthhorseman.net Mon Nov 1 00:24:57 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 31 Oct 2010 19:24:57 -0400 Subject: Please remove pgp.mit.edu from keys.gnupg.net Message-ID: <4CCDFAC9.9050202@fifthhorseman.net> hi gnupg folks-- I just noticed that the keys.gnupg.net pool currently contains pgp.mit.edu as one of the members. This keyserver is not properly syncing with the rest of the global pool. For example, there are keys that have been in the global pool for several weeks that have not migrated into pgp.mit.edu. As a a result, people pulling data from this keyserver will be unlikely to receive updates, re-keying, and revocation events. The broken sync appears to be bi-directional: people sending their data to this keyserver will be unlikely to have their updates forwarded to the rest of the pool (which means their correspondents will fail to get the updates). pgp.mit.edu has already been removed from pool.sks-keyservers.net. I recommend you remove pgp.mit.edu (18.9.60.141) from the keys.gnupg.net DNS round robin until the server begins re-syncing properly with the global pool. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From aguilarojo at gmail.com Mon Nov 1 03:24:12 2010 From: aguilarojo at gmail.com (Derick Centeno) Date: Sun, 31 Oct 2010 22:24:12 -0400 Subject: compile errors Message-ID: <20101031222412.2526c660@arakus> Hi Everyone! I was compiling the latest version of gnupg 2.0.16. The configure process completed well, but the make process failed as follows: .............. Making all in tests make[2]: Entering directory `/usr/src/gnupg-2.0.16/tests' Making all in openpgp make[3]: Entering directory `/usr/src/gnupg-2.0.16/tests/openpgp' ./gpg_dearmor > ./plain-3 < ./plain-3o.asc ../../g10/gpg2: error while loading shared libraries: libassuan.so.0: cannot open shared object file: No such file or directory make[3]: *** [plain-3] Error 127 make[3]: Leaving directory `/usr/src/gnupg-2.0.16/tests/openpgp' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/gnupg-2.0.16/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/gnupg-2.0.16' make: *** [all] Error 2 # I'd appreciate learning how to resolve this problem. Thanks... ============= Refranes/Popular sayings: The Taino say: No hay mal que por bien no venga. There is no evil out of which good cannot blossom. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From wk at gnupg.org Mon Nov 1 09:55:03 2010 From: wk at gnupg.org (Werner Koch) Date: Mon, 01 Nov 2010 09:55:03 +0100 Subject: 2.1.0beta1 - Smartcard Support? In-Reply-To: <1288549250.8460.10.camel@silence.i.fourings.com> (Chris Ruff's message of "Sun, 31 Oct 2010 14:20:50 -0400") References: <1288549250.8460.10.camel@silence.i.fourings.com> Message-ID: <8762whwhi0.fsf@vigenere.g10code.de> On Sun, 31 Oct 2010 19:20, jcruff at gmail.com said: > Is it typical for smartcard support not to be in beta versions? >From the announcement: GPG's smartcard commands --card-edit and --card-status as well as the card related sub-commands of --edit-key are not yet supported. However, signing and decryption with a smartcard does work. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Nov 1 11:26:47 2010 From: wk at gnupg.org (Werner Koch) Date: Mon, 01 Nov 2010 11:26:47 +0100 Subject: Please remove pgp.mit.edu from keys.gnupg.net In-Reply-To: <4CCDFAC9.9050202@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Sun, 31 Oct 2010 19:24:57 -0400") References: <4CCDFAC9.9050202@fifthhorseman.net> Message-ID: <871v75wd94.fsf@vigenere.g10code.de> On Mon, 1 Nov 2010 00:24, dkg at fifthhorseman.net said: > I recommend you remove pgp.mit.edu (18.9.60.141) from the keys.gnupg.net > DNS round robin until the server begins re-syncing properly with the > global pool. Done. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From laurent.jumet at skynet.be Mon Nov 1 11:53:55 2010 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Mon, 01 Nov 2010 12:53:55 +0200 Subject: Files encrypted on another system In-Reply-To: <87zktvnbqj.wl%fukuda@computer.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Taka ! Taka Fukuda wrote: > I created an encrypted file on a Fedora machine, and > lost the environment except for the encrypted file > itself. (I remember the pass-phrase, though.) > I have tried to decrypt the file, but I got > fukuda at lark:~% gpg --decrypt Sync/Diary.gpg > gpg: encrypted with ELG-E key, ID CA21E488 > gpg: decryption failed: secret key not available > Are there any ways to recover the file? If you don't have the SecretKey any more, there is no way to recover the file. - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iHEEAREDADEFAkzOnJ8qGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMV0wAn0//HVCkFu/LhJwEtWFl122a1/LMAJwI ce0G7vmpbt75nwKMRbb+jgof4g== =zkvW -----END PGP SIGNATURE----- From loadandenjoy at hotmail.com Mon Nov 1 21:25:09 2010 From: loadandenjoy at hotmail.com (loadandenjoy at hotmail.com) Date: Mon, 1 Nov 2010 20:25:09 +0000 Subject: Contents of Gnupg-users digest... Message-ID: <1052734268-1288643109-cardhu_decombobulator_blackberry.rim.net-989157647-@bda2601.bisx.prod.on.blackberry> I need a hxxp for direct GNU upload, help please? :) From jcruff at gmail.com Tue Nov 2 03:51:06 2010 From: jcruff at gmail.com (Chris Ruff) Date: Mon, 01 Nov 2010 22:51:06 -0400 Subject: 2.1.0beta1 - Smartcard Support? In-Reply-To: <8762whwhi0.fsf@vigenere.g10code.de> References: <1288549250.8460.10.camel@silence.i.fourings.com> <8762whwhi0.fsf@vigenere.g10code.de> Message-ID: <1288666266.8071.24.camel@silence.i.fourings.com> On Mon, 2010-11-01 at 09:55 +0100, Werner Koch wrote: > On Sun, 31 Oct 2010 19:20, jcruff at gmail.com said: > > Is it typical for smartcard support not to be in beta versions? > > From the announcement: > > GPG's smartcard commands --card-edit and --card-status as well as the > card related sub-commands of --edit-key are not yet supported. > However, signing and decryption with a smartcard does work. > > > Shalom-Salam, > > Werner > Thanks, missed that paragraph. However, things seem not to be working with subkeys. I'm getting "Need the secret key to do this" or "no default secret key" for a many operations. Including trying to import to gpg-agent, --edit-key -> toggle or a signing operation. I would assume 'toggle' would not be considered a card related sub-command of '--edit-key'. If using subkeys does the master private key need to be present to perform the 'gpg --import ~/.gnupg/secring.gpg' into gpg-agent? Signing and toggle works fine with 2.0.15/2.0.16 and the same gpg.conf. TIA -- __________________________________ Chris Ruff email: jcruff at gmail.com gpg key: 0xDD55B6FC gpg fgpr: 1BA1 71D7 ADA7 1E8B 1623 A43D 283B 2F81 BDD5 B810 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5486 bytes Desc: not available URL: From wk at gnupg.org Tue Nov 2 08:53:12 2010 From: wk at gnupg.org (Werner Koch) Date: Tue, 02 Nov 2010 08:53:12 +0100 Subject: 2.1.0beta1 - Smartcard Support? In-Reply-To: <1288666266.8071.24.camel@silence.i.fourings.com> (Chris Ruff's message of "Mon, 01 Nov 2010 22:51:06 -0400") References: <1288549250.8460.10.camel@silence.i.fourings.com> <8762whwhi0.fsf@vigenere.g10code.de> <1288666266.8071.24.camel@silence.i.fourings.com> Message-ID: <87d3qoupp3.fsf@vigenere.g10code.de> On Tue, 2 Nov 2010 03:51, jcruff at gmail.com said: > However, things seem not to be working with subkeys. I'm getting "Need > the secret key to do this" or "no default secret key" for a many That is quite possible. I only did a brief test which showed that I was abale to sign packages. Most smart card related code has been disabled becuase it needs to be changed (the code assumes a local secring.gpg). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From thomas at lecavelier.name Tue Nov 2 11:34:44 2010 From: thomas at lecavelier.name (Thomas Lecavelier) Date: Tue, 2 Nov 2010 11:34:44 +0100 Subject: Syncing secring for mobile users In-Reply-To: <20101028174158.1c268bcd@stacker> References: <4CC99AF8.4050402@gmail.com> <20101028174158.1c268bcd@stacker> Message-ID: Le 28 oct. 2010 ? 18:41, Tiago Faria a ?crit : > On Thu, 28 Oct 2010 10:47:04 -0500 > Anthony Papillion wrote: > >>> Here my true question: what's your workflow to sync your keyring >>> between multiple computers? I thought about having a ring for >>> personnal usage, and a ring for pro usage, but I'm consulting both >>> my personnal and private email on every computers. I can't think >>> about a simple solution, so I'd be glad to have your thoughts about >>> it :) > > For keys that I require access in more than 1 computer, I usually have > the keys stored on the OpenPGP card. > > I keep it on my wallet and a backup of the keys, done every once in a > while, in a encrypted removable drive. Tiago, Anthony, Thank you for your answers, I think you lead me toward a rationalization of my digital identity. Here what I'm working on: For my common usage, I'll use a USB key with my GPG ring on it. I'll say that's my "main" keyring. On it I'll have my SSH keys, too. I think it will become a full authentication token, too. For my servers work (I'm a big screen session eater) I'll setup a sync from the key to the server (this server has a mutt session always active on my different mailboxes, so need my gpg ring). It's still not very clear in my mind, but I hope I'll get something rather smooth. Thomas From aguilarojo at gmail.com Tue Nov 2 15:28:56 2010 From: aguilarojo at gmail.com (Derick Centeno) Date: Tue, 2 Nov 2010 10:28:56 -0400 Subject: Fw: compile errors Message-ID: <20101102102856.1658ce8b@arakus> Sharing with the list comments I shared with Heinz, if there are others that have a different procedure I should try please post your strategies as I am reviewing the GnuPG Mail list often. Thanks for your time and consideration. Begin forwarded message: Date: Mon, 1 Nov 2010 08:52:31 +0100 From: Heinz Diehl To: Derick Centeno Subject: Re: compile errors On 01.11.2010, Derick Centeno wrote: > ../../g10/gpg2: error while loading shared libraries: > libassuan.so.0: cannot open shared object file: No such file > or directory You have to install libassuan first, you can get it here: ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.1.tar.bz2 ============= Refranes/Popular sayings: The Taino say: No hay mal que por bien no venga. There is no evil out of which good cannot blossom. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From dcenteno at ydl.net Tue Nov 2 15:12:32 2010 From: dcenteno at ydl.net (Derick Centeno) Date: Tue, 02 Nov 2010 10:12:32 -0400 Subject: Fw: compile errors Message-ID: <20101102101232.394e3b1f@arakus> Sharing with the list comments I shared with Heinz, if there are others that have a different procedure I should try please post your strategies as I am reviewing the GnuPG Mail list often. Thanks for your time and consideration. Begin forwarded message: Date: Mon, 1 Nov 2010 14:19:09 -0400 From: Derick Centeno To: Heinz Diehl Subject: Re: compile errors On Mon, 1 Nov 2010 08:52:31 +0100 Heinz Diehl wrote: > On 01.11.2010, Derick Centeno wrote: > > > ../../g10/gpg2: error while loading shared libraries: > > libassuan.so.0: cannot open shared object file: No such file > > or directory > > You have to install libassuan first, you can get it here: > ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.1.tar.bz2 > Thanks for your response Heinz. However the latest version of libassuan was compiled first and installed (as per instructions provided in the compilation procedure of gnupg 2.0.16) before compiling gnupg 2.0.16. See here: $ whereis libassuan libassuan: /usr/local/lib/libassuan.la /usr/local/lib/libassuan.so /usr/local/lib/libassuan.a $ man libassuan I think I've got to recompile gnupg so that it refers to the location where libassuan is found. ============= Refranes/Popular sayings: The Taino say: No hay mal que por bien no venga. There is no evil out of which good cannot blossom. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From benjamin at py-soft.co.uk Tue Nov 2 18:47:27 2010 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Tue, 2 Nov 2010 17:47:27 +0000 Subject: compile errors In-Reply-To: <20101102101232.394e3b1f@arakus> References: <20101102101232.394e3b1f@arakus> Message-ID: <9138299059189935450@unknownmsgid> On 2 Nov 2010, at 17:16, Derick Centeno wrote: $ whereis libassuan libassuan: /usr/local/lib/libassuan.la /usr/local/lib/libassuan.so /usr/local/lib/libassuan.a $ man libassuan Which OS and distro are you using? You may need to add /usr/local/lib to your config; is libassuan listed if you run ldconfig -v ? Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Tue Nov 2 21:19:56 2010 From: wk at gnupg.org (Werner Koch) Date: Tue, 02 Nov 2010 21:19:56 +0100 Subject: Fw: compile errors In-Reply-To: <20101102101232.394e3b1f@arakus> (Derick Centeno's message of "Tue, 02 Nov 2010 10:12:32 -0400") References: <20101102101232.394e3b1f@arakus> Message-ID: <87r5f3tr4j.fsf@vigenere.g10code.de> On Tue, 2 Nov 2010 15:12, dcenteno at ydl.net said: > Thanks for your response Heinz. However the latest version of > libassuan was compiled first and installed (as per instructions > provided in the compilation procedure of gnupg 2.0.16) before > compiling gnupg 2.0.16. See here: In any case, GnuPG would error out during configure if there is no suitable libassuan installed. It does not run real test programs, though. > I think I've got to recompile gnupg so that it refers to the > location where libassuan is found. Check which libassuan-config you are using. And you may need to run ldconfig, etc.; see the noisy messages during "make install" of libassuan. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From faramir.cl at gmail.com Thu Nov 4 08:35:47 2010 From: faramir.cl at gmail.com (Faramir) Date: Thu, 04 Nov 2010 04:35:47 -0300 Subject: Syncing secring for mobile users In-Reply-To: <4CC99AF8.4050402@gmail.com> References: <4CC99AF8.4050402@gmail.com> Message-ID: <4CD26253.6070600@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 28-10-2010 12:47, Anthony Papillion escribi?: ... > Right now, once a day, I export my entire secring to a thumb drive and > then import it to my other computers. This seems to have worked for the > most part, though there have been a few glitches. I'm still in the > market for something better but that is what works for me at the moment. But... why does your secring changes so much? AFAIK, the secring should change only if you modify your keys, the changing one should be the pubring... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJM0mJTAAoJEMV4f6PvczxAyGIIAKLuLnj4V0RA2hprrPTvi1G0 +AUi/EyUHUDC1i93Ua1wEQ7fUbz8sFmKBSclfyv3pdcS676l1ndsgXtrt+Nx1r6t gqRSraHnMG4d8haVGHp6DcW561jAydwljmMsrxg8q4nhrYBRj6s182kWBDAyxnzL Uyl7KCMkfMpZxNhXEWujRj3rfGG21jJDOP6/Gs6rS8vIjF2gMasiuOBi1oT06iPc tI9BXE6zekCUbt3cs3lOuu28mpTBhyroF/sS0Y81a19d/TLdUv5Dx15Aeg6AUavZ UZ9RAIzF9NZ31zvK9zpzN824qBZluIH1F4hs0IeVmJXA8M6wP9KvoArdn9iEUiU= =fg4E -----END PGP SIGNATURE----- From georgschmidt at gmx.at Thu Nov 4 20:27:09 2010 From: georgschmidt at gmx.at (Georg Schmidt) Date: Thu, 04 Nov 2010 20:27:09 +0100 Subject: Pinpad on Cyberjack Message-ID: <20101104192709.126260@gmx.net> Hello All, I tried to get my OpenGpg Card working under Ubuntu, but with only mixed success. Is my understanding correct that pinpads on card readers are only supported by gpg2? gpg1 does not support keypads? For GPG2 I installed the following packages: - Driver V3.3.5 (IFD) for the Cyberjack (from the ReinerSCT Web-site) - gnupg2 - pcsc-lite - gpgsm The card is recognised and seems to work, but the PIN still has to be entered via the the keyboard. The pinpad on the reader itself is not recognised. It has been reported in the past, that the pinpad on the Cyberjack didn't work with gpg2 and I was wondering whether that still was the case or whether with the new drivers it should be OK now. Or is there an option, which tells the program that the PIN is expected from the pinpad and not the keyboard? Any help is greatly appreciated. Thanks a lot, Georg -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/atbrowser From mail at klomp.eu Fri Nov 5 11:58:13 2010 From: mail at klomp.eu (Sven Klomp) Date: Fri, 5 Nov 2010 11:58:13 +0100 Subject: Problems with two active encryption subkeys Message-ID: <201011051158.14148.mail@klomp.eu> Hi, since I bought a Crypto Stick [1], I had to add an additional RSA subkey for encryption, since the stick doesn't support Elgamal. Thus, I have two encryption keys in my public keyring now. How does gpg decide which one to use for encryption? I thought, that every key is used and I can decide to use the Elgamal or RSA key for decryption. But it seems, that only one subkey is used (RSA) for encryption. Do I have a general misunderstanding of the concept? Sven [1] http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/ From wk at gnupg.org Fri Nov 5 14:43:35 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 05 Nov 2010 14:43:35 +0100 Subject: Pinpad on Cyberjack In-Reply-To: <20101104192709.126260@gmx.net> (Georg Schmidt's message of "Thu, 04 Nov 2010 20:27:09 +0100") References: <20101104192709.126260@gmx.net> Message-ID: <877hgryjg8.fsf@gnupg.org> On Thu, 4 Nov 2010 20:27, georgschmidt at gmx.at said: > It has been reported in the past, that the pinpad on the Cyberjack didn't work with gpg2 and I was wondering whether that still was the case or whether with the new drivers it should be OK now. Or is there an option, which tells the program that the PIN is expected from the pinpad and not the keyboard? The PINpad only works with the internal CCID driver. And with that each tested driver needs to be enabled. See scd/ccid-driver.c. There is no support for PINpads when using pcscd. We could add it but I prefer the internal driver which works very well with my readers. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From skip at pobox.com Fri Nov 5 22:30:58 2010 From: skip at pobox.com (Skip Montanaro) Date: Fri, 5 Nov 2010 21:30:58 +0000 (UTC) Subject: Can't suppress "good signature" status message Message-ID: I run gpg as part of a shell script which runs from cron. I would like to suppress or redirect messages which are "status good" and only emit messages to stderr which suggest there was a problem with the script. (I get enough mail as it is.) I have so far been unable to suppress the "good signature" message: gpg: Signature made Fri Nov ... gpg: Good signature from ... I am running gpg (v 1.4.11) like so: gpg --status-fd=4 --no-mdc-warning \ --no-secmem-warning --quiet -d ... The use of status-fd, no-mdc-warning and no-secmem-warning suppresses or redirects everything else which I expect. Replacing status-fd with status-file had no effect. The "good signature" messages still appear. The script is run with fd 4 redirected to a file and we know to look there if the cron job fails. Reading through old posts I saw various recommendations to use status-fd, status-file or to redirect stderr to stdout and use grep -v to eliminate those lines. The status-fd and status-file flags don't work as far as I can tell, and as also noted in an earlier thread from 2009 there is the risk that using grep you might eliminate something useful (low probability, but not zero). It seems to me that the display of this message is somehow not done through the proper channels. GnuPG appears to already have about 37,000 command line options, including options to suppress or redirect all sorts of stuff. Just not this. Maybe it needs another option. :-/ Skip Montanaro From dev.admin at ntlworld.com Sat Nov 6 11:08:17 2010 From: dev.admin at ntlworld.com (dev.admin at ntlworld.com) Date: Sat, 6 Nov 2010 10:08:17 +0000 Subject: [OSX] application bundle for pinentry-qt4 0.80 Message-ID: Hi, I'm trying to build a mac application bundle for pinentry but the application quits immediately after launching and generates the output below in console without displaying any UI. The numerical output at the end of the console output varies every time. All the libraries and the dependencies are built in 64 bit architecture including QT470 and the supplied applications run without any problems. However, I built QT without frameworks and had to copy the nib file manually into Resources. I've tried placing Benjamin Donnachie files into my own build to try and eliminate some possibilities and it didn't seem to make any difference to the outcome. I've been left with the impression that it is the actual build of the pinentry binary that is causing the problems. A. system setup ------------ OSX 10.5.8 GCC 4.0.1 QT 4.7.0 ./configure options ------------------- --disable-pinentry-curses --disable-fallback-curses --disable-ncurses --disable-glibtest --disable-gtktest --disable-pinentry-gtk --disable-pinentry-gtk2 --disable-pinentry-qt --enable-pinentry-qt4 application bundle ------------------ pinentry.app pinentry.app/Contents pinentry.app/Contents/info.plist pinentry.app/Contents/MacOS pinentry.app/Contents/MacOS/pintentry-qt4 pinentry.app/Contents/Resources pinentry.app/Contents/Resources/qt_menu.nib info.plist file --------------- Executable file pinentry-qt4 Bundle identifier org.gnu.pinentry Bundle OS Type code APPL output from console ------------------- 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- p 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- s 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- n 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- _ 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 0 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- _ 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 1 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 3 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 7 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 2 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 0 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 8 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 5 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] pinentry-qt4: invalid option -- 3 03/11/2010 12:15:34 [0x0-0xd15d15].org.gnu.pinentry-qt4[83045] OK Your orders please From benjamin at py-soft.co.uk Sat Nov 6 12:11:09 2010 From: benjamin at py-soft.co.uk (Benjamin Donnachie) Date: Sat, 6 Nov 2010 11:11:09 +0000 Subject: [OSX] application bundle for pinentry-qt4 0.80 In-Reply-To: References: Message-ID: <-4212095959856196839@unknownmsgid> On 6 Nov 2010, at 10:55, dev.admin at ntlworld.com wrote: > I'm trying to build a mac application bundle for pinentry The short answer is use my pre-built native MacOSX pinentry program. I never had any great success with the QT version under MacOSX and my native pinentry avoids the QT library bloat. Ben From classpath at arcor.de Mon Nov 8 00:19:40 2010 From: classpath at arcor.de (Morten Gulbrandsen) Date: Mon, 08 Nov 2010 00:19:40 +0100 Subject: Overflow bug in bzip2 In-Reply-To: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> Message-ID: <4CD7340C.4080001@arcor.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 David Shaw wrote: > Hi folks, > > This isn't a GnuPG bug per se, but given that many (most?) people using GnuPG have it linked against libbz2, please read http://www.ubuntu.com/usn/usn-986-1 and upgrade appropriately for your platform. > > To tell if your installation of GnuPG is using libbz2, run "gpg2 --version" (or "gpg --version"). If you see "BZIP2" on the "Compression" line, then you are linked with libbz2. > > David > Hi list readers: Hi David: My problem is: gpg: uncompressing failed: unknown compress algorithm https://www.blastwave.org/forum/viewtopic.php?f=5&t=755 personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed the last line from my gpg.conf triggers the error The issue is on latest opensolaris, I again checked the bzip2 issue, and I have the latest version, still bzip2 will since recently not work on my machine. Maybe I need to recompile both bzip2 and gnupg from scratch? Is the bzip2 vulnerability fixed? Sincerely yours, ??? ?????? Morten Gulbrandsen _____________________________________________________________________ Java programmer, C++ programmer CAcert Assurer, GSWoT introducer, thawte Notary Gossamer Spider Web of Trust http://www.gswot.org Please consider the environment before printing this e-mail! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: For keyID and its URL see the OpenPGP message header iEYEAREKAAYFAkzXNAsACgkQ9ymv2YGAKVRv9wCcC2Jkt+X7TlP9p1kz3lpUk2BK js0AoJ4lN22YuAAsTODHtbQJVkhfvcYv =lrVF -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Mon Nov 8 03:28:35 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 7 Nov 2010 21:28:35 -0500 Subject: Overflow bug in bzip2 In-Reply-To: <4CD7340C.4080001@arcor.de> References: <88A4EB44-1149-47C5-B6B4-CF450A2BD27E@jabberwocky.com> <4CD7340C.4080001@arcor.de> Message-ID: On Nov 7, 2010, at 6:19 PM, Morten Gulbrandsen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > David Shaw wrote: >> Hi folks, >> >> This isn't a GnuPG bug per se, but given that many (most?) people using GnuPG have it linked against libbz2, please read http://www.ubuntu.com/usn/usn-986-1 and upgrade appropriately for your platform. >> >> To tell if your installation of GnuPG is using libbz2, run "gpg2 --version" (or "gpg --version"). If you see "BZIP2" on the "Compression" line, then you are linked with libbz2. >> >> David >> > > > Hi list readers: > Hi David: > > My problem is: > > gpg: uncompressing failed: unknown compress algorithm > > https://www.blastwave.org/forum/viewtopic.php?f=5&t=755 > > personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed > > the last line from my gpg.conf triggers the error You can only list bzip2 as a preference if you actually have bzip2 support. Having bzip2 installed on your machine is only half the issue - you also have to have a GnuPG that is compiled to actually *use* that bzip2. If "gpg --version" does not display "bzip2" as one of the supported algorithms, then you will need to build a GnuPG that has bzip2 support enabled. David From support at bytesinteractive.com Mon Nov 8 22:02:27 2010 From: support at bytesinteractive.com (David Jourard) Date: Mon, 8 Nov 2010 16:02:27 -0500 Subject: How to send encrypted data in an xml file Message-ID: <74DED39EDEB74D8AAC003AB7FDECF191@bytes> Hi, I would like to encrypt a value to a field which is part of data record which I'm storing as an xml record. Its seems that the ascii armour representation has line feeds. Is it possible to represent the data in ascii format without the line feeds. Thanks in advance for any help. Regards, David j. From roam at ringlet.net Tue Nov 9 08:57:50 2010 From: roam at ringlet.net (Peter Pentchev) Date: Tue, 9 Nov 2010 09:57:50 +0200 Subject: How to send encrypted data in an xml file In-Reply-To: <74DED39EDEB74D8AAC003AB7FDECF191@bytes> References: <74DED39EDEB74D8AAC003AB7FDECF191@bytes> Message-ID: <20101109075749.GA4603@straylight.ringlet.net> On Mon, Nov 08, 2010 at 04:02:27PM -0500, David Jourard wrote: > Hi, > > I would like to encrypt a value to a field which is part of data record > which I'm storing as an xml record. > > Its seems that the ascii armour representation has line feeds. Is it > possible to represent the data in ascii format without the line feeds. The ASCII-armoured message format is defined in section 6 of RFC 4880; it always includes newlines. Have you thought about including the ASCII-armoured signature in a CDATA section of your XML file? Or, alternatively, "simply" encoding the line break characters as and as specified in section 2.11 of the XML 1.0 specification? If neither of those is possible, you could always try to encode the signature in some other way - e.g. take a binary signature and represent the string of octets as text in some way... of course, that would mean the recipient would have to know exactly how to decode it. G'luck, Peter -- Peter Pentchev roam at space.bg roam at ringlet.net roam at FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If you think this sentence is confusing, then change one pig. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: From air_gil at yahoo.com Mon Nov 8 13:43:22 2010 From: air_gil at yahoo.com (Gilbert Wong) Date: Mon, 8 Nov 2010 04:43:22 -0800 (PST) Subject: gpg non interactive Message-ID: <801605.21220.qm@web111401.mail.gq1.yahoo.com> Hi, I am writing a parameter file for gpg --batch. What are the parameters if i want to select Key Type as the "DSA and ElGamal (default)"? Regards, Gilbert -------------- next part -------------- An HTML attachment was scrubbed... URL: From skip at pobox.com Tue Nov 9 14:56:40 2010 From: skip at pobox.com (Skip Montanaro) Date: Tue, 9 Nov 2010 13:56:40 +0000 (UTC) Subject: Can't suppress "good signature" status message References: Message-ID: > Reading through old posts I saw various recommendations to > use status-fd, status-file or to redirect stderr to stdout > and use grep -v to eliminate those lines. The status-fd > and status-file flags don't work as far as I can tell.... No ideas on how to suppress the "good signature" output in 1.4.11? Thx, Skip From dkg at fifthhorseman.net Tue Nov 9 22:41:00 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 09 Nov 2010 16:41:00 -0500 Subject: changing usage flags on a primary key Message-ID: <4CD9BFEC.9020307@fifthhorseman.net> Hi GnuPG Folks-- Let's say i have an OpenPGP primary key with usage flags ECSA set (some keys like this have been known to be generated by GUI tools). Say i wanted to convert this key into a decent primary key with a reasonable/standard set of usage flags (e.g. CS or just C); is this something i can do with GnuPG? Basically, i'm asking about creating a new self-sig packet with a modified key usage flags subpacket on a key that i control. How would i do that with GnuPG? Thanks, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Wed Nov 10 09:40:47 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 10 Nov 2010 09:40:47 +0100 Subject: changing usage flags on a primary key In-Reply-To: <4CD9BFEC.9020307@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Tue, 09 Nov 2010 16:41:00 -0500") References: <4CD9BFEC.9020307@fifthhorseman.net> Message-ID: <874obpy3jk.fsf@vigenere.g10code.de> On Tue, 9 Nov 2010 22:41, dkg at fifthhorseman.net said: > Basically, i'm asking about creating a new self-sig packet with a > modified key usage flags subpacket on a key that i control. How would i > do that with GnuPG? That is not supported by an option. You need to change the code. I would try to do update the keyflags in build_sig_subpkt_from_sig () while runnning the --edit-edit command "primary". There are probably a lot of side effects and thus this can only be used as a on-time hack. I only had a quick look at the code, thus you may encounter other problems. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From ueno at unixuser.org Wed Nov 10 09:23:03 2010 From: ueno at unixuser.org (Daiki Ueno) Date: Wed, 10 Nov 2010 17:23:03 +0900 Subject: GnuPG 2.1 beta released In-Reply-To: <87ocagzzh9.fsf@vigenere.g10code.de> (Werner Koch's message of "Tue, 26 Oct 2010 18:32:34 +0200") References: <87ocagzzh9.fsf@vigenere.g10code.de> Message-ID: Hi, Werner Koch writes: > We just released the first *beta version* of GnuPG 2.1. It has been > released to give you the opportunity to check out the new features. I just tried GnuPG 2.1 and the OpenPGP part seems to work fine. Now I started playing with the G13 tool. With the EncFS backend, I got the following error: $ g13 -v -r A6CC6651 --create foo g13: DBG: used keyblob size is 61 g13: no running gpg - starting `/usr/local/bin/gpg2' g13: running `/usr/bin/encfs' in the background g13: DBG: starting runner thread g13: encfs-1: encfs: unrecognized option '--annotate' I couldn't find --annotate option in EncFS versions from 1.4 to 1.7.3. Do I need some patch to EncFS for G13? Regards, -- Daiki Ueno From wk at gnupg.org Wed Nov 10 11:18:16 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 10 Nov 2010 11:18:16 +0100 Subject: GnuPG 2.1 beta released In-Reply-To: (Daiki Ueno's message of "Wed, 10 Nov 2010 17:23:03 +0900") References: <87ocagzzh9.fsf@vigenere.g10code.de> Message-ID: <87zkthwkgn.fsf@vigenere.g10code.de> On Wed, 10 Nov 2010 09:23, ueno at unixuser.org said: > I couldn't find --annotate option in EncFS versions from 1.4 to 1.7.3. > Do I need some patch to EncFS for G13? My fault. I thought it has been merged already. Let me please look into this; it is quit esome time since I hacked this stuff. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Nov 10 11:20:55 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 10 Nov 2010 11:20:55 +0100 Subject: EncFS patch (was: GnuPG 2.1 beta released) In-Reply-To: (Daiki Ueno's message of "Wed, 10 Nov 2010 17:23:03 +0900") References: <87ocagzzh9.fsf@vigenere.g10code.de> Message-ID: <87vd45wkc8.fsf_-_@vigenere.g10code.de> Hi, find below a pacth agains EncFS 1.5.2 - this is the one I used for testing. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: encfs-1.5.2_annotate.diff URL: From mohanr at fss.co.in Wed Nov 10 12:32:09 2010 From: mohanr at fss.co.in (Mohan Radhakrishnan) Date: Wed, 10 Nov 2010 17:02:09 +0530 Subject: Password for keyring Message-ID: <0EE14841E1FD8545B7E084F22AEF9681041397E9@fssbemail.fss.india> Hi, Is there a way to pass a password from the command-line when using the 'gpg' command to encrypt files ? Thanks, Mohan -------------- next part -------------- An HTML attachment was scrubbed... URL: From skip at pobox.com Wed Nov 10 15:16:41 2010 From: skip at pobox.com (Skip Montanaro) Date: Wed, 10 Nov 2010 14:16:41 +0000 (UTC) Subject: Can't suppress "good signature" status message References: Message-ID: > > Reading through old posts I saw various recommendations to > > use status-fd, status-file or to redirect stderr to stdout > > and use grep -v to eliminate those lines. The status-fd > > and status-file flags don't work as far as I can tell.... > > No ideas on how to suppress the "good signature" output in > 1.4.11? I finally broke down and searched around in the source. Not only is there a --status-fd flag, there is a --logger-fd flag. I don't know what the difference between emitting a status message and writing a log message is, but setting both values to 4 now puts all the GnuPG chattiness in my log file where I want it. Skip From mail at klomp.eu Wed Nov 10 15:38:39 2010 From: mail at klomp.eu (Sven Klomp) Date: Wed, 10 Nov 2010 15:38:39 +0100 Subject: Problems with two active encryption subkeys In-Reply-To: <201011051158.14148.mail@klomp.eu> References: <201011051158.14148.mail@klomp.eu> Message-ID: <201011101538.39345.mail@klomp.eu> Hi, On Friday 05 November 2010 11:58:13 Sven Klomp wrote: > since I bought a Crypto Stick [1], I had to add an additional RSA sub-key for encryption, since the stick doesn't support Elgamal. Thus, I have two encryption keys in my public keyring now. How does gpg decide which one to use for encryption? I thought, that every key is used and I can decide to use the Elgamal or RSA key for decryption. But it seems, that only one sub-key is used (RSA) for encryption. > Do I have a general misunderstanding of the concept? Does nobody have a hint for me? Maybe my description was a little bit vague. Let's start again :-) I have a public key configuration as follows: Primary Key (DSA for signing other keys) - Sub-key 1 (Elgamal for encryption) - Sub-key 2 (RSA for signing mails/files) - Sub-key 3 (RSA for encryption) How does GnuPG decide, what encryption key should be used? In my tests, a file or mail is always encrypted with sub-key 3. But why? I'm afraid, that some other applications may choose the Elgamal sub-key... I thought a normal behaviour would be to use all valid sub-keys for encrypting files. Is it only allowed to have one valid encryption sub-key? Regards Sven From mailinglisten at hauke-laging.de Wed Nov 10 16:21:21 2010 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 10 Nov 2010 16:21:21 +0100 Subject: Problems with two active encryption subkeys In-Reply-To: <201011101538.39345.mail@klomp.eu> References: <201011051158.14148.mail@klomp.eu> <201011101538.39345.mail@klomp.eu> Message-ID: <201011101621.21613.mailinglisten@hauke-laging.de> Am Mittwoch 10 November 2010 15:38:39 schrieb Sven Klomp: > I have a public key configuration as follows: > Primary Key (DSA for signing other keys) > - Sub-key 1 (Elgamal for encryption) > - Sub-key 2 (RSA for signing mails/files) > - Sub-key 3 (RSA for encryption) > > How does GnuPG decide, what encryption key should be used? In my tests, a > file or mail is always encrypted with sub-key 3. AFAIK gpg takes the (compatible) subkey which is valid for the longest remaining period. Unfortunately you cannot even force gpg to use a certain subkey (directly): Giving a subkey ID as encryption target triggers a strange process: gpg looks for the main key of this ID and then selects the subkey as if the main key ID had been given... If you really want to force it then you can export the subkeys to a different keyring (call gpg with --no-default-keyring and --keyring and import the key), delete all other subkeys and start the normal encryption afterwards. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From l_elcocks at hotmail.co.uk Wed Nov 10 17:40:39 2010 From: l_elcocks at hotmail.co.uk (Lee Elcocks) Date: Wed, 10 Nov 2010 16:40:39 +0000 Subject: Import .p12 key file Message-ID: Hi I want to be able to import our private keys into GPG. Our keys are .p12 files but this doesnt seem to work. Is their a way to get these .p12 key files into GPG? if so, what is the command? Many thanks for any help. Lee -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Wed Nov 10 18:37:15 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 10 Nov 2010 12:37:15 -0500 Subject: Import .p12 key file In-Reply-To: References: Message-ID: <4CDAD84B.2040207@sixdemonbag.org> On 11/10/2010 11:40 AM, Lee Elcocks wrote: > Is their a way to get these .p12 key files into GPG? if so, what is the > command? Depends on what particularly you wish to use GnuPG for. By and large, GnuPG is used for the OpenPGP. PKCS-12 files (.p12) are not used in OpenPGP. Recent versions of GnuPG support S/MIME, which *may* use PKCS-12. (I don't recall offhand for a fact: I just have a vague impression they do... or maybe it's PKCS-7 I'm thinking of.) Basically, are you looking to use GnuPG for OpenPGP support or for S/MIME support? If the answer is "OpenPGP" or "neither", then you probably need to rethink your plan of using PKCS-12 files. From wk at gnupg.org Wed Nov 10 19:16:33 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 10 Nov 2010 19:16:33 +0100 Subject: Can't suppress "good signature" status message In-Reply-To: (Skip Montanaro's message of "Wed, 10 Nov 2010 14:16:41 +0000 (UTC)") References: Message-ID: <877hglvybi.fsf@vigenere.g10code.de> On Wed, 10 Nov 2010 15:16, skip at pobox.com said: > is there a --status-fd flag, there is a --logger-fd flag. I > don't know what the difference between emitting a status message --status-fd N gives the file descriptor to write status messages like [GNUPG:] GOODSIG 53B620D01CE0C630 Werner Koch (dist sig) [GNUPG:] TRUST_ULTIMATE which are to be used by all automated systems (e.g. scripts). IF you don't use this option no status lines are emitted at all. All other output is for humans; it may be redirected to a file descriptor other than 2 using --logger-fd M. This is slighly different from re-directing stderr directly because it works only on the internal log functions and is used for all output which might be useful to see in log files. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Nov 10 19:29:51 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 10 Nov 2010 19:29:51 +0100 Subject: Import .p12 key file In-Reply-To: <4CDAD84B.2040207@sixdemonbag.org> (Robert J. Hansen's message of "Wed, 10 Nov 2010 12:37:15 -0500") References: <4CDAD84B.2040207@sixdemonbag.org> Message-ID: <8739r9vxpc.fsf@vigenere.g10code.de> On Wed, 10 Nov 2010 18:37, rjh at sixdemonbag.org said: > Recent versions of GnuPG support S/MIME, which *may* use PKCS-12. (I Well for 7 years or so ;-) > don't recall offhand for a fact: I just have a vague impression they > do... or maybe it's PKCS-7 I'm thinking of.) PKCS#12 is a bunch of convoluted binary data which is even by ASN.1 standards a nightmare to parse. Despite that these blobs are used to transfer private X.509 keys. GPGSM (GPG's S/MIME cousin) supports it. PKCS#7 (or in modern speak CMS) is the core of S/MIME but, as you pointed out, it is not related to OpenPGP. OpenPGP uses a well defined and easy to parse format for key and data exchange and not any ASN.1 BER and DER mess. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From shaky.start at ntlworld.com Wed Nov 10 14:57:24 2010 From: shaky.start at ntlworld.com (Tony Hamilton) Date: Wed, 10 Nov 2010 13:57:24 +0000 Subject: Cannot validate Truecrypt signature using GNU Privacy Assistant Message-ID: <1289397444.2159.10.camel@advent> I looked at the Ubuntu forums and find that the few posts that are there, on problems when using GNU Privacy Assistant, have resulted in zero replies. I would appreciate some advice from this mailing list as I do not seem to be able to find a user guide for the GUI for GNUPA. Firstly I am following the Truecrypt installation tutorial - on how to verify PGP signatures. Truecrypt is not yet installed. That tutorial is at http://www.truecrypt.org/docs/?s=digital-signatures I have installed GNU Privacy Assistant on my Ubuntu 10.10 system. I have created my own key. The first 5 steps at the above URL are completed. I have signed the truecypt public key. I have downloaded the signature for the latest Linux version of the truecrypt product I am now trying to verify that signature using GNUPA - using either the GUI or the command line; both fail, but with different error messages. Please note, they do NOT state that the signature is invalid. The GNUPA GUI approach can find the signature file; clicking on the 'check signature of selected file' icon results in the error message " No such file or directory". Using the command results in the error messages "gpg: no signed data" and "gpg: can't hash datafile: file open error" Using the comand results in the error messages "gpg: can't open `/Downloads/truecrypt-7.0a-linux-x86.tar.gz.sig'" and "gpg: verify signatures failed: file open error" What am I doing wrong? From ramon.loureiro at gmail.com Wed Nov 10 16:23:49 2010 From: ramon.loureiro at gmail.com (Visual GPG WoT Project) Date: Wed, 10 Nov 2010 16:23:49 +0100 Subject: Do I need to put my keys on a server??? Message-ID: <4CDAB905.5090002@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I've created two key pairs for two different email accounts (lets say email1@ and email2@) and signed each one with each other and set the owner trust to "ultimate"... When I send an encripted email from email1@ to email2@ my Enigmail client says: Decrypted message; Unverified signature What I am doing wrong? Do I need to put my keys on a server??? Thanks! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzauQUACgkQoJCTUJhiBD8RRACcCKO2ilbropkKrX44POsBTWn7 vhoAoJAOIF9pIEw0oxWOs29kaYkjhiu7 =7ov/ -----END PGP SIGNATURE----- From expires2010 at ymail.com Wed Nov 10 19:52:00 2010 From: expires2010 at ymail.com (MFPA) Date: Wed, 10 Nov 2010 18:52:00 +0000 Subject: Problems with two active encryption subkeys In-Reply-To: <201011101621.21613.mailinglisten@hauke-laging.de> References: <201011051158.14148.mail@klomp.eu> <201011101538.39345.mail@klomp.eu> <201011101621.21613.mailinglisten@hauke-laging.de> Message-ID: <1107998843.20101110185200@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 10 November 2010 at 3:21:21 PM, in , Hauke Laging wrote: > AFAIK gpg takes the (compatible) subkey which is valid > for the longest remaining period. I thought Gunpg used the largest available subkey for the task, and multiple appropriate sukeys were of the same size the newest would be used. > Unfortunately you > cannot even force gpg to use a certain subkey > (directly): Giving a subkey ID as encryption target > triggers a strange process: gpg looks for the main key > of this ID and then selects the subkey as if the main > key ID had been given... What happens when you specify the subkey with an exclamation mark (!) after the key id? - -- Best regards MFPA mailto:expires2010 at ymail.com I think not, said Descartes, and promptly disappeared -----BEGIN PGP SIGNATURE----- iQCVAwUBTNrp5aipC46tDG5pAQqlcQP/dvWwOaVDF/lyiCWoBldcv9pzW1N+HHFs 9do67HxnBnVK9nEkTPc8g/rMxhb75JjBnbTcfFYfozFtjmfitDbT7/qjCY2GbGnj YrLnVDv8IGT3zFLcDAZYZoMtmGhGDQrrwyGrmEmhMh+DqrL3y271dgDrumezbDRL 3QCC20nJAJA= =6Zdf -----END PGP SIGNATURE----- From dougb at dougbarton.us Wed Nov 10 19:59:07 2010 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 10 Nov 2010 10:59:07 -0800 Subject: Cannot validate Truecrypt signature using GNU Privacy Assistant In-Reply-To: <1289397444.2159.10.camel@advent> References: <1289397444.2159.10.camel@advent> Message-ID: <4CDAEB7B.4010504@dougbarton.us> On 11/10/2010 05:57, Tony Hamilton wrote: > Using the command > results in the error messages "gpg: no signed data" and "gpg: can't hash > datafile: file open error" > > Using the comand --verify /Downloads/truecrypt-7.0a-linux-x86.tar.gz.sig> results in the > error messages "gpg: can't open > `/Downloads/truecrypt-7.0a-linux-x86.tar.gz.sig'" and "gpg: verify > signatures failed: file open error" > > > What am I doing wrong? For the first error you're not in the directory where the files are. For the second you gave a path that doesn't exist. I assume that you've actually downloaded both a source tarball (filename.tar.gz) and its associated signature (filename.tar.gz.sig). Open up a terminal, and use the command 'ls' (no quotes). You should see something like this (perhaps with other files and directories listed as well): truecrypt-7.0a-linux-x64.tar.gz truecrypt-7.0a-linux-x64.tar.gz.sig If you don't see truecrypt related files, you're probably in your home directory, and the files were downloaded to Downloads, so do this: cd Downloads Now do ls again, and you should see the files. Now you can do: gpg --verify filename.tar.gz.sig and it should work. Good luck, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From support at bytesinteractive.com Wed Nov 10 20:08:28 2010 From: support at bytesinteractive.com (David Jourard) Date: Wed, 10 Nov 2010 14:08:28 -0500 Subject: How to decrypt string in php Message-ID: Hi, I have a gpg encypted string in a data field and I want to be able decrypt it. Is there a simple way to do this without writing it to a file on a windows machine Here is my code example: With this code I get: Invalid Option "-----BEGIN" which I understand why. regards David J. From mailinglisten at hauke-laging.de Wed Nov 10 20:20:13 2010 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Wed, 10 Nov 2010 20:20:13 +0100 Subject: Problems with two active encryption subkeys In-Reply-To: <1107998843.20101110185200@my_localhost> References: <201011051158.14148.mail@klomp.eu> <201011101621.21613.mailinglisten@hauke-laging.de> <1107998843.20101110185200@my_localhost> Message-ID: <201011102020.13962.mailinglisten@hauke-laging.de> Am Mittwoch 10 November 2010 19:52:00 schrieb MFPA: > > AFAIK gpg takes the (compatible) subkey which is valid > > for the longest remaining period. > > I thought Gunpg used the largest available subkey for the task, and > multiple appropriate sukeys were of the same size the newest would be > used. I created some more subkeys to check that... For 2.0.15 you are right in one point and wrong in the other. It is the newer creation date which is chosen not the longer remaining validity period. But the newer key wins against the longer one: start cmd:> LC_ALL=C gpg --edit-key 71FDC5CB pub 1024D/0x71FDC5CB created: 2010-02-25 expires: 2011-02-25 usage: C [...] sub 2048R/0xDA63AFDA created: 2010-11-10 expires: 2011-01-09 usage: E sub 1024R/0x1860836B created: 2010-11-10 expires: 2010-12-10 usage: E gpg --encrypt --recipient 71FDC5CB test.html encrypts for 1860836B not for the both longer and longer valid DA63AFDA. > > Unfortunately you > > cannot even force gpg to use a certain subkey > > (directly): > What happens when you specify the subkey with an exclamation mark (!) > after the key id? Funny. That's even explained in the man page. What other secrets may wait there for discovery... Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From dougb at dougbarton.us Wed Nov 10 20:25:55 2010 From: dougb at dougbarton.us (Doug Barton) Date: Wed, 10 Nov 2010 11:25:55 -0800 Subject: How to decrypt string in php In-Reply-To: References: Message-ID: <4CDAF1C3.5080009@dougbarton.us> On 11/10/2010 11:08, David Jourard wrote: > $cmdline = "$gpg --no-secmem-warning --batch --passphrase > $passphrase --decrypt $string"; Haven't tried it in php but echo should work here: echo $string | gpg ... --decrypt hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From expires2010 at ymail.com Wed Nov 10 20:26:46 2010 From: expires2010 at ymail.com (MFPA) Date: Wed, 10 Nov 2010 19:26:46 +0000 Subject: Password for keyring In-Reply-To: <0EE14841E1FD8545B7E084F22AEF9681041397E9@fssbemail.fss.india> References: <0EE14841E1FD8545B7E084F22AEF9681041397E9@fssbemail.fss.india> Message-ID: <1429051260.20101110192646@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 10 November 2010 at 11:32:09 AM, in , Mohan Radhakrishnan wrote: > Hi, > Is there a way to pass a password from the > command-line when using the 'gpg' command to encrypt > files ? You might try the following option given in the gpg.man file:- --passphrase string Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very questionable security on a multi-user system. Don't use this option if you can avoid it. - -- Best regards MFPA mailto:expires2010 at ymail.com My mind works like lightning... one brilliant flash and it's gone -----BEGIN PGP SIGNATURE----- iQCVAwUBTNrx/qipC46tDG5pAQqXQQP/XDmmIWVBDYGY2oYokdAiIfLgju5kGrQr bkAy0+gRGeS3MKTycI80Wj08T2UdBp/wxsUJ+gjr1153f1iUdoOGY4zOWLetgJXI It2L7n16ZEPOvAVYAhRFR7NYpR5tN7KNFPTk2J2gkiiPEgl7Mn9oIJzoRm30DlN6 fz4ce5MUj3k= =mg+V -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Wed Nov 10 20:45:33 2010 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 10 Nov 2010 13:45:33 -0600 Subject: Password for keyring In-Reply-To: <0EE14841E1FD8545B7E084F22AEF9681041397E9@fssbemail.fss.india> References: <0EE14841E1FD8545B7E084F22AEF9681041397E9@fssbemail.fss.india> Message-ID: <4CDAF65D.3050303@Mozilla-Enigmail.org> Mohan Radhakrishnan wrote: > Hi, > > Is there a way to pass a password from the command-line when > using the ?gpg? command to encrypt files ? You only need a passphrase when signing or decrypting unless your using symmetric encryption. The man page documents the following options: --passphrase-fd n Read the passphrase from file descriptor n. Only the first line will be read from file descriptor n. If you use 0 for n, the passphrase will be read from stdin. This can only be used if only one passphrase is supplied. --passphrase-file file Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. --passphrase string Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very ques- tionable security on a multi-user system. Don't use this option if you can avoid it. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 499 bytes Desc: OpenPGP digital signature URL: From christoph.anton.mitterer at physik.uni-muenchen.de Wed Nov 10 18:53:46 2010 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Wed, 10 Nov 2010 18:53:46 +0100 Subject: changing usage flags on a primary key In-Reply-To: <4CD9BFEC.9020307@fifthhorseman.net> References: <4CD9BFEC.9020307@fifthhorseman.net> Message-ID: <1289411626.3285.44.camel@fermat.scientia.net> Hi. That's fairly easy by hacking the code and resigning. Have a look the the archive, it was mentioned before how it works. Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From dkg at fifthhorseman.net Wed Nov 10 20:58:13 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 10 Nov 2010 14:58:13 -0500 Subject: changing usage flags on a primary key In-Reply-To: <1289411626.3285.44.camel@fermat.scientia.net> References: <4CD9BFEC.9020307@fifthhorseman.net> <1289411626.3285.44.camel@fermat.scientia.net> Message-ID: <4CDAF955.9050700@fifthhorseman.net> On 11/10/2010 12:53 PM, Christoph Anton Mitterer wrote: > That's fairly easy by hacking the code and resigning. hrm, even if i can do this, it probably isn't very convincing for most people following gnupg-users :( > Have a look the the archive, it was mentioned before how it works. do you have a link handy? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From christoph.anton.mitterer at physik.uni-muenchen.de Wed Nov 10 21:49:39 2010 From: christoph.anton.mitterer at physik.uni-muenchen.de (Christoph Anton Mitterer) Date: Wed, 10 Nov 2010 21:49:39 +0100 Subject: changing usage flags on a primary key In-Reply-To: <4CDAF955.9050700@fifthhorseman.net> References: <4CD9BFEC.9020307@fifthhorseman.net> <1289411626.3285.44.camel@fermat.scientia.net> <4CDAF955.9050700@fifthhorseman.net> Message-ID: <1289422179.5876.4.camel@fermat.scientia.net> On Wed, 2010-11-10 at 14:58 -0500, Daniel Kahn Gillmor wrote: > hrm, even if i can do this, it probably isn't very convincing for most > people following gnupg-users :( It was suggested before, to ad such functionality, but declined IIRC. > > Have a look the the archive, it was mentioned before how it works. > do you have a link handy? http://lists.gnupg.org/pipermail/gnupg-users/2009-May/thread.html#36485 Cheers, Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3387 bytes Desc: not available URL: From georgschmidt at gmx.at Wed Nov 10 23:51:26 2010 From: georgschmidt at gmx.at (Georg Schmidt) Date: Wed, 10 Nov 2010 23:51:26 +0100 Subject: OpenGPG card: PIN enry on keypad? Message-ID: <20101110225126.229650@gmx.net> Hello All, I tried to get my OpenGpg Card working under Ubuntu, but with only mixed success. Is my understanding correct that pinpads on card readers are only supported by gpg2? gpg1 does not support keypads? For GPG2 I installed the following packages: - Driver V3.3.5 (IFD) for the Cyberjack (from the ReinerSCT Web-site) - gnupg2 - pcsc-lite - gpgsm The card is recognised and seems to work, but the PIN still has to be entered via the the keyboard. The pinpad on the reader itself is not recognised. It has been reported in the past, that the pinpad on the Cyberjack didn't work with gpg2 and I was wondering whether that still was the case or whether with the new drivers it should be OK now. Or is there an option, which tells the program that the PIN is expected from the pinpad and not the keyboard? Any help is greatly appreciated. Thanks a lot, Georg -- GMX.at - ?sterreichs FreeMail-Dienst mit ?ber 2 Mio Mitgliedern E-Mail, SMS & mehr! Kostenlos: http://portal.gmx.net/de/go/atfreemail From support at bytesinteractive.com Thu Nov 11 01:14:06 2010 From: support at bytesinteractive.com (David Jourard) Date: Wed, 10 Nov 2010 19:14:06 -0500 Subject: turn off all messaging -how Message-ID: <66B292B8A2FB4BCCB5A40A1AB15F9B30@bytes> Hi, How do I turn off all messaging form the gpg program Eg. gpg: encrypted with 2048-bit ELG-E etc... gpg: Warning: message was not integrity protected Thanks David J. -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1366 bytes Desc: not available URL: From ueno at unixuser.org Thu Nov 11 03:24:58 2010 From: ueno at unixuser.org (Daiki Ueno) Date: Thu, 11 Nov 2010 11:24:58 +0900 Subject: EncFS patch In-Reply-To: <87vd45wkc8.fsf_-_@vigenere.g10code.de> (Werner Koch's message of "Wed, 10 Nov 2010 11:20:55 +0100") References: <87ocagzzh9.fsf@vigenere.g10code.de> <87vd45wkc8.fsf_-_@vigenere.g10code.de> Message-ID: Werner Koch writes: > find below a pacth agains EncFS 1.5.2 - this is the one I used for > testing. Thanks. It now basically works (I used encfs-1.7.3_annotate.diff you posted to gnupg-devel), though the usage was a bit unclear to me :) For anyone else who wants to try, here is my trial log: $ g13 -r A6CC6651 --create foo $ mkdir /tmp/x $ g13 --mount foo /tmp/x & $ echo aaa > /tmp/x/passwords $ pkill g13 $ ls /tmp/x # there are no files $ g13 --mount foo /tmp/x & $ ls /tmp/x passwords Regards, -- Daiki Ueno From laurent.jumet at skynet.be Thu Nov 11 08:40:25 2010 From: laurent.jumet at skynet.be (Laurent Jumet) Date: Thu, 11 Nov 2010 08:40:25 +0100 Subject: turn off all messaging -how In-Reply-To: <66B292B8A2FB4BCCB5A40A1AB15F9B30@bytes> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello David ! "David Jourard" wrote: > How do I turn off all messaging form the gpg program You need to use one or more of this options: - --batch - --no-tty - --yes - -- Laurent Jumet KeyID: 0xCFAF704C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) iHEEAREDADEFAkzbnjIqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMcZ8AoOZYcNcsw2UrDMQER5aRE08nCilSAKDE 2e7wbkSnX47+m4h/BcFT6GMupw== =MCzU -----END PGP SIGNATURE----- From mail at klomp.eu Thu Nov 11 09:50:30 2010 From: mail at klomp.eu (Sven Klomp) Date: Thu, 11 Nov 2010 09:50:30 +0100 Subject: Problems with two active encryption subkeys In-Reply-To: <201011102020.13962.mailinglisten@hauke-laging.de> References: <201011051158.14148.mail@klomp.eu> <1107998843.20101110185200@my_localhost> <201011102020.13962.mailinglisten@hauke-laging.de> Message-ID: <201011110950.30335.mail@klomp.eu> On Wednesday 10 November 2010 20:20:13 Hauke Laging wrote: > I created some more subkeys to check that... > > For 2.0.15 you are right in one point and wrong in the other. It is the newer > creation date which is chosen not the longer remaining validity period. But > the newer key wins against the longer one: > > start cmd:> LC_ALL=C gpg --edit-key 71FDC5CB > pub 1024D/0x71FDC5CB created: 2010-02-25 expires: 2011-02-25 usage: C > [...] > sub 2048R/0xDA63AFDA created: 2010-11-10 expires: 2011-01-09 usage: E > sub 1024R/0x1860836B created: 2010-11-10 expires: 2010-12-10 usage: E > > gpg --encrypt --recipient 71FDC5CB test.html > > encrypts for 1860836B not for the both longer and longer valid DA63AFDA. So the decision is done in the implementation and not covered in the OpenPGP standard. Thus, other software may behave differently. I think, I have to revoke one key to avoid problems... Thanks for pointig this out. Sven From mohanr at fss.co.in Thu Nov 11 11:45:01 2010 From: mohanr at fss.co.in (Mohan Radhakrishnan) Date: Thu, 11 Nov 2010 16:15:01 +0530 Subject: Password for keyring In-Reply-To: <4CDAF65D.3050303@Mozilla-Enigmail.org> Message-ID: <0EE14841E1FD8545B7E084F22AEF968104139F54@fssbemail.fss.india> Hi, We use passphrases for protecting the secret key. Is there a passphrase for accessing the keyring itself ? Thanks, Mohan -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of John Clizbe Sent: Thursday, November 11, 2010 1:16 AM To: gnupg-users at gnupg.org Subject: Re: Password for keyring Mohan Radhakrishnan wrote: > Hi, > > Is there a way to pass a password from the command-line when > using the 'gpg' command to encrypt files ? You only need a passphrase when signing or decrypting unless your using symmetric encryption. The man page documents the following options: --passphrase-fd n Read the passphrase from file descriptor n. Only the first line will be read from file descriptor n. If you use 0 for n, the passphrase will be read from stdin. This can only be used if only one passphrase is supplied. --passphrase-file file Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. --passphrase string Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very ques- tionable security on a multi-user system. Don't use this option if you can avoid it. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" From mailinglisten at hauke-laging.de Thu Nov 11 12:58:26 2010 From: mailinglisten at hauke-laging.de (Hauke Laging) Date: Thu, 11 Nov 2010 12:58:26 +0100 Subject: Problems with two active encryption subkeys In-Reply-To: <201011110950.30335.mail@klomp.eu> References: <201011051158.14148.mail@klomp.eu> <201011102020.13962.mailinglisten@hauke-laging.de> <201011110950.30335.mail@klomp.eu> Message-ID: <201011111258.33816.mailinglisten@hauke-laging.de> Am Donnerstag 11 November 2010 09:50:30 schrieb Sven Klomp: > > encrypts for 1860836B not for the both longer and longer valid DA63AFDA. > > So the decision is done in the implementation and not covered in the > OpenPGP standard. This conclusion cannot be drawn from the gpg behaviour, of course. You have to look at the standard. After that you know whether gpg conforms to it or not. :-) > Thus, other software may behave differently. I think, I > have to revoke one key to avoid problems... Why should any problems arise from that? As long as the sender can encrypt and the recipient can decrypt... Doesn't matter which subkey is used, does it? Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 555 bytes Desc: This is a digitally signed message part. URL: From mail at klomp.eu Thu Nov 11 13:33:35 2010 From: mail at klomp.eu (Sven Klomp) Date: Thu, 11 Nov 2010 13:33:35 +0100 Subject: Problems with two active encryption subkeys In-Reply-To: <201011111258.33816.mailinglisten@hauke-laging.de> References: <201011051158.14148.mail@klomp.eu> <201011110950.30335.mail@klomp.eu> <201011111258.33816.mailinglisten@hauke-laging.de> Message-ID: <201011111333.35665.mail@klomp.eu> On Thursday 11 November 2010 12:58:26 Hauke Laging wrote: > > Thus, other software may behave differently. I think, I > > have to revoke one key to avoid problems... > > Why should any problems arise from that? As long as the sender can encrypt and > the recipient can decrypt... Doesn't matter which subkey is used, does it? Since I don't have both keys at hand all the time. I have the RSA key on the Crypto Stick. However, the Elgamal is stored in a safe place. Sven From l_elcocks at hotmail.co.uk Thu Nov 11 15:12:15 2010 From: l_elcocks at hotmail.co.uk (Lee Elcocks) Date: Thu, 11 Nov 2010 14:12:15 +0000 Subject: Import .p12 key file In-Reply-To: <8739r9vxpc.fsf@vigenere.g10code.de> References: , <4CDAD84B.2040207@sixdemonbag.org>, <8739r9vxpc.fsf@vigenere.g10code.de> Message-ID: I use GPG version 1.4.10 is this one of the verrsions that *can* support pkcs12 keys? If so, How? Lee > From: wk at gnupg.org > To: rjh at sixdemonbag.org > Subject: Re: Import .p12 key file > Date: Wed, 10 Nov 2010 19:29:51 +0100 > CC: gnupg-users at gnupg.org > > On Wed, 10 Nov 2010 18:37, rjh at sixdemonbag.org said: > > > Recent versions of GnuPG support S/MIME, which *may* use PKCS-12. (I > > Well for 7 years or so ;-) > > > don't recall offhand for a fact: I just have a vague impression they > > do... or maybe it's PKCS-7 I'm thinking of.) > > PKCS#12 is a bunch of convoluted binary data which is even by ASN.1 > standards a nightmare to parse. Despite that these blobs are used to > transfer private X.509 keys. GPGSM (GPG's S/MIME cousin) supports it. > > PKCS#7 (or in modern speak CMS) is the core of S/MIME but, as you > pointed out, it is not related to OpenPGP. OpenPGP uses a well defined > and easy to parse format for key and data exchange and not any ASN.1 BER > and DER mess. > > > Salam-Shalom, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Thu Nov 11 16:02:32 2010 From: wk at gnupg.org (Werner Koch) Date: Thu, 11 Nov 2010 16:02:32 +0100 Subject: EncFS patch In-Reply-To: (Daiki Ueno's message of "Thu, 11 Nov 2010 11:24:58 +0900") References: <87ocagzzh9.fsf@vigenere.g10code.de> <87vd45wkc8.fsf_-_@vigenere.g10code.de> Message-ID: <87bp5vvr7b.fsf@vigenere.g10code.de> On Thu, 11 Nov 2010 03:24, ueno at unixuser.org said: > Thanks. It now basically works (I used encfs-1.7.3_annotate.diff you > posted to gnupg-devel), though the usage was a bit unclear to me :) Well the documentation is non existent. However gpgme already supports it. Which does not mean that that documentation is in anyway better: /* The container is automatically unmounted when the context is reset or destroyed. Transmission errors are returned directly, operational errors are returned in OP_ERR. */ gpgme_error_t gpgme_op_vfs_mount (gpgme_ctx_t ctx, const char *container_file, const char *mount_dir, unsigned int flags, gpgme_error_t *op_err); gpgme_error_t gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[], const char *container_file, unsigned int flags, gpgme_error_t *op_err); Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Thu Nov 11 16:31:52 2010 From: wk at gnupg.org (Werner Koch) Date: Thu, 11 Nov 2010 16:31:52 +0100 Subject: OpenGPG card: PIN enry on keypad? In-Reply-To: <20101110225126.229650@gmx.net> (Georg Schmidt's message of "Wed, 10 Nov 2010 23:51:26 +0100") References: <20101110225126.229650@gmx.net> Message-ID: <877hgjvpuf.fsf@vigenere.g10code.de> Hi, Pinpads do only work with the inetrnal CCID driver. Thus you need to stop pcscd (there is no need for it) and get the permissions for the reader right; see the card howto. Further we only support those readers we tested: /* We have only tested a few readers so better don't risk anything and do not allow the use with other readers. */ switch (handle->id_vendor) { case VENDOR_SCM: /* Tested with SPR 532. */ case VENDOR_KAAN: /* Tested with KAAN Advanced (1.02). */ break; case VENDOR_CHERRY: /* The CHERRY XX44 keyboard echos an asterisk for each entered character on the keyboard channel. We use a special variant of PC_to_RDR_Secure which directs these characters to the smart card's bulk-in channel. We also need to append a zero Lc byte to the APDU. It seems that it will be replaced with the actual length instead of being appended before the APDU is send to the card. */ cherry_mode = 1; break; default: return CCID_DRIVER_ERR_NOT_SUPPORTED; } Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From l_elcocks at hotmail.co.uk Thu Nov 11 16:55:35 2010 From: l_elcocks at hotmail.co.uk (Lee Elcocks) Date: Thu, 11 Nov 2010 15:55:35 +0000 Subject: FW: Import .p12 key file In-Reply-To: References: , , <4CDAD84B.2040207@sixdemonbag.org>, , <8739r9vxpc.fsf@vigenere.g10code.de>, Message-ID: if i import a p12 key file into a trial version of PGP and then export the key back out (including the private key) i can then import the key into GPG. PGP exports the key as a .ASC file. As a newb, can someone explain what PGP does to the key so that GPG accepts it? Thanks From: l_elcocks at hotmail.co.uk To: wk at gnupg.org; rjh at sixdemonbag.org Subject: RE: Import .p12 key file Date: Thu, 11 Nov 2010 14:12:15 +0000 CC: gnupg-users at gnupg.org I use GPG version 1.4.10 is this one of the verrsions that *can* support pkcs12 keys? If so, How? Lee > From: wk at gnupg.org > To: rjh at sixdemonbag.org > Subject: Re: Import .p12 key file > Date: Wed, 10 Nov 2010 19:29:51 +0100 > CC: gnupg-users at gnupg.org > > On Wed, 10 Nov 2010 18:37, rjh at sixdemonbag.org said: > > > Recent versions of GnuPG support S/MIME, which *may* use PKCS-12. (I > > Well for 7 years or so ;-) > > > don't recall offhand for a fact: I just have a vague impression they > > do... or maybe it's PKCS-7 I'm thinking of.) > > PKCS#12 is a bunch of convoluted binary data which is even by ASN.1 > standards a nightmare to parse. Despite that these blobs are used to > transfer private X.509 keys. GPGSM (GPG's S/MIME cousin) supports it. > > PKCS#7 (or in modern speak CMS) is the core of S/MIME but, as you > pointed out, it is not related to OpenPGP. OpenPGP uses a well defined > and easy to parse format for key and data exchange and not any ASN.1 BER > and DER mess. > > > Salam-Shalom, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001 URL: From shavital at mac.com Thu Nov 11 18:41:14 2010 From: shavital at mac.com (Charly Avital) Date: Thu, 11 Nov 2010 12:41:14 -0500 Subject: MacOSX update 10.6.5 Message-ID: <4CDC2ABA.2060103@mac.com> Hi, the recent MacOSX's update to 10.6.5 has not affected GnuPG 1.4.11, MacGPG2 (with gpg-agent) under TB+Enigmail. As expected it has affected Apple's Mail with GPGMail, I have reported this in the appropriate forum. Charly MacOS 10.6.5-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.16 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 - Running Enigmail version 1.1.2 (20100629-1412) From ramon.loureiro at gmail.com Thu Nov 11 11:52:56 2010 From: ramon.loureiro at gmail.com (Ramon Loureiro) Date: Thu, 11 Nov 2010 11:52:56 +0100 Subject: How to decrypt string in php In-Reply-To: References: Message-ID: <4CDBCB08.4040608@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Jourard wrote: > Hi, > > I have a gpg encypted string in a data field and I want to be able > decrypt it. > > Is there a simple way to do this without writing it to a file on a > windows machine > Hi! Have you tried this? http://php.net/manual/en/ref.gnupg.php http://pecl.php.net/package/gnupg - -- Ramon Loureiro GPG BE8E 5136 6A32 B5EF 0105 0DFB C559 2ACB 80C7 D647 GPG 19F0 4F06 F367 0976 1C3D 30CA 7FD1 3810 8C89 A6F6 Thawte Notary GSWot ES:66 -Gossamer Web of Trust-http://www.gswot.org CAcert Assurer _____________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM28sIAAoJEMVZKsuAx9ZH4VoH/0aTDXdPdV4l5D7K4oJVS+N8 XodVJ7DgeJIGm0GVAzWPbU/MeoOHSE0LxNMIwkG2Du/53K9hpBZxpPIsLRUq3dMO NG/JWnzqWMSyJmV0S6DX/giVKSHHpZMy+VhXRw6++l6nKJkXUsEkuvbKtL9rbPfU vLth5S5HFoEjR5gnepcBQZ54W1/55ilNXiPBXtcHfZ2EHK6PCXnFNUiXd51nL/lN NS4VaLPBHk3YhGJQLb3uLcCY+YuoaNl1lGNueaAV/TQ80lFXOy0kTwwOErVhqwMz 8JuH1E7QGWwH3NdfJcjPKHRFEPhZmnty1+d5y/MctCXTcKJeeJjoP+BzDBq4Gx4= =pWu0 -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From John at Mozilla-Enigmail.org Thu Nov 11 23:33:28 2010 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Thu, 11 Nov 2010 16:33:28 -0600 Subject: Password for keyring In-Reply-To: <0EE14841E1FD8545B7E084F22AEF968104139F54@fssbemail.fss.india> References: <0EE14841E1FD8545B7E084F22AEF968104139F54@fssbemail.fss.india> Message-ID: <4CDC6F38.7030904@Mozilla-Enigmail.org> Mohan Radhakrishnan wrote: > We use passphrases for protecting the secret key. Is there a passphrase for > accessing the keyring itself ? No, unless the secret keyring is stored on some form of encrypted volume which is a different subject. -John -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 499 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Nov 12 05:19:19 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 11 Nov 2010 23:19:19 -0500 Subject: gpg --verify detached signature from two file descriptors? Message-ID: <4CDCC047.8080500@fifthhorseman.net> Hi GnuPG folks-- i'd like to use gpg to verify a detached signature, but for various reasons i don't want to put either part (the body or the signature) in the filesystem (i have the data queued in two otherwise anonymous file descriptors). if i put the body on FD 0, i can verify the detached signature with: gpg --verify sig - but i still need to have the signature in a file in the file system. Is there a way to tell gpg to read the sig itself from a file descriptor as well? On some operating systems (in some configurations) it looks like i can use (e.g.) /proc/self/fd/3 to read the signature from file descriptor 3, but it would be nice to be more portable than that. Any suggestions? Thanks for gpg, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Fri Nov 12 05:44:02 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 11 Nov 2010 23:44:02 -0500 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CDCC047.8080500@fifthhorseman.net> References: <4CDCC047.8080500@fifthhorseman.net> Message-ID: <4CDCC612.7030702@sixdemonbag.org> On 11/11/2010 11:19 PM, Daniel Kahn Gillmor wrote: > i'd like to use gpg to verify a detached signature, but for various > reasons i don't want to put either part (the body or the signature) in > the filesystem (i have the data queued in two otherwise anonymous file > descriptors). This may be more hammer for your task than you really need, but I would consider making a memory-mapped file object. Read the data from the two anonymous FDs, concat them into the memory-mapped file object, and pipe those contents to GnuPG. (Note that most people use MMFOs to populate memory blocks with file contents, but there's no requirement it correspond to a physical file on disk: anonymous FDs should work. Also note that I haven't done POSIX memory mapped files in quite some time: my recollections may be off.) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From dkg at fifthhorseman.net Fri Nov 12 06:15:28 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 12 Nov 2010 00:15:28 -0500 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CDCC612.7030702@sixdemonbag.org> References: <4CDCC047.8080500@fifthhorseman.net> <4CDCC612.7030702@sixdemonbag.org> Message-ID: <4CDCCD70.6000301@fifthhorseman.net> Hi Robert-- On 11/11/2010 11:44 PM, Robert J. Hansen wrote: > On 11/11/2010 11:19 PM, Daniel Kahn Gillmor wrote: >> i'd like to use gpg to verify a detached signature, but for various >> reasons i don't want to put either part (the body or the signature) in >> the filesystem (i have the data queued in two otherwise anonymous file >> descriptors). > > This may be more hammer for your task than you really need, but I would > consider making a memory-mapped file object. Read the data from the two > anonymous FDs, concat them into the memory-mapped file object, and pipe > those contents to GnuPG. i don't think this solves the problem i'm looking to solve, but i might be misunderstanding. i'm hoping to use a detached signature precisely because i do *not* want gnupg to have to find the delimiters between the data and the signature -- i already have that information available. So it seems to me that concatenating the material and feeding it in a single stream means making gpg do unnecessary work (not to mention potentially falling prey to any potential bugs in gpg's code that determines the boundaries between data and signatures). Or am i misunderstanding your suggestion? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From reinhard.irmer at kabelmail.de Fri Nov 12 12:51:12 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Fri, 12 Nov 2010 12:51:12 +0100 Subject: problem with german umlauts Message-ID: <001801cb825f$e7dfa9d0$b79efd70$@irmer@kabelmail.de> I have installed GnuPG 1.4.11 from the GnuPT-site and GnuPG 2.0.16 (gpg4win 2.1.0?) under winxp. codepage is 437. The verify-result is OK in both versions, but only the umlauts are making trouble: In Gpg v1.4 it looks like http://666kb.com/i/boauplx7p51xe92uc.jpg (demolitioned umlauts), but in Gpg v2.0.16 : http://666kb.com/i/boauqrekhb2thrhyc.jpg (umlauts OK) Whats to do, to make version 1 showing correctwritten results? -- regards Reinhard From rjh at sixdemonbag.org Fri Nov 12 13:28:13 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 12 Nov 2010 07:28:13 -0500 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CDCCD70.6000301@fifthhorseman.net> References: <4CDCC047.8080500@fifthhorseman.net> <4CDCC612.7030702@sixdemonbag.org> <4CDCCD70.6000301@fifthhorseman.net> Message-ID: <4CDD32DD.4090907@sixdemonbag.org> On 11/12/2010 12:15 AM, Daniel Kahn Gillmor wrote: > Or am i misunderstanding your suggestion? Not really, no. I am not trying to tell you what your problem really is or how it ought be solved -- you're the guy who knows the ins and outs of it, after all. :) That said, I will just repeat three well-worn bits of generally applicable advice: 1. Don't optimize code that isn't a bottleneck -- there's nothing wrong with making GnuPG do unnecessary work so long as that part isn't the bottleneck. 2. Don't make assumptions about where your code bottlenecks. Profile it. 3. GnuPG is a very mature project that's had a lot of people hammering on it. Your own code is probably much newer with far fewer people hammering on it. "Potentially falling prey to ... bugs in gpg's code" by making GnuPG be clever about the data pipeline may be safer than making your code be clever about the data pipeline. ... I don't have any answers for how you might approach this, other than what I've already mentioned. Sorry! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From reinhard.irmer at kabelmail.de Fri Nov 12 11:01:05 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Fri, 12 Nov 2010 11:01:05 +0100 Subject: problem with german umlauts Message-ID: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> I have installed GnuPG 1.4.11 from the GnuPT-site and GnuPG 2.0.16 (gpg4win 2.1.0?) under winxp. codepage is 437. The verify-result is OK in both versions, but only the umlauts are making trouble: In Gpg v1.4 it looks like http://666kb.com/i/boauplx7p51xe92uc.jpg (demolitioned umlauts), but in Gpg v2.0.16 : http://666kb.com/i/boauqrekhb2thrhyc.jpg (umlauts OK) Whats to do, to make version 1 showing correctwritten results? -- regards Reinhard From reinhard.irmer at kabelmail.de Fri Nov 12 13:48:15 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Fri, 12 Nov 2010 13:48:15 +0100 Subject: AW: problem with german umlauts In-Reply-To: References: <-1128987731007132541@unknownmsgid> Message-ID: <002201cb8267$e0554c80$a0ffe580$@irmer@kabelmail.de> hi Ted, you wrote on Fr, 12.Nov.2010 (13:25:19): > I tried it with 1.4.11 and it worked OK. Fine 4you, but no help 4me. > It might be your encoding > character set. Sure, but the question is, why GnuPG version 2 has no probs but version 1.4.11 has. Both versions are running under CP437 > I don't know what mine is (latin-1?), but it may be > something to check out. C:\>chcp shows it regards reinhard > > > On Fri, Nov 12, 2010 at 6:51 AM, Reinhard Irmer > wrote: > > > I have installed GnuPG 1.4.11 from the GnuPT-site and GnuPG 2.0.16 > (gpg4win 2.1.0?) under winxp. codepage is 437. The verify-result is OK > in both versions, but only the umlauts are making trouble: In Gpg v1.4 > it looks like http://666kb.com/i/boauplx7p51xe92uc.jpg (demolitioned > umlauts), but in Gpg v2.0.16 : http://666kb.com/i/boauqrekhb2thrhyc.jpg > (umlauts OK) > > Whats to do, to make version 1 showing correctwritten results? > > -- > regards > Reinhard > > > > _______________________________________________ Gnupg-users mailing > list Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From ben at adversary.org Fri Nov 12 13:59:42 2010 From: ben at adversary.org (Ben McGinnes) Date: Fri, 12 Nov 2010 23:59:42 +1100 Subject: problem with german umlauts In-Reply-To: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> Message-ID: <4CDD3A3E.5000109@adversary.org> On 12/11/10 9:01 PM, Reinhard Irmer wrote: > I have installed GnuPG 1.4.11 from the GnuPT-site and GnuPG 2.0.16 (gpg4win > 2.1.0?) under winxp. codepage is 437. The verify-result is OK in both > versions, but only the umlauts are making trouble: > In Gpg v1.4 it looks like http://666kb.com/i/boauplx7p51xe92uc.jpg > (demolitioned umlauts), but in Gpg v2.0.16 : > http://666kb.com/i/boauqrekhb2thrhyc.jpg (umlauts OK) > > Whats to do, to make version 1 showing correctwritten results? Setting "charset utf-8" in your gpg.conf for 1.4.11 should do the trick. I can't recall if there are any keys in my keyring to double-check on, but I'm pretty sure it has correctly displayed cyrillic characters in the past and I am using 1.4.11. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From DELEE at TRANSENTRIC.COM Fri Nov 12 14:04:08 2010 From: DELEE at TRANSENTRIC.COM (David E. Lee) Date: Fri, 12 Nov 2010 07:04:08 -0600 Subject: David E. Lee is out of the office Message-ID: I will be out of the office starting 11/12/2010 and will not return until 11/15/2010. ** This message and any attachments contain information from Union Pacific which may be confidential and/or privileged. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited by law. If you receive this message in error, please contact the sender immediately and delete the message and any attachments. ** -------------- next part -------------- An HTML attachment was scrubbed... URL: From reinhard.irmer at kabelmail.de Fri Nov 12 19:16:57 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Fri, 12 Nov 2010 19:16:57 +0100 Subject: AW: problem with german umlauts In-Reply-To: <4CDD3A3E.5000109@adversary.org> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> Message-ID: <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> Hi Ben, you wrote on Fr, 12.Nov.2010 (13:59:42): > On 12/11/10 9:01 PM, Reinhard Irmer wrote: >> I have installed GnuPG 1.4.11 from the GnuPT-site and GnuPG 2.0.16 >> (gpg4win >> 2.1.0?) under winxp. codepage is 437. The verify-result is OK in both >> versions, but only the umlauts are making trouble: >> In Gpg v1.4 it looks like http://666kb.com/i/boauplx7p51xe92uc.jpg >> (demolitioned umlauts), but in Gpg v2.0.16 : >> http://666kb.com/i/boauqrekhb2thrhyc.jpg (umlauts OK) >> >> Whats to do, to make version 1 showing correctwritten results? > > Setting "charset utf-8" in your gpg.conf for 1.4.11 should do the > trick. I can't recall if there are any keys in my keyring to > double-check on, but I'm pretty sure it has correctly displayed > cyrillic characters in the past and I am using 1.4.11. Thnx Charset iso-8859-1 in gpg.conf for v1.4.11 SOLVED the prob :-)) @Michael: jetzt ist wirklich alles in Butter auch v1 im neuen script. Evtl.solltest Du einen entsprechenden Hinweis im script anbringen. Auszug aus einer Muster-gpg.conf: # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # GnuPG which is the native character set. Please check the man page # for supported character sets. This character set is only used for # metadata and not for the actual message which does not undergo any # translation. Note that future version of GnuPG will change to UTF-8 # as default character set. In most cases this option is not required # GnuPG is able to figure out the correct charset and use that. Charset utf-8 bringst nicht aber Charset iso-8859-1 :-))) und Reinhard ist happy :-)...... und Du sicher auch? -- regards Reinhard --- [on OUTLOOK2007 with QF-Macros] --- From ben at adversary.org Fri Nov 12 20:10:57 2010 From: ben at adversary.org (Ben McGinnes) Date: Sat, 13 Nov 2010 06:10:57 +1100 Subject: AW: problem with german umlauts In-Reply-To: <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> Message-ID: <4CDD9141.7080005@adversary.org> On 13/11/10 5:16 AM, Reinhard Irmer wrote: > > Thnx > Charset iso-8859-1 in gpg.conf for v1.4.11 SOLVED the prob :-)) Excellent. :) Bear in mind that UTF-8 may become the standard in the future, but as long as your gpg.conf matches the character set for your email client and/or editor it should be fine (I explicitly set UTF-8 for GPG, Thunderbird and Emacs). Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Fri Nov 12 23:20:30 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 12 Nov 2010 17:20:30 -0500 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CDD32DD.4090907@sixdemonbag.org> References: <4CDCC047.8080500@fifthhorseman.net> <4CDCC612.7030702@sixdemonbag.org> <4CDCCD70.6000301@fifthhorseman.net> <4CDD32DD.4090907@sixdemonbag.org> Message-ID: <4CDDBDAE.2020901@fifthhorseman.net> On 11/12/2010 07:28 AM, Robert J. Hansen wrote: > 1. Don't optimize code that isn't a bottleneck -- there's nothing wrong > with making GnuPG do unnecessary work so long as that part isn't the > bottleneck. i was actually hoping to avoid *me* having to do the extra work of figuring out how to concatenate the data with the signature. Do you have a suggestion for how to make such a concatenator for arbitrary 8-bit data? Do i need to build an OpenPGP data packet from my input stream first? Is there example code of such a concatenator someplace? > 3. GnuPG is a very mature project that's had a lot of people hammering > on it. Your own code is probably much newer with far fewer people > hammering on it. I grant that my own code is more likely to be buggy than gpg's. that's another good reason for me to not write a concatenator :) Are you saying there is no way to pass a detached signature via a file descriptor? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From reinhard.irmer at kabelmail.de Sat Nov 13 11:41:56 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Sat, 13 Nov 2010 11:41:56 +0100 Subject: AW: AW: problem with german umlauts In-Reply-To: <4CDD9141.7080005@adversary.org> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> Message-ID: <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> Hi Ben, you.wrote on Fr, 12.Nov.2010 (20:10:57): > On 13/11/10 5:16 AM, Reinhard Irmer wrote: >> >> Thnx >> Charset iso-8859-1 in gpg.conf for v1.4.11 SOLVED the prob :-)) > > Excellent. :) > > Bear in mind that UTF-8 may become the standard in the future, Yes, I know. I see it in my installation of GnuPG 2.0.16 where no probs with german umlauts are existing (as you see in jpg-link I sent in op. > but as > long as your gpg.conf matches the character set for your email client > and/or editor it should be fine (I explicitly set > UTF-8 for GPG, Thunderbird and Emacs). I have 2 gpg.confs, one 4 v1.4.11 and another 4 v2.0.16. In second no charset is defined in it. Standard-utf-8 works fine in my client 40tude-dialog, but not in Thunderbird where umlauts are shown as questionmarks. Now I will test ist out setting charset iso-8859-1 in gpg.conf for version2. -- regards Reinhard --- [on OUTLOOK2007 with QF-Macros] --- From reinhard.irmer at kabelmail.de Sat Nov 13 14:35:11 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Sat, 13 Nov 2010 14:35:11 +0100 Subject: problem with german umlauts In-Reply-To: <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> Message-ID: <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> Hi Ben, > you.wrote on Fr, 12.Nov.2010 (20:10:57): >> On 13/11/10 5:16 AM, Reinhard Irmer wrote: >>> Thnx >>> Charset iso-8859-1 in gpg.conf for v1.4.11 SOLVED the prob :-)) >> Excellent. :) >> Bear in mind that UTF-8 may become the standard in the future, > Yes, I know. I see it in my installation of GnuPG 2.0.16 where no probs with > german umlauts are existing (as you see in jpg-link I sent in op. >> but as >> long as your gpg.conf matches the character set for your email client >> and/or editor it should be fine (I explicitly set >> UTF-8 for GPG, Thunderbird and Emacs). > I have 2 gpg.confs, one 4 v1.4.11 and another 4 v2.0.16. In second no charset > is defined in it. Standard-utf-8 works fine in my client 40tude-dialog, but not > in Thunderbird where umlauts are shown as questionmarks. Now I will test > ist out setting charset iso-8859-1 in gpg.conf for version2. Here are the results: Using GnuPG v.1.4.11 with 40tude-dialog as client charset must be iso-8859-1 or -15 to shows correct umlauts Using GnuPG v.1.4.11 with Thunderbird as client charset must be utf-8 to show correct umlauts Using GnuPG v.2.0.16 using all possible charsets, 40tude shows correct umlauts, but Thunderbird always shows questionmarks instead of german umlauts -- Viele Gr??e Reinhard Irmer --- [on OUTLOOK2007 with QF-Macros] --- From rjh at sixdemonbag.org Sat Nov 13 15:15:20 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 13 Nov 2010 09:15:20 -0500 Subject: problem with german umlauts In-Reply-To: <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> Message-ID: <4CDE9D78.2070607@sixdemonbag.org> On 11/13/2010 8:35 AM, Reinhard Irmer wrote: > Using GnuPG v.1.4.11 with Thunderbird as client charset must be utf-8 to > show correct umlauts Is that the client charset for GnuPG, or the client charset for Thunderbird itself? Keep in mind Thunderbird can display data in many different encodings, too. If Thunderbird is expecting ISO-8859-1 and you're passing umlauts in from GnuPG as UTF-8, you'll get some strangeness. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From reinhard.irmer at kabelmail.de Sat Nov 13 16:48:19 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Sat, 13 Nov 2010 16:48:19 +0100 Subject: AW: problem with german umlauts In-Reply-To: <4CDE9D78.2070607@sixdemonbag.org> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDE9D78.2070607@sixdemonbag.org> Message-ID: <000701cb834a$32373ad0$96a5b070$@irmer@kabelmail.de> Hi Robert, you wrote on Sa, 13.Nov.2010 (15:15:20): > On 11/13/2010 8:35 AM, Reinhard Irmer wrote: >> Using GnuPG v.1.4.11 with Thunderbird as client charset must be >> utf-8 to show correct umlauts > > Is that the client charset for GnuPG, or the client charset for > Thunderbird itself? For GnuPG > Keep in mind Thunderbird can display data in many > different encodings, too. In bodypane of TB different charsets are configurable, but in headerpane? > If Thunderbird is expecting ISO-8859-1 and you're passing umlauts in > from GnuPG as UTF-8, you'll get some strangeness. TB is configured for utf-8 like GnuPG v.1.4.11 and shows umlauts well. Using GnuPG v.2.0.16 (standard-utf-8) TB shows umlauts wrong :-( -- regards Reinhard --- [on OUTLOOK2007 with QF-Macros] --- From wk at gnupg.org Sat Nov 13 20:16:49 2010 From: wk at gnupg.org (Werner Koch) Date: Sat, 13 Nov 2010 20:16:49 +0100 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CDCC047.8080500@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 11 Nov 2010 23:19:19 -0500") References: <4CDCC047.8080500@fifthhorseman.net> Message-ID: <87iq01t4ny.fsf@vigenere.g10code.de> On Fri, 12 Nov 2010 05:19, dkg at fifthhorseman.net said: > i'd like to use gpg to verify a detached signature, but for various > reasons i don't want to put either part (the body or the signature) in > the filesystem (i have the data queued in two otherwise anonymous file > descriptors). No problem. GPGME does it this way. The trick is the option --enable-special-filenames and to pass the fd in this format "-&N". gpg --enable-special-filenames --verify --batch -&5 -&6 Assuming you have them in fds 5 and 6. Using GPGME is of course easier because it has this secret knowledge ;-) Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From grawity at gmail.com Sat Nov 13 19:29:22 2010 From: grawity at gmail.com (=?UTF-8?B?TWFudGFzIE1pa3VsxJduYXM=?=) Date: Sat, 13 Nov 2010 20:29:22 +0200 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CDDBDAE.2020901@fifthhorseman.net> References: <4CDCC047.8080500@fifthhorseman.net> <4CDCC612.7030702@sixdemonbag.org> <4CDCCD70.6000301@fifthhorseman.net> <4CDD32DD.4090907@sixdemonbag.org> <4CDDBDAE.2020901@fifthhorseman.net> Message-ID: <4CDED902.3050502@gmail.com> /dev/fd might be more portable than /proc/self/fd; at least I'm sure the BSDs have it with 'fdescfs'. There is also the 'temp file' way - mkstemp() or /usr/bin/mktemp. -- Mantas Mikul?nas From dkg at fifthhorseman.net Sat Nov 13 20:26:56 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sat, 13 Nov 2010 14:26:56 -0500 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <87iq01t4ny.fsf@vigenere.g10code.de> References: <4CDCC047.8080500@fifthhorseman.net> <87iq01t4ny.fsf@vigenere.g10code.de> Message-ID: <4CDEE680.3000306@fifthhorseman.net> On 11/13/2010 02:16 PM, Werner Koch wrote: > On Fri, 12 Nov 2010 05:19, dkg at fifthhorseman.net said: > >> i'd like to use gpg to verify a detached signature, but for various >> reasons i don't want to put either part (the body or the signature) in >> the filesystem (i have the data queued in two otherwise anonymous file >> descriptors). > > No problem. GPGME does it this way. The trick is the option > --enable-special-filenames and to pass the fd in this format "-&N". > > gpg --enable-special-filenames --verify --batch -&5 -&6 > > Assuming you have them in fds 5 and 6. thanks, this is exactly what i needed! > Using GPGME is of course easier because it has this secret knowledge ;-) :) --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From ben at adversary.org Sun Nov 14 02:13:47 2010 From: ben at adversary.org (Ben McGinnes) Date: Sun, 14 Nov 2010 12:13:47 +1100 Subject: problem with german umlauts In-Reply-To: <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> Message-ID: <4CDF37CB.9030306@adversary.org> On 14/11/10 12:35 AM, Reinhard Irmer wrote: >> you.wrote on Fr, 12.Nov.2010 (20:10:57): >>> On 13/11/10 5:16 AM, Reinhard Irmer wrote: > >> Yes, I know. I see it in my installation of GnuPG 2.0.16 where no >> probs with german umlauts are existing (as you see in jpg-link I >> sent in op. Yes, I saw that before and have seen similar behaviour with character set conflicts on other systems. >> I have 2 gpg.confs, one 4 v1.4.11 and another 4 v2.0.16. In second >> no charset is defined in it. Standard-utf-8 works fine in my client >> 40tude-dialog, but not in Thunderbird where umlauts are shown as >> questionmarks. You'll find that they either appear as question marks or an empty box, depending on the display format (command line or GUI) where the character cannot be represented. In a GUI where it is a unicode character that cannot be represented the square box will contain the four character hex code for the unicode character (e.g. 00fc instead of ?). >> Now I will test ist out setting charset iso-8859-1 in gpg.conf for >> version2. > > Here are the results: > Using GnuPG v.1.4.11 with 40tude-dialog as client charset must be iso-8859-1 > or -15 to shows correct umlauts Okay, I'm not familiar with 40tude, but I have a theory. > Using GnuPG v.1.4.11 with Thunderbird as client charset must be utf-8 to > show correct umlauts This makes some sense, Thunderbird needs to be told which character set to use (most will default to iso-8859-1, but it depends on the version installed). > Using GnuPG v.2.0.16 using all possible charsets, 40tude shows > correct umlauts, but Thunderbird always shows questionmarks instead > of german umlauts You should be able to change the Thunderbird setting to UTF-8 and make it behave in View -> Character Encoding. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From free10pro at gmail.com Sun Nov 14 04:00:19 2010 From: free10pro at gmail.com (Paul Richard Ramer) Date: Sat, 13 Nov 2010 19:00:19 -0800 Subject: Do I need to put my keys on a server??? In-Reply-To: <4CDAB905.5090002@gmail.com> References: <4CDAB905.5090002@gmail.com> Message-ID: <4CDF50C3.4080008@gmail.com> On 11/10/2010 07:23 AM, Visual GPG WoT Project wrote: > I've created two key pairs for two different email accounts (lets say > email1@ and email2@) > and signed each one with each other and set the owner trust to > "ultimate"... > > When I send an encripted email from email1@ to email2@ > my Enigmail client says: > > Decrypted message; Unverified signature > > What I am doing wrong? > Do I need to put my keys on a server??? Putting your keys on a keyserver won't fix this situation. On the machine that you decrypted the message, did you have the public key for email1@? -Paul -- Please use my PGP key when sending me e-mail, if you can. PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 From reinhard.irmer at kabelmail.de Sun Nov 14 10:52:38 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Sun, 14 Nov 2010 10:52:38 +0100 Subject: AW: problem with german umlauts In-Reply-To: <4CDF37CB.9030306@adversary.org> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> Message-ID: <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> hi Ben, you wrote on So, 14.Nov.2010 (02:13:47): > On 14/11/10 12:35 AM, Reinhard Irmer wrote: >>> you.wrote on Fr, 12.Nov.2010 (20:10:57): >>>> On 13/11/10 5:16 AM, Reinhard Irmer wrote: [...] >>> Now I will test ist out setting charset iso-8859-1 in gpg.conf for >>> version2. >> >> Here are the results: [...] >> Using GnuPG v.1.4.11 with Thunderbird as client charset must be >> utf-8 to show correct umlauts > > This makes some sense, Thunderbird needs to be told which character > set to use (most will default to iso-8859-1, but it depends on the version installed). I've set it to utf-8 >> Using GnuPG v.2.0.16 using all possible charsets, 40tude shows >> correct umlauts, but Thunderbird always shows questionmarks instead >> of german umlauts > > You should be able to change the Thunderbird setting to UTF-8 and make > it behave in View -> Character Encoding. View utf-8: umlauts in body or utf-8-characters in body are OK, umlauts in headerpane are destroyed (shown as ? in black square) View iso-8859-1: umlauts in body are OK, utf-8-characters in body are destroyed (o?o) = (o??o), umlauts in headerpane are OK -- regards Reinhard --- [on OUTLOOK2007 with QF-Macros] --- From kronos72it at yahoo.it Sat Nov 13 23:54:36 2010 From: kronos72it at yahoo.it (Francesco Savino) Date: Sat, 13 Nov 2010 23:54:36 +0100 Subject: gpg key generation options Message-ID: <4CDF172C.5040601@yahoo.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have installed gpg version 1.4.10 , the last I think. When I run --gen-key the men? display 4 voices while the guide and manual saw on gpg web page show only 3 voices. Maybe the online documentation is out of date ? My final problem is to get an explanation of fourth voice RSA and RSA , why I can't encrypt a file with a key pair generated with this option ? thanks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJM3xcrAAoJEMomimwKQvQirbMQAIS0OQNtBfRCPo6a1Sr3Kz3q wQLrsksywRZMA/ijLGZEK7PtM8vW+xG11VeR+4NXl2Bqv/tAbc0sEVWjA+K+1tHJ KUX0R3pDBwCcvtyUw5ebpEIjAIDoc0CJMsJJdVkMqUvepyynx34SGCC2RaN5Ir5E Qc6voZkpnX92ZPHNHaNOkmKp8vSOX5Yt9HfEC+1kPhsyBjHe/OM0wr4Z+mJImPQz n5rHHKS8Q8V60lfC/z06Bm1yEK/nDTBXHytMYi1WOx4eNbrHShcmJv6P7GrVn4k5 ZQUYpfiUSSu0JZP+vyjFp1JkVKgGK4u+Jr79YpwZldFxGSyZwN+8MrxQHlSNe5pF O6a8E/F+nIkECh4CMtvqrsP8uaiZnk5p3RznEOGJMTa4d9JvBX4R2mB6y+Fa+MjP DdgU5aAU7RXtnTRpAIMgoVBByNP4s/MgihJdNDH1pRkjdjim7IJslBosNsfy5+6q nlWsLJstZ2hu2wh7vjOf6ExvqbAAVqi9SJJHClSuWAXug+UEx4g3WiSk1otyO6z2 KvP3tIvCKXO2Yl4OTbOT3YBuHWx6NZ42jaSwNlzT2cfdbvHPLF8MGqoB3ianUiDU 1QPgNm0gnfyPFqzs/l8f9L6OgUPabsg7rWbNTTaDmFMe4dWN+n7qaYf+oZFEEIK4 BVHRuAsuyghDch8HTwdG =6TYA -----END PGP SIGNATURE----- From ben at adversary.org Sun Nov 14 11:19:07 2010 From: ben at adversary.org (Ben McGinnes) Date: Sun, 14 Nov 2010 21:19:07 +1100 Subject: AW: problem with german umlauts In-Reply-To: <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> Message-ID: <4CDFB79B.5050903@adversary.org> On 14/11/10 8:52 PM, Reinhard Irmer wrote: > you wrote on So, 14.Nov.2010 (02:13:47): > >> You should be able to change the Thunderbird setting to UTF-8 and make >> it behave in View -> Character Encoding. > > View utf-8: umlauts in body or utf-8-characters in body are OK, > umlauts in headerpane are destroyed (shown as ? in black square) > > View iso-8859-1: umlauts in body are OK, utf-8-characters in body > are destroyed (o?o) = (o??o), umlauts in headerpane are OK Okay, what about the preferences for Thunderbird? I'm assuming you're using Windows for all these, in which case go to Tools -> Options -> Display -> Formatting -> Advanced. Character Encodings for both outgoing (composition) and incoming mail are set here (I'm assuming that your setting was only in the View -> Character encoding section). You'll want this to match everything else (although it shouldn't matter if View -> Character Encoding resets itself to ISO-8859-1 if the other two are set to UTF-8). Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From shavital at mac.com Sun Nov 14 13:48:58 2010 From: shavital at mac.com (Charly Avital) Date: Sun, 14 Nov 2010 07:48:58 -0500 Subject: gpg key generation options In-Reply-To: <4CDF172C.5040601@yahoo.it> References: <4CDF172C.5040601@yahoo.it> Message-ID: <4CDFDABA.7000300@mac.com> Francesco Savino wrote the following on 11/13/10 5:54 PM: > > I have installed gpg version 1.4.10 , the last I think. The current release for GnuPG is 1.4.11, and 2.0.16 for gpg2. But I believe 1.4.10 is fine too. > My final problem is to get an explanation of fourth voice RSA and RSA > , why I can't encrypt a file with a key pair generated with this option ? In Terminal choice number (4) is: Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) That is: "RSA (sign only). As its name indicates, it's only for signing, you can't use it for encryption. As for RSA and RSA choice number (1), I ran a test, and generated an RSA keypair, that includes an Encryption subkey. Regards, Charly MacOS 10.6.5-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.16 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 - Running Enigmail version 1.1.2 (20100629-1412) From reinhard.irmer at kabelmail.de Sun Nov 14 21:01:10 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Sun, 14 Nov 2010 21:01:10 +0100 Subject: AW: AW: problem with german umlauts In-Reply-To: <4CDFB79B.5050903@adversary.org> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> <4CDFB79B.5050903@adversary.org> Message-ID: <000601cb8436$af427660$0dc76320$@irmer@kabelmail.de> Hi Ben, you wrote on So, 14.Nov.2010 (11:19:07): > On 14/11/10 8:52 PM, Reinhard Irmer wrote: >> you wrote on So, 14.Nov.2010 (02:13:47): >> >>> You should be able to change the Thunderbird setting to UTF-8 and >>> make it behave in View -> Character Encoding. >> >> View utf-8: umlauts in body or utf-8-characters in body are OK, >> umlauts in headerpane are destroyed (shown as ? in black square) >> >> View iso-8859-1: umlauts in body are OK, utf-8-characters in body are >> destroyed (o?o) = (o??o), umlauts in headerpane are OK > > Okay, what about the preferences for Thunderbird? I'm assuming you're > using Windows for all these, in which case go to Tools -> Options -> > Display -> Formatting -> Advanced. Character Encodings for both > outgoing (composition) and incoming mail are set here (I'm assuming > that your setting was only in the View -> Character encoding section). > You'll want this to match everything else (although it shouldn't > matter if View -> Character Encoding resets itself to ISO-8859-1 if > the other two are set to UTF-8). I'm not so familiar with TB because my favourite client is 40tude-dialog, where everything works fine. I only tested the probs with TB to see,if there are differences in showing the characters. I had set the options in TB for incoming/outgoing msgs. to iso-8859-1; now I changed to utf-8 and now I will see, if problems getting solved with this. When I have results I'll tell you. -- So long Reinhard --- [on OUTLOOK2007 with QF-Macros] --- From ben at adversary.org Sun Nov 14 23:33:24 2010 From: ben at adversary.org (Ben McGinnes) Date: Mon, 15 Nov 2010 09:33:24 +1100 Subject: AW: AW: problem with german umlauts In-Reply-To: <000601cb8436$af427660$0dc76320$@irmer@kabelmail.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> <4CDFB79B.5050903@adversary.org> <000601cb8436$af427660$0dc76320$@irmer@kabelmail.de> Message-ID: <4CE063B4.4030704@adversary.org> On 15/11/10 7:01 AM, Reinhard Irmer wrote: > > I'm not so familiar with TB because my favourite client is > 40tude-dialog, where everything works fine. I only tested the probs > with TB to see,if there are differences in showing the characters. I > had set the options in TB for incoming/outgoing msgs. to iso-8859-1; > now I changed to utf-8 and now I will see, if problems getting > solved with this. When I have results I'll tell you. Cool, I just double-checked in a couple of other messages, one in this thread and one in another list, and TB has no problem displaying umlauts in both the body and in the headers (From field). The characters checked were ? and ?. With UTF-8 it also has no problem with most other characters incorporated in the unicode character set (this can sometimes be affected by additions to unicode after the release of the operating system or software used). Somewhere around here I've got an auto-response to a mailing list in Chinese with the Chinese characters in both the headers and the body. In that case I was able to copy those characters into Google's translation page (which is how I know it was an auto-response) and paste my own translated response to it. All of this displayed fine in Thunderbird, even though I didn't use the unicode codes when I entered my response. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From chetan.arora at orange-ftgroup.com Mon Nov 15 10:14:37 2010 From: chetan.arora at orange-ftgroup.com (chetan.arora at orange-ftgroup.com) Date: Mon, 15 Nov 2010 17:14:37 +0800 Subject: Windows 2008 compatible version of GPG Message-ID: <920_1289812510_4CE0FA1E_920_157093_2_8417F74A6C5AD44AB62DCB0225114D75012993D8@PCEXCB20.sin.equant.com> Hi, I need to use GPG on Windows 2008. I tried installing GPG 1.4.11 (gnupg-w32cli-1.4.11.exe) but it doesnt seem to install. Please help! Regards, Chetan Arora Customer Relationship Management (CRM) Information Technology & Systems Orange Business Services Gurgaon, India CVS: 357-6427 Mobile Phone: +91-9810107763 http://www.equant.com ********************************* This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ******************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/bmp Size: 4918 bytes Desc: Orange.bmp URL: From olav at mozilla-enigmail.org Mon Nov 15 12:40:41 2010 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Mon, 15 Nov 2010 12:40:41 +0100 Subject: Windows 2008 compatible version of GPG In-Reply-To: <920_1289812510_4CE0FA1E_920_157093_2_8417F74A6C5AD44AB62DCB0225114D75012993D8@PCEXCB20.sin.equant.com> References: <920_1289812510_4CE0FA1E_920_157093_2_8417F74A6C5AD44AB62DCB0225114D75012993D8@PCEXCB20.sin.equant.com> Message-ID: <4CE11C39.7020105@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Chetan, gnupg.org's Installer doesn't add a PATH, so you must either do that manually or call it directly from "program files[ (x86)\GNU\gnupg" or use the gpg4win installer from http://gpg4win.org/ Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJM4Rw2AAoJEKGX32tq4e9WJTEMAIbxMOP8YjU0gQf5AAxaWJAy ZZMRXx/jb6X5bJGun8BitkMj9izDR5NEKKGsIuGGck8MoyNbdseAHrddC/w6V0Wm BXuGQFiRDtf7X+gWhKXxY2GONrrU+Fk7mmZG0CciF0mXLx5KvVzosjqAGIZ0C2/A lFlCcIuesL2Z+imA12s0pM6fNl94lYc/ABtxf4lws2LA2NZ3Xzdc8+qMiv7Kukmb QSclT1QIb5nB+iYQFTT8rKPyjpgLuTj/2YbtMczdpd3qOrRFZGEN+iHrUsco0V3Q fjnK5kqzqytqI+HUicfE0NWBe1oefvY8E1r3XLWNb4XychqoI1rMCPT8n6QLsCuG yb8tFrTN6tz1DVSY53LFiHBQjUSPWt9j6hAGiLbJXdA8IETDLGJbp8jz5E4gnZs5 JOKdzVUCgQQVyowXJ5e9M+U/RHMCE1ADY3QuRHUt8kbi2lvpFe0eVaGwZqVak2uV HfekDh63JW4qwlJy9oHSntvPH6Vlygy0MVwsJo4GwA== =TQz7 -----END PGP SIGNATURE----- From l_elcocks at hotmail.co.uk Mon Nov 15 15:45:57 2010 From: l_elcocks at hotmail.co.uk (Lee Elcocks) Date: Mon, 15 Nov 2010 14:45:57 +0000 Subject: GPG4WIN Message-ID: Hi Couple of questions if i can about GPG4Win? I need to import .p12 files, how do i do this via the command line Do i need to make config changes somewhere? Can i automate GPG2 like i could GPG? Can i make a config file and load extension IDEA.dll so that it can use IDEA algorithm? Are the command switches and options the same as GPG but with a 2? (GPG2) Thankyou -------------- next part -------------- An HTML attachment was scrubbed... URL: From lopaki at gmail.com Mon Nov 15 21:19:59 2010 From: lopaki at gmail.com (Scott Lambdin) Date: Mon, 15 Nov 2010 15:19:59 -0500 Subject: Examine a key file Message-ID: Greetings: If I have a base 64 exported PGP key, how can I extract the descriptive data about the key without importing it? I just want to see this stuff: pub 1024D/B00BFACE 2010-10-11 uid SOMEPLACE sub 1024g/68EEEE20 2010-10-11 --Scott -- There's a box? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rjh at sixdemonbag.org Mon Nov 15 22:21:28 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 15 Nov 2010 16:21:28 -0500 Subject: Examine a key file In-Reply-To: References: Message-ID: <4CE1A458.9030608@sixdemonbag.org> On 11/15/2010 3:19 PM, Scott Lambdin wrote: > If I have a base 64 exported PGP key, how can I extract the > descriptive data about the key without importing it? Never tested it, but this should work (or come close to working): gpg --dry-run -vvvv --import pubkey.asc This will spam you with a *ton* of information, all in textual format. It can be parsed out with flex/bison pretty easily, or munged with your Swiss Army chainsaw of choice. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From kloecker at kde.org Mon Nov 15 22:38:57 2010 From: kloecker at kde.org (Ingo =?iso-8859-15?q?Kl=F6cker?=) Date: Mon, 15 Nov 2010 22:38:57 +0100 Subject: Examine a key file In-Reply-To: <4CE1A458.9030608@sixdemonbag.org> References: <4CE1A458.9030608@sixdemonbag.org> Message-ID: <201011152239.10529@thufir.ingo-kloecker.de> On Monday 15 November 2010, Robert J. Hansen wrote: > On 11/15/2010 3:19 PM, Scott Lambdin wrote: > > If I have a base 64 exported PGP key, how can I extract the > > > > descriptive data about the key without importing it? > > Never tested it, but this should work (or come close to working): > > gpg --dry-run -vvvv --import pubkey.asc Way too complicated. :-) The following is sufficient: gpg -v From rjh at sixdemonbag.org Mon Nov 15 22:42:06 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 15 Nov 2010 16:42:06 -0500 Subject: Examine a key file In-Reply-To: <201011152239.10529@thufir.ingo-kloecker.de> References: <4CE1A458.9030608@sixdemonbag.org> <201011152239.10529@thufir.ingo-kloecker.de> Message-ID: <4CE1A92E.7030404@sixdemonbag.org> On 11/15/2010 4:38 PM, Ingo Kl?cker wrote: > The following is sufficient: > gpg -v From dshaw at jabberwocky.com Mon Nov 15 22:42:20 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 15 Nov 2010 16:42:20 -0500 Subject: Examine a key file In-Reply-To: References: Message-ID: <89AE7A7E-A295-47F0-A2C1-BB674E7CDB57@jabberwocky.com> On Nov 15, 2010, at 3:19 PM, Scott Lambdin wrote: > > Greetings: > > If I have a base 64 exported PGP key, how can I extract the descriptive data about the key without importing it? > > I just want to see this stuff: > > pub 1024D/B00BFACE 2010-10-11 > uid SOMEPLACE > sub 1024g/68EEEE20 2010-10-11 Just run gpg on the file (i.e. "gpg my-base-64-exported-key.asc"). No special arguments needed. David From dshaw at jabberwocky.com Mon Nov 15 22:46:00 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Mon, 15 Nov 2010 16:46:00 -0500 Subject: Examine a key file In-Reply-To: <4CE1A92E.7030404@sixdemonbag.org> References: <4CE1A458.9030608@sixdemonbag.org> <201011152239.10529@thufir.ingo-kloecker.de> <4CE1A92E.7030404@sixdemonbag.org> Message-ID: <9F627A25-CB82-4250-814F-EE714D714C43@jabberwocky.com> On Nov 15, 2010, at 4:42 PM, Robert J. Hansen wrote: > On 11/15/2010 4:38 PM, Ingo Kl?cker wrote: >> The following is sufficient: >> gpg -v > Doesn't this import the key? The OP specified that it ought not import > the key. It does not import the key unless you explicitly say --import. David From reinhard.irmer at kabelmail.de Tue Nov 16 10:17:34 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Tue, 16 Nov 2010 10:17:34 +0100 Subject: problem with german umlauts In-Reply-To: <4CE063B4.4030704@adversary.org> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> <4CDFB79B.5050903@adversary.org> <000601cb8436$af427660$0dc76320$@irmer@kabelmail.de> <4CE063B4.4030704@adversary.org> Message-ID: <002901cb856f$1a6ff500$4f4fdf00$-MAIL-@oox1xoo.my-fqdn.de> Hi Ben, you wrote on So, 14.Nov.2010 (23:33:24): > On 15/11/10 7:01 AM, Reinhard Irmer wrote: >> I'm not so familiar with TB because my favourite client is >> 40tude-dialog, where everything works fine. I only tested the probs >> with TB to see,if there are differences in showing the characters. I >> had set the options in TB for incoming/outgoing msgs. to iso-8859-1; >> now I changed to utf-8 and now I will see, if problems getting solved >> with this. When I have results I'll tell you. > Cool, I just double-checked in a couple of other messages, one in this > thread and one in another list, and TB has no problem displaying > umlauts in both the body and in the headers (From field). The characters checked were ? and ?. > With UTF-8 it also has no problem with most other characters > incorporated in the unicode character set (this can sometimes be > affected by additions to unicode after the release of the operating system or software used). Now I checked it out: setting all TB-prefs to utf-8 and post new mail/news with TB, all characters are good. Replying to that msgs with TB, all characters (in header- and bodypane) are good. Posting news with a different client or replying with this different client on TB-sent news AND prefs in diff. client are set to iso-8859-1 or -15, TB shows all characters well. If different client is set to utf-8, TB shows the chars BAD in headerpane and good in bodypane. If I change view to iso-8859-1/15 chars in headerpane getting well but in bodypane bad. > Somewhere around here I've got an auto-response to a mailing list in > Chinese with the Chinese characters in both the headers and the body. > In that case I was able to copy those characters into Google's > translation page (which is how I know it was an auto-response) and > paste my own translated response to it. All of this displayed fine in > Thunderbird, even though I didn't use the unicode codes when I entered my response. Translation chinese/... via Google...... good idea :-) Btw: this mail is header-signed. Did you get GOOD SIG on verifying? -- regards Reinhard --- [on OUTLOOK2007 with QF-Macros] --- From j-001 at ottosson.nu Tue Nov 16 11:05:05 2010 From: j-001 at ottosson.nu (J. Ottosson) Date: Tue, 16 Nov 2010 11:05:05 +0100 Subject: Testing with card, some questions Message-ID: <4CE25751.22935.9D520F8B@j-001.ottosson.nu> Hi, I have tested a little with the openpgp card v2 and have some thoughts. First, I'm quite impressed, lightning fast delivery of the stuff and the hw seem to work perfectly. It took like 10s to get the reader to work, no drivers installed on this 64 bit 2003 R2 server I was sitting on, impressive. (Thanx to the internal CCID driver I presume?). I generated keys ON the card, worked without problems. I chose the option to save backup during generation, first question I think (even though this was a test key) and that worked, I guess, even though I wasn't able to decrypt the file afterwards, but I only spent a few seconds on that particular issue. One thing that puzzled me afterwards is that I seem to be able to make a _backup_ of the onboard keys from GPA GUI, just as from any other keys. Even more puzzling (which lead me to believe that the backup just mentioned above was not made from card?) is that after having removed the card I could still see the card details(!). It appears to me that the card-generated secret key, indeed all keys, have been imported into the ordinary key rings somehow. Looking at --list-keys and --list-secret-keys seem to verify that.. At which point did I merge/import the card-generated private key into the .gpg secret keyring? This was not something I thought I actually did, which means I have to verify what happened before I start using the card for real stuff :) So what did I miss here? The installation used is a GPG4WIN with GnuPG 2.0.14 on a 64 bit Windows server. The reader is a SCR335. TIA, /J From mail at klomp.eu Tue Nov 16 11:15:22 2010 From: mail at klomp.eu (Sven Klomp) Date: Tue, 16 Nov 2010 11:15:22 +0100 Subject: Testing with card, some questions In-Reply-To: <4CE25751.22935.9D520F8B@j-001.ottosson.nu> References: <4CE25751.22935.9D520F8B@j-001.ottosson.nu> Message-ID: <201011161115.23053.mail@klomp.eu> On Tuesday 16 November 2010 11:05:05 J. Ottosson wrote: > Even more puzzling (which lead me to believe that the backup just mentioned > above was not made from card?) is that after having removed the card I could > still see the card details(!). This seems to be a bug of scdaemon. Kill the daemon and gpg -card-status will have no information. Insert the card and the informations is available... You could also try to decrypt or sign a file, while the card is not inserted. It should fail... Regards Sven From j-001 at ottosson.nu Tue Nov 16 12:06:12 2010 From: j-001 at ottosson.nu (J. Ottosson) Date: Tue, 16 Nov 2010 12:06:12 +0100 Subject: Testing with card, some questions In-Reply-To: <201011161115.23053.mail@klomp.eu> References: <4CE25751.22935.9D520F8B@j-001.ottosson.nu>, <201011161115.23053.mail@klomp.eu> Message-ID: <4CE265A4.22355.9D8A046F@j-001.ottosson.nu> On 16 Nov 2010 at 11:15, Sven Klomp wrote: > On Tuesday 16 November 2010 11:05:05 J. Ottosson wrote: > > Even more puzzling (which lead me to believe that the backup just > > mentioned above was not made from card?) is that after having removed > > the card I could still see the card details(!). > > This seems to be a bug of scdaemon. Kill the daemon and gpg -card-status > will have no information. Insert the card and the informations is > available... You could also try to decrypt or sign a file, while the card > is not inserted. It should fail... Signing fails, it asks for card with specific serial number, but exporting secret key works (doing backup through GUI). /J > > Regards > Sven > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From mail at klomp.eu Tue Nov 16 12:29:01 2010 From: mail at klomp.eu (Sven Klomp) Date: Tue, 16 Nov 2010 12:29:01 +0100 Subject: Fwd: Re: Testing with card, some questions Message-ID: <201011161229.01761.mail@klomp.eu> I foward this message to the list. It seems that reply-to of the mailing-list configuration is not correctly set... ---------- Forwarded Message ---------- Subject: Re: Testing with card, some questions Date: Tuesday 16 November 2010, 11:40:49 From: "J. Ottosson" To: Sven Klomp On 16 Nov 2010 at 11:15, Sven Klomp wrote: > This seems to be a bug of scdaemon. Kill the daemon and gpg -card-status > will have no information. Insert the card and the informations is > available... You could also try to decrypt or sign a file, while the card > is not inserted. It should fail... Also, when having card OUT, in GPA GUI card-key is present, with also the icon indicating it is indeed a cmartcard key and when doing the backup the resulting file indeed have both public and private keys in it.. It feels like GPG has the keys in ordinary key files, but indicates nonetheless that the keys originates from the card, hence the icon, and is either way able to make the complete backup. There is a slight risk of confusion here. There is the risk that I, the user, feels comfortable that the key is in (and only in) the card when that icons shows in the GUI. I don't understand how that could be unless I somehow accidently and without realizing it imported the newly generated - and backed up - keys when looking at the backup file just after the smartcard keys were generated. And even so, perhaps somehow the user should be warned that key is not 'only' on the card, somehow. Perhaps I should kill the keys and test again, without making backups this time.. Any other notes on the subject welcome. /J > > Regards > Sven ----------------------------------------- From j-001 at ottosson.nu Tue Nov 16 12:45:55 2010 From: j-001 at ottosson.nu (J. Ottosson) Date: Tue, 16 Nov 2010 12:45:55 +0100 Subject: Testing with card, some questions In-Reply-To: <201011161229.01761.mail@klomp.eu> References: <201011161229.01761.mail@klomp.eu> Message-ID: <4CE26EF3.18805.9DAE6230@j-001.ottosson.nu> Thanx, A final small test before I awaite some wise advice.. I manually deleted the keys in the keyrings, which were obvioulusly there, that does not end my questions though. Now I don't see the keys in list-keys etc when card is not active, good so far then :) However when I now use the card, the card contents is visable in GPA Card manager just fine, as with --card-status in cmd. However, now the onboard keys seem nonexistent to GPA itself. When trying to sign something, the card key is NOT visable when card is in and not showed amongst those to chose from. And the key does not show up in keyring listings. I can have card manager up and remove-add the card repeatidly and it's noticed on the fly with no problems. Refreshing makes no difference for GPA key manager. I have tried killing the service you mentioned but see no change. Am I still missing something? TIA, /J On 16 Nov 2010 at 12:29, Sven Klomp wrote: > I foward this message to the list. It seems that reply-to of the > mailing-list configuration is not correctly set... > > > ---------- Forwarded Message ---------- > > Subject: Re: Testing with card, some questions > Date: Tuesday 16 November 2010, 11:40:49 > From: "J. Ottosson" > To: Sven Klomp > > On 16 Nov 2010 at 11:15, Sven Klomp wrote: > > > This seems to be a bug of scdaemon. Kill the daemon and gpg -card-status > > will have no information. Insert the card and the informations is > > available... You could also try to decrypt or sign a file, while the > > card is not inserted. It should fail... > > Also, when having card OUT, in GPA GUI card-key is present, with also the > icon indicating it is indeed a cmartcard key and when doing the backup the > resulting file indeed have both public and private keys in it.. > > It feels like GPG has the keys in ordinary key files, but indicates > nonetheless that the keys originates from the card, hence the icon, and is > either way able to make the complete backup. > > There is a slight risk of confusion here. There is the risk that I, the > user, feels comfortable that the key is in (and only in) the card when > that icons shows in the GUI. > > I don't understand how that could be unless I somehow accidently and > without realizing it imported the newly generated - and backed up - keys > when looking at the backup file just after the smartcard keys were > generated. And even so, perhaps somehow the user should be warned that key > is not 'only' on the card, somehow. > > Perhaps I should kill the keys and test again, without making backups this > time.. Any other notes on the subject welcome. > > /J > > > > > > Regards > > Sven > > > > ----------------------------------------- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From marco+gnupg at websource.ch Tue Nov 16 11:42:46 2010 From: marco+gnupg at websource.ch (Marco Steinacher) Date: Tue, 16 Nov 2010 11:42:46 +0100 Subject: Testing with card, some questions In-Reply-To: <4CE25751.22935.9D520F8B@j-001.ottosson.nu> References: <4CE25751.22935.9D520F8B@j-001.ottosson.nu> Message-ID: <4CE26026.1070004@websource.ch> Hi J, Gnupg creates secret key stubs in your keyring. These are just meta data, i.e. references to the keys on your card. They can be deleted and are created automatically again if you do a 'gpg --card-status'. Probably the backup you mentioned just contains these stubs. Check if in the 'gpg --list-secret-keys' output a '>' is appended to ssb for the subkeys: ssb> 2048R/053C97FB 2009-12-12 ssb> 2048R/C94FA522 2009-12-12 ssb> 2048R/7DBD8911 2009-12-12 AFAIK the '>' indicates that these are stubs. You can also double-check this with 'gpg --export-secret-key | gpg -vv'. Then you should see secret sub key packets with 'gnu-divert-to-card S2K' in it. If it's not a stub there would be something like 'iter+salt S2K' instead. In the same way you can also check if the secret main key is stored in the keyring (which you usually don't want when using a smartcard). If it's not present a hash sign (#) is appended to 'sec' and in the -vv output you will find 'gnu-dummy S2K' in the secret key packet. HTH, Marco J. Ottosson wrote: > Hi, > > I have tested a little with the openpgp card v2 and have some thoughts. > > First, I'm quite impressed, lightning fast delivery of the stuff and the hw seem > to work perfectly. > > It took like 10s to get the reader to work, no drivers installed on this 64 bit > 2003 R2 server I was sitting on, impressive. (Thanx to the internal CCID driver > I presume?). > > I generated keys ON the card, worked without problems. I chose the option to > save backup during generation, first question I think (even though this was a > test key) and that worked, I guess, even though I wasn't able to decrypt the > file afterwards, but I only spent a few seconds on that particular issue. > > One thing that puzzled me afterwards is that I seem to be able to make a > _backup_ of the onboard keys from GPA GUI, just as from any other keys. > > Even more puzzling (which lead me to believe that the backup just mentioned > above was not made from card?) is that after having removed the card I could > still see the card details(!). > > It appears to me that the card-generated secret key, indeed all keys, have been > imported into the ordinary key rings somehow. > > Looking at --list-keys and --list-secret-keys seem to verify that.. > > At which point did I merge/import the card-generated private key into the .gpg > secret keyring? This was not something I thought I actually did, which means I > have to verify what happened before I start using the card for real stuff :) > > So what did I miss here? > > The installation used is a GPG4WIN with GnuPG 2.0.14 on a 64 bit Windows server. > The reader is a SCR335. > > TIA, > > /J > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- OpenPGP Key ID: 0x62937F7F -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 552 bytes Desc: OpenPGP digital signature URL: From j-001 at ottosson.nu Tue Nov 16 17:13:13 2010 From: j-001 at ottosson.nu (J. Ottosson) Date: Tue, 16 Nov 2010 17:13:13 +0100 Subject: Testing with card, some questions In-Reply-To: <4CE26026.1070004@websource.ch> References: <4CE25751.22935.9D520F8B@j-001.ottosson.nu>, <4CE26026.1070004@websource.ch> Message-ID: <4CE2AD99.15007.B1F743@j-001.ottosson.nu> Thanks for your answer. On 16 Nov 2010 at 11:42, Marco Steinacher wrote: > Hi J, > > Gnupg creates secret key stubs in your keyring. These are just meta > data, i.e. references to the keys on your card. They can be deleted and > are created automatically again if you do a 'gpg --card-status'. Probably > the backup you mentioned just contains these stubs. > > Check if in the 'gpg --list-secret-keys' output a '>' is appended to ssb > for the subkeys: > > ssb> 2048R/053C97FB 2009-12-12 > ssb> 2048R/C94FA522 2009-12-12 > ssb> 2048R/7DBD8911 2009-12-12 Hmm actually.. even after a system reboot just in case (have been messing with services back and forth) the keys on the card does now NOT show up in GPA key manager at all. In GPA Card Manager and using the --card-status or the --card-edit commands in cmd the keys on the card and the card itself look just fine. What you're writing above seem to suggest that "gpg --card-status" should rebuild whatever needs rebuilding but I can't verify this here. Not at all. I don't understand how the GPA's Card manager can see the card just fine but the keys still don't show in key manager? Obviously now I'm missing something else. Feel free to enlighten me. :) /J > > AFAIK the '>' indicates that these are stubs. You can also double-check > this with 'gpg --export-secret-key | gpg -vv'. Then you should see > secret sub key packets with 'gnu-divert-to-card S2K' in it. If it's not a > stub there would be something like 'iter+salt S2K' instead. > > In the same way you can also check if the secret main key is stored in the > keyring (which you usually don't want when using a smartcard). If it's not > present a hash sign (#) is appended to 'sec' and in the -vv output you > will find 'gnu-dummy S2K' in the secret key packet. > > HTH, > Marco > > J. Ottosson wrote: > > Hi, > > > > I have tested a little with the openpgp card v2 and have some thoughts. > > > > First, I'm quite impressed, lightning fast delivery of the stuff and the > > hw seem to work perfectly. > > > > It took like 10s to get the reader to work, no drivers installed on this > > 64 bit 2003 R2 server I was sitting on, impressive. (Thanx to the > > internal CCID driver I presume?). > > > > I generated keys ON the card, worked without problems. I chose the > > option to save backup during generation, first question I think (even > > though this was a test key) and that worked, I guess, even though I > > wasn't able to decrypt the file afterwards, but I only spent a few > > seconds on that particular issue. > > > > One thing that puzzled me afterwards is that I seem to be able to make a > > _backup_ of the onboard keys from GPA GUI, just as from any other keys. > > > > Even more puzzling (which lead me to believe that the backup just > > mentioned above was not made from card?) is that after having removed > > the card I could still see the card details(!). > > > > It appears to me that the card-generated secret key, indeed all keys, > > have been imported into the ordinary key rings somehow. > > > > Looking at --list-keys and --list-secret-keys seem to verify that.. > > > > At which point did I merge/import the card-generated private key into > > the .gpg secret keyring? This was not something I thought I actually > > did, which means I have to verify what happened before I start using the > > card for real stuff :) > > > > So what did I miss here? > > > > The installation used is a GPG4WIN with GnuPG 2.0.14 on a 64 bit Windows > > server. The reader is a SCR335. > > > > TIA, > > > > /J > > > > > > > > _______________________________________________ > > Gnupg-users mailing list > > Gnupg-users at gnupg.org > > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > -- > OpenPGP Key ID: 0x62937F7F > > From lopaki at gmail.com Tue Nov 16 17:37:31 2010 From: lopaki at gmail.com (Scott Lambdin) Date: Tue, 16 Nov 2010 11:37:31 -0500 Subject: Examine a key file In-Reply-To: <9F627A25-CB82-4250-814F-EE714D714C43@jabberwocky.com> References: <4CE1A458.9030608@sixdemonbag.org> <201011152239.10529@thufir.ingo-kloecker.de> <4CE1A92E.7030404@sixdemonbag.org> <9F627A25-CB82-4250-814F-EE714D714C43@jabberwocky.com> Message-ID: Thanks, all. On Mon, Nov 15, 2010 at 4:46 PM, David Shaw wrote: > On Nov 15, 2010, at 4:42 PM, Robert J. Hansen wrote: > > > On 11/15/2010 4:38 PM, Ingo Kl?cker wrote: > >> The following is sufficient: > >> gpg -v > > > Doesn't this import the key? The OP specified that it ought not import > > the key. > > It does not import the key unless you explicitly say --import. > > David > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- There's a box? -------------- next part -------------- An HTML attachment was scrubbed... URL: From bo.berglund at gmail.com Wed Nov 17 07:33:25 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Wed, 17 Nov 2010 07:33:25 +0100 Subject: GPG on Windows 7? Message-ID: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> Is it possible to use GPG on Windows 7 (32 and 64 bit)? We have kept using Gpg4Win 1.1.4 for some time since when we tried the version 2.0.0 it killed certain functions on our PC:s (I think for instance Outlook went haywire). But now our IT person says GPG does not work on Windows 7, so what is the final verdict here? We use GPGee for encrypting files since we cannot use Outlook email encryption, so we need this to work in the Explorer for Windows 7 too. Or is there a new version that can handle the Outlook emails properly? Note: we do not want to change into only using plain text emails. -- Bo Berglund Developer in Sweden From shavital at mac.com Wed Nov 17 10:37:32 2010 From: shavital at mac.com (Charly Avital) Date: Wed, 17 Nov 2010 04:37:32 -0500 Subject: GPG on Windows 7? In-Reply-To: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> Message-ID: <4CE3A25C.7030207@mac.com> Bo Berglund wrote the following on 11/17/10 1:33 AM: > Is it possible to use GPG on Windows 7 (32 and 64 bit)? I am running Gpg4win 2.0.4 on a desktop Acer Inspire, under Windows 7 Home Premium 64bits. For test only. I am a Macintosh user, the Acer (incredible machine) is a present from the family. > We have kept using Gpg4Win 1.1.4 for some time since when we tried the > version 2.0.0 it killed certain functions on our PC:s (I think for > instance Outlook went haywire). Outlook (Office 2007) recognizes gpg 2.0.14, but the interaction, IMO, is unreliable. For an example, Outlook strips in-line signed messages of what it calls "extra line-returns" (?), therefore invalidating the signature. Encrypted and signed messages are processed correctly. I have still to text interaction with Thunderbird+Enigmail. > But now our IT person says GPG does not work on Windows 7, so what is > the final verdict here? I am far, far from being an IT person. I am just an empirical end-user > > We use GPGee for encrypting files since we cannot use Outlook email > encryption, so we need this to work in the Explorer for Windows 7 too. > > Or is there a new version that can handle the Outlook emails > properly? Note: we do not want to change into only using plain text > emails. Generally speaking, if you want to use *also* HTML emails with encryption, you are headed for trouble, but that's your choice. If I get more meaningful results of my tests, I shall update you. Best regards, Charly MacOS 10.6.5-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.16 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 - Running Enigmail version 1.1.2 (20100629-1412) From wk at gnupg.org Wed Nov 17 08:48:52 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 17 Nov 2010 08:48:52 +0100 Subject: FW: Import .p12 key file In-Reply-To: (Lee Elcocks's message of "Thu, 11 Nov 2010 15:55:35 +0000") References: <4CDAD84B.2040207@sixdemonbag.org> <8739r9vxpc.fsf@vigenere.g10code.de> Message-ID: <87pqu4xue3.fsf@gnupg.org> On Thu, 11 Nov 2010 16:55, l_elcocks at hotmail.co.uk said: > if i import a p12 key file into a trial version of PGP and then export the key back out (including the private key) i can then import the key into GPG. PGP exports the key as a .ASC file. I don't know for sure but an educated guess is: PGP has a feature to include X.509 keys into a standard OpenPGP key. It might be that PGP creates a standard OpenPGP key from the pkcs#12 file (which usually means an X.509 key) and also includes the X.509 key into that new OpenPGP key. Hal Finney once sent out a description of this private PGP extension. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Nov 16 14:44:37 2010 From: wk at gnupg.org (Werner Koch) Date: Tue, 16 Nov 2010 14:44:37 +0100 Subject: Testing with card, some questions In-Reply-To: <201011161115.23053.mail@klomp.eu> (Sven Klomp's message of "Tue, 16 Nov 2010 11:15:22 +0100") References: <4CE25751.22935.9D520F8B@j-001.ottosson.nu> <201011161115.23053.mail@klomp.eu> Message-ID: <8762vxe62i.fsf@gnupg.org> On Tue, 16 Nov 2010 11:15, mail at klomp.eu said: > This seems to be a bug of scdaemon. Kill the daemon and gpg > -card-status will Meanwhile the problem has been pointed out to me: We are using the wrong constants for PC/SC: pcsclite (Unix) and PC/SC (Windows) are not API compatible. We don't use the actual header files so to make it possible to dymanically load PC/SC support if available and to avoid an extr abuild dependency. Will will do a fix for the next gpg4win release. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From rjh at sixdemonbag.org Wed Nov 17 14:34:05 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 17 Nov 2010 08:34:05 -0500 Subject: GPG on Windows 7? In-Reply-To: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> Message-ID: <4CE3D9CD.7010202@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/17/2010 1:33 AM, Bo Berglund wrote: > Is it possible to use GPG on Windows 7 (32 and 64 bit)? Given this message is composed and signed on a Win7/64 box, the answer is "yes." -----BEGIN PGP SIGNATURE----- iFYEAREIAAYFAkzj2c0ACgkQI4Br5da5jhDLYQDfX+jhzxYw8t9+3/JsadrWrSQ6 l6CI/KRP2QZ/KgDfeG33kjySJje15j1AaIipqeSOwYg3W7Uy6AbijQ== =p+HE -----END PGP SIGNATURE----- From gnupg.user at seibercom.net Wed Nov 17 14:45:16 2010 From: gnupg.user at seibercom.net (Jerry) Date: Wed, 17 Nov 2010 08:45:16 -0500 Subject: GPG on Windows 7? In-Reply-To: <4CE3A25C.7030207@mac.com> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> Message-ID: <20101117084516.2688d66c@scorpio> On Wed, 17 Nov 2010 04:37:32 -0500 Charly Avital articulated: > Bo Berglund wrote the following on 11/17/10 1:33 AM: > > Is it possible to use GPG on Windows 7 (32 and 64 bit)? > > I am running Gpg4win 2.0.4 on a desktop Acer Inspire, under Windows 7 > Home Premium 64bits. > > For test only. I am a Macintosh user, the Acer (incredible machine) > is a present from the family. > > > We have kept using Gpg4Win 1.1.4 for some time since when we tried > > the version 2.0.0 it killed certain functions on our PC:s (I think > > for instance Outlook went haywire). > > Outlook (Office 2007) recognizes gpg 2.0.14, but the interaction, IMO, > is unreliable. > > For an example, Outlook strips in-line signed messages of what it > calls "extra line-returns" (?), therefore invalidating the signature. PGP in-line is deprecated anyway. Personally, it is a distraction when I have to strip that crap out of messages when replying. Worse, it invalidates "sig-delimiters". I would call this a _welcome_ feature from Outlook. In any case, Outlook 2007 is deprecated also. Comparing a nearly four year old version is counter productive. Update to the 2010 version and see if your problems still exist. > Encrypted and signed messages are processed correctly. > > I have still to text interaction with Thunderbird+Enigmail. > > > But now our IT person says GPG does not work on Windows 7, so what > > is the final verdict here? Windows 7 (32) or (64) bit? I have heard of problems with GPG not working correctly with the 64 bit system due to problems with the GPG libraries not being true 64 bit. > I am far, far from being an IT person. I am just an empirical end-user > > > > We use GPGee for encrypting files since we cannot use Outlook email > > encryption, so we need this to work in the Explorer for Windows 7 > > too. Why? -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Si la vitesse de la lumi?re est 186,000 miles par seconde, quelle est la vitesse du noir? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From shavital at mac.com Wed Nov 17 17:15:06 2010 From: shavital at mac.com (Charly Avital) Date: Wed, 17 Nov 2010 11:15:06 -0500 Subject: GPG on Windows 7? In-Reply-To: <20101117084516.2688d66c@scorpio> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> <20101117084516.2688d66c@scorpio> Message-ID: <4CE3FF8A.7010503@mac.com> Jerry wrote the following on 11/17/10 8:45 AM: > PGP in-line is deprecated anyway. Interesting. Can you please document? Thanks. > Personally, it is a distraction when > I have to strip that crap out of messages when replying. I don't mind. > Worse, it > invalidates "sig-delimiters". I would call this a _welcome_ feature > from Outlook. Also interesting. > In any case, Outlook 2007 is deprecated also. Comparing a > nearly four year old version is counter productive. Update to the 2010 > version and see if your problems still exist. I have no intention to update Outlook because I don't intend to use it for practical purposes, but thanks for the advice. > > Windows 7 (32) or (64) bit? I have heard of problems with GPG not > working correctly with the 64 bit system due to problems with the GPG > libraries not being true 64 bit. That's probably the cause. >>> We use GPGee for encrypting files since we cannot use Outlook email >>> encryption, so we need this to work in the Explorer for Windows 7 >>> too. > > Why? This question should be answered by bo.berglund at gmail.com. Regards, Charly From rjh at sixdemonbag.org Wed Nov 17 17:46:18 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 17 Nov 2010 11:46:18 -0500 Subject: GPG on Windows 7? In-Reply-To: <4CE3FF8A.7010503@mac.com> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> <20101117084516.2688d66c@scorpio> <4CE3FF8A.7010503@mac.com> Message-ID: <4CE406DA.1090800@sixdemonbag.org> On 11/17/2010 11:15 AM, Charly Avital wrote: > Interesting. Can you please document? Thanks. As near as I can tell, there is no basis for the claim "inline PGP is deprecated." It is deprecated in the minds of some people, but that's not the same as it being deprecated. RFC3156 (which most people cite when talking about inline PGP being deprecated) has been out of date for quite some time and is not all that compatible with RFC4880. For instance, from RFC3156, "OpenPGP signed data": "Currently defined values are 'pgp-md5', 'pgp-sha1', 'pgp-ripemd160', 'pgp-md2', 'pgp-tiger192', and 'pgp-haval-5-160'." Strict RFC3156 conformance means the only two GnuPG hashes you can use are SHA-1 and RIPEMD-160, neither of which has strong long-term prospects. This, alone, should be enough for us to say RFC3156 should not be considered normative of PGP usage. Speaking only for myself, I consider RFC4880 normative, and RFC3156 obsolescent. >From the original poster: >> In any case, Outlook 2007 is deprecated also. It most definitely is /not/ deprecated. According to Microsoft [1], it will not enter end-of-life until 2012. [1] http://support.microsoft.com/lifecycle/?LN=en-us&x=11&y=10&p1=11335 >> Windows 7 (32) or (64) bit? I have heard of problems with GPG not >> working correctly with the 64 bit system due to problems with the GPG >> libraries not being true 64 bit. Never seen it happen myself, and I find it unlikely. Win 7/64 offers a complete set of 32-bit libraries. From gnupg.user at seibercom.net Wed Nov 17 18:26:55 2010 From: gnupg.user at seibercom.net (Jerry) Date: Wed, 17 Nov 2010 12:26:55 -0500 Subject: GPG on Windows 7? In-Reply-To: <4CE3FF8A.7010503@mac.com> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> <20101117084516.2688d66c@scorpio> <4CE3FF8A.7010503@mac.com> Message-ID: <20101117122655.0c6f2508@scorpio> On Wed, 17 Nov 2010 11:15:06 -0500 Charly Avital articulated: > Jerry wrote the following on 11/17/10 8:45 AM: > > PGP in-line is deprecated anyway. > > Interesting. Can you please document? Thanks. A simple Google: "in-line PGP deprecated" will turn up numerous hits. You also might want to see: Use PGP/MIME, aka RFC 3156 > > In any case, Outlook 2007 is deprecated also. Comparing a > > nearly four year old version is counter productive. Update to the > > 2010 version and see if your problems still exist. > > I have no intention to update Outlook because I don't intend to use it > for practical purposes, but thanks for the advice. If you have no practical use for it then why bother inquiring? You either use it or you don't. There is no such thing as "slightly pregnant". If you are going to use it, then use an updated version or don't complain. If I were to use an antiquated version of GnuPG and experienced problems, what do you think might be the first thing I would be advised to do? > This question should be answered by bo.berglund at gmail.com. If you could not answer the question then why mention it in your original post? -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From avi.wiki at gmail.com Wed Nov 17 17:56:11 2010 From: avi.wiki at gmail.com (Avi) Date: Wed, 17 Nov 2010 11:56:11 -0500 Subject: GPG on Windows 7? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I use GPGshell and GnuPG 1.4.11 on Windows, and it works fine for me. - --Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.76 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iF4EAREKAAYFAkzkCR4ACgkQDWKwGfgOKfkpwgEAjPOJE7kr3rgsVDZLcGHrTmoZ 7HBvNwNq6HtPlWvJcSkA/R+34vbUnE7T1e/a7s6Z1LY700StBPYB2B7zD6hTxzeE =dULD -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 ---------- Forwarded message ---------- > From: Bo Berglund > To: gnupg-users at gnupg.org > Date: Wed, 17 Nov 2010 07:33:25 +0100 > Subject: GPG on Windows 7? > Is it possible to use GPG on Windows 7 (32 and 64 bit)? > We have kept using Gpg4Win 1.1.4 for some time since when we tried the > version 2.0.0 it killed certain functions on our PC:s (I think for > instance Outlook went haywire). > But now our IT person says GPG does not work on Windows 7, so what is > the final verdict here? > > We use GPGee for encrypting files since we cannot use Outlook email > encryption, so we need this to work in the Explorer for Windows 7 too. > > Or is there a new version that can handle the Outlook emails > properly? Note: we do not want to change into only using plain text > emails. > > > -- > Bo Berglund > Developer in Sweden > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bo.berglund at gmail.com Wed Nov 17 19:05:36 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Wed, 17 Nov 2010 19:05:36 +0100 Subject: GPG on Windows 7? References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> <20101117084516.2688d66c__26522.0887879424$1290008617$gmane$org@scorpio> Message-ID: On Wed, 17 Nov 2010 08:45:16 -0500, Jerry wrote: >> > We use GPGee for encrypting files since we cannot use Outlook email >> > encryption, so we need this to work in the Explorer for Windows 7 >> > too. > >Why? Well, GPGee was installed with the GPG4Win 1.1.4 that we use. It makes it very simple to encrypt files from Windows Explorer. We essentially do not encrypt email because of the various problems encountered with Outlook versions. People in the organization use Office 2003, 2007 and possibly 2010 and it has been such a lot of problems when we tried to use GPGOL in Outlook so we decided it was not worth the effort. Instead we enter the confidential information into files, which are really documentation of the projects we work on. These files are then encrypted using GPGee by right-clicking the file in Windows Explorer and selecting the GPGee encrypt pop-up menu item. When I posted it was because my co-worker had reported that the IT person at his end had told him that GPG does not work in Win7. The PC he had at home was a Win7 whereas the work PC was a WinXP where the GPG4Win 1.1.4 installed GPGee is working just fine. He wants to get GPG also on his Win7 PC so he can process the files also at home. I have to ask him if he runs the 32 bit or 64 bit version of Win7. Today I have googled the problem a bit more and found: 1) GPGee seems to have died so there is no new version 2) It is replaced in GPG4Win by GPGEx (explorer extension) 3) GPGEx does not work on Win7 X64 because Microsoft requires pop-up plugins to Explorer to use 64 bit DLL:s and GPGEx is a 32 bit DLL... -- Bo Berglund Developer in Sweden From bo.berglund at gmail.com Wed Nov 17 19:06:48 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Wed, 17 Nov 2010 19:06:48 +0100 Subject: GPG on Windows 7? References: Message-ID: <7c68e61mqf05tjoiinnf89l0pcvfi69fsh@4ax.com> On Wed, 17 Nov 2010 11:56:11 -0500, Avi wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >I use GPGshell and GnuPG 1.4.11 on Windows, and it works fine >for me. > Is GPGShell working in a similar way to GPGee? With a right-click menu integration in Windows Explorer? -- Bo Berglund Developer in Sweden From j-001 at ottosson.nu Wed Nov 17 19:27:38 2010 From: j-001 at ottosson.nu (J. Ottosson) Date: Wed, 17 Nov 2010 19:27:38 +0100 Subject: Testing with card, some questions In-Reply-To: <8762vxe62i.fsf@gnupg.org> References: <4CE25751.22935.9D520F8B@j-001.ottosson.nu>, <201011161115.23053.mail@klomp.eu> (Sven Klomp's message of "Tue, 16 Nov 2010 11:15:22 +0100"), <8762vxe62i.fsf@gnupg.org> Message-ID: <4CE41E9A.17820.4D5DA42@j-001.ottosson.nu> On 16 Nov 2010 at 14:44, Werner Koch wrote: > On Tue, 16 Nov 2010 11:15, mail at klomp.eu said: > > > This seems to be a bug of scdaemon. Kill the daemon and gpg > > -card-status will > > Meanwhile the problem has been pointed out to me: We are using the > wrong constants for PC/SC: pcsclite (Unix) and PC/SC (Windows) are not > API compatible. > > We don't use the actual header files so to make it possible to > dymanically load PC/SC support if available and to avoid an extr abuild > dependency. > > Will will do a fix for the next gpg4win release. Ok, thanks for the info. Was all my issues with keys not reappearing after --card-status related to what you're referring to? Anyway, I generated new keys, overwriting the old ones and now these new keys are noted normally. Whas there any commands I should have run to have the keys re-appearing in the GPA key manager earlier? Clearly --card-status didn't do it. Or should it have made a difference? Does it matter if GPG uses the internal CCID drivers or not? Any other command, like any of the 'rebuild'-related commands that could've been used? The "refresh" command from the GUI didn't do any difference. Thanks, /J > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From j-001 at ottosson.nu Wed Nov 17 19:27:38 2010 From: j-001 at ottosson.nu (J. Ottosson) Date: Wed, 17 Nov 2010 19:27:38 +0100 Subject: GPG on Windows 7? In-Reply-To: <4CE406DA.1090800@sixdemonbag.org> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com>, <4CE3FF8A.7010503@mac.com>, <4CE406DA.1090800@sixdemonbag.org> Message-ID: <4CE41E9A.27342.4D5DB0D@j-001.ottosson.nu> On 17 Nov 2010 at 11:46, Robert J. Hansen wrote: > It is deprecated in the minds of some people, but that's not the same as > it being deprecated. RFC3156 (which most people cite when talking about > inline PGP being deprecated) has been out of date for quite some time and > is not all that compatible with RFC4880. > > For instance, from RFC3156, "OpenPGP signed data": > > > "Currently defined values are 'pgp-md5', 'pgp-sha1', > 'pgp-ripemd160', 'pgp-md2', 'pgp-tiger192', and > 'pgp-haval-5-160'." > > > Strict RFC3156 conformance means the only two GnuPG hashes you can use are > SHA-1 and RIPEMD-160, neither of which has strong long-term prospects. > This, alone, should be enough for us to say RFC3156 should not be > considered normative of PGP usage. > > Speaking only for myself, I consider RFC4880 normative, and RFC3156 > obsolescent. You are indeed not only speaking for yourself on this matter. /J From shavital at mac.com Wed Nov 17 19:43:34 2010 From: shavital at mac.com (Charly Avital) Date: Wed, 17 Nov 2010 13:43:34 -0500 Subject: GPG on Windows 7? In-Reply-To: <20101117122655.0c6f2508@scorpio> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> <20101117084516.2688d66c@scorpio> <4CE3FF8A.7010503@mac.com> <20101117122655.0c6f2508@scorpio> Message-ID: <4CE42256.9020805@mac.com> Jerry wrote the following on 11/17/10 12:26 PM: > A simple Google: "in-line PGP deprecated" will turn up numerous hits. > You also might want to see: Use PGP/MIME, aka RFC 3156 May I refer you to rjh at sixdemonbag.org's post on the matter? >>> In any case, Outlook 2007 is deprecated also. Comparing a >>> nearly four year old version is counter productive. Update to the >>> 2010 version and see if your problems still exist. Ditto, please see rjh at sixdemonbag.org comments on this issue. >> I have no intention to update Outlook because I don't intend to use it >> for practical purposes, but thanks for the advice. > > If you have no practical use for it then why bother inquiring? I didn't inquire. The inquire was initiated by bo.berglund at gmail.com. > You > either use it or you don't. There is no such thing as "slightly > pregnant". Thank you for this valuable insight. > If you are going to use it, then use an updated version or > don't complain. I didn't complain. I merely informed bo.berglund at gmail.com of how the application was behaving. > If I were to use an antiquated version of GnuPG and > experienced problems, what do you think might be the first thing I > would be advised to do? GnuPG 2.0.14 is antiquated? I am sure the gpg4win people will be interested to know. > >> This question should be answered by bo.berglund at gmail.com. > > If you could not answer the question then why mention it in your > original post? I did not mention the question in my post. The matter was reported by bo.berglund at gmail.com, and he is answering your question in a separate e-mail. Finally, I choose to answer appropriately and directly to Jerry . Charly From rjh at sixdemonbag.org Wed Nov 17 20:18:38 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 17 Nov 2010 14:18:38 -0500 Subject: GPG on Windows 7? In-Reply-To: <20101117122655.0c6f2508@scorpio> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> <20101117084516.2688d66c@scorpio> <4CE3FF8A.7010503@mac.com> <20101117122655.0c6f2508@scorpio> Message-ID: <4CE42A8E.7070009@sixdemonbag.org> On 11/17/2010 12:26 PM, Jerry wrote: > A simple Google: "in-line PGP deprecated" will turn up numerous hits. The authoritative sources on the deprecation of inline OpenPGP would be the IETF working group for OpenPGP, and/or the authors of RFC4880. To the best of my knowledge neither group has made any statement about this deprecation: therefore, if you want to claim it is deprecated, you will need to present statements from either group stating such. Just because some people on mailing lists that Google crawls say inline OpenPGP is deprecated doesn't make it so -- any moreso than the fact 9/11 truther mailing lists get crawled by Google mean 9/11 was an inside job. > If I were to use an antiquated version of GnuPG and > experienced problems, what do you think might be the first thing I > would be advised to do? Speaking for myself, I would advise you to describe your problem and what you have tried to resolve it. Most problems result from user error and/or misconfiguration. Very few problems require the user upgrade GnuPG. In many instances, upgrading GnuPG is simply not an option (e.g., enterprise users, or installations that have to exhaustively test all software before it goes on servers). From sonjamichelle at gmail.com Wed Nov 17 18:58:24 2010 From: sonjamichelle at gmail.com (Sonja Michelle Lina Thomas) Date: Wed, 17 Nov 2010 11:58:24 -0600 Subject: GPG on Windows 7? In-Reply-To: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> Message-ID: <4CE417C0.4000101@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been using GPG4Win (current version I have is v2.0.14) on Windows 7 64bit for a year now with no issues from the OS. Outlook 2007 was a different story though. None of the plugins out there ran quite right without issues and crashing. I'm not a programmer so I can't say if it was Outlook's fault or the plugin's fault. I switched to Thunderbird with Enigmail about 8 months ago and have no issues with email signing or encrypting. As for the explorer shell, 64 bit does not allow encrypting from the context menu. I encrypt/sign files from either the command line or through Kleopatra or through GPA's file manager. ___________________________________________________ Sonja Michelle Lina Thomas sonjamichelle at gmail.com "I realized fear one morning, when the blare of the fox-hunters sound. When they are all chasing after the poor bloody fox, it's safer to be dressed like a hound." On 11/17/2010 0:33, Bo Berglund wrote: > Is it possible to use GPG on Windows 7 (32 and 64 bit)? > We have kept using Gpg4Win 1.1.4 for some time since when we tried the > version 2.0.0 it killed certain functions on our PC:s (I think for > instance Outlook went haywire). > But now our IT person says GPG does not work on Windows 7, so what is > the final verdict here? > > We use GPGee for encrypting files since we cannot use Outlook email > encryption, so we need this to work in the Explorer for Windows 7 too. > > Or is there a new version that can handle the Outlook emails > properly? Note: we do not want to change into only using plain text > emails. > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM5Be/AAoJEGJQ84dhuhIJIvQH/1jzbFHYlkOcygXwgf2eOoBY iHufq8PjoLNp4+ELcK6uxvGHHsTykHVtj9pDw4lejgN8l4Y6hThLBomxxFL+0Hvt wtA6EXe4hM/cxgWGViSAZaEVHWlC7R56peouOAYjh8nPfhUCJDZBQFdm0SHLFBVh 4AR9qxm/QWU+RaBBDkPB4y2PfWDYPVX3YjSVhJbyp9itP0Ol66Wxd3D/l2GM5GhF V4mDzWXL0fpBbWYNBkDOF6NqkYeg39ZWSRfMHE8m8ZBT1DJXYtGqtw6TJBThgJW0 c8k/bIBj0zDObm7buI8bUxohFiR3No5NO6pQLJ3P12qH2mOOYGhBgsxitDX9zXA= =WYTV -----END PGP SIGNATURE----- From avi.wiki at gmail.com Wed Nov 17 20:53:17 2010 From: avi.wiki at gmail.com (Avi) Date: Wed, 17 Nov 2010 14:53:17 -0500 Subject: GPG on Windows 7? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 No. It has a program, GPGTray, that sits in the system tray and can be used to access the interfaces, but it is not integrated into windows explorer. You can find its website at: - --Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.76 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iF4EAREKAAYFAkzkMpsACgkQDWKwGfgOKfm6FwD/f6NVDszNv8xuKhBFntCHIDl5 RnIKYOylXzqE4Q33p3QA/0IkSQnKlweIgqy0mahcHy3cKfsO/DaRKOTkJbwcpluT =BjL2 -----END PGP SIGNATURE----- From: Bo Berglund > To: gnupg-users at gnupg.org > Date: Wed, 17 Nov 2010 19:06:48 +0100 > Subject: Re: GPG on Windows 7? > On Wed, 17 Nov 2010 11:56:11 -0500, Avi wrote: > > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA512 > > > >I use GPGshell and GnuPG 1.4.11 on Windows, and it works fine > >for me. > > > > Is GPGShell working in a similar way to GPGee? With a right-click menu > integration in Windows Explorer? > > > -- > Bo Berglund > Developer in Sweden > -------------- next part -------------- An HTML attachment was scrubbed... URL: From expires2010 at ymail.com Wed Nov 17 22:14:26 2010 From: expires2010 at ymail.com (MFPA) Date: Wed, 17 Nov 2010 21:14:26 +0000 Subject: GPG on Windows 7? In-Reply-To: References: Message-ID: <1307608277.20101117211426@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Wednesday 17 November 2010 at 7:53:17 PM, in , Avi wrote: > No. It has a program, GPGTray, that sits in the system > tray and can be used to access the interfaces, but it > is not integrated into windows explorer. You can find > its website at: > By default GPGshell is not integrated into the Windows Explorer context menu; the option is available but not for 64-bit systems. - -- Best regards MFPA mailto:expires2010 at ymail.com I think not, said Descartes, and promptly disappeared -----BEGIN PGP SIGNATURE----- iQCVAwUBTORFzqipC46tDG5pAQpzIwP/YbAAs6GvhSFpW1uLITXX8x2sqyKfDxCD bL3JPouc1X9wVngWYztvXS9njLRLz0wNgpd7UOe35ij4Vm1gF/SNzLhAfK6AJKTE RiA5mCi9Z607h1Y7nQB3Bx57cPNOs/ZJf9IHJm2ENeFyyWShzgRkX3GMLGn4+Jwi CKSblvhYDTY= =W2IU -----END PGP SIGNATURE----- From bo.berglund at gmail.com Wed Nov 17 22:27:50 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Wed, 17 Nov 2010 22:27:50 +0100 Subject: GPG on Windows 7? References: Message-ID: On Wed, 17 Nov 2010 11:56:11 -0500, Avi wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >I use GPGshell and GnuPG 1.4.11 on Windows, and it works fine >for me. > Thanks for the tip. I will advice the use of this combination to my collegue. I have downloaded and installed GPGshell 3.76 on my XP PC and it works just fine together with my GnuPG 1.4.9 installation. :-) So now I have two context menu items (GPGee and GPGshell). -- Bo Berglund Developer in Sweden From gnupg.user at seibercom.net Wed Nov 17 22:46:05 2010 From: gnupg.user at seibercom.net (Jerry) Date: Wed, 17 Nov 2010 16:46:05 -0500 Subject: GPG on Windows 7? In-Reply-To: <4CE42256.9020805@mac.com> References: <9gt6e69o9us7jc1em0b69c6lg7c2v2gji7@4ax.com> <4CE3A25C.7030207@mac.com> <20101117084516.2688d66c@scorpio> <4CE3FF8A.7010503@mac.com> <20101117122655.0c6f2508@scorpio> <4CE42256.9020805@mac.com> Message-ID: <20101117164605.28429a7e@scorpio> On Wed, 17 Nov 2010 13:43:34 -0500 Charly Avital articulated: > > If I were to use an antiquated version of GnuPG and > > experienced problems, what do you think might be the first thing I > > would be advised to do? > > GnuPG 2.0.14 is antiquated? I am sure the gpg4win people will be > interested to know. Kindly reread my response above. At no time did I state that the present version of GnuPG is antiquated. You are the only poster that seems to have failed to properly comprehend that. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From bo.berglund at gmail.com Wed Nov 17 22:57:54 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Wed, 17 Nov 2010 22:57:54 +0100 Subject: GPG on Windows 7? References: <1307608277.20101117211426__8208.37836149639$1290028667$gmane$org@my_localhost> Message-ID: On Wed, 17 Nov 2010 21:14:26 +0000, MFPA wrote: >On Wednesday 17 November 2010 at 7:53:17 PM, in >, >Avi wrote: > >> No. It has a program, GPGTray, that sits in the system >> tray and can be used to access the interfaces, but it >> is not integrated into windows explorer. You can find >> its website at: >> > >By default GPGshell is not integrated into the Windows Explorer >context menu; the option is available but not for 64-bit systems. I downloaded and installed GPGshell 3.76 in my WinXP pro machine and now I have both GPGee and GPGshell context menus.... But I guess that on W7x64 I would have to use the GPGtools program to encrypt a file, right? Or go via the GPGtray program, rightclick the tray icon and select File/Encrypt. -- Bo Berglund Developer in Sweden From ben at adversary.org Thu Nov 18 03:21:16 2010 From: ben at adversary.org (Ben McGinnes) Date: Thu, 18 Nov 2010 13:21:16 +1100 Subject: problem with german umlauts In-Reply-To: <002901cb856f$1a6ff500$4f4fdf00$-MAIL-@oox1xoo.my-fqdn.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> <4CDFB79B.5050903@adversary.org> <000601cb8436$af427660$0dc76320$@irmer@kabelmail.de> <4CE063B4.4030704@adversary.org> <002901cb856f$1a6ff500$4f4fdf00$-MAIL-@oox1xoo.my-fqdn.de> Message-ID: <4CE48D9C.2000500@adversary.org> On 16/11/10 8:17 PM, Reinhard Irmer wrote: > > Now I checked it out: setting all TB-prefs to utf-8 and post new > mail/news with TB, all characters are good. Excellent. > Replying to that msgs with TB, all characters (in header- and > bodypane) are good. Also excellent. > Posting news with a different client or replying with this different > client on TB-sent news AND prefs in diff. client are set to > iso-8859-1 or -15, TB shows all characters well. Cool. > If different client is set to utf-8, TB shows the chars BAD in > headerpane and good in bodypane. If I change view to iso-8859-1/15 > chars in headerpane getting well but in bodypane bad. That's odd, I'm not sure what's going on there. Was this just newsgroup (NNTP) posts or news and email? > Translation chinese/... via Google...... good idea :-) It's awfully convenient for us mono-linguistic types. ;) I used to use Altavista's Babel service, which was pretty good too and was better than Google's for quite a long time, but Google has really caught up on that front. > Btw: this mail is header-signed. Did you get GOOD SIG on verifying? I can see the signature in the header, but Enigmail did not detect it at all. I think it will only check the body for in-line signed or encrypted blocks and PGP/MIME. I don't really see the value in using OpenPGP for header signatures, that should be the purview of things like MTAs, mainly for DKIM or Domain Keys to verify an authorised sender for a domain. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From l_elcocks at hotmail.co.uk Thu Nov 18 12:44:56 2010 From: l_elcocks at hotmail.co.uk (Lee Elcocks) Date: Thu, 18 Nov 2010 11:44:56 +0000 Subject: GPG 4 Win Message-ID: Hello I have finaly managed to import PKSC12 files into GPGSM. Is their a way of importing OpenPGP keys into GPGSM? When trying i am just getting error Error: End of file The client insists that we use RSA keys using openSSL and bundle into P.12 Files, their public key are come as .txt files, they will ont import into GPGSM, but will import into GPG no problem, so i assume they are open PGP keys, that is indeed what Kleopatra displays. Any Ideas - before i knock this on the head!? -------------- next part -------------- An HTML attachment was scrubbed... URL: From bo.berglund at gmail.com Thu Nov 18 13:01:06 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 18 Nov 2010 13:01:06 +0100 Subject: GPG on Windows 7? References: <1307608277.20101117211426__8208.37836149639$1290028667$gmane$org@my_localhost> Message-ID: On Wed, 17 Nov 2010 21:14:26 +0000, MFPA wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >Hi > > >On Wednesday 17 November 2010 at 7:53:17 PM, in >, >Avi wrote: > >> No. It has a program, GPGTray, that sits in the system >> tray and can be used to access the interfaces, but it >> is not integrated into windows explorer. You can find >> its website at: >> > >By default GPGshell is not integrated into the Windows Explorer >context menu; the option is available but not for 64-bit systems. Now I have tried to install from scratch on a Win7 X64 PC. I used these: - GnuPG 1.4.11 windows client binary - GPGshell 3.76 I had to manually add the GnuPG install folder to my system path for GPGshell to work. After this I could import my keyrings and start using GPG on Win7. Seems to work for file encryption even though it is a big drawback that the Explorer shell integration is missing. Now I have every time to navigate a long way in order to encrypt a file instead of doing it directly from Windows Explorer. Now another GPGshell problem: GPGshell insists on showing all its dialogs in Swedish whereas I want them to be in English. I tried to find a language configuration dialog or something but failed. Is this program really so stupid that it insists on using the language of my keyboard layout as the dialog language??? I can't belive it, so I ask if someone here could explain how I can change it? -- Bo Berglund Developer in Sweden From bo.berglund at gmail.com Thu Nov 18 13:04:03 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 18 Nov 2010 13:04:03 +0100 Subject: Where is the webpage for GpgEx? Message-ID: If I google for GpgEx all kinds of pages come up that are clearly not the real source of GpgEx... Some of these are suspiciously like scam pages too... So is there someone here who can direct me to the real homepage of GpgEx so i can get the latest version to test on my Win7 X64 system. GPGshell does not really give me any convenient way to encrypt files since Explorer integration is missing... -- Bo Berglund Developer in Sweden From sk at intertivity.com Thu Nov 18 13:12:51 2010 From: sk at intertivity.com (Sascha Kiefer) Date: Thu, 18 Nov 2010 16:12:51 +0400 Subject: Where is the webpage for GpgEx? In-Reply-To: References: Message-ID: <003901cb8719$ed495790$c7dc06b0$@com> http://www.gpg4win.org/localize-gpg4win.html ? -----Original Message----- From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Bo Berglund Sent: Donnerstag, 18. November 2010 16:04 To: gnupg-users at gnupg.org Subject: Where is the webpage for GpgEx? If I google for GpgEx all kinds of pages come up that are clearly not the real source of GpgEx... Some of these are suspiciously like scam pages too... So is there someone here who can direct me to the real homepage of GpgEx so i can get the latest version to test on my Win7 X64 system. GPGshell does not really give me any convenient way to encrypt files since Explorer integration is missing... -- Bo Berglund Developer in Sweden _______________________________________________ Gnupg-users mailing list Gnupg-users at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users From bo.berglund at gmail.com Thu Nov 18 14:37:52 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 18 Nov 2010 14:37:52 +0100 Subject: Where is the webpage for GpgEx? References: <003901cb8719$ed495790$c7dc06b0$__27301.6794970774$1290084961$gmane$org@com> Message-ID: On Thu, 18 Nov 2010 16:12:51 +0400, "Sascha Kiefer" wrote: >>From: gnupg-users-bounces at gnupg.org [mailto:gnupg-users-bounces at gnupg.org] >>On Behalf Of Bo Berglund >>Sent: Donnerstag, 18. November 2010 16:04 >>To: gnupg-users at gnupg.org >>Subject: Where is the webpage for GpgEx? >> >>If I google for GpgEx all kinds of pages come up that are clearly not >>the real source of GpgEx... >>Some of these are suspiciously like scam pages too... >> >>So is there someone here who can direct me to the real homepage of >>GpgEx so i can get the latest version to test on my Win7 X64 system. >>GPGshell does not really give me any convenient way to encrypt files >>since Explorer integration is missing... > > >http://www.gpg4win.org/localize-gpg4win.html ? > This leads to a Gpg4Win page dealing with translations and not to the page dealing with GpgEx itself. I do not want Gpg4Win but I want GpgEx *only*. How can this be done? -- Bo Berglund Developer in Sweden From gnupg.user at seibercom.net Thu Nov 18 15:02:01 2010 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 18 Nov 2010 09:02:01 -0500 Subject: Where is the webpage for GpgEx? In-Reply-To: References: <003901cb8719$ed495790$c7dc06b0$__27301.6794970774$1290084961$gmane$org@com> Message-ID: <20101118090201.0299ed5d@scorpio> On Thu, 18 Nov 2010 14:37:52 +0100 Bo Berglund articulated: > This leads to a Gpg4Win page dealing with translations and not to the > page dealing with GpgEx itself. > I do not want Gpg4Win but I want GpgEx *only*. How can this be done? I guess you could just follow the progression of links here until you find what you are looking for. Good luck. http://www.ohloh.net/p/gpgex http://www.gpg4win.org/download.html http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/?root=GpgEX ... -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Real men don't Cc: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From bo.berglund at gmail.com Thu Nov 18 15:07:26 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 18 Nov 2010 15:07:26 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? Message-ID: I want to get my hands on the utilities shipped with Gpg4Win (Kleopatra, GpgEx etc) but I do *not* want to have my GnuPG 1.4.11 clobbered in the process. Unfortunately the Gpg4Win 2.0.4 installer lets me choose if I want to install *all* of the extras by having a checkbox for each. But the GnuPG itself is *not* optional! And it installs the less stable 2.0.14 version... So there seems to be no way to keep the existing GnuPG 1.4.11 and still get the tools installed. :-( Or did I miss some workaround for this? Note: I already have the latest GPG (from about a month ago) but it is based on the 1 tree rather than 2. -- Bo Berglund Developer in Sweden From bo.berglund at gmail.com Thu Nov 18 15:24:29 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 18 Nov 2010 15:24:29 +0100 Subject: Where is the webpage for GpgEx? References: <003901cb8719$ed495790$c7dc06b0$__27301.6794970774$1290084961$gmane$org@com> <20101118090201.0299ed5d__18970.2775249772$1290089031$gmane$org@scorpio> Message-ID: <0jdae6hrsm21dk0gi0pi7ue4p5gerkfqpi@4ax.com> On Thu, 18 Nov 2010 09:02:01 -0500, Jerry wrote: >On Thu, 18 Nov 2010 14:37:52 +0100 >Bo Berglund articulated: > >> This leads to a Gpg4Win page dealing with translations and not to the >> page dealing with GpgEx itself. >> I do not want Gpg4Win but I want GpgEx *only*. How can this be done? > >I guess you could just follow the progression of links here until you >find what you are looking for. > >Good luck. > >http://www.ohloh.net/p/gpgex The download link leads to the page below... >http://www.gpg4win.org/download.html Only combined installer offered that also forces GnuPG 2.0.14 on me. >http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/?root=GpgEX SVN for the sources... I can't build the application. :( Conclusion: There seems to be no *separate* installer for GpgEx available, the only way to get it is to also have GnuPG 2.0.14 forced on me. :( Why? -- Bo Berglund Developer in Sweden From reinhard.irmer at kabelmail.de Thu Nov 18 16:17:12 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Thu, 18 Nov 2010 16:17:12 +0100 Subject: AW: problem with german umlauts In-Reply-To: <4CE48D9C.2000500@adversary.org> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> <4CDFB79B.5050903@adversary.org> <000601cb8436$af427660$0dc76320$@irmer@kabelmail.de> <4CE063B4.4030704@adversary.org> <002901cb856f$1a6ff500$4f4fdf00$-MAIL-@oox1xoo.my-fqdn.de> <4CE48D9C.2000500@adversary.org> Message-ID: <004301cb8733$ad911740$08b345c0$@irmer@kabelmail.de> Hi Ben, you wrote on Do, 18.Nov.2010 (03:21:16): > On 16/11/10 8:17 PM, Reinhard Irmer wrote: [...] >> If different client is set to utf-8, TB shows the chars BAD in >> headerpane and good in bodypane. If I change view to iso-8859-1/15 >> chars in headerpane getting well but in bodypane bad. > > That's odd, I'm not sure what's going on there. Was this just > newsgroup > (NNTP) posts or news and email? I tested it only on nntp. [...] >> Btw: this mail is header-signed. Did you get GOOD SIG on verifying? > > I can see the signature in the header, but Enigmail did not detect it > at all. I think it will only check the body for in-line signed or > encrypted blocks and PGP/MIME. > > I don't really see the value in using OpenPGP for header signatures, > that should be the purview of things like MTAs, mainly for DKIM or > Domain Keys to verify an authorised sender for a domain. I know from a developer for enigmail, that headersigning/verifying is not implemented yet, but he told me, that it could be a feature in future if a RFC is available for that. The maintainer of the headersigning/verifying script I use is in contact with him. If you are further interested, look and especially -- regards Reinhard --- [on OUTLOOK2007 with QF-Macros] --- From reinhard.irmer at kabelmail.de Thu Nov 18 16:37:28 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Thu, 18 Nov 2010 16:37:28 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: References: Message-ID: <004701cb8736$8221ad60$86650820$@irmer@kabelmail.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Bo, you wrote on Do, 18.Nov.2010 (15:07:26): > I want to get my hands on the utilities shipped with Gpg4Win (Kleopatra, > GpgEx etc) but I do *not* want to have my GnuPG 1.4.11 clobbered in the > process. I have installed both versions in different directories (v.1.4.11 and ftp://ftp.gpg4win.org/gpg4win/Beta/gpg4win-2.1.0-beta1.exe ) side by side and both are working without problems. > Unfortunately the Gpg4Win 2.0.4 installer lets me choose if I > want to install *all* of the extras by having a checkbox for each. But > the GnuPG itself is *not* optional! Yes that's true, but isn't there a position to customize the installation (choosing a different installationdirectory? > And it installs the less stable > 2.0.14 version... So there seems to be no way to keep the existing GnuPG > 1.4.11 and still get the tools installed. :-( 2.1.0.beta installs GnuPG 2.0.16 > Or did I miss some workaround for this? It seems ;-) > > Note: I already have the latest GPG (from about a month ago) but it is based > on the 1 tree rather than 2. > - -- regards Reinhard - --- [on OUTLOOK2007 with QF-Macros] --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) Comment: Gnu Privacy Tools Comment: Download at http://www.gnupt.de or http://www.gpg4win.de Comment: look for 0x780626D0 on http://pgpkeys.pca.dfn.de/ iEYEARECAAYFAkzlSB0ACgkQEwuz2VnEM07bZwCePk+W5G+Iqc837u/D2bqRnW91 XmoAn0FmTFFhjbdcH34kWawWDrtNjAFu =UX1R -----END PGP SIGNATURE----- From gnupg.user at seibercom.net Thu Nov 18 16:50:34 2010 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 18 Nov 2010 10:50:34 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: References: Message-ID: <20101118105034.3e8701d3@scorpio> On Thu, 18 Nov 2010 15:07:26 +0100 Bo Berglund articulated: > Unfortunately the Gpg4Win 2.0.4 installer lets me choose if I want to > install *all* of the extras by having a checkbox for each. But the > GnuPG itself is *not* optional! And it installs the less stable 2.0.14 > version... Maybe I missed it somewhere, but exactly why do you feel "2.0.14" is unstable? I have been using gpg (GnuPG) 2.0.16 on my FreeBSD box without a single problem. Prior to that, at one point in time, I did have the older 1.x version installed. Updating to the newer 2.x versions never caused a single problem. I realize that you are referring to a different OS; however, I have not seen any definitive postings regarding the "2.0.14" version's unsuitability to task in that OS. BTW, there are several GPG4Win mail forums, IRCs, etc available. http://www.gpg4win.org/community.html Perhaps they might better suit your needs. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Q: What's the difference between a RHU cheerleader and a whale? A: The moustache. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From Matthew561 at aol.com Thu Nov 18 16:11:53 2010 From: Matthew561 at aol.com (Matthew Mark Drew) Date: Thu, 18 Nov 2010 09:11:53 -0600 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: References: Message-ID: <4CE54239.1030804@aol.com> You can have both versions of Gnupg on your system (I do). The only problem I ever had was that WinPT used the latest executable installation irregardless of the defaults set within the program - to fix this I installed Gnupg 2.* (with whatever utilities you wanted) and than reinstated Gnupg 1.4.11, which was redundant ,but only so the front ends would use the version I wanted with them to - actually the only one that cared was WinPT, Enigmail (used the program settings) and GPGShell never burped once. The obvious factor is that the different versions of Gnupg are in different directories. Bo Berglund made the following observation on 11/18/2010 8:07 AM: > I want to get my hands on the utilities shipped with Gpg4Win > (Kleopatra, GpgEx etc) but I do *not* want to have my GnuPG 1.4.11 > clobbered in the process. > Unfortunately the Gpg4Win 2.0.4 installer lets me choose if I want to > install *all* of the extras by having a checkbox for each. But the > GnuPG itself is *not* optional! And it installs the less stable 2.0.14 > version... > So there seems to be no way to keep the existing GnuPG 1.4.11 and > still get the tools installed. :-( > > Or did I miss some workaround for this? > > Note: I already have the latest GPG (from about a month ago) but it is > based on the 1 tree rather than 2. > From bo.berglund at gmail.com Thu Nov 18 17:24:31 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 18 Nov 2010 17:24:31 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> Message-ID: <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> On Thu, 18 Nov 2010 10:50:34 -0500, Jerry wrote: >On Thu, 18 Nov 2010 15:07:26 +0100 >Bo Berglund articulated: > >> Unfortunately the Gpg4Win 2.0.4 installer lets me choose if I want to >> install *all* of the extras by having a checkbox for each. But the >> GnuPG itself is *not* optional! And it installs the less stable 2.0.14 >> version... > >Maybe I missed it somewhere, but exactly why do you feel "2.0.14" is >unstable? I have been using gpg (GnuPG) 2.0.16 on my FreeBSD box >without a single problem. Prior to that, at one point in time, I did >have the older 1.x version installed. Updating to the newer 2.x versions >never caused a single problem. I realize that you are referring to a >different OS; however, I have not seen any definitive postings >regarding the "2.0.14" version's unsuitability to task in that OS. > >BTW, there are several GPG4Win mail forums, IRCs, etc available. > >http://www.gpg4win.org/community.html > >Perhaps they might better suit your needs. Thanks, I am just grasping for some way to get this stuff working *comfortably* with Win7 X64. Microsoft has decided that 32 bit applications cannot be allowed to integrate with the Windows Explorer context sensitive menu. This is where I do almost all my work by right clicking the file I want to process (edit, copy, open, encrypt, decrypt etc). But now since i got my latest laptop at work it came with Win7 X64 Professional and a *lot* of my applications that were earlier integrated (in XP Pro) are now invisible including GPGee, GPGshell (tested today) and my old workhorse UltraEdit. So I am trying to find *something* that can work for encryption use in Win7 X64. I don't particularly like the command prompt for that... -- Bo Berglund Developer in Sweden From JPClizbe at tx.rr.com Thu Nov 18 17:37:19 2010 From: JPClizbe at tx.rr.com (John Clizbe) Date: Thu, 18 Nov 2010 10:37:19 -0600 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: References: Message-ID: <4CE5563F.9070101@tx.rr.com> Bo Berglund wrote: > I want to get my hands on the utilities shipped with Gpg4Win > (Kleopatra, GpgEx etc) but I do *not* want to have my GnuPG 1.4.11 > clobbered in the process. > Unfortunately the Gpg4Win 2.0.4 installer lets me choose if I want to > install *all* of the extras by having a checkbox for each. But the > GnuPG itself is *not* optional! And it installs the less stable 2.0.14 > version... > So there seems to be no way to keep the existing GnuPG 1.4.11 and > still get the tools installed. :-( > > Or did I miss some workaround for this? > > Note: I already have the latest GPG (from about a month ago) but it is > based on the 1 tree rather than 2. > I did this by installing GnuPG 2 along with the rest of GPG4Win in C:\Program Files\Gnu\GnuPG2. Just add a '2' at the end of the install location text box in the installer. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 499 bytes Desc: OpenPGP digital signature URL: From rjh at sixdemonbag.org Thu Nov 18 17:49:54 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 18 Nov 2010 11:49:54 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <20101118105034.3e8701d3@scorpio> References: <20101118105034.3e8701d3@scorpio> Message-ID: <4CE55932.7010205@sixdemonbag.org> On 11/18/2010 10:50 AM, Jerry wrote: > Maybe I missed it somewhere, but exactly why do you feel "2.0.14" is > unstable? Search the mailing lists -- you'll find many people have had problems with 2.0.x, usually with respect to gpg-agent. The goal was to reduce the complexity of the codebase, but it seems it came at the expense of simplicity of use. Like most things in engineering, there are no pure wins, only tradeoffs to be optimized. From rjh at sixdemonbag.org Thu Nov 18 17:59:07 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 18 Nov 2010 11:59:07 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> Message-ID: <4CE55B5B.1010709@sixdemonbag.org> On 11/18/2010 11:24 AM, Bo Berglund wrote: > Microsoft has decided that 32 bit applications cannot be allowed to > integrate with the Windows Explorer context sensitive menu. Not true. For instance, WinZip is a 32-bit application, yet it integrates just fine into the context sensitive menu. If your applications do not work properly under Win7/64, that's probably due to a flaw in the applications themselves rather than in a limitation of Windows. (Yes, I'm writing this on a Win7/64 machine with 32-bit WinZip installed.) From dkg at fifthhorseman.net Thu Nov 18 18:10:45 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 18 Nov 2010 12:10:45 -0500 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CDEE680.3000306@fifthhorseman.net> References: <4CDCC047.8080500@fifthhorseman.net> <87iq01t4ny.fsf@vigenere.g10code.de> <4CDEE680.3000306@fifthhorseman.net> Message-ID: <4CE55E15.3030301@fifthhorseman.net> On 11/13/2010 02:26 PM, Daniel Kahn Gillmor wrote: >> gpg --enable-special-filenames --verify --batch -&5 -&6 >> >> Assuming you have them in fds 5 and 6. > > thanks, this is exactly what i needed! Hrm, but it doesn't seem to work for me to use the special filename for the signature itself: >> 0 dkg at pip:/tmp/cdtemp.VsWK6o$ gpg --enable-special-filenames --verify --batch test.asc '-&3' 3> gpg: Signature made Thu 18 Nov 2010 11:54:03 AM EST using RSA key ID D21739E9 >> gpg: please do a --check-trustdb >> gpg: Good signature from "Daniel Kahn Gillmor " [ultimate] >> gpg: aka "Daniel Kahn Gillmor " [ultimate] >> gpg: aka "[jpeg image of size 3515]" [ultimate] >> gpg: aka "Daniel Kahn Gillmor " [ultimate] >> 0 dkg at pip:/tmp/cdtemp.VsWK6o$ gpg --enable-special-filenames --verify --batch '-&4' '-&3' 3> gpg: Invalid option "-&4" >> 2 dkg at pip:/tmp/cdtemp.VsWK6o$ What am i doing wrong? i'm using gnupg 1.4.11 from debian experimental on i386, if that makes a difference. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From bo.berglund at gmail.com Thu Nov 18 23:40:59 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 18 Nov 2010 23:40:59 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> Message-ID: <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> On Thu, 18 Nov 2010 11:59:07 -0500, "Robert J. Hansen" wrote: >On 11/18/2010 11:24 AM, Bo Berglund wrote: >> Microsoft has decided that 32 bit applications cannot be allowed to >> integrate with the Windows Explorer context sensitive menu. > >Not true. For instance, WinZip is a 32-bit application, yet it >integrates just fine into the context sensitive menu. > >If your applications do not work properly under Win7/64, that's probably >due to a flaw in the applications themselves rather than in a limitation >of Windows. > >(Yes, I'm writing this on a Win7/64 machine with 32-bit WinZip installed.) Which version of WinZip? I use WinZip 9.0 SR1 and it won't show up in Win7X64 Expolerer pop-up. So I had to install z-zip in order to easily create new zipfiles... My UltraEdit is version 8.20 and the same thing happens. I also used to put a few other commands manually into the explorer pop-up by entering data in the registry, but that does not work anymore either. But if it is possible for 32 bit applications to integrate into the Windows Explorer on Win7X64, then surely the developers of the GnuPG add-ons like GpgEx and GPGshell should be able to do so as well? Why haven't any such application integration appeared? Unfortunately I am not a programmer on that level so I could not help out myself, otherwise i would have done so. -- Bo Berglund Developer in Sweden From rjh at sixdemonbag.org Thu Nov 18 23:51:44 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 18 Nov 2010 17:51:44 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> Message-ID: <4CE5AE00.5050503@sixdemonbag.org> On 11/18/2010 5:40 PM, Bo Berglund wrote: > Which version of WinZip? > > I use WinZip 9.0 SR1 Winzip 15. 9.0 is /way/ old and likely is having problems operating with the quite-new Windows 7. Microsoft made some very substantial changes to the way Windows works during the XP-to-Vista transition: I suspect that's what's hanging you up. > But if it is possible for 32 bit applications to integrate into the > Windows Explorer on Win7X64, then surely the developers of the GnuPG > add-ons like GpgEx and GPGshell should be able to do so as well? Why > haven't any such application integration appeared? Unless you're paying someone money for a software product, odds are very good they're developing/maintaining it on their own and they'll get around to feature enhancements if and when they can. People who give you the fruit of their labor for free are under no obligation to keep on doing it in the future to keep current with changing Windows releases. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From gnupg.user at seibercom.net Fri Nov 19 00:48:49 2010 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 18 Nov 2010 18:48:49 -0500 Subject: Gpg4Win 2.0.4 with GnuPG =?UTF-8?Q?1.4.11=3F=C2=BF?= In-Reply-To: <4CE5AE00.5050503@sixdemonbag.org> References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> Message-ID: <20101118184849.04145675@scorpio> On Thu, 18 Nov 2010 17:51:44 -0500 Robert J. Hansen articulated: > On 11/18/2010 5:40 PM, Bo Berglund wrote: > > Which version of WinZip? > > > > I use WinZip 9.0 SR1 > > Winzip 15. 9.0 is /way/ old and likely is having problems operating > with the quite-new Windows 7. Microsoft made some very substantial > changes to the way Windows works during the XP-to-Vista transition: I > suspect that's what's hanging you up. > > > But if it is possible for 32 bit applications to integrate into the > > Windows Explorer on Win7X64, then surely the developers of the > > GnuPG add-ons like GpgEx and GPGshell should be able to do so as > > well? Why haven't any such application integration appeared? > > Unless you're paying someone money for a software product, odds are > very good they're developing/maintaining it on their own and they'll > get around to feature enhancements if and when they can. People who > give you the fruit of their labor for free are under no obligation to > keep on doing it in the future to keep current with changing Windows > releases. A quick check would seem to indicate that WinZIP 11.x+ or newer is 64bit compatible with Windows. Honestly, version 9.x is totally deprecated. I use version 15 myself and it offers massive improvements, including a few I requested myself. Probably if someone wanted to resolve this problem they could spend some time on the Microsoft TechNet or something similar. It is probably only a minor tweak that needs to be done. I do have to agree with Robert though on his assessment of the problem with compatibility. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From rjh at sixdemonbag.org Fri Nov 19 01:38:17 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Thu, 18 Nov 2010 19:38:17 -0500 Subject: Gpg4Win 2.0.4 with GnuPG =?UTF-8?B?MS40LjExP8K/?= In-Reply-To: <20101118184849.04145675@scorpio> References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> <20101118184849.04145675@scorpio> Message-ID: <4CE5C6F9.2030802@sixdemonbag.org> On 11/18/2010 6:48 PM, Jerry wrote: > A quick check would seem to indicate that WinZIP 11.x+ or newer is 64bit > compatible with Windows. Honestly, version 9.x is totally deprecated. "You keep using that word. I do not think it means what you think it means." http://en.wikipedia.org/wiki/Deprecation Deprecation is usually applied to API calls and/or software features, not software as a whole. It means something still exists but has been superseded and should be avoided in effectively all contexts. For instance, the Win16 API is deprecated: Windows programmers should not use it and should not rely on it existing in any future version of Windows. Windows 3.1 is not deprecated, though, despite being older than some people on this mailing list: it's just been EOLed. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From avi.wiki at gmail.com Fri Nov 19 01:44:15 2010 From: avi.wiki at gmail.com (Avi) Date: Thu, 18 Nov 2010 19:44:15 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Have you looked at Peazip? - --Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.76 Comment: Most recent key: Click show in box @ http://is.gd/4xJrs iF4EAREKAAYFAkzlyD0ACgkQDWKwGfgOKfn8MgD9HLoeLc7EjIuQDAAN3i+ok90w N+1RFYx/PHeJTcuaONwA/2eAKyzsg1HqwpQkDVkapeav0VqC9w97bDSiIwFfOUnD =pAbe -----END PGP SIGNATURE----- ---- User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 ---------- Forwarded message ---------- > From: Bo Berglund > To: gnupg-users at gnupg.org > Date: Thu, 18 Nov 2010 23:40:59 +0100 > Subject: Re: Gpg4Win 2.0.4 with GnuPG 1.4.11?? > On Thu, 18 Nov 2010 11:59:07 -0500, "Robert J. Hansen" > wrote: > > > > I use WinZip 9.0 SR1 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at adversary.org Fri Nov 19 02:32:09 2010 From: ben at adversary.org (Ben McGinnes) Date: Fri, 19 Nov 2010 12:32:09 +1100 Subject: AW: problem with german umlauts In-Reply-To: <004301cb8733$ad911740$08b345c0$@irmer@kabelmail.de> References: <000a01cb8250$85d192d0$9174b870$@irmer@kabelmail.de> <4CDD3A3E.5000109@adversary.org> <000c01cb8295$cbd2f810$6378e830$@irmer@kabelmail.de> <4CDD9141.7080005@adversary.org> <002801cb831f$65455ae0$2fd010a0$@irmer@kabelmail.de> <000401cb8337$989f7ca0$c9de75e0$-MAIL-@oox1xoo.my-fqdn.de> <4CDF37CB.9030306@adversary.org> <001501cb83e1$acbbcc20$06336460$@irmer@kabelmail.de> <4CDFB79B.5050903@adversary.org> <000601cb8436$af427660$0dc76320$@irmer@kabelmail.de> <4CE063B4.4030704@adversary.org> <002901cb856f$1a6ff500$4f4fdf00$-MAIL-@oox1xoo.my-fqdn.de> <4CE48D9C.2000500@adversary.org> <004301cb8733$ad911740$08b345c0$@irmer@kabelmail.de> Message-ID: <4CE5D399.1050906@adversary.org> On 19/11/10 2:17 AM, Reinhard Irmer wrote: > > you wrote on Do, 18.Nov.2010 (03:21:16): >> On 16/11/10 8:17 PM, Reinhard Irmer wrote: >> >> That's odd, I'm not sure what's going on there. Was this just >> newsgroup (NNTP) posts or news and email? > > I tested it only on nntp. Okay, I very rarely, if ever, look at Usenet anymore. Everyone I communicated with via newsgroups have migrated to blogs, forums and mailing lists (some with NNTP gateways) and the rest is spam. Very occasionally I'll look at alt.anonymous.messages, but I haven't had anything go through there in years. > I know from a developer for enigmail, that headersigning/verifying > is not implemented yet, but he told me, that it could be a feature > in future if a RFC is available for that. The maintainer of the > headersigning/verifying script I use is in contact with him. If you > are further interested, look and > especially That does look interesting, but isn't really urgent for anything I do anymore. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From faramir.cl at gmail.com Fri Nov 19 08:09:12 2010 From: faramir.cl at gmail.com (Faramir) Date: Fri, 19 Nov 2010 04:09:12 -0300 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> Message-ID: <4CE62298.5000203@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 18-11-2010 19:40, Bo Berglund escribi?: ... > But if it is possible for 32 bit applications to integrate into the > Windows Explorer on Win7X64, then surely the developers of the GnuPG > add-ons like GpgEx and GPGshell should be able to do so as well? > Why haven't any such application integration appeared? Last time I checked the compatibility list, the author of GPGshell was not sure if it runs in Windows Vista, due to lack of feedback from users. Probably Win 7 has the same problem. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJM5iKXAAoJEMV4f6PvczxARA0IAIBojilLHYVCn/Yr7ekdiefz liLwam13CmROGol1uKbdCgfgk9EC8YmLZia/cbchlFGjWiHP0BgdzxXba4IaXxDX YCxVUXKxcpAQF+/OBRso8HmrHIrfthIT0/zz88nCUeYRdnqbc+RgJjTCnp8VjwPV DQIcfTo/lowmm0sDkcvnuGWcHSwKqyFnujGOo4cGw4yAE2vBmmnMwPQLP4hw/sKY /3Q24e1Q1jnDpAqXeJPUa+Fu6yGC49y//LyfdsAELnj8udtb1GqxY6yT0sgTeOrW b0g2+ftSur6zMMnlXEZ88Va6bMLwhtp+TnTeyfgpvGtlG1tb+4jQBP0XVlSNwtE= =rrX9 -----END PGP SIGNATURE----- From wk at gnupg.org Fri Nov 19 10:22:54 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 19 Nov 2010 10:22:54 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <4CE55B5B.1010709@sixdemonbag.org> (Robert J. Hansen's message of "Thu, 18 Nov 2010 11:59:07 -0500") References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709@sixdemonbag.org> Message-ID: <87fwuxekgh.fsf@vigenere.g10code.de> On Thu, 18 Nov 2010 17:59, rjh at sixdemonbag.org said: > Not true. For instance, WinZip is a 32-bit application, yet it > integrates just fine into the context sensitive menu. In this case it is not an explorere extension. An explorer extensions needs to be a 64 bit DLL. Of course using an external program works. The explorer extension has the advantage of a closer integration. Gpg4win's GpgEX explorereextension requires two GnuPG related DLL and we can't easily change them to 64 bit. Eventually this will be done. For the time being, I suggest the use of GPA. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Nov 19 10:26:20 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 19 Nov 2010 10:26:20 +0100 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <4CE55E15.3030301@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 18 Nov 2010 12:10:45 -0500") References: <4CDCC047.8080500@fifthhorseman.net> <87iq01t4ny.fsf@vigenere.g10code.de> <4CDEE680.3000306@fifthhorseman.net> <4CE55E15.3030301@fifthhorseman.net> Message-ID: <87bp5lekar.fsf@vigenere.g10code.de> On Thu, 18 Nov 2010 18:10, dkg at fifthhorseman.net said: >>> 0 dkg at pip:/tmp/cdtemp.VsWK6o$ gpg --enable-special-filenames --verify --batch '-&4' '-&3' 3>> gpg: Invalid option "-&4" >>> 2 dkg at pip:/tmp/cdtemp.VsWK6o$ > > What am i doing wrong? i'm using gnupg 1.4.11 from debian experimental The usual options vs. file name problem. Add the option stopper: gpg --enable-special-filenames --verify \ --batch -- '-&4' '-&3' 3 (Bo Berglund's message of "Thu, 18 Nov 2010 15:24:29 +0100") References: <003901cb8719$ed495790$c7dc06b0$__27301.6794970774$1290084961$gmane$org@com> <20101118090201.0299ed5d__18970.2775249772$1290089031$gmane$org@scorpio> <0jdae6hrsm21dk0gi0pi7ue4p5gerkfqpi@4ax.com> Message-ID: <877hg9ejce.fsf@vigenere.g10code.de> On Thu, 18 Nov 2010 15:24, bo.berglund at gmail.com said: > There seems to be no *separate* installer for GpgEx available, the > only way to get it is to also have GnuPG 2.0.14 forced on me. :( > Why? Because you can't use it without GnuPG. You even can't use it without Kleopatra or GPA. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bo.berglund at gmail.com Fri Nov 19 11:34:15 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Fri, 19 Nov 2010 11:34:15 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709@sixdemonbag.org> <87fwuxekgh.fsf__8326.58629301495$1290158829$gmane$org@vigenere.g10code.de> Message-ID: <67kce61410hcil2kopc6m160f5pc92btbk@4ax.com> On Fri, 19 Nov 2010 10:22:54 +0100, Werner Koch wrote: >On Thu, 18 Nov 2010 17:59, rjh at sixdemonbag.org said: > >> Not true. For instance, WinZip is a 32-bit application, yet it >> integrates just fine into the context sensitive menu. > >In this case it is not an explorere extension. An explorer extensions >needs to be a 64 bit DLL. Of course using an external program works. >The explorer extension has the advantage of a closer integration. > >Gpg4win's GpgEX explorereextension requires two GnuPG related DLL and >we can't easily change them to 64 bit. Eventually this will be done. > >For the time being, I suggest the use of GPA. Thanks, that could be a good idea, at least to test. How do I go about installing that separately on Win7? I realize it is part of GPG4Win, but I would like to have it separately working with my GnuPG 1.4.11... Google led me to this chain: 1) http://www.gnupg.org/gpa.html 2) Development site: http://wald.intevation.org/projects/gpa/ 3) Download: http://wald.intevation.org/frs/?group_id=13&release_id=264 4) File download: http://wald.intevation.org/frs/download.php/603/gpa-0.9.0.tar.bz2 But this is a *source* download, how do I get a binary to install in Windows7?? -- Bo Berglund Developer in Sweden From bo.berglund at gmail.com Fri Nov 19 11:39:22 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Fri, 19 Nov 2010 11:39:22 +0100 Subject: Where is the webpage for GpgEx? References: <003901cb8719$ed495790$c7dc06b0$__27301.6794970774$1290084961$gmane$org@com> <20101118090201.0299ed5d__18970.2775249772$1290089031$gmane$org@scorpio> <0jdae6hrsm21dk0gi0pi7ue4p5gerkfqpi@4ax.com> <877hg9ejce.fsf__31972.0169915401$1290160275$gmane$org@vigenere.g10code.de> Message-ID: On Fri, 19 Nov 2010 10:46:57 +0100, Werner Koch wrote: >On Thu, 18 Nov 2010 15:24, bo.berglund at gmail.com said: > >> There seems to be no *separate* installer for GpgEx available, the >> only way to get it is to also have GnuPG 2.0.14 forced on me. :( >> Why? > >Because you can't use it without GnuPG. You even can't use it without >Kleopatra or GPA. > Couldn't the installer then sense that GnuPG is installed already and then offer not to install yet another copy of GnuPG??? -- Bo Berglund Developer in Sweden From bo.berglund at gmail.com Fri Nov 19 11:38:14 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Fri, 19 Nov 2010 11:38:14 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: Message-ID: On Thu, 18 Nov 2010 19:44:15 -0500, Avi wrote: >> From: Bo Berglund >> To: gnupg-users at gnupg.org >> Date: Thu, 18 Nov 2010 23:40:59 +0100 >> Subject: Re: Gpg4Win 2.0.4 with GnuPG 1.4.11?? >> On Thu, 18 Nov 2010 11:59:07 -0500, "Robert J. Hansen" >> wrote: >> >> >> >> I use WinZip 9.0 SR1 >> > >Have you looked at Peazip? > >- --Avi Winzip was just used as an example of an application that had lost its context menu entry in Win7X64. What I am really after is the context menu for GPG operations on files since for GPG there is no GUI application to use instead, just the command line... -- Bo Berglund Developer in Sweden From f.schwind at chili-radiology.com Fri Nov 19 11:12:08 2010 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Fri, 19 Nov 2010 11:12:08 +0100 Subject: GPG does not build on SuSE SLES 11 Message-ID: <4CE64D78.5080901@chili-radiology.com> Hi all, I was not able to run the "make ckeck" for GPG 1.4.10 on a SLES 11 (i386) successfully (I also tried 1.4.11). Since I'm not sure if there is some configuration issue with my server, I'm sending this to the bug-address and the user-list as well. Maybe someone experienced similar problems with GPG on a SLES 11 and might help me to figure out what's wrong? (On my SuSE 11.3 x86 it compiles without problems) If I try to encrypt with the build gpg I get following errors: florian at davinci:~/gnupg/davinci> gnupg-1.4.11-bin/bin/gpg --encrypt -r test plaintext.txt Rijndael-128 test encryption failed. gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: weak key created - retrying gpg: fatal: cannot avoid weak key for symmetric cipher; tried 16 times! secmem usage: 2048/2112 bytes in 4/5 blocks of pool 2112/32768 This is the result of "make check": florian at davinci:~/gnupg/davinci/gnupg-1.4.11> make check Making check in m4 make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/m4' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/m4' Making check in intl make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/intl' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/intl' Making check in zlib make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/zlib' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/zlib' Making check in util make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/util' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/util' Making check in mpi make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/mpi' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/mpi' Making check in cipher make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/cipher' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/cipher' Making check in tools make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/tools' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/tools' Making check in g10 make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/g10' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/g10' Making check in keyserver make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/keyserver' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/keyserver' Making check in po make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/po' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/po' Making check in doc make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/doc' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/doc' Making check in checks make[1]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' ../g10/gpg --homedir . --quiet --yes --no-permission-warning --import ./pubdemo.asc echo timestamp >./prepared.stamp make check-TESTS make[2]: Entering directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' gpg (GnuPG) 1.4.11 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: . Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB PASS: version.test PASS: mds.test PASS: decrypt.test PASS: decrypt-dsa.test MD5 SHA1 RIPEMD160 SHA256 SHA384 SHA512 SHA224 | PASS: sigs.test PASS: sigs-dsa.test FAIL: encrypt.test 3DES CAST5 BLOWFISH AES FAIL: encrypt-dsa.test FAIL: seat.test PASS: clearsig.test FAIL: encryptp.test PASS: detach.test PASS: armsigs.test FAIL: armencrypt.test FAIL: armencryptp.test FAIL: signencrypt.test PASS: signencrypt-dsa.test FAIL: armsignencrypt.test PASS: armdetach.test PASS: armdetachm.test PASS: detachm.test PASS: genkey1024.test 3DES CAST5 BLOWFISH AES FAIL: conventional.test 3DES CAST5 BLOWFISH AES FAIL: conventional-mdc.test PASS: multisig.test PASS: verify.test PASS: armor.test ================================== 10 of 27 tests failed Please report to bug-gnupg at gnu.org ================================== make[2]: *** [check-TESTS] Error 1 make[2]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' make: *** [check-recursive] Error 1 Thanks Florian From f.schwind at chili-radiology.com Fri Nov 19 12:28:02 2010 From: f.schwind at chili-radiology.com (Florian Schwind) Date: Fri, 19 Nov 2010 12:28:02 +0100 Subject: GPG does not build on SuSE SLES 11 In-Reply-To: <4CE64D78.5080901@chili-radiology.com> References: <4CE64D78.5080901@chili-radiology.com> Message-ID: <4CE65F42.20309@chili-radiology.com> On 19.11.2010 11:12, Florian Schwind wrote: > Hi all, > > I was not able to run the "make ckeck" for GPG 1.4.10 on a SLES 11 > (i386) successfully (I also tried 1.4.11). Since I'm not sure if there > is some configuration issue with my server, I'm sending this to the > bug-address and the user-list as well. > > Maybe someone experienced similar problems with GPG on a SLES 11 and > might help me to figure out what's wrong? (On my SuSE 11.3 x86 it > compiles without problems) Hi, I just found out that there seems to be a problem with gcc 4.3.2 and rijndael.c witch is already known. (http://lists.gnupg.org/pipermail/gnupg-devel/2008-December/024721.html). Option 1 is to updated to gcc 4.5.0 which works or the use CFLAGS="-O1" instead of O2 and don't optimize the code heavily. Perhaps someone wants to look into rijndael.c and find out where the optimizationproblems with gcc come from? Greetings Florian > If I try to encrypt with the build gpg I get following errors: > > florian at davinci:~/gnupg/davinci> gnupg-1.4.11-bin/bin/gpg --encrypt -r > test plaintext.txt > Rijndael-128 test encryption failed. > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: weak key created - retrying > gpg: fatal: cannot avoid weak key for symmetric cipher; tried 16 times! > secmem usage: 2048/2112 bytes in 4/5 blocks of pool 2112/32768 > > > This is the result of "make check": > > florian at davinci:~/gnupg/davinci/gnupg-1.4.11> make check > Making check in m4 > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/m4' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/m4' > Making check in intl > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/intl' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/intl' > Making check in zlib > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/zlib' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/zlib' > Making check in util > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/util' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/util' > Making check in mpi > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/mpi' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/mpi' > Making check in cipher > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/cipher' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/cipher' > Making check in tools > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/tools' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/tools' > Making check in g10 > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/g10' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/g10' > Making check in keyserver > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/keyserver' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/keyserver' > Making check in po > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/po' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/po' > Making check in doc > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/doc' > make[1]: Nothing to be done for `check'. > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/doc' > Making check in checks > make[1]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' > ../g10/gpg --homedir . --quiet --yes --no-permission-warning --import > ./pubdemo.asc > echo timestamp >./prepared.stamp > make check-TESTS > make[2]: Entering directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' > gpg (GnuPG) 1.4.11 > Copyright (C) 2010 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Home: . > Supported algorithms: > Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA > Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, > CAMELLIA192, CAMELLIA256 > Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > Compression: Uncompressed, ZIP, ZLIB > PASS: version.test > PASS: mds.test > PASS: decrypt.test > PASS: decrypt-dsa.test > MD5 SHA1 RIPEMD160 SHA256 SHA384 SHA512 SHA224 | PASS: sigs.test > PASS: sigs-dsa.test > FAIL: encrypt.test > 3DES CAST5 BLOWFISH AES FAIL: encrypt-dsa.test > FAIL: seat.test > PASS: clearsig.test > FAIL: encryptp.test > PASS: detach.test > PASS: armsigs.test > FAIL: armencrypt.test > FAIL: armencryptp.test > FAIL: signencrypt.test > PASS: signencrypt-dsa.test > FAIL: armsignencrypt.test > PASS: armdetach.test > PASS: armdetachm.test > PASS: detachm.test > PASS: genkey1024.test > 3DES CAST5 BLOWFISH AES FAIL: conventional.test > 3DES CAST5 BLOWFISH AES FAIL: conventional-mdc.test > PASS: multisig.test > PASS: verify.test > PASS: armor.test > ================================== > 10 of 27 tests failed > Please report to bug-gnupg at gnu.org > ================================== > make[2]: *** [check-TESTS] Error 1 > make[2]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' > make[1]: *** [check-am] Error 2 > make[1]: Leaving directory > `/data/home/florian/gnupg/davinci/gnupg-1.4.11/checks' > make: *** [check-recursive] Error 1 > > Thanks > Florian > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users From dkg at fifthhorseman.net Fri Nov 19 16:04:39 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Fri, 19 Nov 2010 10:04:39 -0500 Subject: gpg --verify detached signature from two file descriptors? In-Reply-To: <87bp5lekar.fsf@vigenere.g10code.de> References: <4CDCC047.8080500@fifthhorseman.net> <87iq01t4ny.fsf@vigenere.g10code.de> <4CDEE680.3000306@fifthhorseman.net> <4CE55E15.3030301@fifthhorseman.net> <87bp5lekar.fsf@vigenere.g10code.de> Message-ID: <4CE69207.2080002@fifthhorseman.net> On 11/19/2010 04:26 AM, Werner Koch wrote: > The usual options vs. file name problem. Add the option stopper: > > gpg --enable-special-filenames --verify \ > --batch -- '-&4' '-&3' 3 From dshaw at jabberwocky.com Fri Nov 19 16:58:30 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Fri, 19 Nov 2010 10:58:30 -0500 Subject: GPG does not build on SuSE SLES 11 In-Reply-To: <4CE65F42.20309@chili-radiology.com> References: <4CE64D78.5080901@chili-radiology.com> <4CE65F42.20309@chili-radiology.com> Message-ID: <6D730E7A-5978-4C9D-BA12-A18C3B1FDDDC@jabberwocky.com> On Nov 19, 2010, at 6:28 AM, Florian Schwind wrote: > On 19.11.2010 11:12, Florian Schwind wrote: >> Hi all, >> >> I was not able to run the "make ckeck" for GPG 1.4.10 on a SLES 11 >> (i386) successfully (I also tried 1.4.11). Since I'm not sure if there >> is some configuration issue with my server, I'm sending this to the >> bug-address and the user-list as well. >> >> Maybe someone experienced similar problems with GPG on a SLES 11 and >> might help me to figure out what's wrong? (On my SuSE 11.3 x86 it >> compiles without problems) > > Hi, > > I just found out that there seems to be a problem with gcc 4.3.2 and rijndael.c witch is already known. (http://lists.gnupg.org/pipermail/gnupg-devel/2008-December/024721.html). > > Option 1 is to updated to gcc 4.5.0 which works or the use CFLAGS="-O1" instead of O2 and don't optimize the code heavily. > > Perhaps someone wants to look into rijndael.c and find out where the optimizationproblems with gcc come from? I was the one who originally tracked this down. Virtually always, when people suspect a problem with gcc or libc, the problem is really in their own code. This was one of the very rare exceptions, and the gcc folks fixed the optimizer issue. I'm not sure I see any benefit in looking at or changing the GPG code in an effort to not trigger a bug in a quite old - and long since replaced - version of gcc. David From wk at gnupg.org Fri Nov 19 18:29:48 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 19 Nov 2010 18:29:48 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <67kce61410hcil2kopc6m160f5pc92btbk@4ax.com> (Bo Berglund's message of "Fri, 19 Nov 2010 11:34:15 +0100") References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709@sixdemonbag.org> <87fwuxekgh.fsf__8326.58629301495$1290158829$gmane$org@vigenere.g10code.de> <67kce61410hcil2kopc6m160f5pc92btbk@4ax.com> Message-ID: <87zkt5b4s3.fsf@vigenere.g10code.de> On Fri, 19 Nov 2010 11:34, bo.berglund at gmail.com said: > But this is a *source* download, how do I get a binary to install in > Windows7?? see doc/README.W32. For your convience I yank it here: How to build GnuPG from the source: =================================== Until recently all official GnuPG versions have been build using the Mingw32/CPD kit as available at ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cpd-0.3.2.tar.gz . However, for maintenance reasons we switched to Debian's mingw32 cross compiler package and that is now the recommended way of building GnuPG for W32 platforms. It might be possible to build it nativly on a W32 platform but this is not supported. Please don't file any bug reports if it does not build with any other system than the recommended one. According to the conditions of the GNU General Public License you either got the source files with this package, a written offer to send you the source on demand or the source is available at the same site you downloaded the binary package. If you downloaded the package from the official GnuPG site or one of its mirrors, the corresponding source tarball is available in the sibling directory named gnupg. The source used to build all versions is always the same and the version numbers should match. If the version number of the binary package has a letter suffix, you will find a patch file installed in the "Src" directory with the changes relative to the generic version. The source is distributed as a BZIP2 or GZIP compressed tar archive. See the instructions in file README on how to check the integrity of that file. Wir a properly setup build environment, you unpack the tarball change to the created directory and run $ ./autogen.sh --build-w32 $ make $ cp g10/gpg*.exe /some_windows_drive/ Building a version with the installer is a bit more complex and basically works by creating a top directory, unpacking in that top directory, switching to the gnupg-1.x.y directory, running "./autogen.sh --build-w32" and "make", switching back to the top directory, running a "mkdir dist-w32; mkdir iconv", copying the required iconv files (iconv.dll, README.iconv, COPYING.LIB) into the iconv directory, running gnupg-1.x.y/scripts/mk-w32-dist and voila, the installer package will be available in the dist-w32 directory. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Fri Nov 19 18:26:21 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 19 Nov 2010 18:26:21 +0100 Subject: Where is the webpage for GpgEx? In-Reply-To: (Bo Berglund's message of "Fri, 19 Nov 2010 11:39:22 +0100") References: <003901cb8719$ed495790$c7dc06b0$__27301.6794970774$1290084961$gmane$org@com> <20101118090201.0299ed5d__18970.2775249772$1290089031$gmane$org@scorpio> <0jdae6hrsm21dk0gi0pi7ue4p5gerkfqpi@4ax.com> <877hg9ejce.fsf__31972.0169915401$1290160275$gmane$org@vigenere.g10code.de> Message-ID: <874obdcjia.fsf@vigenere.g10code.de> On Fri, 19 Nov 2010 11:39, bo.berglund at gmail.com said: > Couldn't the installer then sense that GnuPG is installed already and > then offer not to install yet another copy of GnuPG??? There should be only one copy of GnuPG on a system. If you install a second one it is up to you to fix problems. The only recommended way to install GnuPG on a desktop Windows box is to use the gpg4win installer. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bo.berglund at gmail.com Fri Nov 19 20:05:40 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Fri, 19 Nov 2010 20:05:40 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?¿ References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> <20101118184849.04145675__21680.9725658552$1290124616$gmane$org@scorpio> Message-ID: <1dide691fah84bp7h8npqei731u01tbnq9@4ax.com> On Thu, 18 Nov 2010 18:48:49 -0500, Jerry wrote: >> Winzip 15. 9.0 is /way/ old and likely is having problems operating >> with the quite-new Windows 7. Microsoft made some very substantial >> changes to the way Windows works during the XP-to-Vista transition: I >> suspect that's what's hanging you up. >> > >A quick check would seem to indicate that WinZIP 11.x+ or newer is 64bit >compatible with Windows. Honestly, version 9.x is totally deprecated. I >use version 15 myself and it offers massive improvements, including a >few I requested myself. > I ordered an update for version 15 of my WinZip today (I am getting the upgrade offer emails all the time) so I got the version 15 setup file. But unfortunately for some reason the installer failed to start. I came a couple of dialogs into the sequence, but when I clicked Setup it worked for a few seconds, then died... :-( But this is really a sidetrack, the interoperability of the GPG tools and Windows Explorer in Win7X64 is what I am after... -- Bo Berglund Developer in Sweden From bo.berglund at gmail.com Fri Nov 19 20:07:18 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Fri, 19 Nov 2010 20:07:18 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709@sixdemonbag.org> <87fwuxekgh.fsf__8326.58629301495$1290158829$gmane$org@vigenere.g10code.de> <67kce61410hcil2kopc6m160f5pc92btbk@4ax.com> <87zkt5b4s3.fsf__32411.3769609996$1290187934$gmane$org@vigenere.g10code.de> Message-ID: On Fri, 19 Nov 2010 18:29:48 +0100, Werner Koch wrote: >On Fri, 19 Nov 2010 11:34, bo.berglund at gmail.com said: > >> But this is a *source* download, how do I get a binary to install in >> Windows7?? > >see doc/README.W32. For your convience I yank it here: > >How to build GnuPG from the source: >=================================== > >Until recently all official GnuPG versions have been build using the >Mingw32/CPD kit as available at >ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cpd-0.3.2.tar.gz . >However, for maintenance reasons we switched to Debian's mingw32 cross >compiler package and that is now the recommended way of building GnuPG >for W32 platforms. It might be possible to build it nativly on a W32 >platform but this is not supported. Please don't file any bug reports >if it does not build with any other system than the recommended one. > >According to the conditions of the GNU General Public License you >either got the source files with this package, a written offer to send >you the source on demand or the source is available at the same site >you downloaded the binary package. If you downloaded the package from >the official GnuPG site or one of its mirrors, the corresponding >source tarball is available in the sibling directory named gnupg. The >source used to build all versions is always the same and the version >numbers should match. If the version number of the binary package has >a letter suffix, you will find a patch file installed in the "Src" >directory with the changes relative to the generic version. > >The source is distributed as a BZIP2 or GZIP compressed tar archive. >See the instructions in file README on how to check the integrity of >that file. Wir a properly setup build environment, you unpack the >tarball change to the created directory and run > > $ ./autogen.sh --build-w32 > $ make > $ cp g10/gpg*.exe /some_windows_drive/ > >Building a version with the installer is a bit more complex and >basically works by creating a top directory, unpacking in that top >directory, switching to the gnupg-1.x.y directory, running >"./autogen.sh --build-w32" and "make", switching back to the top >directory, running a "mkdir dist-w32; mkdir iconv", copying the >required iconv files (iconv.dll, README.iconv, COPYING.LIB) into the >iconv directory, running gnupg-1.x.y/scripts/mk-w32-dist and voila, >the installer package will be available in the dist-w32 directory. > Fine, does Debian also mean Ubuntu? I have an Ubuntu 10 virtual machine available and I have heard thta Ubuntu is just a falvour of Debian.... -- Bo Berglund Developer in Sweden From gnupg.user at seibercom.net Fri Nov 19 20:57:59 2010 From: gnupg.user at seibercom.net (Jerry) Date: Fri, 19 Nov 2010 14:57:59 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <1dide691fah84bp7h8npqei731u01tbnq9@4ax.com> References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> <20101118184849.04145675__21680.9725658552$1290124616$gmane$org@scorpio> <1dide691fah84bp7h8npqei731u01tbnq9@4ax.com> Message-ID: <20101119145759.58e4cdee@scorpio> On Fri, 19 Nov 2010 20:05:40 +0100 Bo Berglund articulated: > I ordered an update for version 15 of my WinZip today (I am getting > the upgrade offer emails all the time) so I got the version 15 setup > file. > But unfortunately for some reason the installer failed to start. I > came a couple of dialogs into the sequence, but when I clicked Setup > it worked for a few seconds, then died... :-( Are you positive it died or did it just spawn a hidden window. I have had applications that have done that before. You also might try disabling any AV programs. Some are notorious for corrupting installations. In any event, their support is excellent, or at least it has always been for me. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From itsec.listuser at gmail.com Sat Nov 20 09:07:13 2010 From: itsec.listuser at gmail.com (Mike) Date: Sat, 20 Nov 2010 09:07:13 +0100 Subject: verify signature from Windows and Ubuntu does not work Message-ID: <1290240433.9047.4.camel@leonis> Hi I use IMAP for my mailbox and I am accessing this from Win/Outlook and Ubuntu/Evolution. When I get an email and I access it first with Outlook, then I can not verify the signature anymore in Ubuntu as the whole email got detached into a separate attachment. How can I resolve this? I could not find any options in gpg4win or kleopatra. -- Thanks for any hint Mike From expires2010 at ymail.com Sat Nov 20 15:30:10 2010 From: expires2010 at ymail.com (MFPA) Date: Sat, 20 Nov 2010 14:30:10 +0000 Subject: GPG on Windows 7? In-Reply-To: References: <1307608277.20101117211426__8208.37836149639$1290028667$gmane$org@my_localhost> Message-ID: <1917170461.20101120143010@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 18 November 2010 at 12:01:06 PM, in , Bo Berglund wrote: > On Wed, 17 Nov 2010 21:14:26 +0000, MFPA > wrote: > it is a big drawback that the Explorer shell > integration is missing. Now I have every time to > navigate a long way in order to encrypt a file instead > of doing it directly from Windows Explorer. I find it automatically starts looking in the directory where I last encrypted a file. Also, if you have the GPGtools window open, you can drag the file onto the "encrypt" icon... > Now another GPGshell problem: GPGshell insists on > showing all its dialogs in Swedish whereas I want them > to be in English. I tried to find a language > configuration dialog or something but failed. Is this > program really so stupid that it insists on using the > language of my keyboard layout as the dialog > language??? I can't belive it, so I ask if someone here > could explain how I can change it? In GPGshell's help file, section 3 Usage, paragraph 16 says:- "Translation-files (*.lng) in the application-directory will set the language. You can still choose other languages from the dropdown-box in "Preferences/GPGshell.../Interface", of course." In my case is the only choice; I see it all in English and have no *.lng files present. - -- Best regards MFPA mailto:expires2010 at ymail.com Confusion is always the most honest response -----BEGIN PGP SIGNATURE----- iQCUAwUBTOfbf6ipC46tDG5pAQr65AP3c7OiF0UAJzAwQOeKO3ErxYPayI+jH9WM MFDO5zgaFbQLWmljuQEhjdbfxx3+Mkk6BwsZcRkhTaKsKwSNaiDFn4wcsCi35OQC Rp4GRYvCKcg/hP7aliIlLU1vr57lrbaw06MuTIkBmr4tM/xJJWsD8X+s3S1aj+EB qjajvX9X+Q== =FQmR -----END PGP SIGNATURE----- From visual.wot at gmail.com Sat Nov 20 14:37:56 2010 From: visual.wot at gmail.com (Visual GPG WoT Project) Date: Sat, 20 Nov 2010 14:37:56 +0100 Subject: how can I export secret key as .p12? In-Reply-To: <1290240433.9047.4.camel@leonis> References: <1290240433.9047.4.camel@leonis> Message-ID: <4CE7CF34.4060308@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! (sorry if it is a repeated question but I can't find gpgsm for Win) How can I export my secret key as a .p12 file? (I'm working on Windows 7) Thanks! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkznzy0ACgkQoJCTUJhiBD8kswCgwqixu2LFeBMmMcOBN/krWG2W UssAoJJtpS2tLkvxoAN981hbTLNKG88a =gjAh -----END PGP SIGNATURE----- From goldismoney at gmx.com Sat Nov 20 14:36:28 2010 From: goldismoney at gmx.com (Gold IsMoney) Date: Sat, 20 Nov 2010 07:36:28 -0600 Subject: Help with GNU PGP - no password prompt when sending e-mails Message-ID: <4CE7CEDC.8000103@gmx.com> Hello everyone - I am using the following: OS: windows 7 / 64-bit E-mail client: Thunderbird3.1.6 GnuPG v1.4.10 (MingW32) and Enigmail 1.1.2 My problem is that when I send encrypted e-mails, I never receive a password prompt for the e-mail. I do receive the password prompt when actually opening up e-mails (received, or sent, or saved in some folder, etc.) and mine is set up to remember the password for x number of minutes, and that feature works fine. The issue is obvious - if it doesn't ask me for my password when sending e-mails, it means that anyone with access to my pc can go into Thunderbird and send encrypted e-mails, using my identity. Is this a bug, or is there some configuration somewhere that I need to change? From rjh at sixdemonbag.org Sat Nov 20 15:51:18 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 20 Nov 2010 09:51:18 -0500 Subject: Help with GNU PGP - no password prompt when sending e-mails In-Reply-To: <4CE7CEDC.8000103@gmx.com> References: <4CE7CEDC.8000103@gmx.com> Message-ID: <4CE7E066.7010807@sixdemonbag.org> On 11/20/2010 8:36 AM, Gold IsMoney wrote: > The issue is obvious - if it doesn't ask me for my password when sending > e-mails, it means that anyone with access to my pc can go into > Thunderbird and send encrypted e-mails, using my identity. It seems you're confusing encryption and signing. No passphrase is ever needed in order to encrypt a message to someone. You only need a passphrase when signing a message, to verify that it comes from you. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From ben at adversary.org Sat Nov 20 15:59:16 2010 From: ben at adversary.org (Ben McGinnes) Date: Sun, 21 Nov 2010 01:59:16 +1100 Subject: Help with GNU PGP - no password prompt when sending e-mails In-Reply-To: <4CE7CEDC.8000103@gmx.com> References: <4CE7CEDC.8000103@gmx.com> Message-ID: <4CE7E244.1020408@adversary.org> On 21/11/10 12:36 AM, Gold IsMoney wrote: > > The issue is obvious - if it doesn't ask me for my password when > sending e-mails, it means that anyone with access to my pc can go > into Thunderbird and send encrypted e-mails, using my identity. Is > this a bug, or is there some configuration somewhere that I need to > change? This is expected behaviour. You only enter your GPG passphrase when decrypting messages or signing messages. As for preventing others from sending mail when you're away from your computer, you should use a password to log in on boot or when waking the system from sleep/screensaver. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From goldismoney at gmx.com Sat Nov 20 16:41:48 2010 From: goldismoney at gmx.com (Gold IsMoney) Date: Sat, 20 Nov 2010 09:41:48 -0600 Subject: Help with GNU PGP - no password prompt when sending e-mails In-Reply-To: <4CE7E066.7010807@sixdemonbag.org> References: <4CE7CEDC.8000103@gmx.com> <4CE7E066.7010807@sixdemonbag.org> Message-ID: <4CE7EC3C.8090609@gmx.com> Thank you for the quick reply. You're right - I didn't realize the thing about signing since I usually don't use it. It makes perfect sense though - so I know now that if I receive an encrypted e-mail from a sender but it's only encrypted, not signed - all I know is that the sender has access to the private key.. not necessarily the password. It 'should' be the sender, but not necessarily. Thanks again! On 11/20/2010 8:51 AM, Robert J. Hansen wrote: > On 11/20/2010 8:36 AM, Gold IsMoney wrote: >> The issue is obvious - if it doesn't ask me for my password when sending >> e-mails, it means that anyone with access to my pc can go into >> Thunderbird and send encrypted e-mails, using my identity. > > It seems you're confusing encryption and signing. No passphrase is ever > needed in order to encrypt a message to someone. You only need a > passphrase when signing a message, to verify that it comes from you. > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xB21871F5.asc Type: application/pgp-keys Size: 1697 bytes Desc: not available URL: From expires2010 at ymail.com Sat Nov 20 16:56:03 2010 From: expires2010 at ymail.com (MFPA) Date: Sat, 20 Nov 2010 15:56:03 +0000 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <20101118105034.3e8701d3@scorpio> References: <20101118105034.3e8701d3@scorpio> Message-ID: <1235612087.20101120155603@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Thursday 18 November 2010 at 3:50:34 PM, in , Jerry wrote: > Maybe I missed it somewhere, but exactly why do you > feel "2.0.14" is unstable? They probably remember the GnuPG 1.4.x release announcements that used to include:- "GnuPG 1.4.x is the current stable branch and will be kept as the easy to use and build single-executable versions. We plan to backport new features from the development series to 1.4." - -- Best regards MFPA mailto:expires2010 at ymail.com Another person's secret is like another person's money: you are not as careful with it as you are with your own -----BEGIN PGP SIGNATURE----- iQCVAwUBTOfvnqipC46tDG5pAQqsjwQAoxK57qsOdoesbovI9+yiEw3OE/JUmPpp C5MHn4xQu/gU2Dq9iN95aQbffmTScN/BpPgEBI3/4kXs7vCp29+ILfWmMAo5CQBS 4o2zDU6TWLqO5ygqEwUO+F+FMZAwxSQVe/lI44to1Nf8NbalHB+GttyfF4OfFCaX kyKUzXzsmKY= =JO2g -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sat Nov 20 17:32:18 2010 From: faramir.cl at gmail.com (Faramir) Date: Sat, 20 Nov 2010 13:32:18 -0300 Subject: Help with GNU PGP - no password prompt when sending e-mails In-Reply-To: <4CE7EC3C.8090609@gmx.com> References: <4CE7CEDC.8000103@gmx.com> <4CE7E066.7010807@sixdemonbag.org> <4CE7EC3C.8090609@gmx.com> Message-ID: <4CE7F812.5050100@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 20-11-2010 12:41, Gold IsMoney escribi?: > Thank you for the quick reply. You're right - I didn't realize the > thing about signing since I usually don't use it. It makes perfect > sense though - so I know now that if I receive an encrypted e-mail from > a sender but it's only encrypted, not signed - all I know is that the > sender has access to the private key.. not necessarily the password. It > 'should' be the sender, but not necessarily. No, no, he didn't have access to any private key, he just had access to YOUR public key. To encrypt a message, I need access to the public key of the recipient, and since it is public, anyone can have access to it without any security risk. To sign a message, I need access to my own private key. To check a signature issued by someone else, I need access to the public key of the sender. To decrypt a message, I need access to my private key. To "prove" a message comes from somebody, the message should have a signature, otherwise it can come from anybody with access to the sender's e-mail account. To prevent people from signing things with your key (or reading your encrypted messages), you need to use a good password (more likely, a passphrase), and don't leave your computer alone while the password is cached in memory (you can set a short amount of time for it to be remembered, or you can clean the cached password before leaving). To prevent people from sending messages using your e-mail address, you can either: 1.- Protect your windows account with a password, and never leave the computer with your session open. 2.- Don't let Thunderbird store your e-mail account password (so you would have to enter it manually each and every time you want to use the e-mail account... very inconvenient). 3.- Protect Thunderbird's password database with a Master Password, and close Thunderbird each time you leave the computer alone. Keep in mind that, according to OpenPGP point of view (if I understood it right), your identity is checked by your signature, not by the e-mail account used to send the message. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJM5/gSAAoJEMV4f6PvczxAqI4H+wZxm/4U4VDYEPRXDAKavhj/ VztDPQA74hJkzCiB8z6FL9zSDd4iluxM7Mu43WQcm88H81iGS7ZpK3636wBlFreS Xu2PBF2bGuEmLPpg9ataoDytQMBYMb15z6VPBmKKogPCKvH2TcuP/U7dUGs9iv3N Z+aR4vl/tEFSP2N6ehYWbs55nFu4tAKQJbzv65Qyo008/nCs0xWpDZmAwfxJNjkr RpMV8OHmKEPTts78qXb4wtKaYt3acfN/pHop9LO57RyApi3bP47Xdjy+E6mxQtnp s4CJI3xgFAHvFEMNrv351GkYKktAYqVUjYIRbqyYm69oR4ti+7Idv7v23OB4ox0= =s7A9 -----END PGP SIGNATURE----- From gnupg.user at seibercom.net Sat Nov 20 20:17:03 2010 From: gnupg.user at seibercom.net (Jerry) Date: Sat, 20 Nov 2010 14:17:03 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? Message-ID: <20101120141703.04a5b959@scorpio> On Sat, 20 Nov 2010 15:56:03 +0000 MFPA articulated: > On Thursday 18 November 2010 at 3:50:34 PM, in > , Jerry wrote: > > > > Maybe I missed it somewhere, but exactly why do you > > feel "2.0.14" is unstable? > > They probably remember the GnuPG 1.4.x release announcements that used > to include:- > > "GnuPG 1.4.x is the current stable branch and will be kept as the > easy to use and build single-executable versions. We plan to > backport new features from the development series to 1.4." Interestingly enough, I was included in both the To: & Cc: fields of this posts; however, the mailing list itself was suspiciously absent. Obviously the poster failed to read or comprehend the disclaimer. In any case, they also probably missed this announcement: GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and S/MIME The emphasis would be on "new modularized version" My question was related to why the poster thought 2.x was unstable. His reply was to peruse the archives for some specific data. That search phenomena. It might well be worth pointing out that they also were related to a previously superseded version. Now, if that poster can show proof that the latest 2.x version is unstable we might have something to discuss. Otherwise, it is just yesterdays news. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From rjh at sixdemonbag.org Sat Nov 20 21:31:16 2010 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 20 Nov 2010 15:31:16 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <20101120141703.04a5b959@scorpio> References: <20101120141703.04a5b959@scorpio> Message-ID: <4CE83014.5000709@sixdemonbag.org> On 11/20/2010 2:17 PM, Jerry wrote: > Interestingly enough, I was included in both the To: & Cc: fields of > this posts; however, the mailing list itself was suspiciously absent. > Obviously the poster failed to read or comprehend the disclaimer. Given that the same message arrived in my mailbox from the list, sent to the list and cc'd to you, it seems you are in error. Whenever something seems absolutely obvious, nine times in ten it is not quite so. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5598 bytes Desc: S/MIME Cryptographic Signature URL: From bo.berglund at gmail.com Sun Nov 21 00:17:13 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Sun, 21 Nov 2010 00:17:13 +0100 Subject: Where is the webpage for GpgEx? References: <003901cb8719$ed495790$c7dc06b0$__27301.6794970774$1290084961$gmane$org@com> <20101118090201.0299ed5d__18970.2775249772$1290089031$gmane$org@scorpio> <0jdae6hrsm21dk0gi0pi7ue4p5gerkfqpi@4ax.com> <877hg9ejce.fsf__31972.0169915401$1290160275$gmane$org@vigenere.g10code.de> <874obdcjia.fsf__11188.4768157781$1290187923$gmane$org@vigenere.g10code.de> Message-ID: <8elge6p4mm0t7im6s6f978kjd7tvks8o00@4ax.com> On Fri, 19 Nov 2010 18:26:21 +0100, Werner Koch wrote: >On Fri, 19 Nov 2010 11:39, bo.berglund at gmail.com said: > >There should be only one copy of GnuPG on a system. If you install a >second one it is up to you to fix problems. The only recommended way to >install GnuPG on a desktop Windows box is to use the gpg4win installer. > I have a test PC (a virtual one) where I have already installed GPG4Win 1.1.4 (I think 2.5 years ago). I don't use it that much but I need it when I am travelling (the virtual machine is on a USB disk). So, I figured I could use it as a test platform by installing the latest GPG4Win on it, but how do I go about it? I have already the GnuPG 1.4.9 installed via GPG4Win and the newest comes with the 2.0.x version. Should I uninstall everything first or can I just run the installer and it will update everything for me? (Including the handling of my keyrings etc). -- Bo Berglund Developer in Sweden From gnupg.user at seibercom.net Sun Nov 21 00:24:41 2010 From: gnupg.user at seibercom.net (Jerry) Date: Sat, 20 Nov 2010 18:24:41 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <4CE83014.5000709@sixdemonbag.org> References: <20101120141703.04a5b959@scorpio> <4CE83014.5000709@sixdemonbag.org> Message-ID: <20101120182441.22a717b8@scorpio> On Sat, 20 Nov 2010 15:31:16 -0500 Robert J. Hansen articulated: > On 11/20/2010 2:17 PM, Jerry wrote: > > Interestingly enough, I was included in both the To: & Cc: fields of > > this posts; however, the mailing list itself was suspiciously > > absent. Obviously the poster failed to read or comprehend the > > disclaimer. > > Given that the same message arrived in my mailbox from the list, sent > to the list and cc'd to you, it seems you are in error. This is a snippet of the header from the post in question: From: MFPA To: "Jerry on GnuPG-Users" CC: "Jerry" Subject: Re: Gpg4Win 2.0.4 with GnuPG 1.4.11?? Date: Sat, 20 Nov 2010 15:56:03 +0000 Reply-To: MFPA X-Mailer: The Bat! (v4.0.38) Professional He prefixed the groups mailing address: with "Jerry on GnuPG-Users". For some reason, perhaps my settings on the group's subscription site page, or whatever, I never received the mailing to the group. When I originally perused the post, I mistakenly thought that both copies had been sent to me. I am not sure if the OP was trying to make it look like he did or what. Nor do I actually care. I have just created a rule that will send any Cc: from that user to the bit bucket. Problem solved. -- Jerry ? GNUPG.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. _____________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From bo.berglund at gmail.com Sun Nov 21 01:26:53 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Sun, 21 Nov 2010 01:26:53 +0100 Subject: Where is the webpage for GpgEx? References: <20101118090201.0299ed5d__18970.2775249772$1290089031$gmane$org@scorpio> <0jdae6hrsm21dk0gi0pi7ue4p5gerkfqpi@4ax.com> <877hg9ejce.fsf__31972.0169915401$1290160275$gmane$org@vigenere.g10code.de> <874obdcjia.fsf__11188.4768157781$1290187923$gmane$org@vigenere.g10code.de> <8elge6p4mm0t7im6s6f978kjd7tvks8o00__2698.19129393927$1290295158$gmane$org@4ax.com> Message-ID: On Sun, 21 Nov 2010 00:17:13 +0100, Bo Berglund wrote: >On Fri, 19 Nov 2010 18:26:21 +0100, Werner Koch wrote: > >>On Fri, 19 Nov 2010 11:39, bo.berglund at gmail.com said: >> >>There should be only one copy of GnuPG on a system. If you install a >>second one it is up to you to fix problems. The only recommended way to >>install GnuPG on a desktop Windows box is to use the gpg4win installer. >> > >I have a test PC (a virtual one) where I have already installed >GPG4Win 1.1.4 (I think 2.5 years ago). >I don't use it that much but I need it when I am travelling (the >virtual machine is on a USB disk). > >So, I figured I could use it as a test platform by installing the >latest GPG4Win on it, but how do I go about it? >I have already the GnuPG 1.4.9 installed via GPG4Win and the newest >comes with the 2.0.x version. > >Should I uninstall everything first or can I just run the installer >and it will update everything for me? >(Including the handling of my keyrings etc). I found a note in the help pages that I should uninstall first, which I did. Now I got version 2.0.4 installed and working, but with a very irritating misconfiguration: Some pages in Kleopatra and GpgEX display text in Swedish even though I selected English as the language during install. I have not yet found a way to fix this and curiously Kleopatra Configuration shows the same behaviour itself! All tabs excpet the rightmost are English, whereas this one is Swedish..... I want all of my windows and dialogs to speak English. :-( -- Bo Berglund Developer in Sweden From expires2010 at ymail.com Sun Nov 21 02:47:08 2010 From: expires2010 at ymail.com (MFPA) Date: Sun, 21 Nov 2010 01:47:08 +0000 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <20101120182441.22a717b8@scorpio> References: <20101120141703.04a5b959@scorpio> <4CE83014.5000709@sixdemonbag.org> <20101120182441.22a717b8@scorpio> Message-ID: <162551315.20101121014708@my_localhost> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi On Saturday 20 November 2010 at 11:24:41 PM, in , Jerry wrote: > This is a snippet of the header from the post in > question: > From: MFPA > To: "Jerry on GnuPG-Users" > CC: "Jerry" > Subject: Re: Gpg4Win 2.0.4 with GnuPG 1.4.11?? > Date: Sat, 20 Nov 2010 15:56:03 +0000 > Reply-To: MFPA > X-Mailer: The Bat! (v4.0.38) Professional Same format as any other posting I make to this list (except a thread starter). All taken care of automatically by message templates. And only differing from other lists I inhabit in two respects: this is the only list I post to that requires a "CC" to the previous poster, and the only one that doesn't reset the "Reply-To" header to the list address. > I have just created a rule that will send any Cc: from that user to the > bit bucket. Fair enough. I only offered a plausible answer to your musing as to why the thread starter considered the latest GnuPG 2.0.x version to be "unstable." It's beyond me why that shouls upset you so much. (-: - -- Best regards MFPA mailto:expires2010 at ymail.com I hit the CTRL key but I'm still not in control! -----BEGIN PGP SIGNATURE----- iQCVAwUBTOh6MqipC46tDG5pAQrzyQQAiSv7n+LtoEUIX/dOPLhFdeFPj1Jrzmbu W9eCOJGT13IUsxNDzwRgoR4P6Cify881wXRtiAN6NOEjCHqDNmOXOa2pJvro30Ug rR9GsOZj7Y//OdW91KNk4yGo3UYLkuDOZCJihwNGnbj+/h+hgdJ5xAdt2v1Q+7f4 riEzhcPAMd4= =0mJz -----END PGP SIGNATURE----- From dkg at fifthhorseman.net Sun Nov 21 03:02:39 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sat, 20 Nov 2010 21:02:39 -0500 Subject: OT: unusual mail reply header templates [was: Re: Gpg4Win 2.0.4 with GnuPG 1.4.11??] In-Reply-To: <20101120182441.22a717b8@scorpio> References: <20101120141703.04a5b959@scorpio> <4CE83014.5000709@sixdemonbag.org> <20101120182441.22a717b8@scorpio> Message-ID: <4CE87DBF.4010608@fifthhorseman.net> On 11/20/2010 06:24 PM, Jerry wrote: > He prefixed the groups mailing address: with > "Jerry on GnuPG-Users". Yes MFPA always seems to do that, for no reason that i understand. I find it unusual, unhelpful, and disorienting, but: meh. Not worth fighting about, and it's certainly not on-topic for this list. I'm responding to the list here to respect your Reply-To header, Jerry, but please respect mine on this thread and follow up off-list if you must follow up at all. Let's keep gnupg-users about helping people use GnuPG, not about discussing unusual mail user agent configurations that have nothing to do with OpenPGP or S/MIME. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From dkg at fifthhorseman.net Sun Nov 21 08:18:58 2010 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Sun, 21 Nov 2010 02:18:58 -0500 Subject: gpg --verify behaves differently when multiple signatures present with --batch Message-ID: <4CE8C7E2.4060009@fifthhorseman.net> when i have a set of OpenPGP signatures bundled together which have different validities, it looks like gpg behaves differently depending on if --batch is set or not. In particular, an invalid signature seems to terminate the entire --verify process (skipping later valid signatures) when --batch is set, but it does not terminate the verification process otherwise. Attached are two files: one is a simple shell script to demonstrate the problem (with embedded data and signature material), and a fake key used in the demonstrations. When i run it, i get the following output (AB means the good sig from the fake key occurs first, BA means the bad sig from my own key (D21739E9) happens first: > 0 dkg at pip:~/src/gmimetest/gmimetest$ ./demonstrate-flip > Testing without --batch: > ==AB== > [GNUPG:] SIG_ID 8Dv9B4/7/rdjgFrLYlRGhj31b3o 2010-11-21 1290318596 > [GNUPG:] GOODSIG FAF286F977F50B3B fake user > [GNUPG:] VALIDSIG FCD3E0AFA74EE527C61E0D34FAF286F977F50B3B 2010-11-21 1290318596 0 4 0 1 10 01 FCD3E0AFA74EE527C61E0D34FAF286F977F50B3B > [GNUPG:] TRUST_UNDEFINED > [GNUPG:] BADSIG CCD2ED94D21739E9 Daniel Kahn Gillmor > ==BA== > [GNUPG:] BADSIG CCD2ED94D21739E9 Daniel Kahn Gillmor > [GNUPG:] SIG_ID 8Dv9B4/7/rdjgFrLYlRGhj31b3o 2010-11-21 1290318596 > [GNUPG:] GOODSIG FAF286F977F50B3B fake user > [GNUPG:] VALIDSIG FCD3E0AFA74EE527C61E0D34FAF286F977F50B3B 2010-11-21 1290318596 0 4 0 1 10 01 FCD3E0AFA74EE527C61E0D34FAF286F977F50B3B > [GNUPG:] TRUST_UNDEFINED > Testing with --batch: > ==AB== > [GNUPG:] SIG_ID 8Dv9B4/7/rdjgFrLYlRGhj31b3o 2010-11-21 1290318596 > [GNUPG:] GOODSIG FAF286F977F50B3B fake user > [GNUPG:] VALIDSIG FCD3E0AFA74EE527C61E0D34FAF286F977F50B3B 2010-11-21 1290318596 0 4 0 1 10 01 FCD3E0AFA74EE527C61E0D34FAF286F977F50B3B > [GNUPG:] TRUST_UNDEFINED > [GNUPG:] BADSIG CCD2ED94D21739E9 Daniel Kahn Gillmor > ==BA== > [GNUPG:] BADSIG CCD2ED94D21739E9 Daniel Kahn Gillmor > 0 dkg at pip:~/src/gmimetest/gmimetest$ And if i use a test user that doesn't actually have a copy of D21739E9 in its keyring, then i get feedback from both signatures even in order BA with --batch (i suppose because the keyring can't tell that the signature for D21739E9 is bad). I see no good reason for --batch to cause gpg to terminate on the first badsig it sees, and no documentation justifying this behavior, so it seems like a bug to me. I tested this with gpg 1.4.11 and 2.0.14 on i386 GNU/Linux systems running the current debian testing (gpg itself from debian's experimental archive) Regards, --dkg -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: demonstrate-flip URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: fakekey.gpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 900 bytes Desc: OpenPGP digital signature URL: From bo.berglund at gmail.com Sun Nov 21 09:48:50 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Sun, 21 Nov 2010 09:48:50 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> Message-ID: <5klhe6dqtdb1nomipgtjgurmkq406lc6k1@4ax.com> On Thu, 18 Nov 2010 10:50:34 -0500, Jerry wrote: >On Thu, 18 Nov 2010 15:07:26 +0100 >Bo Berglund articulated: > >> Unfortunately the Gpg4Win 2.0.4 installer lets me choose if I want to >> install *all* of the extras by having a checkbox for each. But the >> GnuPG itself is *not* optional! And it installs the less stable 2.0.14 >> version... > >Maybe I missed it somewhere, but exactly why do you feel "2.0.14" is >unstable? I have been using gpg (GnuPG) 2.0.16 on my FreeBSD box >without a single problem. Prior to that, at one point in time, I did >have the older 1.x version installed. Updating to the newer 2.x versions >never caused a single problem. I realize that you are referring to a >different OS; however, I have not seen any definitive postings >regarding the "2.0.14" version's unsuitability to task in that OS. > Warning - Long answer: I tested GPG4Win 2.0.0 in Feb 2008 and found that: - The GpgOL plug-in made my Outlook 2003 crash - I read about the switch from GPG1 to GPG2 that there were many issues, so I assumed that the crashes were caused by GPG2 or/and GpgOL in that distribution. In previous versions of Gpg4Win using the GPG1 tree the GpgOL plug-in did not work all that well, it seemed to only work for me but not for my co-workers who were located on the corporate LAN. So we stopped using the Outlook plug-in. But to stop the crasches of Outlook we had to uninstall Gpg4Win 2.0.0 altogether and instead install Gpg4Win 1.1.4 (still not using the plug-in). I have been following (infrequently) the Gpg4Win development since then but all the time there have been disclaimers about the Outlook plug-in making me believe that it is not a worthwhile thing to use. But now that GPGee has disappeared from the Windows Explorer context menu on Windows 7 X64 I need to find some other solution to use for file encryption on Windows and with a GUI interface. This is the reason for this and a couple of other of my threads. Today I tested the version 2.0.4 on a virtual machine running XP-Pro SP3. Had to uninstall the previous 1.1.4 version first. It seemed to work for file encryption in my environment (actually my existing keyrings were carried over, which was one of my concerns regarding uninstalling). Then I connected a VPN channel to the company and started Outlook 2003, which is set up on this virtual machine to use Exchange mode. Then I made an email (simple one using the HTML editor) to my private address and set it to be encrypted. A new dialog popped up requesting me to select certificates for the recipient and twice for myself. Then it started sending the message, which took a while and then seemed to succeed. However, after a short time I received back an error message claiming that the recipient address could not be reached. So I made another email to the same recipient but without encryption. This succeeded without error messages. Only the last one actually reached my external account.... So my conclusion is that GpgOL is still not usable, but now at least it does not crash Outlook 2003. Question is if it does crash OL 2007 or 2010? For your information the system setup is as follows: My normal (non-virtual) system: - Windows XP Pro SP3 attached to the company domain - (The XP PC soon to be replaced with a Win7X64 one) - Outlook 2003 in POP3 mode, because I work 10000 km from the company - Internet connection by way of ADSL and a POP3 gateway in the firewall at the company Co-worker systems: - PC:s located on the company LAN - Windows XP and 7 in different combinations - Outlook 2003, 2007 and possibly 2010 - Email via Exchange server on company LAN - Internet connection via company firewall My best bet would probably be to test installing Gpg4Win 2.0.4 but making sure to unselect the GpgOL plug-in, I guess.... -- Bo Berglund Developer in Sweden From nathan.krasnopoler at gmail.com Sun Nov 21 10:31:21 2010 From: nathan.krasnopoler at gmail.com (Nathan Krasnopoler) Date: Sun, 21 Nov 2010 04:31:21 -0500 Subject: Remove a recipient from a message without viewing it Message-ID: Is there a way to remove a recipient from a message without having any of the private keys needed to view the message? For example, is message M is encrypted to Sam, John, and Bob as text C, I would like to output C_s that is M encrypted only to Sam, C_j that is M encrypted only to John, and C_b that is M encrypted only to Bob. If this is possible, I think it would also preserve any signatures on M. I would prefer to do this in a python interface, but a shell/gpg or a C interface is also workable. -- Nathan Krasnopoler From alphazo at gmail.com Sun Nov 21 13:55:55 2010 From: alphazo at gmail.com (Alphazo) Date: Sun, 21 Nov 2010 13:55:55 +0100 Subject: 10GB /var/log/messages.log Message-ID: Yesterday, after signing one message using my CryptoStick (OpenPGP card V2 + USB reader) I filled up my /var/log/messages.log with 10GB (that's a lot) of the same exact message: Nov 20 21:15:00 localhost pcscd: ccid_usb.c:613:WriteUSB() write failed (2/3): -9 Success In fact it was only 10GB because I didn't have any more space left on this partition. I also had /var/log/everything.log and /var/log/user.log with the same content. The line just before was: Nov 20 21:13:12 localhost kernel: usb 2-1.2: new full speed USB device using ehci_hcd and address 3 The only thing I remember is that I probably have removed the drive at some point. Has someone seen this behavior before? Alphazo -------------- next part -------------- An HTML attachment was scrubbed... URL: From dshaw at jabberwocky.com Sun Nov 21 17:05:33 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Sun, 21 Nov 2010 11:05:33 -0500 Subject: Remove a recipient from a message without viewing it In-Reply-To: References: Message-ID: On Nov 21, 2010, at 4:31 AM, Nathan Krasnopoler wrote: > Is there a way to remove a recipient from a message without having any > of the private keys needed to view the message? > > For example, is message M is encrypted to Sam, John, and Bob as text > C, I would like to output C_s that is M encrypted only to Sam, C_j > that is M encrypted only to John, and C_b that is M encrypted only to > Bob. > > If this is possible, I think it would also preserve any signatures on M. Yes, this is doable, but I don't know of any code already written to do it. OpenPGP encrypted messages are constructed of a number of packets, some containing other packets when opened. So for example, you can have an encrypted packet that contains a data packet, or an encrypted packet that contains a compressed packet that contains a data packet. In your case, I'd recommend experimenting with the 'gpgsplit' program that comes with GPG. It will break your message M into its component pieces, and you can re-stitch them together using 'cat' or the like. Run gpgsplit on your encrypted M, and you will end up with multiple files tagged "pk_enc", and one file tagged "encrypted". Each pk_enc is an encrypted session key for a particular recipient (Sam, John, or Bob). If you reassemble a single pk_enc with the encrypted file, you will have a message that is only readable by that recipient. The same thing can be done to put together an encrypted message that only two of your three recipients can handle - just include the appropriate pk_enc before the encrypted file You can see RFC-4880 for the internals of how packets are put together, if you're interested in the file details. David From lion at lion.leolix.org Sun Nov 21 16:54:17 2010 From: lion at lion.leolix.org (Philipp Schafft) Date: Sun, 21 Nov 2010 16:54:17 +0100 Subject: 10GB /var/log/messages.log In-Reply-To: References: Message-ID: <20101121155421.5063F7AAD6@priderock.keep-cool.org> reflum, On Sun, 2010-11-21 at 13:55 +0100, Alphazo wrote: > Yesterday, after signing one message using my CryptoStick (OpenPGP > card V2 + USB reader) I filled up my /var/log/messages.log with 10GB > (that's a lot) of the same exact message: > > > Nov 20 21:15:00 localhost pcscd: ccid_usb.c:613:WriteUSB() write > failed (2/3): -9 Success I don't know much about pcscd, but maybe there is a loop which should get a error counter. did restarting the process help? > In fact it was only 10GB because I didn't have any more space left on > this partition. I also had /var/log/everything.log > and /var/log/user.log with the same content. > > > The line just before was: > Nov 20 21:13:12 localhost kernel: usb 2-1.2: new full speed USB device > using ehci_hcd and address 3 > > > The only thing I remember is that I probably have removed the drive at > some point. Do you use rsyslogd? -- Philipp. (Rah of PH2) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 482 bytes Desc: This is a digitally signed message part URL: From alphazo at gmail.com Mon Nov 22 10:24:23 2010 From: alphazo at gmail.com (Alphazo) Date: Mon, 22 Nov 2010 10:24:23 +0100 Subject: 10GB /var/log/messages.log In-Reply-To: <20101121155421.5063F7AAD6@priderock.keep-cool.org> References: <20101121155421.5063F7AAD6@priderock.keep-cool.org> Message-ID: I use syslog-ng. This happened to me again today (very annoying). I really don't know what to do. Alphazo On Sun, Nov 21, 2010 at 4:54 PM, Philipp Schafft wrote: > reflum, > > On Sun, 2010-11-21 at 13:55 +0100, Alphazo wrote: > > Yesterday, after signing one message using my CryptoStick (OpenPGP > > card V2 + USB reader) I filled up my /var/log/messages.log with 10GB > > (that's a lot) of the same exact message: > > > > > > Nov 20 21:15:00 localhost pcscd: ccid_usb.c:613:WriteUSB() write > > failed (2/3): -9 Success > > I don't know much about pcscd, but maybe there is a loop which should > get a error counter. > > did restarting the process help? > > > > In fact it was only 10GB because I didn't have any more space left on > > this partition. I also had /var/log/everything.log > > and /var/log/user.log with the same content. > > > > > > The line just before was: > > Nov 20 21:13:12 localhost kernel: usb 2-1.2: new full speed USB device > > using ehci_hcd and address 3 > > > > > > The only thing I remember is that I probably have removed the drive at > > some point. > > Do you use rsyslogd? > > -- > Philipp. > (Rah of PH2) > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nboullis at debian.org Mon Nov 22 11:38:23 2010 From: nboullis at debian.org (Nicolas Boullis) Date: Mon, 22 Nov 2010 11:38:23 +0100 Subject: Remove a recipient from a message without viewing it In-Reply-To: References: Message-ID: <20101122103823.GD3695@tryphon.debian.net> Hi, On Sun, Nov 21, 2010 at 04:31:21AM -0500, Nathan Krasnopoler wrote: > Is there a way to remove a recipient from a message without having any > of the private keys needed to view the message? > > For example, is message M is encrypted to Sam, John, and Bob as text > C, I would like to output C_s that is M encrypted only to Sam, C_j > that is M encrypted only to John, and C_b that is M encrypted only to > Bob. > > If this is possible, I think it would also preserve any signatures on M. > > I would prefer to do this in a python interface, but a shell/gpg or a > C interface is also workable. For what it's worth, a few months ago, I decided to write a gpg-edit-recipients tool. I announced it on thi list (see http://www.mail-archive.com/gnupg-users at gnupg.org/msg13495.html). My project is on standby because I haven't seen much interest in this tool, but if you are really interested, I guess it could be resurrected. However, for your specific need, you don't even need such a tool, I think you may split your encrypted message with gpgsplit, and then concatenate the relevant packets together. Cheers, -- Nicolas Boullis From bo.berglund at gmail.com Mon Nov 22 19:52:44 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Mon, 22 Nov 2010 19:52:44 +0100 Subject: How can I drop a file for encryption on the GPA FileManager Message-ID: I have now installed Gpg4Win 2.0.4 on a Win7X64 machine where I previously had installed GnuPg 1.4.11. I first uninstalled GnuPG. My problem now is how to actually encrypt files when the Explorer pop-up menu is missing.... It would be OK if there was a way to start the GPA FileManager with a file path on the command line. Then I could add a manual entry in the Registry that would invoke the proper exe file with the selected file as the argument. I hope that the File Manager would show up with my file in the list of files to process. But I need to know which executable to start and what command line arguments to use. Can someone please enlight me on this? -- Bo Berglund Developer in Sweden From l_elcocks at hotmail.co.uk Mon Nov 22 19:59:36 2010 From: l_elcocks at hotmail.co.uk (Lee Elcocks) Date: Mon, 22 Nov 2010 18:59:36 +0000 Subject: How can I drop a file for encryption on the GPA FileManager In-Reply-To: References: Message-ID: Good Luck with GPG4win, i cannot find any decent documentation on how to use! and get no reply's from the GPG4Win mailing lists either. You can't sign and encrypt a file at the same time either through the command line so i had to abort and go back to PGP. Really annoyed i waisted my time on this. > To: gnupg-users at gnupg.org > From: bo.berglund at gmail.com > Subject: How can I drop a file for encryption on the GPA FileManager > Date: Mon, 22 Nov 2010 19:52:44 +0100 > > I have now installed Gpg4Win 2.0.4 on a Win7X64 machine where I > previously had installed GnuPg 1.4.11. I first uninstalled GnuPG. > > My problem now is how to actually encrypt files when the Explorer > pop-up menu is missing.... > > It would be OK if there was a way to start the GPA FileManager with a > file path on the command line. Then I could add a manual entry in the > Registry that would invoke the proper exe file with the selected file > as the argument. > > I hope that the File Manager would show up with my file in the list of > files to process. > > But I need to know which executable to start and what command line > arguments to use. > > Can someone please enlight me on this? > > > -- > Bo Berglund > Developer in Sweden > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bo.berglund at gmail.com Mon Nov 22 20:28:49 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Mon, 22 Nov 2010 20:28:49 +0100 Subject: How can I drop a file for encryption on the GPA FileManager References: Message-ID: On Mon, 22 Nov 2010 19:52:44 +0100, Bo Berglund wrote: >It would be OK if there was a way to start the GPA FileManager with a >file path on the command line. Then I could add a manual entry in the >Registry that would invoke the proper exe file with the selected file >as the argument. > >But I need to know which executable to start and what command line >arguments to use. Found the solution by experimentation: The GPA executable is gpa.exe (surprise!) in the GnuPG directory. I also found that if I send it a file on the command line it opens up the File Manager window rather than the key manager that is otherwise shown. So I have added the following to the registry to get a context menu item when selecting a file, which opens the GPA file manager. From there I can easily select the operation to be performed. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\GPA Manager] [HKEY_CLASSES_ROOT\*\shell\GPA Manager\command] @="C:\\Programs\\GnuPG\\gpa.exe \"%1\"" As you can see I have installed Gpg4Win *outside* the Program Files directory tree in order not to have Windows messing with my files. Hope this helps other Win7X64 users....' -- Bo Berglund Developer in Sweden From bo.berglund at gmail.com Mon Nov 22 20:39:24 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Mon, 22 Nov 2010 20:39:24 +0100 Subject: How can I drop a file for encryption on the GPA FileManager References: Message-ID: On Mon, 22 Nov 2010 18:59:36 +0000, Lee Elcocks wrote: > >Good Luck with GPG4win, i cannot find any decent documentation on how >to use! and get no reply's from the GPG4Win mailing lists either. >You can't sign and encrypt a file at the same time either through >the command line so i had to abort and go back to PGP. >Really annoyed i waisted my time on this. > I agree it is very strange because I too checked the checkboxes to deposit the "Kompendium" but after installation it is nowhere to be found! I wonder why they make an installer that does not deposit the user manual, especially if one checks that option in the setup screens.... But I have used it many years so I don't need the manual right now anyway. The Gpg4Win website has an on-line version of the documentation, which you might want to take a look at, though. My problems here come from the fact taht Microsoft in its wisdom has ruled that in Win7X64 no 32 bit plug-in will be allowed to the Windows Explorer, not even when running the 32 bit version. And the OpenSource people are really mostly interested in Linux solutions so they will probably not be in a hurry to fix this. That is why I embarked on my own search to solve the problem a bit. -- Bo Berglund Developer in Sweden From sonjamichelle at gmail.com Mon Nov 22 20:19:49 2010 From: sonjamichelle at gmail.com (Sonja Michelle Lina Thomas) Date: Mon, 22 Nov 2010 13:19:49 -0600 Subject: How can I drop a file for encryption on the GPA FileManager In-Reply-To: References: Message-ID: <4CEAC255.1030407@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I goto Start/All Programs/GPG4Win/GPA In the app that opens, I choose files from the toolbar. The next app's toolbar is self explanatory. you just browse to the file you want to work with through the open button on the toolbar. I can sign, encrypt, sign & encrypt, verify, decrypt all from the app's toolbar. ___________________________________________________ Sonja Michelle Lina Thomas sonjamichelle at gmail.com "I realized fear one morning, when the blare of the fox-hunters sound. When they are all chasing after the poor bloody fox, it's safer to be dressed like a hound." On 11/22/2010 12:52, Bo Berglund wrote: > I have now installed Gpg4Win 2.0.4 on a Win7X64 machine where I > previously had installed GnuPg 1.4.11. I first uninstalled GnuPG. > > My problem now is how to actually encrypt files when the Explorer > pop-up menu is missing.... > > It would be OK if there was a way to start the GPA FileManager with a > file path on the command line. Then I could add a manual entry in the > Registry that would invoke the proper exe file with the selected file > as the argument. > > I hope that the File Manager would show up with my file in the list of > files to process. > > But I need to know which executable to start and what command line > arguments to use. > > Can someone please enlight me on this? > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM6sJVAAoJEGJQ84dhuhIJOfUH/1crVodqEisn0YA27VHTHjQz kh8VoYRkMfZxhUMYzPrPlNR3fGVkmWTEwM0tqCHnELlQxomAsxTwSnOMRHH0x4gn 4/6ufr8fBYCo3U+/iXlKRdb3qlh4us5S+yYt53ZUMVFY3y+OmlBOmnVbXlXhJayi 9TNajXI3ikbdEDk9QWRjx8b89oFu7PdP3CVeWHugOeu0lkzrFIgJH1GmaftLt7nm 1HGUc8sB0jrO/2/nZ7lTseyXKrPWf1nvF9RBzU5uR9jKH2VGo36KDoIpzJMhpRiC 5JjTumeEe18RzEgVooII8GuZSQGvSL2MLgL7JXFRciaBVzCReFi1MJcemDhYHCU= =6zt0 -----END PGP SIGNATURE----- From bo.berglund at gmail.com Mon Nov 22 21:31:40 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Mon, 22 Nov 2010 21:31:40 +0100 Subject: How can I drop a file for encryption on the GPA FileManager References: Message-ID: <8kkle6t02764rlrqeqfob51kg352llansb@4ax.com> On Mon, 22 Nov 2010 20:39:24 +0100, Bo Berglund wrote: >On Mon, 22 Nov 2010 18:59:36 +0000, Lee Elcocks > wrote: > >> >>Good Luck with GPG4win, i cannot find any decent documentation on how >>to use! and get no reply's from the GPG4Win mailing lists either. >>You can't sign and encrypt a file at the same time either through >>the command line so i had to abort and go back to PGP. >>Really annoyed i waisted my time on this. >> >I agree it is very strange because I too checked the checkboxes to >deposit the "Kompendium" but after installation it is nowhere to be >found! >I wonder why they make an installer that does not deposit the user >manual, especially if one checks that option in the setup screens.... I WAS WRONG! I found that the installer creates 2 different start program folders, one named "GNU Privacy Guard" (which is the one I looked into) and one named "Gpg4win". In the latter is a Documentation subfolder where you can find full and extensive documentation! :-) Sorry for this misinformation! -- Bo Berglund Developer in Sweden From sonjamichelle at gmail.com Mon Nov 22 21:53:16 2010 From: sonjamichelle at gmail.com (Sonja Michelle Lina Thomas) Date: Mon, 22 Nov 2010 14:53:16 -0600 Subject: How can I drop a file for encryption on the GPA FileManager In-Reply-To: <8kkle6t02764rlrqeqfob51kg352llansb@4ax.com> References: <8kkle6t02764rlrqeqfob51kg352llansb@4ax.com> Message-ID: <4CEAD83C.3010805@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kleopatra which installs with GPG4win supports "drag & drop" file operation. I double click the icon in the systray, it brings up the Kleopatra window, I then drag/drop the file I want to work with on to the window. The appropriate dialog menu opens up upon mouse release. ___________________________________________________ Sonja Michelle Lina Thomas sonjamichelle at gmail.com "I realized fear one morning, when the blare of the fox-hunters sound. When they are all chasing after the poor bloody fox, it's safer to be dressed like a hound." On 11/22/2010 14:31, Bo Berglund wrote: -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJM6tg8AAoJEGJQ84dhuhIJCiQIALDgINEEomxgH+O8dl9KCh1f TRc0LVsn895KVUXotPifw+jkYJetgAhhSmswWni7x+k86nJ+xUMbX6wciWxnc9xa 04DNjfxD2WSPzv48IckW8K7q1JuYRHfUu/j1OF/nQa060pOUjh3eoB5TunRGChJ8 3rLgeZuGK4YUXd6H/x8YWToX/mVMQ420ftmkBKVemyPPwOMP0G0uI+mdQemSLZXP MiLQij8uY1XYja0P0KaZfzF4+bxt+ZsBEVZyUzuSifYtv++hduFYUFI99RE3lRup dNPM/yPUU7mYcBfsQWpCsmJhPWi28JBV2OhYA9y0YqTM9PS+qZIwhuqA7WO/R/Y= =bnv1 -----END PGP SIGNATURE----- From John at Mozilla-Enigmail.org Mon Nov 22 22:51:05 2010 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Mon, 22 Nov 2010 15:51:05 -0600 Subject: How can I drop a file for encryption on the GPA FileManager In-Reply-To: References: Message-ID: <4CEAE5C9.9030101@Mozilla-Enigmail.org> Lee Elcocks wrote: > Good Luck with GPG4win, i cannot find any decent documentation on how to > use! and get no replies from the GPG4Win mailing lists either. > You can't sign and encrypt a file at the same time either through the command > line so i had to abort and go back to PGP. You can't? It's documented near the top of gpg's man page :) gpg -se -u 0xdecafbad -r 0xdecafbad -r 0xdeadbeef somefile.txt Signs somefile.txt with 0xdecafbad and encrypts the result to both 0xdecafbad and 0xdeadbeef -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 499 bytes Desc: OpenPGP digital signature URL: From allan at archlinux.org Tue Nov 23 14:53:54 2010 From: allan at archlinux.org (Allan McRae) Date: Tue, 23 Nov 2010 23:53:54 +1000 Subject: trust level for validating signature with gpgme Message-ID: <4CEBC772.90001@archlinux.org> Hi, I am writing a piece of software that requires validating a signature of a file before using it. So far I have managed to use gpgme to validate a signature for a file, but only if the key that signed it has been given "ultimate" trust. Reducing the trust level to "full" results in the file not being validated. Looking at the gpgme_verify_result_t object returned from gpgme_op_verify_result shows that nothing is set in the summary or status bit vectors, and the validity is set to GPGME_VALIDITY_UNKNOWN. A possibility is that I am using the wrong field to determine the validity of the key. I am currently testing: (gpgme_verify_result_t->summary & GPGME_SIGSUM_VALID) Is that the correct approach? Thanks, Allan From wk at gnupg.org Tue Nov 23 20:14:52 2010 From: wk at gnupg.org (Werner Koch) Date: Tue, 23 Nov 2010 20:14:52 +0100 Subject: trust level for validating signature with gpgme In-Reply-To: <4CEBC772.90001@archlinux.org> (Allan McRae's message of "Tue, 23 Nov 2010 23:53:54 +1000") References: <4CEBC772.90001@archlinux.org> Message-ID: <87hbf7c0nn.fsf@vigenere.g10code.de> On Tue, 23 Nov 2010 14:53, allan at archlinux.org said: > validity of the key. I am currently testing: > (gpgme_verify_result_t->summary & GPGME_SIGSUM_VALID) > Is that the correct approach? That's fine. However if a key expired you won't get VALID. An expired key does not mean that the signature is not valid. Are more relaxed check is to check for the GPGME_SIGSUM_GREEN. To check what's wrong you should manually verify the signature: gpg --verify --status-fd 2 -v foo.gpg Gpgme watches the [GNUPG:] lines to get its idea of the signature status. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From dougb at dougbarton.us Wed Nov 24 00:48:52 2010 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 23 Nov 2010 15:48:52 -0800 Subject: Examine a key file In-Reply-To: <201011152239.10529@thufir.ingo-kloecker.de> References: <4CE1A458.9030608@sixdemonbag.org> <201011152239.10529@thufir.ingo-kloecker.de> Message-ID: <4CEC52E4.1070601@dougbarton.us> On 11/15/2010 13:38, Ingo Kl?cker wrote: > On Monday 15 November 2010, Robert J. Hansen wrote: >> On 11/15/2010 3:19 PM, Scott Lambdin wrote: >>> If I have a base 64 exported PGP key, how can I extract the >>> >>> descriptive data about the key without importing it? >> >> Never tested it, but this should work (or come close to working): >> >> gpg --dry-run -vvvv --import pubkey.asc > > Way too complicated. :-) > > The following is sufficient: > gpg -v References: <4CEBC772.90001@archlinux.org> <87hbf7c0nn.fsf@vigenere.g10code.de> Message-ID: <4CEC6B07.705@archlinux.org> On 24/11/10 05:14, Werner Koch wrote: > On Tue, 23 Nov 2010 14:53, allan at archlinux.org said: > >> validity of the key. I am currently testing: >> (gpgme_verify_result_t->summary& GPGME_SIGSUM_VALID) >> Is that the correct approach? > > That's fine. However if a key expired you won't get VALID. An expired > key does not mean that the signature is not valid. Are more relaxed > check is to check for the GPGME_SIGSUM_GREEN. > > To check what's wrong you should manually verify the signature: > > gpg --verify --status-fd 2 -v foo.gpg > > Gpgme watches the [GNUPG:] lines to get its idea of the signature > status. > Looking at this, I think it gpgme is validating the signature, just not at the trust level I (incorrectly?) expected. To clarify, /etc/pacman.d/gnupg/ is the keyring directory for my software and currently only has one key imported. If I set the trust level of that key to "ultimate" I get: > gpg --homedir=/etc/pacman.d/gnupg/ --status-fd 2 -v pacman.db.sig | grep GNUPG: [GNUPG:] SIG_ID MOkIXv87D7Hsngf6x2YP1R2/x3w 2010-11-23 1290492335 [GNUPG:] GOODSIG E9241FABC8A82D92 Allan McRae (Arch Linux) [GNUPG:] VALIDSIG 1A03113E773AA2652D2FA5DCE9241FABC8A82D92 2010-11-23 1290492335 0 4 0 1 2 00 1A03113E773AA2652D2FA5DCE9241FABC8A82D92 [GNUPG:] TRUST_ULTIMATE which succeeds in giving me GPGME_SIGSUM_VALID. If I change the level in trust to "full" (or anything else...), I get: > gpg --homedir=/etc/pacman.d/gnupg/ --status-fd 2 -v pacman.db.sig [GNUPG:] SIG_ID MOkIXv87D7Hsngf6x2YP1R2/x3w 2010-11-23 1290492335 [GNUPG:] GOODSIG E9241FABC8A82D92 Allan McRae (Arch Linux) [GNUPG:] VALIDSIG 1A03113E773AA2652D2FA5DCE9241FABC8A82D92 2010-11-23 1290492335 0 4 0 1 2 00 1A03113E773AA2652D2FA5DCE9241FABC8A82D92 [GNUPG:] TRUST_UNDEFINED with additional warning: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. So if I understand the output correctly, this is a good signature, just without a defined trust level. So that leads me to two queries: 1) I would have expected the trust level to be something like TRUST_FULL rather than TRUST_UNDEFINED. Is this because I have no signatures on that key or more specifically because I have no ultimately trusted key in the keyring signing that key? 2) It appears that getting GPGME_SIGSUM_VALID value requires the trust level to be defined. How can I just check whether the signature is valid regardless of the trust in the key used to sign it? Thanks, Allan From ldm at gmx.at Wed Nov 24 07:34:32 2010 From: ldm at gmx.at (Markus Krainz) Date: Wed, 24 Nov 2010 07:34:32 +0100 Subject: OpenVPN with OpenPGP card Message-ID: <4CECB1F8.6030503@gmx.at> Hi! I use the OpenPGP card for signing, encrypting and SSH and I like it a lot. However I find that OpenVPN does not have support for the card yet. :/ So I am forced to use scute, a PKCS #11 implementation for the OpenPGP card. Now my question is: would this work? Has anybody tried this successfully? Best Regards, Markus [1] http://acksyn.org/docs/smart-cards-openvpn.html [2] http://www.scute.org/index.xhtml From wk at gnupg.org Wed Nov 24 09:35:14 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 24 Nov 2010 09:35:14 +0100 Subject: OpenVPN with OpenPGP card In-Reply-To: <4CECB1F8.6030503@gmx.at> (Markus Krainz's message of "Wed, 24 Nov 2010 07:34:32 +0100") References: <4CECB1F8.6030503@gmx.at> Message-ID: <87d3pvazlp.fsf@vigenere.g10code.de> On Wed, 24 Nov 2010 07:34, ldm at gmx.at said: > However I find that OpenVPN does not have support for the card yet. :/ > So I am forced to use scute, a PKCS #11 implementation for the OpenPGP > card. > Now my question is: would this work? Has anybody tried this successfully? It may not work instantly but fixing it is not a big problem. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Wed Nov 24 09:49:58 2010 From: wk at gnupg.org (Werner Koch) Date: Wed, 24 Nov 2010 09:49:58 +0100 Subject: trust level for validating signature with gpgme In-Reply-To: <4CEC6B07.705@archlinux.org> (Allan McRae's message of "Wed, 24 Nov 2010 11:31:51 +1000") References: <4CEBC772.90001@archlinux.org> <87hbf7c0nn.fsf@vigenere.g10code.de> <4CEC6B07.705@archlinux.org> Message-ID: <878w0jayx5.fsf@vigenere.g10code.de> On Wed, 24 Nov 2010 02:31, allan at archlinux.org said: > 1) I would have expected the trust level to be something like > TRUST_FULL rather than TRUST_UNDEFINED. Is this because I have no > signatures on that key or more specifically because I have no > ultimately trusted key in the keyring signing that key? Signing the key is required to tell gpg that you trust the key. You may use the "lsign" command to do this only locally and not to announce it to the world. You also need to have a trust anchor; i.e. a key that is ultimately trusted. Check also the option --trusted-key. > 2) It appears that getting GPGME_SIGSUM_VALID value requires the trust > level to be defined. How can I just check whether the signature is > valid regardless of the trust in the key used to sign it? You mean to compare the signature against a known valid key, right? I suggest to compare the fingerprint of the signing key (member FPR in the result struct) against a list of valid fingerprints you keep in your application. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From allan at archlinux.org Wed Nov 24 10:10:47 2010 From: allan at archlinux.org (Allan McRae) Date: Wed, 24 Nov 2010 19:10:47 +1000 Subject: trust level for validating signature with gpgme In-Reply-To: <878w0jayx5.fsf@vigenere.g10code.de> References: <4CEBC772.90001@archlinux.org> <87hbf7c0nn.fsf@vigenere.g10code.de> <4CEC6B07.705@archlinux.org> <878w0jayx5.fsf@vigenere.g10code.de> Message-ID: <4CECD697.6090708@archlinux.org> On 24/11/10 18:49, Werner Koch wrote: > On Wed, 24 Nov 2010 02:31,allan at archlinux.org said: > >> > 1) I would have expected the trust level to be something like >> > TRUST_FULL rather than TRUST_UNDEFINED. Is this because I have no >> > signatures on that key or more specifically because I have no >> > ultimately trusted key in the keyring signing that key? > Signing the key is required to tell gpg that you trust the key. You may > use the "lsign" command to do this only locally and not to announce it > to the world. > > You also need to have a trust anchor; i.e. a key that is ultimately > trusted. Check also the option --trusted-key. > Thanks. That has clarified everything for me. It seems that my lack of understanding of the trust db was getting in the way... Allan From imranoffline at googlemail.com Wed Nov 24 11:25:16 2010 From: imranoffline at googlemail.com (Imran Khan) Date: Wed, 24 Nov 2010 11:25:16 +0100 Subject: minimum_ownertrust Message-ID: Hi, Can some one please guide what is the difference between ownertrust and minimum_ownertrust? My understanding is that ownertrust is explicitly assigned to a key while, minimum_ownertrust is computed from trust signatures(tsign) on the key.Have I interpreted it correctly? If this is the case, what is the minimum_ownertrust of ultimated trusted keys(i.e. user's own key for which secret key is available) for which there is no trust signature? Regards Imran Khan -------------- next part -------------- An HTML attachment was scrubbed... URL: From imranoffline at googlemail.com Wed Nov 24 10:57:42 2010 From: imranoffline at googlemail.com (Imran Khan) Date: Wed, 24 Nov 2010 10:57:42 +0100 Subject: minimum_ownertrust Message-ID: Hi, Can some one please guide what is the difference between ownertrust and minimum_ownertrust? My understanding is that ownertrust is explicitly assigned to a key while, minimum_ownertrust is computed from trust signatures on the key.Have I interpreted it correctly? If this is the case, what is the minimum_ownertrust of ultimated trusted keys(i.e. user's own key for which secret key is available) ? Regards Imran Khan -------------- next part -------------- An HTML attachment was scrubbed... URL: From DKaraluz at TC3HEALTH.com Tue Nov 23 16:06:11 2010 From: DKaraluz at TC3HEALTH.com (Dieter Karaluz) Date: Tue, 23 Nov 2010 07:06:11 -0800 Subject: Help with the --batch option... In-Reply-To: <87sjzsxcr0.fsf@vigenere.g10code.de> References: <0D4B946B6FDDC74481E8696C7CCA6C4208909233@cmexchange1.corp.tc3health.com> <87sjzsxcr0.fsf@vigenere.g10code.de> Message-ID: <0D4B946B6FDDC74481E8696C7CCA6C4208B23A0F@cmexchange1.corp.tc3health.com> Hi Werner, Sorry to bother you with this but we upgraded to 1.4.11 and now have a serious problem... Let me give you some background information... we have three scripts that run during the day: 1 - Scripts to decrypt files... 2 - Script to encrypt archive files with our key (American rules about personal information in claims) 3 - Script to encrypt and FTP outbound client files. These scripts are started by events and with 1.2 we never saw any problems (other than that one file that would not decrypt and made us upgrade). Since the upgrade we get a few failures a day where the encryption process produces a zero byte output file. When I look at my logs I see: gpg: fatal: can't read `C:/GnuPG\random_seed': No such file or directory secmem usage: 1696/1696 bytes in 5/5 blocks of pool 1696/32768 We then try the encryption script again and it runs fine. Now, we have tight deadlines and the manual process of rerunning files can potentially cause us to incur in financial penalties. So, before we roll back to 1.2 I was hoping you could shed some light into this problem... First of all, is the encryption process multithread able? All three scripts could potentially be started at the same time, and I could have two scripts encrypting different files at the same time. Any other thoughts? Here is the command line I executed: c:\gnupg\gpg -r ehs --batch --yes --output D:\TC3Utilities\Data\ftp\Work\EHSTC3201011221808004010PROF.TXT.pgp --encrypt D:\TC3Utilities\Data\ftp\Outb\EHSTC3201011221808004010PROF.TXT Any option I could use that would prevent this failure? Vielen Dank! Dieter -----Original Message----- From: Werner Koch [mailto:wk at gnupg.org] Sent: Wednesday, October 27, 2010 4:26 AM To: Dieter Karaluz Cc: gnupg-users at gnupg.org Subject: Re: Help with the --batch option... On Tue, 26 Oct 2010 22:30, DKaraluz at TC3HEALTH.com said: > We are running GPG 1.2.0 in production. We use it to decrypt all the That one is an 8 years old version and this 1.2 series entered end of life status 5 years ago. > 1 - What do I need to do with gpg 1.4.11 so that it will decrypt pgp > files in batch mode. With hundreds of files coming in daily it is just >From the command lines you posted 1.2. was not able to do this either. It might be that we chnaged something related to batch processing but that was a bug fix then. > so I don't know what was done with 1.2.0 to make it work fine with the > --batch option. Either no passpharse was set for the key or the option --passphrase-fd was used. What you can do is to remove the passphrase from the key or use one of the options: --passphrase-fd, --passphrase-file or --passphrase. > 2 - What fix was applied to 1.4.11 that solved the issue I am having > in 1.2.0, and is there an option I could pass to GNUPG 1.2.0 that > would correct or work around the issue? Too many changes over the years too quickly answer this. Likey candidates are: 2010-06-18 * parse-packet.c (skip_packet, parse_gpg_control): Take care of premature EOFs. Backport from trunk. 2009-05-05 * parse-packet.c (parse): Remove special treatment for compressed new style packets. Fixes bug#931. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From listen at story-games.at Wed Nov 24 12:35:06 2010 From: listen at story-games.at (Aaron Berthold) Date: Wed, 24 Nov 2010 12:35:06 +0100 Subject: Organizing groups of Keys Message-ID: <4CECF86A.5030009@story-games.at> In the last few months, I've become comfortable enough with GnuPG (using TB+Enigmail) for personal, small scale use but there are a couple of use cases I've yet to find good solutions to. I figured the people here on the List would know. ^_^ The basic issue is organizing the keys in my pubkey list, really. By default, all my key are there in one long list. I can search for them and I can order them by various criteria, but I wonder if there was a way to bunch keys together in groups, so that, for example, the keys of all my work buddies is in one group, all students keys in a second and so on. Is there a way to do this? Alternatively, is there a way to work with multiple-but-distinct keyrings without manually renaming the files and restarting the software when you want to switch? So I could have a keyring for work, one for study, etc. Assuming these are not possible, what are the alternative ways to easily manipulate large numbers of keys? I plan to organize a small (and hopefully later a larger) keysigning event for university, so I expect to get a whole bunch of keys that need to be imported into my keyring, exported into a keyring that people can download and import, turned into a list of participants with key data included so that people can compare and check them off at the event, and so on. Stuff like importing and exporting the keys can be adequately done in Enigmails GUI, but I'm sure there are easier and faster ways to do this in the command line. Also, some of that, like making the list of participating keys for people seems to call for a lot of manual copy-pasting, which I hope to evade. Thanks in advance, Aaron From listen at story-games.at Wed Nov 24 14:46:21 2010 From: listen at story-games.at (Aaron Berthold) Date: Wed, 24 Nov 2010 14:46:21 +0100 Subject: Organizing groups of Keys In-Reply-To: <787ad6b2cfc3243f26916a84b87192cb@imap.brueckenschlaeger.de> References: <4CECF86A.5030009@story-games.at> <787ad6b2cfc3243f26916a84b87192cb@imap.brueckenschlaeger.de> Message-ID: <4CED172D.4010402@story-games.at> On 2010-11-24 14:29, kardan wrote: > Maybe the orphaned gpgkeys is of help. Hmmm, while it's a nicely fast GUI, it doesn't really seem to do what i need. (Or at least I haven't found out how. So far it seems like a normal GPG frontend like GPA. > You can specify the keyfile as option like for gpgv2: > http://www.gnupg.org/documentation/manuals/gnupg-devel/gpgv.html > For using multiple keyfiles please read > http://lists.gnupg.org/pipermail/gnupg-users/2009-March/035923.html and > http://mareichelt.de/pub/notmine/subkeys.html Oh, that's usefull, so I could specify two pubkey files and both would be used normally at the same time? How does importing keys and other operations interact here? Will they go into the "default" keyring, can I specify what files it should go into, etc. > Use scripts or write your own in your favourite language. There are > libraries for perl, python and others. I'm only just learning how to program, so that's out of my league so far. (But defenitly something I plan to look into in the future.) > please have a look at jetring and signing-party. wotsap could be > interesting for you as well. Installed wotsap and signing-party and will check them out. jetsap sounds like it's a bit beyond what I need, as a full-fledged communal editing/changeset system seems rather overkill for me alone. Thanks a lot! Aaron From ben at adversary.org Wed Nov 24 14:53:32 2010 From: ben at adversary.org (Ben McGinnes) Date: Thu, 25 Nov 2010 00:53:32 +1100 Subject: Organizing groups of Keys In-Reply-To: <4CECF86A.5030009@story-games.at> References: <4CECF86A.5030009@story-games.at> Message-ID: <4CED18DC.7020906@adversary.org> On 24/11/10 10:35 PM, Aaron Berthold wrote: > In the last few months, I've become comfortable enough with GnuPG (using > TB+Enigmail) for personal, small scale use but there are a couple of use > cases I've yet to find good solutions to. I figured the people here on > the List would know. ^_^ > > The basic issue is organizing the keys in my pubkey list, really. By > default, all my key are there in one long list. I can search for them > and I can order them by various criteria, but I wonder if there was a > way to bunch keys together in groups, so that, for example, the keys of > all my work buddies is in one group, all students keys in a second and > so on. > > Is there a way to do this? Yes, it is possible to specify groups in your gpg.conf file and there is some documentation in that file: # Group names may be defined like this: # group mynames = paige 0x12345678 joe patti # # Any time "mynames" is a recipient (-r or --recipient), it will be # expanded to the names "paige", "joe", and "patti", and the key ID # "0x12345678". Note there is only one level of expansion - you # cannot make an group that points to another group. Note also that # if there are spaces in the recipient name, this will appear as two # recipients. In these cases it is better to use the key ID. Enigmail provides similar functionality via the Per-Recipient Rules. > Alternatively, is there a way to work with multiple-but-distinct > keyrings without manually renaming the files and restarting the software > when you want to switch? So I could have a keyring for work, one for > study, etc. You can specify an additional keyring with the --keyring command, but I believe that this is just an addition to the default keyring(s) and not an override. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From fladerer at fnb.tu-darmstadt.de Wed Nov 24 19:05:12 2010 From: fladerer at fnb.tu-darmstadt.de (Michael Fladerer) Date: Wed, 24 Nov 2010 19:05:12 +0100 Subject: Organizing groups of Keys In-Reply-To: <4CED18DC.7020906@adversary.org> References: <4CECF86A.5030009@story-games.at> <4CED18DC.7020906@adversary.org> Message-ID: <20101124180512.GD2088@fnb.tu-darmstadt.de> On Thu Nov 25, 2010 at 00:53:32 +1100, Ben McGinnes wrote: > On 24/11/10 10:35 PM, Aaron Berthold wrote: > > > Alternatively, is there a way to work with multiple-but-distinct > > keyrings without manually renaming the files and restarting the software > > when you want to switch? So I could have a keyring for work, one for > > study, etc. > > You can specify an additional keyring with the --keyring command, but > I believe that this is just an addition to the default keyring(s) and > not an override. The gpg manpage says: (...) --keyring file Add file to the current list of keyrings. (...) If the intent is to use the specified keyring alone, use --keyring along with --no-default-keyring. HTH. Cheers, Michael From dshaw at jabberwocky.com Wed Nov 24 19:56:39 2010 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 24 Nov 2010 13:56:39 -0500 Subject: minimum_ownertrust In-Reply-To: References: Message-ID: On Nov 24, 2010, at 4:57 AM, Imran Khan wrote: > Hi, > Can some one please guide what is the difference between ownertrust and minimum_ownertrust? > My understanding is that ownertrust is explicitly assigned to a key while, minimum_ownertrust is computed from trust signatures on the key.Have I interpreted it correctly? Yes. And the ownertrust can only be set to a level equal to or above the minimum ownertrust. > If this is the case, what is the minimum_ownertrust of ultimated trusted keys(i.e. user's own key for which secret key is available) ? Unknown - it depends on whether there are any trust signatures on the key. Just making it ultimately trusted (or the presence of a secret key) doesn't change the minimum. David From ben at adversary.org Wed Nov 24 20:19:17 2010 From: ben at adversary.org (Ben McGinnes) Date: Thu, 25 Nov 2010 06:19:17 +1100 Subject: Organizing groups of Keys In-Reply-To: <20101124180512.GD2088@fnb.tu-darmstadt.de> References: <4CECF86A.5030009@story-games.at> <4CED18DC.7020906@adversary.org> <20101124180512.GD2088@fnb.tu-darmstadt.de> Message-ID: <4CED6535.2080708@adversary.org> On 25/11/10 5:05 AM, Michael Fladerer wrote: > > The gpg manpage says: > > (...) > --keyring file > Add file to the current list of keyrings. (...) > > If the intent is to use the specified keyring alone, use --keyring > along with --no-default-keyring. > > HTH. Oh, cool, thanks. I must admit that I didn't look much into this. Most of my keyring, though by no means all, is just for verifying signatures. Obviously I'd prefer more people encrypted by default, but I suspect signed email will always outnumber encrypted (and signed) email. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From kloecker at kde.org Wed Nov 24 21:48:47 2010 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Wed, 24 Nov 2010 21:48:47 +0100 Subject: Examine a key file In-Reply-To: <4CEC52E4.1070601@dougbarton.us> References: <201011152239.10529@thufir.ingo-kloecker.de> <4CEC52E4.1070601@dougbarton.us> Message-ID: <201011242148.48752@thufir.ingo-kloecker.de> On Wednesday 24 November 2010, Doug Barton wrote: > On 11/15/2010 13:38, Ingo Kl?cker wrote: > > On Monday 15 November 2010, Robert J. Hansen wrote: > >> On 11/15/2010 3:19 PM, Scott Lambdin wrote: > >>> If I have a base 64 exported PGP key, how can I extract the > >>> > >>> descriptive data about the key without importing it? > >> > >> Never tested it, but this should work (or come close to working): > >> > >> gpg --dry-run -vvvv --import pubkey.asc > > > > Way too complicated. :-) > > > > The following is sufficient: > > gpg -v > Are you sure? Using gpg2 I just tested your command, and Robert's. > His worked. :) Yes, I'm sure. I did test my command. And I have just verified with a completely empty keyring that it also works for keys that are not already in the keyring. FWIW, # gpg --version gpg (GnuPG) 2.0.12 libgcrypt 1.4.4 Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From free10pro at gmail.com Thu Nov 25 01:33:03 2010 From: free10pro at gmail.com (Paul Richard Ramer) Date: Wed, 24 Nov 2010 16:33:03 -0800 Subject: verify signature from Windows and Ubuntu does not work In-Reply-To: <1290240433.9047.4.camel@leonis> References: <1290240433.9047.4.camel@leonis> Message-ID: <4CEDAEBF.30400@gmail.com> Sat, 20 Nov 2010 09:07:13 +0100, Mike wrote: > I use IMAP for my mailbox and I am accessing this from Win/Outlook and > Ubuntu/Evolution. > > When I get an email and I access it first with Outlook, then I can not > verify the signature anymore in Ubuntu as the whole email got detached > into a separate attachment. > > How can I resolve this? > I could not find any options in gpg4win or kleopatra. When you say that the e-mail got detached into a separate attachment, are you talking about the copy of the e-mail that is stored on your computer or the message that is stored on the mail server? -Paul -- PGP ID: 3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D88 From free10pro at gmail.com Thu Nov 25 01:32:38 2010 From: free10pro at gmail.com (Paul Richard Ramer) Date: Wed, 24 Nov 2010 16:32:38 -0800 Subject: GPG 4 Win In-Reply-To: References: Message-ID: <4CEDAEA6.8000409@gmail.com> Thu, 18 Nov 2010 11:44:56 +0000, Lee Elcocks wrote: > I have finaly managed to import PKSC12 files into GPGSM. Is their a > way of importing OpenPGP keys into GPGSM? No. GPGSM is for CMS and S/MIME; GnuPG is for OpenPGP and PGP/MIME. > The client insists that we use RSA keys using openSSL and bundle into > > P.12 Files, their public key are come as .txt files, they will ont > import into GPGSM, but will import into GPG no problem, so i assume > they are open PGP keys, that is indeed what Kleopatra displays. If the key that you were importing into GnuPG were not an OpenPGP key it would give the following error. gpg: no valid OpenPGP data found. Given the fact that you were successful in importing the key into GnuPG, it must be an OpenPGP certificate. A way of examining a file to see if it is an OpenPGP certificate is to use "gpg --list-packets certificate_file". If the certificate is valid, gpg will output a bunch of information about the various data packets in the file. -Paul -- PGP ID: 3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884 From itsec.listuser at gmail.com Thu Nov 25 08:28:05 2010 From: itsec.listuser at gmail.com (Mike) Date: Thu, 25 Nov 2010 08:28:05 +0100 Subject: verify signature from Windows and Ubuntu does not work In-Reply-To: <4CEDAEBF.30400@gmail.com> References: <1290240433.9047.4.camel@leonis> <4CEDAEBF.30400@gmail.com> Message-ID: <1290670085.17664.4.camel@leonis> On Wed, 2010-11-24 at 16:33 -0800, Paul Richard Ramer wrote: > Sat, 20 Nov 2010 09:07:13 +0100, Mike wrote: > > I use IMAP for my mailbox and I am accessing this from Win/Outlook and > > Ubuntu/Evolution. > > > > When I get an email and I access it first with Outlook, then I can not > > verify the signature anymore in Ubuntu as the whole email got detached > > into a separate attachment. > > > > How can I resolve this? > > I could not find any options in gpg4win or kleopatra. > > When you say that the e-mail got detached into a separate attachment, > are you talking about the copy of the e-mail that is stored on your > computer or the message that is stored on the mail server? The procedure is as following: 1) I receive an email on the IMAP server (plain text only, no attachment, but signed with gnupg) 2) In Outlook I see the email, there is no attachment 3) When I click on the email the signature gets verified, verification successful 4) The verification process makes a new email, the old one is deleted (I see this on the server) and the new one has the plain text as body and the whole email (all headers, body and pgp-signature) as attachment called winmail.dat. 5) This email can still be verified (gpg signature) in Outlook but it can not be verified on any other client like evolution or thunderbird (on win or linux) All this happens on the server as I access it via imap only. Is this standard behaviour or are there any options in Gpg4win? Thanks, Mike From bo.berglund at gmail.com Thu Nov 25 13:03:39 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 25 Nov 2010 13:03:39 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> <20101118184849.04145675__21680.9725658552$1290124616$gmane$org@scorpio> <1dide691fah84bp7h8npqei731u01tbnq9@4ax.com> <20101119145759.58e4cdee__18845.0307389305$1290197210$gmane$org@scorpio> Message-ID: On Fri, 19 Nov 2010 14:57:59 -0500, Jerry wrote: >On Fri, 19 Nov 2010 20:05:40 +0100 >Bo Berglund articulated: > >> I ordered an update for version 15 of my WinZip today (I am getting >> the upgrade offer emails all the time) so I got the version 15 setup >> file. >> But unfortunately for some reason the installer failed to start. I >> came a couple of dialogs into the sequence, but when I clicked Setup >> it worked for a few seconds, then died... :-( > >Are you positive it died or did it just spawn a hidden window. I have >had applications that have done that before. You also might try >disabling any AV programs. Some are notorious for corrupting >installations. In any event, their support is excellent, or at least it >has always been for me. It is very strange, but I have solved it now. The install file you download is a Winzip self-extracting exe setup file and when executed it comes as far as to present the form with a "Setup" button. When this is clicked the application thinks for a while and then disappears... Since it was the selfextracting type I used 7zip to open it as an archive and fould a number of files including an msi. So I extracted them all to an empty folder and ran the msi instead. Then the installation proceeded. Very strange. One wonders if the WinZip people really tested the installer on Win7X64??? And I used the WinZip support form to enter two issues, but there is absolutely no response! No good support in my view. -- Bo Berglund Developer in Sweden From gnupg.user at seibercom.net Thu Nov 25 13:43:20 2010 From: gnupg.user at seibercom.net (Jerry) Date: Thu, 25 Nov 2010 07:43:20 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: References: <20101118105034.3e8701d3__47650.5967592404$1290095529$gmane$org@scorpio> <3ekae6tlfcnq9bkhsgnlmt9l2hmq83d7e8@4ax.com> <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> <20101118184849.04145675__21680.9725658552$1290124616$gmane$org@scorpio> <1dide691fah84bp7h8npqei731u01tbnq9@4ax.com> <20101119145759.58e4cdee__18845.0307389305$1290197210$gmane$org@scorpio> Message-ID: <20101125074320.0569d4bb@scorpio> On Thu, 25 Nov 2010 13:03:39 +0100 Bo Berglund articulated: > And I used the WinZip support form to enter two issues, but there is > absolutely no response! No good support in my view. Interesting! 1) Are you a registered user of WinZIP; i.e. user of the commercial version. 2) How long did you wait to receive a response? On a non critical problem, and this was clearly not critical since you did get the application installed, 6 -10 days is reasonable. I have submitted reports to KDE and waited months without any resolution, but that is another topic. In any case, since this is a holiday season in the USA, I would reasonably expect a longer period of time on non critical problems. 3) Were you attempting to run the self extractor as a privileged user? I have seen the process die with other self extracting files in similar cases, although they do usually give some sort of warning message. Unfortunately, that message window is often behind the main window and the user never checks for it. simple dismissing the main application closes the secondary windows thereby leaving the end user clusless as to the problem. 4) I assume you did check the system log files. What error message(s) were entered? Do you still have a copy of that self-extracting file that you were unable to execute. Could you please send it to me. I would like to try it on one of my systems and see what transpires. The one I downloaded from the WinZIP site worked fine here. One last thing, did you check your SPAM folder. GMail is notorious for screwing up non-spam mail. I have heard of numerous occasions where notices from WinZIP get stuck in there until listed the. A simple "*@winzip.com" should work. -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From reinhard.irmer at kabelmail.de Thu Nov 25 14:02:34 2010 From: reinhard.irmer at kabelmail.de (Reinhard Irmer) Date: Thu, 25 Nov 2010 14:02:34 +0100 Subject: setting gpg.conf strictly Message-ID: <000f01cb8ca1$0751b650$15f522f0$@irmer@kabelmail.de> Hi list, I have installed GnuPG v.2.0.16 (from Gpgwin 2.1.0b) and GnuPG v.1.4.11 (from GnuPT) on same PC -winxp SP3. Both working well, but I recognized that both versions are using the files in directory c:\docs and apps\\apps\gnupt version 1.4\. Whats to do, to make 2.0.16 using its userfile in ..\apps\gnupg version 2 and 1.4.11 using its above? -- regards Reinhard --- ein Ritter vom Nie [Monty Python] --- From wk at gnupg.org Thu Nov 25 21:02:43 2010 From: wk at gnupg.org (Werner Koch) Date: Thu, 25 Nov 2010 21:02:43 +0100 Subject: GPG 4 Win In-Reply-To: <4CEDAEA6.8000409@gmail.com> (Paul Richard Ramer's message of "Wed, 24 Nov 2010 16:32:38 -0800") References: <4CEDAEA6.8000409@gmail.com> Message-ID: <87d3pt5fz0.fsf@vigenere.g10code.de> On Thu, 25 Nov 2010 01:32, free10pro at gmail.com said: > No. GPGSM is for CMS and S/MIME; GnuPG is for OpenPGP and PGP/MIME. No. GPGSM is for CMS and S/MIME; GPG is for OpenPGP and PGP/MIME. GnuPG is the entire system which provides tools for S/MIME (GPGSM), OpenPGP (GPG) as well as some other tools (e.g. Secure Shell Agent). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From bo.berglund at gmail.com Thu Nov 25 23:35:34 2010 From: bo.berglund at gmail.com (Bo Berglund) Date: Thu, 25 Nov 2010 23:35:34 +0100 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? References: <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> <20101118184849.04145675__21680.9725658552$1290124616$gmane$org@scorpio> <1dide691fah84bp7h8npqei731u01tbnq9@4ax.com> <20101119145759.58e4cdee__18845.0307389305$1290197210$gmane$org@scorpio> <20101125074320.0569d4bb__15760.9830298044$1290689086$gmane$org@scorpio> Message-ID: <3mote6hph0bikf6f2p3rgri24get3qumkl@4ax.com> On Thu, 25 Nov 2010 07:43:20 -0500, Jerry wrote: >On Thu, 25 Nov 2010 13:03:39 +0100 >Bo Berglund articulated: > >> And I used the WinZip support form to enter two issues, but there is >> absolutely no response! No good support in my view. > >Interesting! > >1) Are you a registered user of WinZIP; i.e. user of the commercial >version. Yes I am, that is why I keep getting the emails offering special deals on upgrades all the time... >2) How long did you wait to receive a response? On a non critical >problem, and this was clearly not critical since you did get the >application installed, 6 -10 days is reasonable. I have submitted >reports to KDE and waited months without any resolution, but that is >another topic. In any case, since this is a holiday season in the USA, >I would reasonably expect a longer period of time on non critical >problems. Well, I'd say it was not more than a few days... >3) Were you attempting to run the self extractor as a privileged user? >I have seen the process die with other self extracting files in similar >cases, although they do usually give some sort of warning message. >Unfortunately, that message window is often behind the main window and >the user never checks for it. simple dismissing the main application >closes the secondary windows thereby leaving the end user clusless as >to the problem. I don't remember now if UAC popped up the acceptance window or not. But I definitely did not right click and select "Run as administrator". >4) I assume you did check the system log files. What error message(s) >were entered? No, I did not. Didn't even occur to me that this would be something one could do. >Do you still have a copy of that self-extracting file that you were >unable to execute. Could you please send it to me. I would like to try >it on one of my systems and see what transpires. The one I downloaded >from the WinZIP site worked fine here. The W7 machine is in the office. It is a new laptop I received in September after my old XP laptop died. It has W7x64 and I am still trying to get used to te differences. Have had a hard time to tweak it into behaving at least similar to my old XP systems... The download is still there.... I could check if the one available directly on their website is the same, though. Is your email a real one? (gnupg.user at seibercom.net) Seems a bit odd. >One last thing, did you check your SPAM folder. GMail is notorious for >screwing up non-spam mail. I have heard of numerous occasions where >notices from WinZIP get stuck in there until listed the. A simple >"*@winzip.com" should work. Well, I don't use GMail except for things like mail lists and the like. The request was directed towards my "real" email account. -- Bo Berglund Developer in Sweden From ldm at gmx.at Fri Nov 26 05:26:03 2010 From: ldm at gmx.at (Markus Krainz) Date: Fri, 26 Nov 2010 05:26:03 +0100 Subject: OpenVPN with OpenPGP card In-Reply-To: <87d3pvazlp.fsf@vigenere.g10code.de> References: <4CECB1F8.6030503@gmx.at> <87d3pvazlp.fsf@vigenere.g10code.de> Message-ID: <4CEF36DB.5050605@gmx.at> Hi! On 2010-11-24 09:35, Werner Koch wrote: > On Wed, 24 Nov 2010 07:34, ldm at gmx.at said: >> However I find that OpenVPN does not have support for the card yet. :/ >> So I am forced to use scute, a PKCS #11 implementation for the OpenPGP card. >> Now my question is: would this work? Has anybody tried this successfully? > It may not work instantly but fixing it is not a big problem. This is great news. How do you know this? Are you affiliated with scute? Best Regards, Markus From ldm at gmx.at Fri Nov 26 07:24:10 2010 From: ldm at gmx.at (Markus Krainz) Date: Fri, 26 Nov 2010 07:24:10 +0100 Subject: OpenPGP card and poldi-ctrl Message-ID: <4CEF528A.6000005@gmx.at> Hi, I want to do login with my OpenPGP card. So I am following some tutorial on how to do this with Ubuntu (see [1]) but the howto seems outdated and I get an error: poldi-ctrl: error: unknown option '--register-card' poldi-ctrl: error: parsing argument vector failed: Unknown option So I thought maybe I have to build from source which I did from svn://cvs.gnupg.org/poldi/trunk poldi-trunk but this poldi-ctrl does not know the option "'--register-card" either. So what I did was read the textinfo files and added my serial to /etc/poldi/localdb/users. This did not help either. After a quick edit of etc/pam.d/common-auth I still cannot authenticate. I found very litte documentation and discussion regarding poldi on the web and would be happy if someone could shed some light onto this issue. Regards, Markus [1], (German): http://wiki.ubuntuusers.de/Authentifizierung_OpenPGP_SmartCard From ben at adversary.org Fri Nov 26 08:00:51 2010 From: ben at adversary.org (Ben McGinnes) Date: Fri, 26 Nov 2010 18:00:51 +1100 Subject: Trouble compiling idea.c Message-ID: <4CEF5B23.8020903@adversary.org> Hello, I've been set some mail using an old, but still valid key, using IDEA. The last time I used IDEA was a long time ago and now I've finally found the need to compile it for my current system. The problem is that it doesn't seem able to compile on my MacBook Pro (OS X 10.5.8). It fails with this error: bash-3.2$ gcc -Wall -O2 -shared -fPIC -o idea idea.c Undefined symbols: "_main", referenced from: start in crt1.10.5.o ld: symbol(s) not found collect2: ld returned 1 exit status bash-3.2$ gcc -Wall -O2 -shared -fPIC -DBIG_ENDIAN_HOST -o idea idea.c Undefined symbols: "_main", referenced from: start in crt1.10.5.o ld: symbol(s) not found collect2: ld returned 1 exit status bash-3.2$ I tried the second even though it's an Intel system, just to be sure. To answer the obvious question, I have no intention of using IDEA to encrypt anything (even though it would be legal here), I just want to read what was sent to me. So, my question is what do I need to add or tweak to fix this? Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From itsec.listuser at gmail.com Fri Nov 26 07:40:55 2010 From: itsec.listuser at gmail.com (Mike Korizek) Date: Fri, 26 Nov 2010 07:40:55 +0100 Subject: forwarding a signed email Message-ID: <4CEF5677.4070208@gmail.com> Hi Is it possible to forward a digitally signed email without loosing the signature information of the email? Thanks, Mike From olav at mozilla-enigmail.org Fri Nov 26 08:46:01 2010 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Fri, 26 Nov 2010 08:46:01 +0100 Subject: forwarding a signed email In-Reply-To: <4CEF5677.4070208@gmail.com> References: <4CEF5677.4070208@gmail.com> Message-ID: <4CEF65B9.1070402@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Mike, > Is it possible to forward a digitally signed email without loosing the > signature information of the email? Yes, inline/cleartext signed messages may just be forwarded as they are (as attachment or as copy, just don't quote them ;-) ). PGP/MIME signed messages should be forwarded as attachment in order not to lose the sig. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJM72W2AAoJEKGX32tq4e9WFLoL/2z7rDsIhD90Ozq7T95iUeop qSV+w2NmWWpQdqKWRPWxHwNQjoW0xrk+0dJBsRpRukkvN/nqJjErJBQ+wgP25EZj pdHQOCBMTGJDsZsoVD5PkwYXz3l7ZgPJlPCPEgDzvF+3UkEIX0R0UxlWYSb6Jxu1 jG/TzXurcaOEJG72JjnDU77XJYQ0+koAdYvm34IZWfJddVKk31UG1IXhhZeF4OPt o9l1vv1Ofu0qtfOk252SRL0n0X1qred4ZChH30Khhj0hSYgMQ8gt9ivJU5/UxQLY 6ayLAMu1vjMo6T9L7tZ9oco0EdpE5BPRPxSU63AYMNq680fYk5DJCo8PSXxKeMQK 4v/IVYe97wURqlaexisqaqDvaf/od+TDkqssv83DPk8YD242Hdlss6xbiOaKJtXy UitZsftwp3woLVSVjbwJTg8uw7lejrS9iohXpZD5dZ1tVn6LbMJcGTd+Y0HQK6ga l74ecJGgZyF6XK9zHfhuTouRllb/bQztKKEUBlCcgg== =+NrO -----END PGP SIGNATURE----- From ben at adversary.org Fri Nov 26 11:21:23 2010 From: ben at adversary.org (Ben McGinnes) Date: Fri, 26 Nov 2010 21:21:23 +1100 Subject: Trouble compiling idea.c In-Reply-To: <4CEF5B23.8020903@adversary.org> References: <4CEF5B23.8020903@adversary.org> Message-ID: <4CEF8A23.8010709@adversary.org> On 26/11/10 6:00 PM, I wrote: > > So, my question is what do I need to add or tweak to fix this? The answer, it seems, is don't try to tweak anything. Instead do a completely fresh extraction and installation from source, no messing around with make clean and reconfiguring in a previously compiled source directory. Thanks go to Charly for the the off-list reply. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: From gnupg.user at seibercom.net Fri Nov 26 16:44:37 2010 From: gnupg.user at seibercom.net (Jerry) Date: Fri, 26 Nov 2010 10:44:37 -0500 Subject: Gpg4Win 2.0.4 with GnuPG 1.4.11?? In-Reply-To: <3mote6hph0bikf6f2p3rgri24get3qumkl@4ax.com> References: <4CE55B5B.1010709__4136.06318547881$1290099633$gmane$org@sixdemonbag.org> <2babe61d2q9j0kudt8f4kjirvmvihs9qjp@4ax.com> <4CE5AE00.5050503@sixdemonbag.org> <20101118184849.04145675__21680.9725658552$1290124616$gmane$org@scorpio> <1dide691fah84bp7h8npqei731u01tbnq9@4ax.com> <20101119145759.58e4cdee__18845.0307389305$1290197210$gmane$org@scorpio> <20101125074320.0569d4bb__15760.9830298044$1290689086$gmane$org@scorpio> <3mote6hph0bikf6f2p3rgri24get3qumkl@4ax.com> Message-ID: <20101126104437.021c45d2@scorpio> On Thu, 25 Nov 2010 23:35:34 +0100 Bo Berglund articulated: {snip} You might be interested in this URL if you are still experiencing problems, or if you just want to get a handle on what the problem might be with the WinZIP installation. http://kb.winzip.com/kb/entry/142/ -- Jerry ? GNUPG.user at seibercom.net _____________________________________________________________________ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. From wk at gnupg.org Fri Nov 26 21:46:38 2010 From: wk at gnupg.org (Werner Koch) Date: Fri, 26 Nov 2010 21:46:38 +0100 Subject: OpenVPN with OpenPGP card In-Reply-To: <4CEF36DB.5050605@gmx.at> (Markus Krainz's message of "Fri, 26 Nov 2010 05:26:03 +0100") References: <4CECB1F8.6030503@gmx.at> <87d3pvazlp.fsf@vigenere.g10code.de> <4CEF36DB.5050605@gmx.at> Message-ID: <8762vj6cep.fsf@vigenere.g10code.de> On Fri, 26 Nov 2010 05:26, ldm at gmx.at said: > This is great news. How do you know this? Are you affiliated with scute? Check the ChangeLog; you should find mail addresses of my company. Marcus Brinkmann did most of the work. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From itsec.listuser at gmail.com Sat Nov 27 01:07:24 2010 From: itsec.listuser at gmail.com (Mike Korizek) Date: Sat, 27 Nov 2010 01:07:24 +0100 Subject: forwarding a signed email In-Reply-To: <4CEF65B9.1070402@mozilla-enigmail.org> References: <4CEF5677.4070208@gmail.com> <4CEF65B9.1070402@mozilla-enigmail.org> Message-ID: <4CF04BBC.70707@gmail.com> On 11/26/2010 08:46 AM, Olav Seyfarth wrote: >> Is it possible to forward a digitally signed email without loosing the >> signature information of the email? > > Yes, inline/cleartext signed messages may just be forwarded as they are > (as attachment or as copy, just don't quote them ;-) ). PGP/MIME signed > messages should be forwarded as attachment in order not to lose the sig. Hi Olav I did some tests with different email clients by forwarding it as attachment. Unfortunately the clients add different content-disp, -type. E.g. Evolution makes a content-disp inline whereas Thunderbird makes a content-type rfc822. I need to pares the email with perl in order to extract the original email so I can verify the signature - Any idea how to do that in a generic way (I use Mail::GPG). Thanks, Mike From olav at mozilla-enigmail.org Sat Nov 27 01:15:47 2010 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sat, 27 Nov 2010 01:15:47 +0100 Subject: forwarding a signed email In-Reply-To: <4CF04BBC.70707@gmail.com> References: <4CEF5677.4070208@gmail.com> <4CEF65B9.1070402@mozilla-enigmail.org> <4CF04BBC.70707@gmail.com> Message-ID: <4CF04DB3.60206@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Mike, > Any idea how to do that in a generic way (I use Mail::GPG). no. sorry. Sombody else any thoughts on "forward signed message"? Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGcBAEBAwAGBQJM8E2sAAoJEKGX32tq4e9WFAcL/AkqtUHp4ZDjg6T2i0qkNr0T 04Tlgpn/k8zaBRp+A83NsUlMoozvSTN37uxCQH4UGQ8KH6KGXFuEdMEEilYBncMK igScR8UADaCGMGaIgsRqq8lXc2GALKUfMYVc358vF83YZ2dlVfktr/jCOpaVUGBu W38aAAGi7c8e9TucFE8eqR0Sbd/lcnAiFLSugBHc+nxvGjN5OdsJa889CYgu4Qw3 s6a/FSDTMwmNXhqc0igJV7i7ijZ8s5esCW3SIZongfQ1TJUJq86bKZyQUSMLrEwE 77EBx1I38WBhR4uRzC2Etkkbe4rO+eSZUplXYMbgGedQnWn78NClNkMv2Hh6Ns4u CDzXM3zRZ654uvhhMDbinfWDi2ECH2TwN84OPAbnddgBFQd8pjemucNgLGczjdr3 Kijous65+TCWO9W04vjiUNlnhbWGolDgXfpJ6/oUXINRIvTV3/+LHyThq0T8Piri 66eTa86CW3J14rEHum7nyonKpKTHkkwQlTNLmXBHOw== =bcSf -----END PGP SIGNATURE----- From alphazo at gmail.com Sat Nov 27 08:31:13 2010 From: alphazo at gmail.com (Alphazo) Date: Sat, 27 Nov 2010 08:31:13 +0100 Subject: OpenPGP card and poldi-ctrl Message-ID: Hi Markus, Poldi tutorials are outdated. The new versions is configured differently. Poldi 0.4.1 works flawlessly with my Cryptostick token (OpenPGP card V2) for PAM authentication I used the default /etc/poldi/poldi.conf *auth-method localdb log-file /var/log/poldi.log debug scdaemon-program /usr/bin/scdaemon * Added one line to /etc/poldi/localdb/users with CryptoStick's serial number (get it from gpg --card status | grep Application) : *D1234678912346789123467891234678 alpha* And they dumped the public key from my Cryptostick into poldi local db: *sudo poldi-ctrl -k > /etc/poldi/localdb/keys/* D1234678912346789123467891234678 The rest is pretty standard as it requires to modify pam configuration files. I keep the possibility to log in with password for the moment so I just added in /etc/pam.d/gdm /etc/pam.d/login /etc/pam.d/sudo /etc/pam.d/gnome-screensaver: *auth sufficient pam_poldi.so* That's it really! One more thing, for better stability I recommend to disable opensc daemon when using Cryptostick. I had it enabled because I was playing with a PKCSC#11 token and got all sort of problems. I also had opensc-pkcs11.so module loaded in Thunderbird that had a tendency to restart opensc daemon also. So best is to disable it too. -------------- next part -------------- An HTML attachment was scrubbed... URL: From itsec.listuser at gmail.com Sat Nov 27 09:55:50 2010 From: itsec.listuser at gmail.com (Mike Korizek) Date: Sat, 27 Nov 2010 09:55:50 +0100 Subject: forwarding a signed email In-Reply-To: <4CF0C518.8080106@gbenet.com> References: <4CEF5677.4070208@gmail.com> <4CEF65B9.1070402@mozilla-enigmail.org> <4CF04BBC.70707@gmail.com> <4CF0C518.8080106@gbenet.com> Message-ID: <4CF0C796.9090300@gmail.com> On 11/27/2010 09:45 AM, david at gbenet.com wrote: > An idea, > > Why not go "View" then "Message source" then select all text then copy > and paste into new msg I did it like this in order to test my program which verifies the signature; it works fine. Now I want to parse the email via perl, so I used Mail::GPG which has an excellent parser. Again, the content-type and -disposition of attachments is not set consistently by different email clients. Now I check for content-disp inline and content-type rfc822 - but who knows which other clients use which disp/type... today I will also check with Outlook... ;-) Thanks for any hint. Mike From kloecker at kde.org Sat Nov 27 13:00:37 2010 From: kloecker at kde.org (Ingo =?iso-8859-1?q?Kl=F6cker?=) Date: Sat, 27 Nov 2010 13:00:37 +0100 Subject: forwarding a signed email In-Reply-To: <4CF04BBC.70707@gmail.com> References: <4CEF5677.4070208@gmail.com> <4CEF65B9.1070402@mozilla-enigmail.org> <4CF04BBC.70707@gmail.com> Message-ID: <201011271300.38414@thufir.ingo-kloecker.de> On Saturday 27 November 2010, Mike Korizek wrote: > On 11/26/2010 08:46 AM, Olav Seyfarth wrote: > >> Is it possible to forward a digitally signed email without loosing > >> the signature information of the email? > > > > Yes, inline/cleartext signed messages may just be forwarded as they > > are (as attachment or as copy, just don't quote them ;-) ). > > PGP/MIME signed messages should be forwarded as attachment in > > order not to lose the sig. > > Hi Olav > > I did some tests with different email clients by forwarding it as > attachment. > > Unfortunately the clients add different content-disp, -type. > E.g. Evolution makes a content-disp inline whereas Thunderbird makes > a content-type rfc822. The value of Content-Disposition is irrelevant and shouldn't cause any problems. The correct Content-Type for attached messages is message/rfc822. FWIW, KMail sets Content-Type message/rfc822 and Content-Disposition inline when forwarding messages as attachment. > I need to pares the email with perl in order to extract the original > email so I can verify the signature - KMail can verify signatures of forwarded signed messages out-of-the-box. It nicely displays a signed forwarded message (including the signature status) inline in the enclosing signed message. In fact, this works for arbitrary deeply nested signed and/or encrypted messages. Think Matryoshka doll. :-) Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From holger.naether at mac.com Tue Nov 30 23:56:14 2010 From: holger.naether at mac.com (=?iso-8859-1?Q?Holger_N=E4ther?=) Date: Tue, 30 Nov 2010 23:56:14 +0100 Subject: Passwords are unwillingly being saved throughout session Message-ID: <5782E20A-BB2B-4105-8494-997639BA3E3E@mac.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, I have a feeling something is not working for me as I intend it to, or as it was probably planned by the programmer. My system details: Operating system: Mac OS X 10.6.5 GPG version: 2.0.16 libgcrypt version: 1.4.6 GPGMail version: 1.3.1 When I boot up the system and start a program using gpg for the first time (after reboot), ie. Mail.app or PSI.app, everything is normal. To sign or encrypt requires my pass-phrase, as I also need it to verify or to decrypt. But after that I am not asked for the pass-phrase again. I can close the programs completely and restart them, pinentry does not show up anymore and the signing/encryption/verification/decryption is done without the necessity of my pass-phrase. I can even log out of my user session and back in, and the same situation. Only after a complete reboot of the computer, I am asked exactly once per program for my pass-phrase. It seems to be stored somewhere, but I have no idea where. I don't want it to be stored, I want to enter it, whenever needed. I have checked within GPGMail, where the option to always ask for the phrase is set. I have checked the Keychain.app, but no phrase is stored there. I have checked the net, but am not getting any hits since ... well, I have to admit I'm not even sure how to pass my question on to google; what to search for. I hope one of you might have experienced something like this before and can give me a short hint as to where to look. Thanks and best regards, Holger -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJM9YEXAAoJENVOU/3eUfz6w/wP/iVE0zkAYv/sU9f4KsotC8aD G9fwA33DfpRb+DJZIEvU6Kd5/EZC073+X+QdxpmMRaasZo5v/T54e/tNVgSUwHAp 6b2D69ix+2BnFCoh2Agj2ivm0QXu5j5CvbKMq4CYNuqZgVWx1KqZxWDmnrGJrDjC RirOkV+jwqobBj/SeQqK3ElLzsrLO3svAfDHZ/uUQ0KW1OzFFMPxmZET3Cv9WYNl oGnbdJu7+n9raGEuyYYF8V93XVZanCkdeWUY2paF7eX7nD247nRGpcEACD0fhOsq ruDKEYjRLOTkwHCFEefLwS/9rzgsILtqHriBVy+ZHZZottqu7WDw9GqFy/0OXAwB 5t6UTlFVUBCLvjmttrFSfx18Np8f2QNsoPtblmG8PE94LSwMbLTNH3IWSdm3JWWu UBX2am9IoK1KXaCYPjyoHXOd1wHpUWSx02PuDS/sgFjrzk8HjabPJIwACY5fjLXt DEyTTONImkBbOoyM09Re62UJllFzj1keVMfYgJlwzIlEO4TWmUYWKM248HyGu2eZ 2JN/AYP9a9UhdfFKY7bmryKk0cc6aNzXGfnK1YtDsIADX4aTiXqwUQ2nSmh5+PBe 5SeDdXaqgB4SA2SzgPlAZNaNNA9phtWXhVQDba4dZ6FTWBSh7PYHFAwpNwoTKSwA IIENi005e4o3nquUc8xM =ZIiU -----END PGP SIGNATURE-----