From philip.g.potter at gmail.com  Mon Apr  1 11:53:02 2013
From: philip.g.potter at gmail.com (Philip Potter)
Date: Mon, 1 Apr 2013 10:53:02 +0100
Subject: Why does gpg use so much entropy from /dev/random?
In-Reply-To: <31762549.FrQsYA0V6r@inno>
References: <CAEOFFnLvHzvBVw_tZD6XkVX9wZqF2jw9taEEde_re+DTeeALyA@mail.gmail.com>
 <31762549.FrQsYA0V6r@inno>
Message-ID: <CAEOFFn+fNA8mksKN5AwGzEKDbo=re18aMa++fnAdCDDSm5KYnA@mail.gmail.com>

Thanks very much, I didn't know about the --gen-random command and the
quality level option. I'll have a look at the source code and see if I can
understand further.

Can you set the quality level for other generation commands, or just for
--gen-random?


On 31 March 2013 18:33, Hauke Laging <mailinglisten at hauke-laging.de> wrote:

> Am So 31.03.2013, 10:45:54 schrieb Philip Potter:
>
> > GPG uses /dev/random as its entropy source. It pulls a lot of entropy
> from
> > this source. More entropy, in fact, than the linux /dev/random manpage
> > suggests it should. Quoting from the manpage:
>
> I don't know the gpg source, the following (3) is just a guess.
>
>
> > Recently when generating a 2048-bit key, I got a message that GPG needed
> > 280 *bytes* more entropy. This is far more than 256 bits.
>
> 1) If you don't do anything special then two keys are generated (mainkey
> and
> subkey).
>
> 2) A 2048 bit RSA key is supposed to be as secure as a 112 bit symmetric
> key.
> I don't know whether you can map a 112 bit symmetric key directly to RSA
> key
> values. You need find primes after all. Maybe the algorithm to do that
> consumes additional entropy.
>
> 3) Who knows how random the /dev/random output really is? I guess that the
> entropy quality can be increased by consuming more ("make one good bit
> from 16
> bad bits").
>
> strace -e trace=open,read gpg --armor --gen-random 0 16
> [...]
> open("/dev/urandom", O_RDONLY)          = 3
> read(3, "\332\376J\314\1[\357\n7ee\303\372\3555h", 16) = 16
>
>
> strace -e trace=open,read gpg --armor --gen-random 1 16
> [...]
> open("/dev/urandom", O_RDONLY)          = 3
> read(3, "\3471=\307+n\3656\204\31!\232\270\303\324[", 16) = 16
>
> (Strange. Werner, have I found a bug? :-)  )
>
>
> strace -e trace=open,read gpg --armor --gen-random 2 16
> [...]
> open("/dev/random", O_RDONLY)           = 4
> read(4, "\1\362P\231..."..., 300) = 128
> read(4, "+7m\2314|\353..."..., 172) = 128
> read(4, "\233\272~\237\..."..., 44) = 44
>
> So we see: If high quality entropy is required then gpg reads
> (128+128+44)/16=18.75 times as much entropy from /dev/random as demanded.
>
>
> Hauke
> --
> ?
> PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
> http://www.openpgp-schulungen.de/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130401/fa720aaa/attachment-0001.html>

From mailinglisten at hauke-laging.de  Mon Apr  1 12:00:13 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Mon, 01 Apr 2013 12:00:13 +0200
Subject: Why does gpg use so much entropy from /dev/random?
In-Reply-To: <CAEOFFn+fNA8mksKN5AwGzEKDbo=re18aMa++fnAdCDDSm5KYnA@mail.gmail.com>
References: <CAEOFFnLvHzvBVw_tZD6XkVX9wZqF2jw9taEEde_re+DTeeALyA@mail.gmail.com>
 <31762549.FrQsYA0V6r@inno>
 <CAEOFFn+fNA8mksKN5AwGzEKDbo=re18aMa++fnAdCDDSm5KYnA@mail.gmail.com>
Message-ID: <2623788.cLzX86sZ9J@inno>

Am Mo 01.04.2013, 10:53:02 schrieb Philip Potter:

> Can you set the quality level for other generation commands, or just for
> --gen-random?

None that I know of. Doesn't make sense elsewhere IMHO, too.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130401/67ef897f/attachment.sig>

From philip.g.potter at gmail.com  Mon Apr  1 12:16:28 2013
From: philip.g.potter at gmail.com (Philip Potter)
Date: Mon, 1 Apr 2013 11:16:28 +0100
Subject: Why does gpg use so much entropy from /dev/random?
In-Reply-To: <31762549.FrQsYA0V6r@inno>
References: <CAEOFFnLvHzvBVw_tZD6XkVX9wZqF2jw9taEEde_re+DTeeALyA@mail.gmail.com>
 <31762549.FrQsYA0V6r@inno>
Message-ID: <CAEOFFnLcObi897OTZCDFDMna5p-7oQ=_Mh5qPGaVBzBCszAfcw@mail.gmail.com>

On 31 March 2013 18:33, Hauke Laging <mailinglisten at hauke-laging.de> wrote:
> strace -e trace=open,read gpg --armor --gen-random 0 16
> [...]
> open("/dev/urandom", O_RDONLY)          = 3
> read(3, "\332\376J\314\1[\357\n7ee\303\372\3555h", 16) = 16
>
>
> strace -e trace=open,read gpg --armor --gen-random 1 16
> [...]
> open("/dev/urandom", O_RDONLY)          = 3
> read(3, "\3471=\307+n\3656\204\31!\232\270\303\324[", 16) = 16
>
> (Strange. Werner, have I found a bug? :-)  )

Having done a little digging, I think I can shed a little light on
this. From libgcrypt/src/gcrypt.h.in:

/* The possible values for the random quality.  The rule of thumb is
   to use STRONG for session keys and VERY_STRONG for key material.
   WEAK is usually an alias for STRONG and should not be used anymore
   (except with gcry_mpi_randomize); use gcry_create_nonce instead. */
typedef enum gcry_random_level
  {
    GCRY_WEAK_RANDOM = 0,
    GCRY_STRONG_RANDOM = 1,
    GCRY_VERY_STRONG_RANDOM = 2
  }
gcry_random_level_t;

The levels provided to --gen-random correspond to the values of this
enum.  As the comment indicates, for most purposes level 0 and 1 do
the same thing.

> strace -e trace=open,read gpg --armor --gen-random 2 16
> [...]
> open("/dev/random", O_RDONLY)           = 4
> read(4, "\1\362P\231..."..., 300) = 128
> read(4, "+7m\2314|\353..."..., 172) = 128
> read(4, "\233\272~\237\..."..., 44) = 44
>
> So we see: If high quality entropy is required then gpg reads
> (128+128+44)/16=18.75 times as much entropy from /dev/random as demanded.
>
>
> Hauke
> --
> ?
> PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
> http://www.openpgp-schulungen.de/


From adrelanos at riseup.net  Mon Apr  1 18:24:20 2013
From: adrelanos at riseup.net (adrelanos)
Date: Mon, 01 Apr 2013 16:24:20 +0000
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
Message-ID: <5159B4B4.9090803@riseup.net>

Hi!

gpg uses only(?) 40 chars for the fingerprint.
(I mean the output of: gpg --fingerprint --keyid-format long.)

How difficult, i.e. how much computing power and time is required to
create a key, which matches the very same fingerprint?

Isn't 40 chars a bit weak?

Are there plans to provide a longer fingerprint which in theory can't be
broken with computing power expected in for example 100(0) years?

Cheers!
adrelanos


From dkg at fifthhorseman.net  Mon Apr  1 19:46:29 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 01 Apr 2013 13:46:29 -0400
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <5159B4B4.9090803@riseup.net>
References: <5159B4B4.9090803@riseup.net>
Message-ID: <5159C7F5.2060709@fifthhorseman.net>

On 04/01/2013 12:24 PM, adrelanos wrote:

> gpg uses only(?) 40 chars for the fingerprint.
> (I mean the output of: gpg --fingerprint --keyid-format long.)

this is a 160-bit SHA-1 digest of the public key material and the
creation date, with a bit of boilerplate for formatting.  This is not
gpg-specific, it is part of the OpenPGP specification:

  https://tools.ietf.org/html/rfc4880#section-12.2

A better place to discuss issues related to OpenPGP in general is the
IETF's OpenPGP mailing list:

 https://www.ietf.org/mailman/listinfo/openpgp

It is a good idea to review their archives for fingerprints and digest
algorithms before posting, though.  Much of what you asked has been
discussed in some detail on that list already.

> How difficult, i.e. how much computing power and time is required to
> create a key, which matches the very same fingerprint?

This is called a second-preimage attack.  I am not aware of any
published second-preimage attacks against SHA-1's 160-bit digest that
bring the computation within tractable limits.  A theoretically perfect
160-bit-long digest algorithm would require ~2^160 operations to arrive
at a particular digest.  SHA-1 is almost certainly not theoretically
perfect against this sort of attack, but does not appear to be
practically broken by anyone who is publishing about it.

> Isn't 40 chars a bit weak?

the underlying material is 160 bits -- it does not need to be
represented as 40 chars.  And if the digest algorithm was known to be
weak (e.g. if it was a simple CRC), then even fingerprints 10 times as
long would not be enough.

However, for the purposes of key fingerprints in particular, SHA-1
appears to be reasonable in the near term.

> Are there plans to provide a longer fingerprint which in theory can't be
> broken with computing power expected in for example 100(0) years?

For future OpenPGP drafts, there has been some discussion about moving
to a longer digest (on the IETF list i mentioned above).  Those
decisions have not reached a consensus, from what i can tell.

Predicting computing power or the state of mathematics itself 100 or
1000 years into the future seems like a dubious proposition.  Consider
the state of mechanical computation and mathematics 100 or 1000 years
ago.  Do you think that even a skilled mathematician at the time could
have predicted where we are today?

The longevity of any public key cryptosystem should probably be
estimated in years or decades at the longest if you want any confidence
in your answer.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130401/40ccb15d/attachment.sig>

From peter at digitalbrains.com  Mon Apr  1 20:14:48 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 01 Apr 2013 20:14:48 +0200
Subject: smartcard: transferring to another account
In-Reply-To: <8e556bec26a6bc211243a2eca92b47a7@foto.nl1.torservers.net>
References: <8e556bec26a6bc211243a2eca92b47a7@foto.nl1.torservers.net>
Message-ID: <5159CE98.7000208@digitalbrains.com>

On 31/03/13 23:16, Anonymous wrote:
> account 'B' can access the card, but I guess it is missing some type of
> "stub" gnupg uses to mark the keys on the card?

Importing the public key /should/ be enough, and when GnuPG sees the smartcard,
it will create the corresponding stub.[1]

So there is something wrong. But what exactly would be a whole lot easier to
establish if you could give some more details. Which operating system are you
using? Be as specific as you can, e.g., "Debian Squeeze" instead of "Linux", or
"Oracle Solaris 10 1/13" instead of "Solaris". Which versions of GnuPG and
associated programs and libraries, and what are the exact messages spewed by
those programs when you try to import keys and use your smartcard. Obviously you
can edit in it to remove identifying information. Don't just hand out debug logs
from the smartcard without recognising your PIN in the hex dump there ;).

HTH,

Peter.

[1] Once. So if you have two smartcards with the same key on them, you can't
(without further adjustments) mix those two smartcards because it will ask for
the one it saw first.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From mailinglisten at hauke-laging.de  Mon Apr  1 20:39:34 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Mon, 01 Apr 2013 20:39:34 +0200
Subject: The Lord of the Keys
In-Reply-To: <20130331204159.GB22868@shalmirane>
References: <20130331204159.GB22868@shalmirane>
Message-ID: <1555958.KN6Hu2TYEt@inno>

Am So 31.03.2013, 13:41:59 schrieb Ken Kundert:
> I am currently using gpg-agent to hold both my gpg and ssh keys. I use two
> ssh keys, which means that when I log in I have to give up to four
> passphrases to unlock all of my keys.

You probably need gpg-preset-passphrase for that. But I have never used it so 
I cannot give you details.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130401/39a7597b/attachment.sig>

From rjh at sixdemonbag.org  Mon Apr  1 22:58:31 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 01 Apr 2013 16:58:31 -0400
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <5159B4B4.9090803@riseup.net>
References: <5159B4B4.9090803@riseup.net>
Message-ID: <5159F4F7.2010800@sixdemonbag.org>

On 04/01/2013 12:24 PM, adrelanos wrote:
> How difficult, i.e. how much computing power and time is required to
> create a key, which matches the very same fingerprint?
> 
> Isn't 40 chars a bit weak?

(Nothing I am writing here is sarcastic or non-factual.)

At present, the only way to do a preimage attack on SHA-1 (as opposed to
a random collision) is brute-force, so about 2**159 operations.  If
you've got a PC that operates at the thermodynamic limits of the
universe and can compute a SHA-1 hash in only 1000 bitflips, and you
want to achieve this collision within the space of a year, then you're
looking at needing to use about 100 exatons or more of energy.

This is considerably more than the gravitational binding energy of the
earth: as in, 100 exatons is enough to send every single rock in the
Earth flying away from all the other rocks faster than the Earth's
escape velocity.  100 exatons is enough energy to notably warp the local
spacetime continuum and would slightly perturb orbits of other planets.

No one will ever brute-force a SHA-1 fingerprint.  Maybe in five or ten
or twenty or a hundred years someone will figure out a way to do it that
doesn't involve brute-force, but for right now preimage attacks on SHA-1
are well in the realm of science fiction.



From rjh at sixdemonbag.org  Mon Apr  1 23:06:23 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 01 Apr 2013 17:06:23 -0400
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <5159C7F5.2060709@fifthhorseman.net>
References: <5159B4B4.9090803@riseup.net> <5159C7F5.2060709@fifthhorseman.net>
Message-ID: <5159F6CF.7030609@sixdemonbag.org>

On 04/01/2013 01:46 PM, Daniel Kahn Gillmor wrote:
> Predicting computing power or the state of mathematics itself 100 or
> 1000 years into the future seems like a dubious proposition.

Yes and no.  We're not going to get around the Margolus-Levitin limit
(you can't flip a bitstate in faster than h/4E seconds, where E is the
amount of energy you're using) unless we first figure a way around the
Heisenberg Uncertainty Principle, for instance [*].  We're not getting
around the Landauer Bound (establishes a minimum energy for information
erasure) unless someone repeals the Second Law of Thermodynamics [**].
And we're not getting around the Bekenstein limit (establishes a maximum
density for information storage) period full-stop, as near as physics
can tell us.

We have a lousy track record at predicting the rate of technological
advancement, but we have a pretty good track record at discovering
fundamental limits of the universe.


[*]   Okay, so Margolus-Levitin doesn't say energy *precisely*, it can
technically be any conserved quantity.

[**]  Adiabatic computing may offer a way around this, but it's unknown
whether the laws of physics will allow true adiabatic computing to even
exist.



From david at systemoverlord.com  Mon Apr  1 23:15:44 2013
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 1 Apr 2013 14:15:44 -0700
Subject: The Lord of the Keys
In-Reply-To: <20130331204159.GB22868@shalmirane>
References: <20130331204159.GB22868@shalmirane>
Message-ID: <CAOy4VzdHHsneM+JNHNefa8BmiFreo9zv96K0ubJL=G=Ab3xRfw@mail.gmail.com>

On Sun, Mar 31, 2013 at 1:41 PM, Ken Kundert <admin at designers-guide.com>wrote:

> I am currently using gpg-agent to hold both my gpg and ssh keys. I use two
> ssh
> keys, which means that when I log in I have to give up to four passphrases
> to
> unlock all of my keys. Given that gpg-agent is primarily a labor-saving
> device,
> I am wondering if it would be possible to configure it to accept just one
> passphrase and unlock all of my keys.
>
> I believe I can do this using gnome-keyring, but at the moment
> gnome-keyring
> does not work with gpg on Fedora 18 for me because some incompatibility
> between
> the two programs. And frankly, I'd like to avoid the use of gnome-keyring
> if
> I can. So my question, is it possible to configure gpg-agent so that one
> passphrase can unlock all of my keys?
>
> -Ken
>
>
This isn't really a direct answer, but you can use your GPG key material
for SSH purposes and then you only need to unlock the GPG keys...



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130401/42ba27fe/attachment.html>

From dougb at dougbarton.us  Tue Apr  2 00:29:16 2013
From: dougb at dougbarton.us (Doug Barton)
Date: Mon, 01 Apr 2013 15:29:16 -0700
Subject: The Lord of the Keys
In-Reply-To: <20130331204159.GB22868@shalmirane>
References: <20130331204159.GB22868@shalmirane>
Message-ID: <515A0A3C.8050308@dougbarton.us>

On 03/31/2013 01:41 PM, Ken Kundert wrote:
> I am currently using gpg-agent to hold both my gpg and ssh keys. I use two ssh
> keys, which means that when I log in I have to give up to four passphrases to
> unlock all of my keys. Given that gpg-agent is primarily a labor-saving device,
> I am wondering if it would be possible to configure it to accept just one
> passphrase and unlock all of my keys.
>
> I believe I can do this using gnome-keyring, but at the moment gnome-keyring
> does not work with gpg on Fedora 18 for me because some incompatibility between
> the two programs. And frankly, I'd like to avoid the use of gnome-keyring if
> I can. So my question, is it possible to configure gpg-agent so that one
> passphrase can unlock all of my keys?

Dunno about gpg-agent, but you could probably accomplish something 
similar with KeePass.

Doug



From david at systemoverlord.com  Mon Apr  1 22:50:43 2013
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 1 Apr 2013 13:50:43 -0700
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <5159C7F5.2060709@fifthhorseman.net>
References: <5159B4B4.9090803@riseup.net> <5159C7F5.2060709@fifthhorseman.net>
Message-ID: <CAOy4VzdhBUaAE6jgEU-g0SSa+8d9r3rRoyjZmH44Wec3=YjZSQ@mail.gmail.com>

On Mon, Apr 1, 2013 at 10:46 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net>wrote:

> On 04/01/2013 12:24 PM, adrelanos wrote:
>
> > gpg uses only(?) 40 chars for the fingerprint.
> > (I mean the output of: gpg --fingerprint --keyid-format long.)
>
> this is a 160-bit SHA-1 digest of the public key material and the
> creation date, with a bit of boilerplate for formatting.  This is not
> gpg-specific, it is part of the OpenPGP specification:
>
>   https://tools.ietf.org/html/rfc4880#section-12.2
>
> A better place to discuss issues related to OpenPGP in general is the
> IETF's OpenPGP mailing list:
>
>  https://www.ietf.org/mailman/listinfo/openpgp
>
> It is a good idea to review their archives for fingerprints and digest
> algorithms before posting, though.  Much of what you asked has been
> discussed in some detail on that list already.
>
> > How difficult, i.e. how much computing power and time is required to
> > create a key, which matches the very same fingerprint?
>
> This is called a second-preimage attack.  I am not aware of any
> published second-preimage attacks against SHA-1's 160-bit digest that
> bring the computation within tractable limits.  A theoretically perfect
> 160-bit-long digest algorithm would require ~2^160 operations to arrive
> at a particular digest.  SHA-1 is almost certainly not theoretically
> perfect against this sort of attack, but does not appear to be
> practically broken by anyone who is publishing about it.
>

Two points worth noting: not only do you need to find a 2nd preimage, but
you need to find one that is valid key material, which would make the
search even harder, and 2^160 is a lot of tries (assuming SHA-1 is
"perfect").  The fastest hashers for passwords for plain SHA1 are doing ~4
billion c/s, call it 2^32.  So we need 2^128 seconds.  Let's assume our
attacker has a *LOT* of money and brings 2^20 (about 1 million) machines to
the table to attack this key.  We're down to 2^108 seconds, or about 2^83
years (there are about 2^25 seconds in a year).  Of course, this ignores
Moore's law and new flaws in SHA-1.

Bad news: 2^83 years is sooner than the heat death of the universe.  Good
news: 2^83 years is long after the sun is expected to have enveloped and
destroyed the Earth during the death of the sun.


>
> > Isn't 40 chars a bit weak?
>
> the underlying material is 160 bits -- it does not need to be
> represented as 40 chars.  And if the digest algorithm was known to be
> weak (e.g. if it was a simple CRC), then even fingerprints 10 times as
> long would not be enough.
>
> However, for the purposes of key fingerprints in particular, SHA-1
> appears to be reasonable in the near term.
>
> > Are there plans to provide a longer fingerprint which in theory can't be
> > broken with computing power expected in for example 100(0) years?
>
> For future OpenPGP drafts, there has been some discussion about moving
> to a longer digest (on the IETF list i mentioned above).  Those
> decisions have not reached a consensus, from what i can tell.
>
> Predicting computing power or the state of mathematics itself 100 or
> 1000 years into the future seems like a dubious proposition.  Consider
> the state of mechanical computation and mathematics 100 or 1000 years
> ago.  Do you think that even a skilled mathematician at the time could
> have predicted where we are today?
>
> The longevity of any public key cryptosystem should probably be
> estimated in years or decades at the longest if you want any confidence
> in your answer.
>
> Regards,
>
>         --dkg
>



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130401/aa8b9a7f/attachment.html>

From david at systemoverlord.com  Tue Apr  2 01:32:45 2013
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 1 Apr 2013 16:32:45 -0700
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <CAKaEYhLLaKpTOiA3cmsk+Mw5+k1rcKgDN+0Hker7DZHvQxiU9w@mail.gmail.com>
References: <5159B4B4.9090803@riseup.net> <5159C7F5.2060709@fifthhorseman.net>
 <CAOy4VzdhBUaAE6jgEU-g0SSa+8d9r3rRoyjZmH44Wec3=YjZSQ@mail.gmail.com>
 <CAKaEYhLLaKpTOiA3cmsk+Mw5+k1rcKgDN+0Hker7DZHvQxiU9w@mail.gmail.com>
Message-ID: <CAOy4VzfaLhB3sOxOnP8D5mapyVEQneRwH_VMmVavFh+qTXCd1w@mail.gmail.com>

On Mon, Apr 1, 2013 at 3:38 PM, Melvin Carvalho <melvincarvalho at gmail.com>wrote:

>
>
>
> On 1 April 2013 22:50, David Tomaschik <david at systemoverlord.com> wrote:
>
>> On Mon, Apr 1, 2013 at 10:46 AM, Daniel Kahn Gillmor <
>> dkg at fifthhorseman.net> wrote:
>>
>>> On 04/01/2013 12:24 PM, adrelanos wrote:
>>>
>>> > gpg uses only(?) 40 chars for the fingerprint.
>>> > (I mean the output of: gpg --fingerprint --keyid-format long.)
>>>
>>> this is a 160-bit SHA-1 digest of the public key material and the
>>> creation date, with a bit of boilerplate for formatting.  This is not
>>> gpg-specific, it is part of the OpenPGP specification:
>>>
>>>   https://tools.ietf.org/html/rfc4880#section-12.2
>>>
>>> A better place to discuss issues related to OpenPGP in general is the
>>> IETF's OpenPGP mailing list:
>>>
>>>  https://www.ietf.org/mailman/listinfo/openpgp
>>>
>>> It is a good idea to review their archives for fingerprints and digest
>>> algorithms before posting, though.  Much of what you asked has been
>>> discussed in some detail on that list already.
>>>
>>> > How difficult, i.e. how much computing power and time is required to
>>> > create a key, which matches the very same fingerprint?
>>>
>>> This is called a second-preimage attack.  I am not aware of any
>>> published second-preimage attacks against SHA-1's 160-bit digest that
>>> bring the computation within tractable limits.  A theoretically perfect
>>> 160-bit-long digest algorithm would require ~2^160 operations to arrive
>>> at a particular digest.  SHA-1 is almost certainly not theoretically
>>> perfect against this sort of attack, but does not appear to be
>>> practically broken by anyone who is publishing about it.
>>>
>>
>> Two points worth noting: not only do you need to find a 2nd preimage, but
>> you need to find one that is valid key material, which would make the
>> search even harder, and 2^160 is a lot of tries (assuming SHA-1 is
>> "perfect").  The fastest hashers for passwords for plain SHA1 are doing ~4
>> billion c/s, call it 2^32.  So we need 2^128 seconds.  Let's assume our
>> attacker has a *LOT* of money and brings 2^20 (about 1 million) machines to
>> the table to attack this key.  We're down to 2^108 seconds, or about 2^83
>> years (there are about 2^25 seconds in a year).  Of course, this ignores
>> Moore's law and new flaws in SHA-1.
>>
>> Bad news: 2^83 years is sooner than the heat death of the universe.  Good
>> news: 2^83 years is long after the sun is expected to have enveloped and
>> destroyed the Earth during the death of the sun.
>>
>
> From wiki:
>
> As of 2012, the most efficient attack against SHA-1 is considered to be
> the one by Marc Stevens with an estimated cost of $2.77M to break a single
> hash value by renting CPU power from cloud servers.[29] Stevens developed
> this attack in a project called HashClash,[30] implementing a differential
> path attack. On 8 November 2010, he claimed he had a fully working
> near-collision attack against full SHA-1 working with an estimated
> complexity equivalent to 257.5 SHA-1 compressions. He estimates this attack
> can be extended to a full collision with a complexity around 2^61.
>
> Given that ASICS these days are running at 1.5 terra hashes per second,
> 2^61 doesnt sound that much?
>
> https://products.butterflylabs.com/homepage/1500gh-bitcoin-miner.html
>
> *disclaimer* I may have totally got these sums wrong!
>
>

These numbers are for a collision attack: that is, find *any* 2 values that
have the same SHA-1 value.  For OpenPGP purposes, we care about finding an
input that returns a preselected hash value (the fingerprint of another
key).  That's a "preimage" attack, and I'm not aware of any preimage
attacks on SHA-1, so we're back to the 2^160 (or 2^159, since, on average,
you only need to try half the space) complexity.


-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130401/4d1b5b32/attachment-0001.html>

From melvincarvalho at gmail.com  Tue Apr  2 00:38:41 2013
From: melvincarvalho at gmail.com (Melvin Carvalho)
Date: Tue, 2 Apr 2013 00:38:41 +0200
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <CAOy4VzdhBUaAE6jgEU-g0SSa+8d9r3rRoyjZmH44Wec3=YjZSQ@mail.gmail.com>
References: <5159B4B4.9090803@riseup.net> <5159C7F5.2060709@fifthhorseman.net>
 <CAOy4VzdhBUaAE6jgEU-g0SSa+8d9r3rRoyjZmH44Wec3=YjZSQ@mail.gmail.com>
Message-ID: <CAKaEYhLLaKpTOiA3cmsk+Mw5+k1rcKgDN+0Hker7DZHvQxiU9w@mail.gmail.com>

On 1 April 2013 22:50, David Tomaschik <david at systemoverlord.com> wrote:

> On Mon, Apr 1, 2013 at 10:46 AM, Daniel Kahn Gillmor <
> dkg at fifthhorseman.net> wrote:
>
>> On 04/01/2013 12:24 PM, adrelanos wrote:
>>
>> > gpg uses only(?) 40 chars for the fingerprint.
>> > (I mean the output of: gpg --fingerprint --keyid-format long.)
>>
>> this is a 160-bit SHA-1 digest of the public key material and the
>> creation date, with a bit of boilerplate for formatting.  This is not
>> gpg-specific, it is part of the OpenPGP specification:
>>
>>   https://tools.ietf.org/html/rfc4880#section-12.2
>>
>> A better place to discuss issues related to OpenPGP in general is the
>> IETF's OpenPGP mailing list:
>>
>>  https://www.ietf.org/mailman/listinfo/openpgp
>>
>> It is a good idea to review their archives for fingerprints and digest
>> algorithms before posting, though.  Much of what you asked has been
>> discussed in some detail on that list already.
>>
>> > How difficult, i.e. how much computing power and time is required to
>> > create a key, which matches the very same fingerprint?
>>
>> This is called a second-preimage attack.  I am not aware of any
>> published second-preimage attacks against SHA-1's 160-bit digest that
>> bring the computation within tractable limits.  A theoretically perfect
>> 160-bit-long digest algorithm would require ~2^160 operations to arrive
>> at a particular digest.  SHA-1 is almost certainly not theoretically
>> perfect against this sort of attack, but does not appear to be
>> practically broken by anyone who is publishing about it.
>>
>
> Two points worth noting: not only do you need to find a 2nd preimage, but
> you need to find one that is valid key material, which would make the
> search even harder, and 2^160 is a lot of tries (assuming SHA-1 is
> "perfect").  The fastest hashers for passwords for plain SHA1 are doing ~4
> billion c/s, call it 2^32.  So we need 2^128 seconds.  Let's assume our
> attacker has a *LOT* of money and brings 2^20 (about 1 million) machines to
> the table to attack this key.  We're down to 2^108 seconds, or about 2^83
> years (there are about 2^25 seconds in a year).  Of course, this ignores
> Moore's law and new flaws in SHA-1.
>
> Bad news: 2^83 years is sooner than the heat death of the universe.  Good
> news: 2^83 years is long after the sun is expected to have enveloped and
> destroyed the Earth during the death of the sun.
>

>From wiki:

As of 2012, the most efficient attack against SHA-1 is considered to be the
one by Marc Stevens with an estimated cost of $2.77M to break a single hash
value by renting CPU power from cloud servers.[29] Stevens developed this
attack in a project called HashClash,[30] implementing a differential path
attack. On 8 November 2010, he claimed he had a fully working
near-collision attack against full SHA-1 working with an estimated
complexity equivalent to 257.5 SHA-1 compressions. He estimates this attack
can be extended to a full collision with a complexity around 2^61.

Given that ASICS these days are running at 1.5 terra hashes per second,
2^61 doesnt sound that much?

https://products.butterflylabs.com/homepage/1500gh-bitcoin-miner.html

*disclaimer* I may have totally got these sums wrong!


>
>
>>
>> > Isn't 40 chars a bit weak?
>>
>> the underlying material is 160 bits -- it does not need to be
>> represented as 40 chars.  And if the digest algorithm was known to be
>> weak (e.g. if it was a simple CRC), then even fingerprints 10 times as
>> long would not be enough.
>>
>> However, for the purposes of key fingerprints in particular, SHA-1
>> appears to be reasonable in the near term.
>>
>> > Are there plans to provide a longer fingerprint which in theory can't be
>> > broken with computing power expected in for example 100(0) years?
>>
>> For future OpenPGP drafts, there has been some discussion about moving
>> to a longer digest (on the IETF list i mentioned above).  Those
>> decisions have not reached a consensus, from what i can tell.
>>
>> Predicting computing power or the state of mathematics itself 100 or
>> 1000 years into the future seems like a dubious proposition.  Consider
>> the state of mechanical computation and mathematics 100 or 1000 years
>> ago.  Do you think that even a skilled mathematician at the time could
>> have predicted where we are today?
>>
>> The longevity of any public key cryptosystem should probably be
>> estimated in years or decades at the longest if you want any confidence
>> in your answer.
>>
>> Regards,
>>
>>         --dkg
>>
>
>
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130402/bf6c47eb/attachment.html>

From rjh at sixdemonbag.org  Tue Apr  2 02:04:04 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 01 Apr 2013 20:04:04 -0400
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <CAKaEYhLLaKpTOiA3cmsk+Mw5+k1rcKgDN+0Hker7DZHvQxiU9w@mail.gmail.com>
References: <5159B4B4.9090803@riseup.net> <5159C7F5.2060709@fifthhorseman.net>
 <CAOy4VzdhBUaAE6jgEU-g0SSa+8d9r3rRoyjZmH44Wec3=YjZSQ@mail.gmail.com>
 <CAKaEYhLLaKpTOiA3cmsk+Mw5+k1rcKgDN+0Hker7DZHvQxiU9w@mail.gmail.com>
Message-ID: <515A2074.9000807@sixdemonbag.org>

On 4/1/2013 6:38 PM, Melvin Carvalho wrote:
> differential path attack. On 8 November 2010, he claimed he had a fully
> working near-collision attack against full SHA-1 working with an
> estimated complexity equivalent to 257.5 SHA-1 compressions. He
> estimates this attack can be extended to a full collision with a
> complexity around 2^61.

This is not a preimage attack, which is what one would need to forge a
certificate fingerprint.



From niels at dest-unreach.be  Tue Apr  2 09:08:33 2013
From: niels at dest-unreach.be (Niels Laukens)
Date: Tue, 02 Apr 2013 09:08:33 +0200
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <5159F4F7.2010800@sixdemonbag.org>
References: <5159B4B4.9090803@riseup.net> <5159F4F7.2010800@sixdemonbag.org>
Message-ID: <515A83F1.5060101@dest-unreach.be>

On 2013-04-01 22:58, Robert J. Hansen wrote:
> On 04/01/2013 12:24 PM, adrelanos wrote:
>> How difficult, i.e. how much computing power and time is required to
>> create a key, which matches the very same fingerprint?
>>
>> Isn't 40 chars a bit weak?
> 
> (Nothing I am writing here is sarcastic or non-factual.)
> 
> At present, the only way to do a preimage attack on SHA-1 (as opposed to
> a random collision) is brute-force, so about 2**159 operations.  If
> you've got a PC that operates at the thermodynamic limits of the
> universe and can compute a SHA-1 hash in only 1000 bitflips, and you
> want to achieve this collision within the space of a year, then you're
> looking at needing to use about 100 exatons or more of energy.

Or put another way:
If you're running a computer at 3.2K (ambient universe temperature,
anything below that would require additional energy to cool it), a
bit-flip requires 4.41E-23 Joules of energy.

According to Wikipedia, the world produces "only" 20 279 640 GWh of
elecrical power per year = 7.3E19 Joules. This is enough to count
through a 139-bit counter. Only count through, not even do any
calculations with it!


From melvincarvalho at gmail.com  Tue Apr  2 10:34:18 2013
From: melvincarvalho at gmail.com (Melvin Carvalho)
Date: Tue, 2 Apr 2013 10:34:18 +0200
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <515A2074.9000807@sixdemonbag.org>
References: <5159B4B4.9090803@riseup.net> <5159C7F5.2060709@fifthhorseman.net>
 <CAOy4VzdhBUaAE6jgEU-g0SSa+8d9r3rRoyjZmH44Wec3=YjZSQ@mail.gmail.com>
 <CAKaEYhLLaKpTOiA3cmsk+Mw5+k1rcKgDN+0Hker7DZHvQxiU9w@mail.gmail.com>
 <515A2074.9000807@sixdemonbag.org>
Message-ID: <CAKaEYhLe00ozUbPOnFkB0CoZ2DqKoO9csD5fzfmJHDiA6Mjn8Q@mail.gmail.com>

On 2 April 2013 02:04, Robert J. Hansen <rjh at sixdemonbag.org> wrote:

> On 4/1/2013 6:38 PM, Melvin Carvalho wrote:
> > differential path attack. On 8 November 2010, he claimed he had a fully
> > working near-collision attack against full SHA-1 working with an
> > estimated complexity equivalent to 257.5 SHA-1 compressions. He
> > estimates this attack can be extended to a full collision with a
> > complexity around 2^61.
>
> This is not a preimage attack, which is what one would need to forge a
> certificate fingerprint.
>

Got it, thanks ...


>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130402/3fa62a30/attachment.html>

From melvincarvalho at gmail.com  Tue Apr  2 11:40:35 2013
From: melvincarvalho at gmail.com (Melvin Carvalho)
Date: Tue, 2 Apr 2013 11:40:35 +0200
Subject: Vanity Key
Message-ID: <CAKaEYhJ3GPv8nx9YgOYOfjdqoGNHUXF3tZLbrs6HQM_QFJ8U0g@mail.gmail.com>

In bitcoin you have the concept of a 'vanity key' much like vanity license
plates, see:

https://bitcointalk.org/index.php?topic=25804.0

I wonder if there is anything similar for public keys in GPG?

What would you iterate on, the key or the fingerprint?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130402/a9c88325/attachment.html>

From admin at designers-guide.com  Tue Apr  2 03:49:32 2013
From: admin at designers-guide.com (Ken Kundert)
Date: Mon, 1 Apr 2013 18:49:32 -0700
Subject: The Lord of the Keys
In-Reply-To: <CAOy4VzdHHsneM+JNHNefa8BmiFreo9zv96K0ubJL=G=Ab3xRfw@mail.gmail.com>
References: <20130331204159.GB22868@shalmirane>
 <CAOy4VzdHHsneM+JNHNefa8BmiFreo9zv96K0ubJL=G=Ab3xRfw@mail.gmail.com>
Message-ID: <20130402014932.GA5156@shalmirane>

On Mon, Apr 01, 2013 at 02:15:44PM -0700, David Tomaschik wrote:
> This isn't really a direct answer, but you can use your GPG key material
> for SSH purposes and then you only need to unlock the GPG keys...

David,
    I don't understand. Can you say more?

-Ken


From wk at gnupg.org  Tue Apr  2 12:52:35 2013
From: wk at gnupg.org (Werner Koch)
Date: Tue, 02 Apr 2013 12:52:35 +0200
Subject: Why does gpg use so much entropy from /dev/random?
In-Reply-To: <CAEOFFnLvHzvBVw_tZD6XkVX9wZqF2jw9taEEde_re+DTeeALyA@mail.gmail.com>
 (Philip Potter's message of "Sun, 31 Mar 2013 10:45:54 +0100")
References: <CAEOFFnLvHzvBVw_tZD6XkVX9wZqF2jw9taEEde_re+DTeeALyA@mail.gmail.com>
Message-ID: <874nfpfbm4.fsf@vigenere.g10code.de>

On Sun, 31 Mar 2013 11:45, philip.g.potter at gmail.com said:

> Can anyone shed any light on this? Why does GPG use more entropy than
> /dev/random says it should?

Which /dev/random - there are hundreds of variants of that device all
with other glitches.  Thus GnuPG has always used /dev/random only as a
source of entropy to seed its own RNG:

  This random number generator is loosely modelled after the one
  described in Peter Gutmann's paper: "Software Generation of
  Practically Strong Random Numbers". at footnote{Also described in chapter
  6 of his book "Cryptographic Security Architecture", New York, 2004,
  ISBN 0-387-95387-6.}
  
  A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash
  transform function.  Several extra features are used to make the
  robust against a wide variety of attacks and to protect against
  failures of subsystems.  The state of the generator may be saved to a
  file and initially seed form a file.
  
  Depending on how Libgcrypt was build the generator is able to select
  the best working entropy gathering module.  It makes use of the slow
  and fast collection methods and requires the pool to initially seeded
  form the slow gatherer or a seed file.  An entropy estimation is used
  to mix in enough data from the gather modules before returning the
  actual random output.  Process fork detection and protection is
  implemented.
  
GPG uses ~/.gnupg/random_seed but it needs to creater it first.  For
generating keys it also makes sure to put in a lot of new entropy just
to be safe.  Better be safe than sorry (cf. the recent NetBSD problem).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From rjh at sixdemonbag.org  Tue Apr  2 13:17:33 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 02 Apr 2013 07:17:33 -0400
Subject: How difficult is it to break the OpenPGP 40 character long
 fingerprint?
In-Reply-To: <515A83F1.5060101@dest-unreach.be>
References: <5159B4B4.9090803@riseup.net> <5159F4F7.2010800@sixdemonbag.org>
 <515A83F1.5060101@dest-unreach.be>
Message-ID: <515ABE4D.1060609@sixdemonbag.org>

On 04/02/2013 03:08 AM, Niels Laukens wrote:
> If you're running a computer at 3.2K (ambient universe temperature,
> anything below that would require additional energy to cool it), a
> bit-flip requires 4.41E-23 Joules of energy.

Off by a factor of ln 2 there, chief.  :)  Required energy to destroy a
bit of information (not necessarily flip a bit) is about 3.06 * 10**-23
joules.



From gnupg at tim.thechases.com  Tue Apr  2 17:00:08 2013
From: gnupg at tim.thechases.com (Tim Chase)
Date: Tue, 2 Apr 2013 10:00:08 -0500
Subject: gpg4win --gen-key fails to connect to IPC when using --homedir
Message-ID: <20130402100008.69a67f4b@bigbox.christie.dr>

I found a similar thread here:

http://lists.gnupg.org/pipermail/gnupg-users/2012-April/044164.html

but it doesn't seem to have been resolved.  gpg4win was installed
using the default location, and with none of the add-ons (no
Outlook, shell, extensions, just gpg).  The same operation without
--homedir works as expected.

Any way to get this to work?

Thanks,

-tkc


C:\work\tempgpg> gpg --homedir . --gen-key
gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `./secring.gpg' created
gpg: keyring `./pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Joe User
Email address: joe at example.com
Comment: Test 
You selected this USER-ID:
    "Joe User (Test) <joe at example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

gpg: can't connect to the agent: Invalid value passed to IPC
gpg: problem with the agent: No agent running
gpg: can't connect to the agent: Invalid value passed to IPC
gpg: problem with the agent: No agent running
gpg: Key generation canceled.

C:\work\tempgpg>gpg --version
gpg (GnuPG) 2.0.17 (Gpg4win 2.1.0)
libgcrypt 1.4.6
Copyright (C) 2011 Free Software Foundation, Inc.
[snip]





From dkg at fifthhorseman.net  Tue Apr  2 18:45:30 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 02 Apr 2013 12:45:30 -0400
Subject: Vanity Key
In-Reply-To: <CAKaEYhJ3GPv8nx9YgOYOfjdqoGNHUXF3tZLbrs6HQM_QFJ8U0g@mail.gmail.com>
References: <CAKaEYhJ3GPv8nx9YgOYOfjdqoGNHUXF3tZLbrs6HQM_QFJ8U0g@mail.gmail.com>
Message-ID: <515B0B2A.6080706@fifthhorseman.net>

On 04/02/2013 05:40 AM, Melvin Carvalho wrote:
> In bitcoin you have the concept of a 'vanity key' much like vanity license
> plates, see:
> 
> https://bitcointalk.org/index.php?topic=25804.0
> 
> I wonder if there is anything similar for public keys in GPG?

Conceptually, looking for a key with a given fingerprint suffix or keyid
seems like a similar idea.

People already do this:

http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html

	--dkg

PS the copy of your e-mail that i received appears to be addressed with
the following header:

 To: Jay Litwyn on GnuPG-Users <gnupg-users at gnupg.org>

I'm not Jay Litwyn, but i hope you don't mind my responding anyway. ;)
Maybe your addressbook needs a tuneup?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130402/7d522afc/attachment.sig>

From di44vq at nottheoilrig.com  Tue Apr  2 16:53:17 2013
From: di44vq at nottheoilrig.com (Jack Bates)
Date: Tue, 02 Apr 2013 07:53:17 -0700
Subject: Export just one subkey?
Message-ID: <515AF0DD.3040805@nottheoilrig.com>

How do I export just one subkey?

I want to export just one subkey, e.g. the one with key id 6E0282A9, but 
when I run the following command, it exports all my subkeys:

   $ gpg --export-options export-reset-subkey-passwd 
--export-secret-subkeys 6E0282A9 | ssh 
ec2-54-224-80-64.compute-1.amazonaws.com gpg --import


From mailinglisten at hauke-laging.de  Tue Apr  2 22:15:18 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Tue, 02 Apr 2013 22:15:18 +0200
Subject: Export just one subkey?
In-Reply-To: <515AF0DD.3040805@nottheoilrig.com>
References: <515AF0DD.3040805@nottheoilrig.com>
Message-ID: <11591384.drV6rN3ahS@inno>

Am Di 02.04.2013, 07:53:17 schrieb Jack Bates:
> How do I export just one subkey?

>    $ gpg --export-options export-reset-subkey-passwd
> --export-secret-subkeys 6E0282A9 | ssh
> ec2-54-224-80-64.compute-1.amazonaws.com gpg --import

[...] --export-secret-subkeys 6E0282A9\! [...]
The \ is just for the shell and not always necessary.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130402/adbac1a0/attachment.sig>

From please.post at publicly.invalid  Wed Apr  3 19:39:12 2013
From: please.post at publicly.invalid (Andreas Mattheiss)
Date: Wed, 03 Apr 2013 19:39:12 +0200
Subject: Vanity Key@@sig
References: <CAKaEYhJ3GPv8nx9YgOYOfjdqoGNHUXF3tZLbrs6HQM_QFJ8U0g@mail.gmail.com>
 <515B0B2A.6080706__31568.6202994131$1364921220$gmane$org@fifthhorseman.net>
Message-ID: <pan.2013.04.03.17.39.12.539485@publicly.invalid>

Well, uhm, if it's really important to you:

The concept of hashes/fingerprints/etc. is that it is (next to) impossible
to find an entity-to-be-hashed (here a key) if you specify the hash. In
fact a hash function that allows you to do this would be cryptographically
frowned upon.

However, there is nothing that stops you from generation a gazillon of
keys, until you - by chance - get one with a hash you like. 

This brute force approach is what is behind bitcoin mining or hashcashing
email messages - the latter, sadly, an idea ignored by the general public.

Regards
Andreas 

-- 
LISTER: Me. No another one for you. Rear Admiral Lieutenant General Rimmer.




From di44vq at nottheoilrig.com  Wed Apr  3 17:15:49 2013
From: di44vq at nottheoilrig.com (Jack Bates)
Date: Wed, 03 Apr 2013 08:15:49 -0700
Subject: Export just one subkey?
In-Reply-To: <11591384.drV6rN3ahS@inno>
References: <515AF0DD.3040805@nottheoilrig.com> <11591384.drV6rN3ahS@inno>
Message-ID: <515C47A5.2090105@nottheoilrig.com>

On 02/04/13 01:15 PM, Hauke Laging wrote:
> Am Di 02.04.2013, 07:53:17 schrieb Jack Bates:
>> How do I export just one subkey?
>
>>     $ gpg --export-options export-reset-subkey-passwd
>> --export-secret-subkeys 6E0282A9 | ssh
>> ec2-54-224-80-64.compute-1.amazonaws.com gpg --import
>
> [...] --export-secret-subkeys 6E0282A9\! [...]
> The \ is just for the shell and not always necessary.

Thank you very much for your help, that works. And I now see that it is 
documented in the man page:

   When  using gpg an exclamation mark (!) may be appended to force
   using the specified primary or secondary key and not to try  and
   calculate which primary or secondary key to use.


From di44vq at nottheoilrig.com  Wed Apr  3 18:54:29 2013
From: di44vq at nottheoilrig.com (Jack Bates)
Date: Wed, 03 Apr 2013 09:54:29 -0700
Subject: Create subkey that will expire in 10 hours
Message-ID: <515C5EC5.8050509@nottheoilrig.com>

How can I create a new subkey that will expire in just 10 hours? When 
I'm prompted to specify how long the key should be valid I tried 
entering "10h" or "0.42" but it complained that both are invalid.


From mailinglisten at hauke-laging.de  Wed Apr  3 22:45:33 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Wed, 03 Apr 2013 22:45:33 +0200
Subject: Create subkey that will expire in 10 hours
In-Reply-To: <515C5EC5.8050509@nottheoilrig.com>
References: <515C5EC5.8050509@nottheoilrig.com>
Message-ID: <2858393.LUoaJ7boxJ@inno>

Am Mi 03.04.2013, 09:54:29 schrieb Jack Bates:
> How can I create a new subkey that will expire in just 10 hours?

AFAIK there is no official way to do that. gpg seems to always take the time 
from the creation timestamp of the respective (sub)key. So the only chance to 
get that done (without changing the source code) is to create a key. In this 
sense you are lucky.

1) Set back the system time (al least for gpg) to yesterday and the target 
time.

2) Create the key with one day expiration date.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130403/5b40642e/attachment-0001.sig>

From wk at gnupg.org  Thu Apr  4 11:12:51 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 04 Apr 2013 11:12:51 +0200
Subject: Create subkey that will expire in 10 hours
In-Reply-To: <515C5EC5.8050509@nottheoilrig.com> (Jack Bates's message of
 "Wed, 03 Apr 2013 09:54:29 -0700")
References: <515C5EC5.8050509@nottheoilrig.com>
Message-ID: <87a9ped5gs.fsf@vigenere.g10code.de>

On Wed,  3 Apr 2013 18:54, di44vq at nottheoilrig.com said:
> How can I create a new subkey that will expire in just 10 hours? When
> I'm prompted to specify how long the key should be valid I tried
> entering "10h" or "0.42" but it complained that both are invalid.

Enter "seconds=36000" for 10 hours.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From mailinglisten at hauke-laging.de  Thu Apr  4 12:37:45 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 04 Apr 2013 12:37:45 +0200
Subject: Create subkey that will expire in 10 hours
In-Reply-To: <87a9ped5gs.fsf@vigenere.g10code.de>
References: <515C5EC5.8050509@nottheoilrig.com>
 <87a9ped5gs.fsf@vigenere.g10code.de>
Message-ID: <2366298.MguBl7UZBb@inno>

Am Do 04.04.2013, 11:12:51 schrieb Werner Koch:
> > How can I create a new subkey that will expire in just 10 hours?

> Enter "seconds=36000" for 10 hours.

That seems not to be part of the documentation...


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130404/c59f5bdf/attachment.sig>

From peter at digitalbrains.com  Thu Apr  4 12:44:45 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Thu, 04 Apr 2013 12:44:45 +0200
Subject: Create subkey that will expire in 10 hours
In-Reply-To: <2366298.MguBl7UZBb@inno>
References: <515C5EC5.8050509@nottheoilrig.com>
 <87a9ped5gs.fsf@vigenere.g10code.de> <2366298.MguBl7UZBb@inno>
Message-ID: <515D599D.8080905@digitalbrains.com>

On 04/04/13 12:37, Hauke Laging wrote:
> That seems not to be part of the documentation...

The doc file DETAILS mentions it for unattended key generation:
>      Expire-Date: <iso-date>|(<number>[d|w|m|y])
> 	Set the expiration date for the key (and the subkey).  It may
> 	either be entered in ISO date format (2000-08-15) or as number
> 	of days, weeks, month or years.  The special notation
> 	"seconds=N" is also allowed to directly give an Epoch
> 	value. Without a letter days are assumed.  Note that there is
> 	no check done on the overflow of the type used by OpenPGP for
> 	timestamps.  Thus you better make sure that the given value
> 	make sense.  Although OpenPGP works with time intervals, GnuPG
> 	uses an absolute value internally and thus the last year we
> 	can represent is 2105.

Although I interpreted it to mean the number of seconds since the epoch.

I didn't realise the notation was also valid for interactive key generation,
though. Otherwise I would have answered OP, because I found it while looking for
the answer to his question.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From wk at gnupg.org  Thu Apr  4 14:15:36 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 04 Apr 2013 14:15:36 +0200
Subject: Create subkey that will expire in 10 hours
In-Reply-To: <515D599D.8080905@digitalbrains.com> (Peter Lebbing's message of
 "Thu, 04 Apr 2013 12:44:45 +0200")
References: <515C5EC5.8050509@nottheoilrig.com>
 <87a9ped5gs.fsf@vigenere.g10code.de> <2366298.MguBl7UZBb@inno>
 <515D599D.8080905@digitalbrains.com>
Message-ID: <87txnmbifr.fsf@vigenere.g10code.de>

On Thu,  4 Apr 2013 12:44, peter at digitalbrains.com said:

>> 	of days, weeks, month or years.  The special notation
>> 	"seconds=N" is also allowed to directly give an Epoch
>> 	value. Without a letter days are assumed.  Note that there is

> Although I interpreted it to mean the number of seconds since the epoch.

You are right, that the docs says seconds since Epoch.  However, the
ChangeLog from 2005-10-18 says:

        * keygen.c (parse_expire_string): Allow setting the expire
        interval using a "seconds=<n>" syntax.  This is useful for
        debugging.

So this is about an interval meaning time since creation as used by
OpenPGP.  That actually makes most sense for debugging.  It is
unfortunate that we use "seconds=N" in parse_creation_string meaning
seconds since Epoch. I will fix the docs.

Specifying the Epoch will anyway stop working in 2038 on many systems,
thus it is probably not good to allow its use.  If a fixed data is
required, one may always specify something like "20130404T153012" for
both, the creation date and the expire date.



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From di44vq at nottheoilrig.com  Thu Apr  4 18:01:19 2013
From: di44vq at nottheoilrig.com (Jack Bates)
Date: Thu, 04 Apr 2013 09:01:19 -0700
Subject: Create subkey that will expire in 10 hours
In-Reply-To: <87a9ped5gs.fsf@vigenere.g10code.de>
References: <515C5EC5.8050509@nottheoilrig.com>
 <87a9ped5gs.fsf@vigenere.g10code.de>
Message-ID: <515DA3CF.8090404@nottheoilrig.com>

On 04/04/13 02:12 AM, Werner Koch wrote:
> On Wed,  3 Apr 2013 18:54, di44vq at nottheoilrig.com said:
>> How can I create a new subkey that will expire in just 10 hours? When
>> I'm prompted to specify how long the key should be valid I tried
>> entering "10h" or "0.42" but it complained that both are invalid.
>
> Enter "seconds=36000" for 10 hours.

Works. Thank you very much for your help.


From di44vq at nottheoilrig.com  Thu Apr  4 18:01:30 2013
From: di44vq at nottheoilrig.com (Jack Bates)
Date: Thu, 04 Apr 2013 09:01:30 -0700
Subject: Fingerprint of the subkey just created?
Message-ID: <515DA3DA.9090905@nottheoilrig.com>

How can I get the fingerprint or key id of the subkey I just created? 
When the process is completed, it lists *all* of the subkeys. How can I 
reliably identify the one I just created?


From peter at digitalbrains.com  Thu Apr  4 22:19:04 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Thu, 04 Apr 2013 22:19:04 +0200
Subject: Fingerprint of the subkey just created?
In-Reply-To: <515DA3DA.9090905@nottheoilrig.com>
References: <515DA3DA.9090905@nottheoilrig.com>
Message-ID: <515DE038.30906@digitalbrains.com>

On 04/04/13 18:01, Jack Bates wrote:
> How can I get the fingerprint or key id of the subkey I just created?

A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to
identify/verify a key as a whole, which means the primary key.

I tried the following:

$ gpg2 --status-fd 0 --edit-key <keyid>

And indeed I get a whole lot more data, but not a key id. It ends in

[GNUPG:] KEY_CREATED S

However, I then tried again with:

$ gpg2 --verbose --verbose --status-fd 0 --edit-key <keyid>

Which was... very verbose, and included:

gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "<primary key ID and UID where here>"
gpg: RSA/SHA1 signature from: "D8AB7B20 [?]"
gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "<primary key ID and UID where here>"
gpg: RSA/SHA1 signature from: "D8AB7B20 [?]"

I did this with a test key which I used for a spam experiment, and I don't want
to crosspolenate that experiment, so I removed identifiers. But the "D8AB7B20
[?]" was the short keyid for the subkey.

This is for a signing subkey. If I repeat it for an encryption subkey, the key
binding signature is unidirectional, since an encryption subkey can't make a key
binding signature. So this method only works for signing subkeys. I don't have
reason to believe you need the --status-fd, and you could check if one --verbose
(or the short form) is enough. I just made supersure I had a lot of output :).

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From dkg at fifthhorseman.net  Thu Apr  4 22:56:50 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 04 Apr 2013 16:56:50 -0400
Subject: Fingerprint of the subkey just created?
In-Reply-To: <515DE038.30906@digitalbrains.com>
References: <515DA3DA.9090905@nottheoilrig.com>
 <515DE038.30906@digitalbrains.com>
Message-ID: <515DE912.4030706@fifthhorseman.net>

On 04/04/2013 04:19 PM, Peter Lebbing wrote:
> On 04/04/13 18:01, Jack Bates wrote:
>> How can I get the fingerprint or key id of the subkey I just created?
> 
> A subkey doesn't really have a fingerprint, AFAIK. You use fingerprints to
> identify/verify a key as a whole, which means the primary key.

the fingerprint of a subkey is actually well-defined.  I don't know the
answer to Jack's original question, but you can find the specification
for subkey fingerprints in RFC 4880:

   https://tools.ietf.org/html/rfc4880#section-12.2

>>    Finally, the Key ID and fingerprint of a subkey are calculated in the
>>    same way as for a primary key, including the 0x99 as the first octet
>>    (even though this is not a valid packet ID for a public subkey).



Jack, gpg will emit the fingerprints for the subkeys if you supply the
--fingerprint argument twice.  So you might try parsing the output of:

 gpg --list-keys --with-colons --fingerprint --fingerprint
--fixed-list-mode $PGPID

the lines that start with sub: indicate the subkey (and include creation
timestamps in field 6), and the lines immediately following them that
start with fpr: contain the full fingerprint in column 10. If you just
keep track of the most recent creation timestamp and remember its
fingerprint you could find the most recent subkey.

It's probably 2 or 3 lines of awk if you're into that kind of stuff :)

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130404/60e29d46/attachment.sig>

From vedaal at nym.hush.com  Thu Apr  4 23:36:46 2013
From: vedaal at nym.hush.com (vedaal at nym.hush.com)
Date: Thu, 04 Apr 2013 17:36:46 -0400
Subject: Fingerprint of the subkey just created?
Message-ID: <20130404213646.39F826F443@smtp.hushmail.com>

Daniel Kahn Gillmor dkg at fifthhorseman.net
wrote on Thu Apr 4 22:56:50 CEST 2013 :

>gpg will emit the fingerprints for the subkeys if you supply the
--fingerprint argument twice.  So you might try parsing the output of:

 gpg --list-keys --with-colons --fingerprint --fingerprint
--fixed-list-mode $PGPID

-----

It's even enough to just do:

gpg --fingerprint --fingerprint

and gnupg will list the keys and subkeys each with their short id followed by a line
Key fingerprint  with the fingerprint


vedaal



From dsaklad at gnu.org  Fri Apr  5 04:23:35 2013
From: dsaklad at gnu.org (Don Saklad)
Date: Thu, 04 Apr 2013 22:23:35 -0400
Subject: A PC user unfamiliar with any free software would like to send me
 messages that only we can read. Now what do I do?]
Message-ID: <5ik3ohvhp4.fsf@fencepost.gnu.org>

A PC user unfamiliar with any free software would like to send messages that only the two of us can read. Now what do I do? The numbers of steps for it appear to be insurmountable! And I've failed to understand GNUPG myself.


From dsaklad at gnu.org  Fri Apr  5 04:26:12 2013
From: dsaklad at gnu.org (Don Saklad)
Date: Thu, 04 Apr 2013 22:26:12 -0400
Subject: Please fix subscribe at
 http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
Message-ID: <5ihajlvhkr.fsf@fencepost.gnu.org>

Please fix subscribe at
http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce

Subscribe didn't work !... interrupted by the warning untrusted.


From ryan at b19.org  Fri Apr  5 08:02:05 2013
From: ryan at b19.org (Ryan Sawhill)
Date: Fri, 5 Apr 2013 02:02:05 -0400
Subject: A PC user unfamiliar with any free software would like to send me
 messages that only we can read. Now what do I do?]
In-Reply-To: <5ik3ohvhp4.fsf@fencepost.gnu.org>
References: <5ik3ohvhp4.fsf@fencepost.gnu.org>
Message-ID: <CANy18xDW+ggzPRJCXai1e7+QcssFUzteD6tsXvX8mhYii+nL5Q@mail.gmail.com>

On Thu, Apr 4, 2013 at 10:23 PM, Don Saklad <dsaklad at gnu.org> wrote:

> A PC user unfamiliar with any free software would like to send messages
> that only the two of us can read. Now what do I do? The numbers of steps
> for it appear to be insurmountable! And I've failed to understand GNUPG
> myself.
>

Unfamiliar with *any* free software? That does pose a problem, especially
if neither of you are willing to try to learn. There are countless GPG
tutorials and blog posts out there, not to mention this list's archives.

The simplest thing I could think of would be something like this:
https://chrome.google.com/webstore/detail/quick-encrypt/ceoomdobfpkpdilfooakcmklkkolppcb

It's an extension for Google Chrome (which is free software though, so
perhaps this "PC user" is not familiar with it?) that does basic symmetric
encryption with no special setup. Personally, I can't imagine using it
myself unless I was on a Windows box with no time to install & configure
GPG, but I do know people who use it (people who found GPG too
intimidating).

PS: I can't vouch for the quality of the encryption (I haven't looked at
the implementation) or the general safety of it (I don't know if it
performs the encryption locally or if it sends it to a server).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130405/98c44981/attachment.html>

From email at janignatius.fi  Fri Apr  5 09:20:32 2013
From: email at janignatius.fi (Jan Ignatius)
Date: Fri, 05 Apr 2013 10:20:32 +0300
Subject: A PC user unfamiliar with any free software would like to send
 me messages that only we can read. Now what do I =?UTF-8?Q?do=3F=5D?=
In-Reply-To: <5ik3ohvhp4.fsf@fencepost.gnu.org>
References: <5ik3ohvhp4.fsf@fencepost.gnu.org>
Message-ID: <8f97ee85e735d04e27f57661ac04adf6@janignatius.fi>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2013-04-05 05:23, Don Saklad wrote:
> A PC user unfamiliar with any free software would like to send
> messages that only the two of us can read. Now what do I do? The
> numbers of steps for it appear to be insurmountable! And I've failed
> to understand GNUPG myself.
>
Perhaps a web based solution would be easier to adopt in this case?

Some examples:
https://privacybox.de/index.en.html
https://crypto.cat/

You could access these services using Tor browser bundle 
(https://torproject.org) to further hide your identity from 3rd parties.
I don't trust the above solutions as much as GNUPG but depending on the 
type of information you are exchanging with your friend, they may be 
sufficient.

Jan
- --
Jan <email at janignatius.fi>
PGP Key: https://janignatius.fi/pgp
PGP Key Fingerprint: 08EC 7FDC BAAA EEF5 AFE8  BEEC 8B71 471F 7F86 1262
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJRXnsWAAoJEItxRx9/hhJi8swH/jqRobe97cvMeSpeRs8GlXar
oGjAqKreTyi7FrNEeREfeJEazy4BDyOo5yBFC8o5dow8iCxabvV/ZabsYfX4OJq2
y3xsrolh1kU8WSP30dPxavghG0M2ewfhwzXadaqDyDyF2toMBCnHPAUe/nUhVV0Z
hi0r3rEIGz+tw7kNBfLk1EqdxcQifqheu2qdw+3GwpCE7kcOZK8/H/UYKz+VR8pL
EvaHUqyHJVVfe6nZcPV7yn7Y0XOS0wkwcNSlFAHttNDt0prcMnd2Q0jmU1Z16Zwx
ScIo+h7Jjyv8MpWC7gb9yAFMlsb5vEVh5pEsSCkcVYBFlkQDfxEEVuRFqjF8TPQ=
=x8e0
-----END PGP SIGNATURE-----



From dsaklad at gnu.org  Fri Apr  5 02:33:02 2013
From: dsaklad at gnu.org (Don Saklad)
Date: Thu, 04 Apr 2013 20:33:02 -0400
Subject: A PC user unfamiliar with any free software would like to send me
 messages that only we can read. Now what do I do?]
Message-ID: <5i1uapx1dt.fsf@fencepost.gnu.org>

A PC user unfamiliar with any free software would like to send messages that only the two of us can read. Now what do I do? The numbers of steps for it appear to be insurmountable! And I've failed to understand GNUPG myself.


From dsaklad at gnu.org  Fri Apr  5 02:50:38 2013
From: dsaklad at gnu.org (Don Saklad)
Date: Thu, 04 Apr 2013 20:50:38 -0400
Subject: Please fix subscribe at
 http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
Message-ID: <5isj35vm01.fsf@fencepost.gnu.org>

Please fix subscribe at
http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce

Subscribe didn't work !... interrupted by the warning untrusted.


From roam at ringlet.net  Fri Apr  5 10:50:46 2013
From: roam at ringlet.net (Peter Pentchev)
Date: Fri, 5 Apr 2013 11:50:46 +0300
Subject: Fingerprint of the subkey just created?
In-Reply-To: <20130404213646.39F826F443@smtp.hushmail.com>
References: <20130404213646.39F826F443@smtp.hushmail.com>
Message-ID: <20130405085045.GA5567@straylight.m.ringlet.net>

On Thu, Apr 04, 2013 at 05:36:46PM -0400, vedaal at nym.hush.com wrote:
> Daniel Kahn Gillmor dkg at fifthhorseman.net
> wrote on Thu Apr 4 22:56:50 CEST 2013 :
> 
> >gpg will emit the fingerprints for the subkeys if you supply the
> --fingerprint argument twice.  So you might try parsing the output of:
> 
>  gpg --list-keys --with-colons --fingerprint --fingerprint
> --fixed-list-mode $PGPID
> 
> -----
> 
> It's even enough to just do:
> 
> gpg --fingerprint --fingerprint
> 
> and gnupg will list the keys and subkeys each with their short id followed by a line
> Key fingerprint  with the fingerprint

If *you* want to see the fingerprint, that's fine.  If you want to
write a *program* that needs the fingerprint, then --with-colons is
pretty much mandatory, since it avoids all the issues of changing
messages, localized messages, weird characters that might be mistaken
for parts of messages, etc.

Of course, for writing programs that interface with GnuPG, it's best
to go all the way and use GPGME, but for some simple tasks the output
of --with-colons is exactly right.

I didn't know about --fixed-list-mode; thanks!

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net roam at FreeBSD.org p.penchev at storpool.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
If wishes were fishes, the antecedent of this conditional would be true.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130405/b2b9e9f9/attachment.sig>

From philip.g.potter at gmail.com  Fri Apr  5 18:25:02 2013
From: philip.g.potter at gmail.com (Philip Potter)
Date: Fri, 5 Apr 2013 17:25:02 +0100
Subject: Why does gpg use so much entropy from /dev/random?
In-Reply-To: <874nfpfbm4.fsf@vigenere.g10code.de>
References: <CAEOFFnLvHzvBVw_tZD6XkVX9wZqF2jw9taEEde_re+DTeeALyA@mail.gmail.com>
 <874nfpfbm4.fsf@vigenere.g10code.de>
Message-ID: <CAEOFFn+=0aaHa627NWjrgX93s5aKQ35ZgNQQuBU-bZZ27GRJ7A@mail.gmail.com>

Hi Werner,

Thanks very much for your response. I think I'll take some time to digest it :)

Phil

On 2 April 2013 11:52, Werner Koch <wk at gnupg.org> wrote:
> On Sun, 31 Mar 2013 11:45, philip.g.potter at gmail.com said:
>
>> Can anyone shed any light on this? Why does GPG use more entropy than
>> /dev/random says it should?
>
> Which /dev/random - there are hundreds of variants of that device all
> with other glitches.  Thus GnuPG has always used /dev/random only as a
> source of entropy to seed its own RNG:
>
>   This random number generator is loosely modelled after the one
>   described in Peter Gutmann's paper: "Software Generation of
>   Practically Strong Random Numbers". at footnote{Also described in chapter
>   6 of his book "Cryptographic Security Architecture", New York, 2004,
>   ISBN 0-387-95387-6.}
>
>   A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash
>   transform function.  Several extra features are used to make the
>   robust against a wide variety of attacks and to protect against
>   failures of subsystems.  The state of the generator may be saved to a
>   file and initially seed form a file.
>
>   Depending on how Libgcrypt was build the generator is able to select
>   the best working entropy gathering module.  It makes use of the slow
>   and fast collection methods and requires the pool to initially seeded
>   form the slow gatherer or a seed file.  An entropy estimation is used
>   to mix in enough data from the gather modules before returning the
>   actual random output.  Process fork detection and protection is
>   implemented.
>
> GPG uses ~/.gnupg/random_seed but it needs to creater it first.  For
> generating keys it also makes sure to put in a lot of new entropy just
> to be safe.  Better be safe than sorry (cf. the recent NetBSD problem).
>
>
> Salam-Shalom,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>


From sttob at mailshack.com  Fri Apr  5 17:39:22 2013
From: sttob at mailshack.com (Stan Tobias)
Date: Fri, 05 Apr 2013 17:39:22 +0200
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users -
 Alternative to the web of trust?]
In-Reply-To: <5155CFC8.10505@fifthhorseman.net>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
Message-ID: <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>

Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> I've changed the subject line to indicate that this thread is about
> establishing a pseudonym, *not* about anonymous users.  This is a subtle
> but important difference.

People assume pseudonyms for various reasons, anonymity being but one
of them.  It is clear the person behind "adrelanos" wants to remain
anonymous, while giving a name to his action.  This is a narrower
application of pseudonyms, thus IMHO the subject should have stayed.

The problem we're trying to solve here is how to ascertain originality
of a software development line, IOW how to authenticate it.

I believe this has much in common with ordinary software authentication.
For instance, from _my_ perspective, "Werner Koch" is kind of an
anonymous person.  He's not actually a person, he is just the key that
signs versions of GnuPG software.  (No offense, Werner, I've seen you on
Google, so you must be true, surely. :-^ )  I don't think shaking hands
with Werner would change much in this regard.  Same goes for almost all
other signed software on my system.  What I mean to express is an idea
that in ordinary situation, the entity that authenticates (certifies)
software is the key itself, not its owner(s), whom I don't know, and who
I don't know if they exist.  (But I know the key.  Just try to imagine
the cryptographic key acquired intelligence and became a person, and
eventually - a friend; hey, I wouldn't trust a strange key, would I?)

The person(s) behind "adrelanos", in order to communicate securely and
anonymously, invents a "new person", a sock-puppet, called "adrelanos",
through which he will communicate with the rest of the world:
  <quote> 
  I am adrelanos, the strictly pseudonymous (anonymous) maintainer
  of Whonix
  </quote>
For simplicity, I mentally associate this "invented person" with his
(their?) cryptographic key itself.  (Thus the name "adrelanos" is
redundant, what counts is the key's fingerprint, but it's good for
human speak.)  So when I say "adrelanos", I think of the key exclusively.

As a side note (this is not the main topic of my posting), I have two
suggestions to adrelanos.  First, I'm not sure the Web of Trust solves
anything for you.  You need to associate yourself strongly with the
project, so I would advise to put your public key into the very first
issue of the software, and sign the whole.  An attacker may do the same
with their key and claim they are the only true developers.  To thwart
this, you need to gather signed timestamps from many independent services.
(The reasoning is that someone can make a copy and claim as his for
nefarious purposes only, thus if you can prove you were the first to
own it, you can defend your authorship this way.)  Announcing on this
list (or in any public place) can also be considered as a kind of a
time-stamp (until a Ministry of Truth starts to manage our history),
but have I seen your public key here?  A third suggestion is to create
some backup keys, and somehow mention them in further software issues,
just in case you find yourself in disaster management situation and need
to identify yourself by another means.

> ------------
>
> For a pseudonymous author who wants to establish a credible claim to a
> given identity, one way would be to encourage the people who have been
> following the work of that author to certify the key.  In that case, how
> would they know it's the right one?  This is a shade different from
> other scenarios, but if, for example, if i had been using tool X for 5
> years, and had been corresponding with the author (e.g. bug reports,
> thank you notes, feedback, etc) over that time and all the
> communications and versions of the tool that i received consistently
> demonstrated that the person on the other end had control of the key in
> question, i would have no problem certifying that identity.

What would such a certification accomplish?

In my lay person's understanding, the purpose of certification (key
signing) is to state that the UID correctly describes the person who
claims the key.

If you sign an anonymous key, that may be either misleading, or carry
zero information.  If you mean to certify for the real person - you
haven't met them, and there is noone who will claim the key (as long
as they want to stay anonymous).  If you sign for the "invented person"
(as I defined above), then you essentially certify that the key holding
a name "adrelanos" is correctly described by the name "adrelanos".

I understand the aim of your certification: you want to introduce
"adrelanos", and to state your association with him (although you
don't know the real person).  But can you explain this purpose in
your signature?  Is a key signing the best means for it?  Wouldn't a
better option be publishing a signed statement "I have cooperated with
an anonymous person adrelanos since ..., I believe he is the original
author of ..."?

Further thoughts for discussion:
If I told you my pseudonym was "Werner Koch" (for "John Smith" was already
too occupied), would you sign my key?  Why?  Why would it take 5 years to
convince yourself to sign adrelanos' key; why not 5 months, or 5 weeks?
If someone revealed to you "adrelanos" was a secret FBI operation,
would you still sign it?  (FBI behind "adrelanos" might be the true
original author of the software, accept bug reports, feedbacks, etc., and
I've heard they have really nice blokes there.  So essentially nothing
changes, except the state of your knowledge.)  Before signing his key,
would you check that the ID "adrelanos <adrelanos at riseup.net>" was not in
use (not necessarily in a PGP key) by another person, say, a year ago from
now?

Regards, Stan.



From dkg at fifthhorseman.net  Fri Apr  5 19:38:18 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Apr 2013 13:38:18 -0400
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users
 - Alternative to the web of trust?]
In-Reply-To: <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
Message-ID: <515F0C0A.3030006@fifthhorseman.net>

On 04/05/2013 11:39 AM, Stan Tobias wrote:
> People assume pseudonyms for various reasons, anonymity being but one
> of them.  It is clear the person behind "adrelanos" wants to remain
> anonymous, while giving a name to his action.

This is practically the definition of a pseudonym, not anonymity.
Anonymity involves trying to avoid leaving any traces of identity
whatsoever.  I really do think it's worth distinguishing between the two
cases, since they're quite different.

From WordNet (r) 3.0 (2006) [wn]:

  pseudonym
      n 1: a fictitious name used when the person performs a
           particular social role [syn: {pseudonym}, {anonym}, {nom de
           guerre}]

  anonymous
      adj 1: having no known name or identity or known source;
             "anonymous authors"; "anonymous donors"; "an anonymous
             gift" [syn: {anonymous}, {anon.}] [ant: {onymous}]
      2: not known or lacking marked individuality; "brown anonymous
         houses"; "anonymous bureaucrats in the Civil Service"

I agree with you that the WoT is not useful for people who truly wish to
be anonymous.

However, the WoT still can be useful for people who wish to establish a
pseudonym.

> Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

>> For a pseudonymous author who wants to establish a credible claim to a
>> given identity, one way would be to encourage the people who have been
>> following the work of that author to certify the key.  In that case, how
>> would they know it's the right one?  This is a shade different from
>> other scenarios, but if, for example, if i had been using tool X for 5
>> years, and had been corresponding with the author (e.g. bug reports,
>> thank you notes, feedback, etc) over that time and all the
>> communications and versions of the tool that i received consistently
>> demonstrated that the person on the other end had control of the key in
>> question, i would have no problem certifying that identity.
> 
> What would such a certification accomplish?

It establishes a history of someone doing work and being active using
that name.  Given that it includes an e-mail address, it is effectively
globally unique (modulo problems with the DNS). If there are two such
entities, using two separate keys, that's entirely possible.  My
certification would indicate which one is the one i have come to know as
"adrelanos <adrelanos at riseup.net>".

> Further thoughts for discussion:
> If I told you my pseudonym was "Werner Koch" (for "John Smith" was already
> too occupied), would you sign my key?  

Well, i already know a Werner Koch, and i don't think i would sign any
colliding user IDs without good reason.  If i'm dealing with User IDs
that are clearly non-global, have no difficult-to-forge corroboration
(e.g. gov't issued ID), etc, and i have no prolonged experience
interacting with someone using that identity, i'm likely to decline to
make that certification.

> Why would it take 5 years to
> convince yourself to sign adrelanos' key; why not 5 months, or 5 weeks?

I said 5 years as an example, not as a magic threshold where my
confidence in someone's persistent identity kicks in.   I suspect that
each person has their own sense of this, and can make their own
decisions about when making a public statement of known identity is
warranted.  One of the nice things about OpenPGP is that there is no
requirement for everyone to have the same certification policy.

> If someone revealed to you "adrelanos" was a secret FBI operation,
> would you still sign it?  (FBI behind "adrelanos" might be the true
> original author of the software, accept bug reports, feedbacks, etc., and
> I've heard they have really nice blokes there.  So essentially nothing
> changes, except the state of your knowledge.)

I hope it's clear that my certifying anyone's OpenPGP certificate is a
statement about who i believe uses a given name and address and what key
they use.  It is *not* a statement of political affinity, friendship, or
a technical endorsement.

I am happy to sign the keys of people with whom i have fundamental
disagreements.  My saying "this is adrelanos' key" does not say anything
about "adrelanos works for the FBI" or "adrelanos does not work for the
FBI" any more than it says "adrelanos is my friend" or "adrelanos is a
milkman" or "adrelanos babysits my children" or "adrelanos writes
awesome software" or "I can't stand that adrelanos character"

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130405/e8b7bc2d/attachment.sig>

From jeandavid8 at verizon.net  Fri Apr  5 20:16:22 2013
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Fri, 05 Apr 2013 14:16:22 -0400
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users -
 Alternative to the web of trust?]
In-Reply-To: <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
Message-ID: <515F14F6.9050901@verizon.net>

On 04/05/2013 11:39 AM, Stan Tobias wrote:
> The problem we're trying to solve here is how to ascertain originality
> of a software development line, IOW how to authenticate it.

What I do is get my OS (a Linux distribution from Red Hat) on a DVD
directly from them. It contains, along with everything else, their
public key that I do not validate by any other means; I assume that it
is authentic. And they sign all the software they download to me from
their site. So unless a man in the middle, working for the Post Office
or UPS or FedEx (I forget which) substitutes DVDs ... . But as long as
Mr. Red and Ms. Hat can be trusted, I do not care if they are the two
individuals, a corporation, or what.

SO

* I am not protected from any black hats subversively working for Red Hat.

* I am not protected if their site is highjacked by black hats until
they discover it and correct it. But unless they also hijack the
computer not connected to the Internet (see below), this will not be enough.

* I am not protected if the DNS is damaged somewhere and when my update
software tries to get updates from Red Hat, some other site that has Red
Hat's private key signs whatever they choose to download to my machine.
I suppose bribery or physical violence might get that key faster than
exhaustive search... .

Probably the software Red Hat supplies is kept on a machine that is not
on the Internet and it is all signed on that machine. At which point,
the signed software is placed on an Internet-connected machine for
downloading (seems like a good idea to me).


From peter at digitalbrains.com  Fri Apr  5 22:27:31 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Fri, 05 Apr 2013 22:27:31 +0200
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users
 - Alternative to the web of trust?]
In-Reply-To: <515F14F6.9050901@verizon.net>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
 <515F14F6.9050901@verizon.net>
Message-ID: <515F33B3.1040003@digitalbrains.com>

On 05/04/13 20:16, Jean-David Beyer wrote:
> Probably the software Red Hat supplies is kept on a machine that is not
> on the Internet and it is all signed on that machine. At which point,
> the signed software is placed on an Internet-connected machine for
> downloading (seems like a good idea to me).

I have no idea how Red Hat does this, but it seems unlikely to me. It's
not connected to the internet, but signs the whole repository, and each
individual security update etcetera. Is there a guy who keeps going back
and forth with a USB stick between this terminal and another?

AFAIK, in Debian, individual maintainers sign the packages they maintain
from their own systems. Some might choose to do a complicated dance with
a USB stick, but I expect many to sign on a net-connected machine. And
then an automatic signature follows from the repository key when the
maintainer's signature matches.

Last time I said AFAIK on this list I was wrong, though.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt


From jeandavid8 at verizon.net  Fri Apr  5 22:42:24 2013
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Fri, 05 Apr 2013 16:42:24 -0400
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users -
 Alternative to the web of trust?]
In-Reply-To: <515F33B3.1040003@digitalbrains.com>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com> <515F14F6.9050901@verizon.net>
 <515F33B3.1040003@digitalbrains.com>
Message-ID: <515F3730.4000206@verizon.net>

On 04/05/2013 04:27 PM, Peter Lebbing wrote:
> I have no idea how Red Hat does this, but it seems unlikely to me. It's
> not connected to the internet, but signs the whole repository, and each
> individual security update etcetera. Is there a guy who keeps going back
> and forth with a USB stick between this terminal and another?

I do not know how they do it either. I assumed that each major release,
that for Red Hat occurs only about every 18 months, they do sign each
and every file in the repository. They probably have an automatic way to
do that. And then someone sneakernets it over to the Internet-connected
machines that do the downloads to the customers.

For updates, I assume they do that to each file that has been touched
and carry them over to the Internet-connected servers in a batch, say
once a day. But maybe they resign and carry over everything in the
repository to save the trouble of figuring out which have been touched
and which have not. The whole release fits on one DVD. Recall that for
Red Hat Enterprise Linux, with extremely few exceptions, they do not do
enhancements: those are delayed until the next major release up to 18
months later. They only do bug and security fixes (and that time-zone
file change). So once a day (or whenever the regression testing is
completed successfully) some clerk can do the carry over at some time,
presumably late at night.


From ryan at b19.org  Sat Apr  6 19:10:30 2013
From: ryan at b19.org (Ryan Sawhill)
Date: Sat, 6 Apr 2013 13:10:30 -0400
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users -
 Alternative to the web of trust?]
In-Reply-To: <515F3730.4000206@verizon.net>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable>
 <515421CC.7030900@digitalbrains.com> <51552159.9080106@gmail.com>
 <5155A766.6080404@riseup.net> <5155C44F.9030603@gmail.com>
 <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
 <515F14F6.9050901@verizon.net> <515F33B3.1040003@digitalbrains.com>
 <515F3730.4000206@verizon.net>
Message-ID: <CANy18xAZebjbC2hTwpmQTgBcup-yOKLwOgbm2nbiV2msUbAyUQ@mail.gmail.com>

I wouldn't have to work at Red Hat to find your imagining of all this
hilarious. No offense meant.

What makes the most sense: that all packages are built on a handful of
central build servers (individual maintainers building packages?
seriously?) on a private network and that as part of that automated build
process, the packages are signed. And then of course yes, some sort of
manual process to push packages out to publicly-accessible servers for
customers.

Also, for the record, you're wrong about "with extremely few exceptions,
they do not do enhancements: those are delayed until the next major release
up to 18 months later". Most packages will stay at the same upstream
version for the life of a RHEL major release, but feature-enhancements
still happen all the time with minor releases (every 6 months) and
sometimes even sooner. (Also, new major releases don't happen every 18
months.)


On Fri, Apr 5, 2013 at 4:42 PM, Jean-David Beyer <jeandavid8 at verizon.net>wrote:

> On 04/05/2013 04:27 PM, Peter Lebbing wrote:
> > I have no idea how Red Hat does this, but it seems unlikely to me. It's
> > not connected to the internet, but signs the whole repository, and each
> > individual security update etcetera. Is there a guy who keeps going back
> > and forth with a USB stick between this terminal and another?
>
> I do not know how they do it either. I assumed that each major release,
> that for Red Hat occurs only about every 18 months, they do sign each
> and every file in the repository. They probably have an automatic way to
> do that. And then someone sneakernets it over to the Internet-connected
> machines that do the downloads to the customers.
>
> For updates, I assume they do that to each file that has been touched
> and carry them over to the Internet-connected servers in a batch, say
> once a day. But maybe they resign and carry over everything in the
> repository to save the trouble of figuring out which have been touched
> and which have not. The whole release fits on one DVD. Recall that for
> Red Hat Enterprise Linux, with extremely few exceptions, they do not do
> enhancements: those are delayed until the next major release up to 18
> months later. They only do bug and security fixes (and that time-zone
> file change). So once a day (or whenever the regression testing is
> completed successfully) some clerk can do the carry over at some time,
> presumably late at night.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130406/8efc1e38/attachment.html>

From jeandavid8 at verizon.net  Sat Apr  6 20:49:45 2013
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Sat, 06 Apr 2013 14:49:45 -0400
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users -
 Alternative to the web of trust?]
In-Reply-To: <CANy18xAZebjbC2hTwpmQTgBcup-yOKLwOgbm2nbiV2msUbAyUQ@mail.gmail.com>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk>	<5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable>	<515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com>	<5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com>	<5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>	<515F14F6.9050901@verizon.net>
 <515F33B3.1040003@digitalbrains.com>	<515F3730.4000206@verizon.net>
 <CANy18xAZebjbC2hTwpmQTgBcup-yOKLwOgbm2nbiV2msUbAyUQ@mail.gmail.com>
Message-ID: <51606E49.9030601@verizon.net>

On 04/06/2013 01:10 PM, Ryan Sawhill wrote:
> I wouldn't have to work at Red Hat to find your imagining of all this
> hilarious. No offense meant.

I am not offended; just ignorant of some of the details of this.
> 
> What makes the most sense: that all packages are built on a handful of
> central build servers (individual maintainers building packages?
> seriously?) on a private network and that as part of that automated
> build process, the packages are signed. And then of course yes, some
> sort of manual process to push packages out to publicly-accessible
> servers for customers.

I guess we agree here. Perhaps not on the details. So that part must not
be hilarious, is it?
> 
> Also, for the record, you're wrong about "with extremely few exceptions,
> they do not do enhancements: those are delayed until the next major
> release up to 18 months later". Most packages will stay at the same
> upstream version for the life of a RHEL major release,

Right.

> but
> feature-enhancements still happen all the time with minor releases
> (every 6 months) and sometimes even sooner. 

Well, the bug and security fixes can come out several times a day
(though that is not usual), and new RHEL kernels seem to be coming out
every month or so these days. But those are bug fixes and security
fixes. When I read their release notes on those things, they do not
describe enhancements on the kernel.

Similarly for things like postgresql, they may backport bug fixes but
they do not put in enhancements as far as I can tell.

Perhaps they enhanced Firefox, but that is not the usual thing. I notice
no enhancements for GnuCash that is quite a ways behind what other
distributions are using. They try to keep up with Java, but that is to
hope to keep up with the security failures in that.

>(Also, new major releases
> don't happen every 18 months.)
> 
I know major releases do not happen exactly every 18 month. IIRC, they
said that was their goal. I know it was over two years for one of them
to come out.


From sttob at mailshack.com  Sun Apr  7 10:06:50 2013
From: sttob at mailshack.com (Stan Tobias)
Date: Sun, 07 Apr 2013 10:06:50 +0200
Subject: gpg for pseudonymous users [was: Re: gpg for anonymous users -
 Alternative to the web of trust?]
In-Reply-To: <515F0C0A.3030006@fifthhorseman.net>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
 <515F0C0A.3030006@fifthhorseman.net>
Message-ID: <5161291a.9nw+AIE8qA7ltnYF%sttob@mailshack.com>

Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On 04/05/2013 11:39 AM, Stan Tobias wrote:
> > Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>
> >> For a pseudonymous author who wants to establish a credible claim to a
> >> given identity, one way would be to encourage the people who have been
> >> following the work of that author to certify the key.  
[snip]
> > 
> > What would such a certification accomplish?
>
> It establishes a history of someone doing work and being active using
> that name.  Given that it includes an e-mail address, it is effectively
> globally unique (modulo problems with the DNS).

(Modulo a black box in an ISP's locked room.  Modulo other circumstances.
I think it was a misguided idea from the old times that an email
could serve as a personal identifier.)

> If there are two such
> entities, using two separate keys, that's entirely possible.  My
> certification would indicate which one is the one i have come to know as
> "adrelanos <adrelanos at riseup.net>".

So basically you restate what I have said before: you introduce
someone (you help to start a history), and you mark your association (to
differentiate this one from other "adrenaloses"; I don't mean support, but
merely association by knowledge).  The first one is merely a side effect.
As for the latter, I don't believe it is even implicit in a certificate
(at signing parties, people sign keys to persons whom they won't know).
At best, it can be considered a side effect of your signing policy (if
you refuse to sign further "adrenaloses"), but this is not what is being
ceritified anyway.

Certificates are a message to others.  When you sign "Werner Koch"
key, you tell me that you have verified the key owner *is* Werner Koch,
and is willing to identify himself with this key.

Now, when you certify "adrelanos" key (UID, to be precise), do you mean to
tell me you have verified the "real" owner is adrelanos?  Obviously, no.
Do you mean to tell me you've verified that the anonymous owner - the
person who identifies himself by the key - uses the key "adrelanos"?
It's a tautology.  Do you mean to tell me the "invented person" is
adrelanos?  He's that by definition; it's a tautology again.  There is
nothing that can be verified, therefore nothing to certify.  I don't
see any meaning to your certificate.

As I noticed last, what's relevant is that each software issue is signed
by the same key (identified by fingerprint).  The key could be stripped
of any UIDs, and still fulfill its function well.  Thus I don't see what
a certificate could change.


> > Further thoughts for discussion:
> > If I told you my pseudonym was "Werner Koch" (for "John Smith" was already
> > too occupied), would you sign my key?  
>
> Well, i already know a Werner Koch, and i don't think i would sign any
> colliding user IDs without good reason.  If i'm dealing with User IDs
> that are clearly non-global, have no difficult-to-forge corroboration
> (e.g. gov't issued ID), etc, and i have no prolonged experience
> interacting with someone using that identity, i'm likely to decline to
> make that certification.

I have chosen the pseudonym "Werner Koch" to make a contrast.  You suspect
fraud, and refuse to sign my key without checking, because you happen to
know a (important) Werner Koch.  Yet you're willing to sign "adrelanos"
key, because you don't happen to know another adrelanos?  I sense a
logic flaw, and thus a weakness in the signing policy.


> > Why would it take 5 years to
> > convince yourself to sign adrelanos' key; why not 5 months, or 5 weeks?
>
> I said 5 years as an example, not as a magic threshold where my
> confidence in someone's persistent identity kicks in.   I suspect that
> each person has their own sense of this, and can make their own
> decisions about when making a public statement of known identity is
> warranted.  One of the nice things about OpenPGP is that there is no
> requirement for everyone to have the same certification policy.

With time, his reputation may change, and your confidence, but not
his identity.  His identity is established by fiat of his creator,
and will be the same in five years as it is now.  I think it is wrong
to assume time plays any role here.

(With time "adrelanos" may gain history which might further identify him,
but I doubt this whole history will enter his key UID.  For example, on
Werner's key I see only "Werner Koch", not where he lives, what he did,
which schools he finished, where he's been, what beer he likes, and what
his cat looks like.)


> > If someone revealed to you "adrelanos" was a secret FBI operation,
> > would you still sign it?  (FBI behind "adrelanos" might be the true
> > original author of the software, accept bug reports, feedbacks, etc., and
> > I've heard they have really nice blokes there.  So essentially nothing
> > changes, except the state of your knowledge.)
>
> I hope it's clear that my certifying anyone's OpenPGP certificate is a
> statement about who i believe uses a given name and address and what key
> they use.  It is *not* a statement of political affinity, friendship, or
> a technical endorsement.

Sure.  I'd prefer you said "is known by", rather than "uses".

> I am happy to sign the keys of people with whom i have fundamental
> disagreements.  My saying "this is adrelanos' key" does not say anything
[snip]

I'd be willing, too, to sign the Enemy's key, as long as its UID says
"Enemy" and not "Friend".  The problem is that "adrelanos" doesn't
mean anything to you, nor to me, but perhaps it might mean something
to someone else.  This is a reason for my objection to vouching for
anonymous identities.  I think it is dangerous.

Regards, Stan.



From dkg at fifthhorseman.net  Sun Apr  7 16:19:56 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Sun, 07 Apr 2013 10:19:56 -0400
Subject: gpg for pseudonymous users
In-Reply-To: <5161291a.9nw+AIE8qA7ltnYF%sttob@mailshack.com>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
 <515F0C0A.3030006@fifthhorseman.net>
 <5161291a.9nw+AIE8qA7ltnYF%sttob@mailshack.com>
Message-ID: <5161808C.8070302@fifthhorseman.net>

On 04/07/2013 04:06 AM, Stan Tobias wrote:

> I'd be willing, too, to sign the Enemy's key, as long as its UID says
> "Enemy" and not "Friend".

But in fact, no one identifies in either way; "Enemy" and "Friend" are
relational terms, and are not identities.  Neither of them belong in the
UID.

If you want to make a statement about whether someone is your enemy or
your friend, an OpenPGP identity certification might not be the right
way to do it.

  The problem is that "adrelanos" doesn't
> mean anything to you, nor to me, but perhaps it might mean something
> to someone else.  This is a reason for my objection to vouching for
> anonymous identities.  I think it is dangerous.

I think we're talking about pseudonyms, not "anonymous identities".

You seem to think that names of the form "Stan Tobias" and "Daniel Kahn
Gillmor" and "Werner Koch" are somehow more "real" names than
"adrelanos".  You also seem to think that people's identities are
immutable over time.  I'm not sure i believe either tenet is universally
true.  That's fine, and i'm not trying to convince you otherwise --
that's why it's good that we each get to have our own certification
policies!

Some people believe that names like "Daniel Kahn Gillmor" are more
"real" because of their government endorsement (e.g. via
difficult-to-forge identity papers).  I will grant that endorsement by a
government plays a significant role in my willingness to accept that a
person holds a given identity.  However, I am unwilling to constrain my
beliefs about identity to only cover government statements.  Some people
have deeply-held identities that their government refuses to certify,
and some governments are quite willing to issue fraudulent identity
papers under a variety of circumstances.  So i prefer to reserve the
right to use my own judgement, and to be able to rely on other
information besides government endorsement as well.

But let's bring this discussion back out of the metaphysical territory
of "what is the true nature of identity".   In response to adrelanos'
question, I tried to give an example of what sort of
non-government-issued evidence a cautious and open-minded individual
might consider.  What evidence are you willing to consider to establish
belief in someone's identity?

all the best,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130407/c148cc3c/attachment.sig>

From mirimir at riseup.net  Sun Apr  7 18:59:14 2013
From: mirimir at riseup.net (mirimir)
Date: Sun, 07 Apr 2013 16:59:14 +0000
Subject: gpg for pseudonymous users
In-Reply-To: <5161808C.8070302@fifthhorseman.net>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
 <515F0C0A.3030006@fifthhorseman.net>
 <5161291a.9nw+AIE8qA7ltnYF%sttob@mailshack.com>
 <5161808C.8070302@fifthhorseman.net>
Message-ID: <5161A5E2.5070902@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/07/2013 02:19 PM, Daniel Kahn Gillmor wrote:

<snip>

> But let's bring this discussion back out of the metaphysical 
> territory of "what is the true nature of identity".   In response
> to adrelanos' question, I tried to give an example of what sort of 
> non-government-issued evidence a cautious and open-minded
> individual might consider.  What evidence are you willing to
> consider to establish belief in someone's identity?

Perhaps it's misleading to focus on the pseudonym "adrelanos". For me,
what's important is knowing that all Whonix releases come from the
same source (person, collective, etc).

Having an email address associated with the whonix-signing key
provides some assurance that support requests and bug reports are
going to the right place. It's also useful to know that the adrelanos
on this list is the Whonix signer at adrelanos at riseup.net with gnupg
key fingerprint "9B15 7153 925C 303A 4225 3AFB 9C13 1AD3 713A AEEF".

Over time, with ongoing peer review, "Whonix signer" aka adrelanos
develops a reputation for releasing useful and malware-free software,
for promptly patching all reported vulnerabilities, and so on. If
malware were found in Whonix, the reputation would diminish.

Peer-verified reputation is crucial in many contexts, especially where
government-issued identification is unworkable. Even so, that's not
enough, because most participants lack the necessary information and
expertise.

Also, reputation is not simply one-dimensional. If verifiable evidence
were presented linking Whonix/adrelanos to some organization or cause,
that might decrease adrelanos' reputation among some, and increase it
among others. Reputation is also multidimensional in other ways (e.g.,
expertise, financial integrity, on-time delivery and discretion).

Trusted third parties manage peer-verified reputation in particular
contexts. For example, Onionland marketplaces manage the reputations
of their sellers and buyers, whose accounts are linked to their gnupg
keys. There are also brokers that manage reputation more broadly.

Expecting gnupg to handle all that might be unrealistic. Multiple
trust parameters would be required, and consistent use in multiple
contexts would be difficult or impossible to enforce. But gnupg keys
can serve as the index for reputation data.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJRYaXfAAoJEGINZVEXwuQ+4fMH/RwIQjl2BALgK+lusxU7IOLg
8suRwH56ae68G5PBtLuXwHkQU6l/6ra0Q05j48uopdTJs+Vsre8NK8HfNVyf9UCK
9Yx/2JmWFSnpuA7Swd/yH7QdAs3EqHfxr+pesrDrKuTY5cZwM/jxgZQOXaDcnMfn
4lv4kS/WWwIEBxYhTS3wj8FYVUx5TT1BOFe/uupgbKAACj1LAJwNTOukj6NRT8RG
bDBa7ir72hu4Oll4BS+uNNqRWcIMhdcHXLBVCLy1fL1/moKwoP4nazM3RAs7NlzE
Z7yKcBhh63E5mj7KHfTwo55q+dtkEqMg1h6HGdACmCAJXjr/CzbemkH8J8ahc+c=
=R89X
-----END PGP SIGNATURE-----


From peter at digitalbrains.com  Mon Apr  8 11:52:41 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 08 Apr 2013 11:52:41 +0200
Subject: (OT) Re: gpg for pseudonymous users
In-Reply-To: <CANy18xAZebjbC2hTwpmQTgBcup-yOKLwOgbm2nbiV2msUbAyUQ@mail.gmail.com>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
 <515F14F6.9050901@verizon.net> <515F33B3.1040003@digitalbrains.com>
 <515F3730.4000206@verizon.net>
 <CANy18xAZebjbC2hTwpmQTgBcup-yOKLwOgbm2nbiV2msUbAyUQ@mail.gmail.com>
Message-ID: <51629369.9080303@digitalbrains.com>

On 06/04/13 19:10, Ryan Sawhill wrote:
> (individual maintainers building packages? seriously?)

I think you misread a statement /I/ made. I said individual maintainers
in Debian sign packages. They do not sign built binaries, but rather the
source package. After that, an automated build system takes over.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt


From Lists.gnupg at mephisto.fastmail.net  Mon Apr  8 18:10:01 2013
From: Lists.gnupg at mephisto.fastmail.net (Kevin)
Date: Mon, 8 Apr 2013 12:10:01 -0400
Subject: Create subkey that will expire in 10 hours
In-Reply-To: <87txnmbifr.fsf@vigenere.g10code.de>
References: <515C5EC5.8050509@nottheoilrig.com>
 <87a9ped5gs.fsf@vigenere.g10code.de> <2366298.MguBl7UZBb@inno>
 <515D599D.8080905@digitalbrains.com>
 <87txnmbifr.fsf@vigenere.g10code.de>
Message-ID: <20130408161001.GA6482@cube.smellysneakers.net>

At 1365102936 seconds of The Epoch, Werner Koch wrote:
> Specifying the Epoch will anyway stop working in 2038 on many systems,
> thus it is probably not good to allow its use.  If a fixed data is
> required, one may always specify something like "20130404T153012" for
> both, the creation date and the expire date.

I *really* hope we have all the relevant systems patched by 2038, though
it's something of a testament to *nix stability that anyone seriously
considers the possibility that obsolete servers will still be up then.


From Lists.gnupg at mephisto.fastmail.net  Mon Apr  8 18:14:47 2013
From: Lists.gnupg at mephisto.fastmail.net (Kevin)
Date: Mon, 8 Apr 2013 12:14:47 -0400
Subject: The Lord of the Keys
In-Reply-To: <20130331204159.GB22868@shalmirane>
References: <20130331204159.GB22868@shalmirane>
Message-ID: <20130408161446.GB6482@cube.smellysneakers.net>

At 1364755319 seconds of The Epoch, Ken Kundert wrote:
> I am currently using gpg-agent to hold both my gpg and ssh keys. I use two ssh 
> keys, which means that when I log in I have to give up to four passphrases to 
> unlock all of my keys. Given that gpg-agent is primarily a labor-saving device, 
> I am wondering if it would be possible to configure it to accept just one 
> passphrase and unlock all of my keys.
> 

Forgive me if this answer seems too simplistic--perhaps I am missing
something--but would it be possible to make your SSH authentication keys
subkeys of the same master/signing key?  Then, when you unlock the
master key, all the sub-keys should unlock with it (with one password). 


From dkg at fifthhorseman.net  Mon Apr  8 18:45:49 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 08 Apr 2013 12:45:49 -0400
Subject: The Lord of the Keys
In-Reply-To: <20130408161446.GB6482@cube.smellysneakers.net>
References: <20130331204159.GB22868@shalmirane>
 <20130408161446.GB6482@cube.smellysneakers.net>
Message-ID: <5162F43D.903@fifthhorseman.net>

On 04/08/2013 12:14 PM, Kevin wrote:

> Forgive me if this answer seems too simplistic--perhaps I am missing
> something--but would it be possible to make your SSH authentication keys
> subkeys of the same master/signing key?  Then, when you unlock the
> master key, all the sub-keys should unlock with it (with one password). 

that's not guaranteed, i'm afraid.  each key (the primary key and each
subkey) is locked with its own passphrase.  in common practice, gpg
keeps those passphrases synchronized across a given primary key and its
subkeys, but it has to deal with the possibility that the subkeys have
different passphrases than the primary key.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130408/c066ed97/attachment.sig>

From Lists.gnupg at mephisto.fastmail.net  Mon Apr  8 17:45:32 2013
From: Lists.gnupg at mephisto.fastmail.net (Kevin)
Date: Mon, 8 Apr 2013 11:45:32 -0400
Subject: A PC user unfamiliar with any free software would like to send
 me messages that only we can read. Now what do I do?
In-Reply-To: <5i1uapx1dt.fsf@fencepost.gnu.org>
References: <5i1uapx1dt.fsf@fencepost.gnu.org>
Message-ID: <20130408154532.GA6462@cube.smellysneakers.net>

At 1365125582 seconds of The Epoch, Don Saklad wrote:
> A PC user unfamiliar with any free software would like to send
> messages that only the two of us can read. Now what do I do? The numbers
> of steps for it appear to be insurmountable! And I've failed to
> understand GNUPG myself.

There isn't really a one-click solution to secure encryption and
privacy.  This is because, by the very nature of such an endeavor as
protecting your data, email, communications, etc, you take on the
ultimate responsibility to ensure the system works to your requirements.
By over-simplifying the process, we would end up with a result that is
perhaps more convenient, but likely less secure.  There have been, and
continue to be, efforts to simplify the deployment of secure encryption
solutions, but debates continue (sometimes on this list--see the
history) about how to accomplish such a feat while maintaining the
integrity of the system's underlying security (its raison d'etre). 

You therefore owe it to yourself, and to your colleague, to spend a
little time at the outset, climbing the learning curve, to understand at
least the basics of how GnuPG works, and therefore how to employ it at a
level of security which meets your needs.  By "how GnuPG works," I don't
mean you need to be able to debug the code, but at the very least you
should understand the basic principles behind encryption, signing, key
fingerprints, etc.  Once you understand how it works, making it work
will actually seem easier, since you'll know the reason for what you're
doing as you use GnuPG, instead of just rehearsing a bunch of rote actions.

Since you mention that your friend has no experience with "any free
software," I will assume he is not running a free OS like GNU/Linux,
FreeBSD, etc.  It would help if you could provide more information on
your environment, but under the circumstances I am going to take a
statistical leap of faith and assume you are on Windows.  Ergo, the
following site should provide the software and guides you need to get
started:

http://www.gpg4win.org

The downloads available through the gpg4win project include GUI tools,
so you will probably not need to get your hands dirty in the command
line. 

Although the GNU Privacy Handbook is more geared toward *nix
deployments, I would also recommend you read through the sections that
have general applicability, to further your knowledge of encryption:

http://www.gnupg.org/gph/en/manual.html

(These are English language links, but please note other languages are
available).


From david at systemoverlord.com  Mon Apr  8 20:08:50 2013
From: david at systemoverlord.com (David Tomaschik)
Date: Mon, 8 Apr 2013 11:08:50 -0700
Subject: The Lord of the Keys
In-Reply-To: <20130402014932.GA5156@shalmirane>
References: <20130331204159.GB22868@shalmirane>
 <CAOy4VzdHHsneM+JNHNefa8BmiFreo9zv96K0ubJL=G=Ab3xRfw@mail.gmail.com>
 <20130402014932.GA5156@shalmirane>
Message-ID: <CAOy4Vzf9Ji9LLhyKDVv1V96SxaRxC1nqvdr=pTD7XrGMiuXoCA@mail.gmail.com>

Hi Ken,

Sorry for not replying sooner, I somehow lost track of this thread...

Rather than type it all out, I'll just point you to this blog post that
someone (Jeroen?) helpfully put together on the topic:
http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key



On Mon, Apr 1, 2013 at 6:49 PM, Ken Kundert <admin at designers-guide.com>wrote:

> On Mon, Apr 01, 2013 at 02:15:44PM -0700, David Tomaschik wrote:
> > This isn't really a direct answer, but you can use your GPG key material
> > for SSH purposes and then you only need to unlock the GPG keys...
>
> David,
>     I don't understand. Can you say more?
>
> -Ken
>



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130408/b1cb6f9a/attachment.html>

From melvincarvalho at gmail.com  Mon Apr  8 22:32:53 2013
From: melvincarvalho at gmail.com (Melvin Carvalho)
Date: Mon, 8 Apr 2013 22:32:53 +0200
Subject: Vanity Key
In-Reply-To: <515B0B2A.6080706@fifthhorseman.net>
References: <CAKaEYhJ3GPv8nx9YgOYOfjdqoGNHUXF3tZLbrs6HQM_QFJ8U0g@mail.gmail.com>
 <515B0B2A.6080706@fifthhorseman.net>
Message-ID: <CAKaEYhJGvk37iOmnxNN36pnrDsJnZ1++Rp9WhvdUGgzEbdxL9A@mail.gmail.com>

On 2 April 2013 18:45, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> On 04/02/2013 05:40 AM, Melvin Carvalho wrote:
> > In bitcoin you have the concept of a 'vanity key' much like vanity
> license
> > plates, see:
> >
> > https://bitcointalk.org/index.php?topic=25804.0
> >
> > I wonder if there is anything similar for public keys in GPG?
>
> Conceptually, looking for a key with a given fingerprint suffix or keyid
> seems like a similar idea.
>
> People already do this:
>
> http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html
>

Thanks, very interesting!


>
>         --dkg
>
> PS the copy of your e-mail that i received appears to be addressed with
> the following header:
>
>  To: Jay Litwyn on GnuPG-Users <gnupg-users at gnupg.org>
>
> I'm not Jay Litwyn, but i hope you don't mind my responding anyway. ;)
> Maybe your addressbook needs a tuneup?
>

Oops sorry ... I think it's something to do with Gmail.  I'll fix that up,
thank you.


>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130408/317c3946/attachment.html>

From melvincarvalho at gmail.com  Mon Apr  8 22:35:16 2013
From: melvincarvalho at gmail.com (Melvin Carvalho)
Date: Mon, 8 Apr 2013 22:35:16 +0200
Subject: Vanity Key@@sig
In-Reply-To: <pan.2013.04.03.17.39.12.539485@publicly.invalid>
References: <CAKaEYhJ3GPv8nx9YgOYOfjdqoGNHUXF3tZLbrs6HQM_QFJ8U0g@mail.gmail.com>
 <515B0B2A.6080706__31568.6202994131$1364921220$gmane$org@fifthhorseman.net>
 <pan.2013.04.03.17.39.12.539485@publicly.invalid>
Message-ID: <CAKaEYhK11q1H6UAsVM2UGii58ZASj4E9SOPzgJ6h+xEnJ7BiZQ@mail.gmail.com>

On 3 April 2013 19:39, Andreas Mattheiss <please.post at publicly.invalid>wrote:

> Well, uhm, if it's really important to you:
>
> The concept of hashes/fingerprints/etc. is that it is (next to) impossible
> to find an entity-to-be-hashed (here a key) if you specify the hash. In
> fact a hash function that allows you to do this would be cryptographically
> frowned upon.
>
> However, there is nothing that stops you from generation a gazillon of
> keys, until you - by chance - get one with a hash you like.
>
> This brute force approach is what is behind bitcoin mining or hashcashing
> email messages - the latter, sadly, an idea ignored by the general public.
>

Yes, tho I think hashcash is used sometimes in spam assassin


>
> Regards
> Andreas
>
> --
> LISTER: Me. No another one for you. Rear Admiral Lieutenant General Rimmer.
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130408/b0c763f1/attachment.html>

From simone.pagangriso at gmail.com  Wed Apr 10 10:54:21 2013
From: simone.pagangriso at gmail.com (Simone Pagan Griso)
Date: Wed, 10 Apr 2013 10:54:21 +0200
Subject: gpgme fails encrypting on 64bit debian
Message-ID: <CADr7kj4FOtove1T-Hw3YKbs0dYeMfUPFHqP=HutuqFh1GMrxQg@mail.gmail.com>

Hi,
 I'm facing a problem which is giving me a bit of troubles to trace with
gpgme. I've reproduced it with a simple test program (starting from another
simple example I found) which I paste below. This works on a 32-bit
debian-based system but fails on 64-bit one. In particular in the 64-bit
case I can successfully read and decrypt (not shown in the example) but I
get a rather cryptic error in the encryption:

$ ./test2 C37DBF71 Ciao!
version=1.2.0
Protocol name: OpenPGP
file=/usr/bin/gpg, home=(null)
Error in encrypting data. Error 1: General error (Unspecified source)

The version of libgpgme is shown above as well. GnuPG version 1.4.11
This is the output of uname, just to show you I'm running on 64 bit system:

$ uname -a
Linux spagan-laptop 3.2.0-39-generic #62-Ubuntu SMP Thu Feb 28 00:28:53 UTC
2013 x86_64 x86_64 x86_64 GNU/Linux

Yes, the first thing I've done was to extensively trying to make sure I was
defining _FILE_OFFSET_BITS=64; also I checked that off_t has effectively
size of 8. This is how I compile it:

gcc -m64 -D_FILE_OFFSET_BITS=64 -g test2.c -lgpgme
-L/usr/lib/x86_64-linux-gnu -lgpg-error -o test2

and finally below there's the test program I used.

Thanks a lot for any help you could give me! I haven't found anything much
useful around yet to help me debug this.. (including a rough search in this
mailing list archives).
Please let me know if you need additional info!

Cheers,
 Simone


//---- test program
#include <stdio.h>   /* printf            */
#include <unistd.h>  /* write             */
#include <errno.h>   /* errno             */
#include <locale.h>  /* locale support    */
#include <string.h>  /* string support    */
#include <stdlib.h>  /* memory management */

#define SIZE 1024

int main(int argc, char **argv)
{
  if (argc < 2) {
    printf("ERROR. Usage: %s key message\n", argv[0]);
    return -1;
  }

  char *m_key = argv[1];
  char *pSource = argv[2];
  char *pDest = malloc(65536);

  char *p;
  char buf[SIZE];
  size_t read_bytes;
  int tmp;
  gpgme_ctx_t ceofcontext;
  gpgme_error_t err;
  gpgme_data_t data;

  gpgme_engine_info_t enginfo;

  /* The function `gpgme_check_version' must be called before any other
   * function in the library, because it initializes the thread support
   * subsystem in GPGME. (from the info page) */
  setlocale (LC_ALL, "");
  p = (char *) gpgme_check_version(NULL);
  printf("version=%s\n",p);
  /* set locale, because tests do also */
  gpgme_set_locale(NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));

  /* check for OpenPGP support */
  err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
  if(err != GPG_ERR_NO_ERROR) return 1;

  p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP);
  printf("Protocol name: %s\n",p);

  /* get engine information */
  err = gpgme_get_engine_info(&enginfo);
  if(err != GPG_ERR_NO_ERROR) return 2;
  printf("file=%s, home=%s\n",enginfo->file_name,enginfo->home_dir);

  /* create our own context */
  err = gpgme_new(&ceofcontext);
  if(err != GPG_ERR_NO_ERROR) return 3;

  /* set protocol to use in our context */
  err = gpgme_set_protocol(ceofcontext,GPGME_PROTOCOL_OpenPGP);
  if(err != GPG_ERR_NO_ERROR) return 4;

  /* set engine info in our context; I changed it for ceof like this:

   err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
               "/usr/bin/gpg","/home/user/nico/.ceof/gpg/");

           but I'll use standard values for this example: */

  err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
                               enginfo->file_name,enginfo->home_dir);
  if(err != GPG_ERR_NO_ERROR) return 5;

  /* do ascii armor data, so output is readable in console */
  gpgme_set_armor(ceofcontext, 1);

  gpgme_data_t source;
  gpgme_data_t dest;

  //get key to encrypt, get the first key
  gpgme_key_t key[2];
  err = gpgme_op_keylist_start(ceofcontext, m_key, 0);
  err = gpgme_op_keylist_next (ceofcontext, key);
  if (err) {
    printf("Key not found in current key-ring: %s\n", m_key);
    return 1;
  }
  key[1] = 0; //set to NULL the second entry

  //point to source buffer
  err = gpgme_data_new_from_mem(&source, pSource, strlen(pSource), 0);
  if (err != GPG_ERR_NO_ERROR) {
    printf("Error in reading data to encrypt. Error %d: %s (%s)\n",
       gpgme_err_code(err), gpgme_strerror(err), gpgme_strsource(err));
    return 2;
  }

  //create dest buffer
  err = gpgme_data_new(&dest);
  if (err != GPG_ERR_NO_ERROR) {
    printf("Error in creating output data buffer to encrypt. Error %d: %s
(%s)\n",
       gpgme_err_code(err), gpgme_strerror(err), gpgme_strsource(err));
    return 3;
  }

  //encrypt text
  gpgme_encrypt_flags_t flags;
  flags = GPGME_ENCRYPT_NO_ENCRYPT_TO; //only specified recipient, no
defaults please
  err = gpgme_op_encrypt(ceofcontext, key, flags, source, dest);
  if (err != GPG_ERR_NO_ERROR) {
    printf("Error in encrypting data. Error %d: %s (%s)\n",
       gpgme_err_code(err), gpgme_strerror(err), gpgme_strsource(err));
    return 4;
  }

  //retrieve result
  printf("Result: \n%s\n", pDest);

  //release key and buffers
  gpgme_key_release(key[0]);
  gpgme_data_release(dest);
  gpgme_data_release(source);
  free(pDest);

  /* free context */
  gpgme_release(ceofcontext);

  return 0;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130410/16f7b2d3/attachment-0001.html>

From wk at gnupg.org  Wed Apr 10 21:32:01 2013
From: wk at gnupg.org (Werner Koch)
Date: Wed, 10 Apr 2013 21:32:01 +0200
Subject: gpgme fails encrypting on 64bit debian
In-Reply-To: <CADr7kj4FOtove1T-Hw3YKbs0dYeMfUPFHqP=HutuqFh1GMrxQg@mail.gmail.com>
 (Simone Pagan Griso's message of "Wed, 10 Apr 2013 10:54:21 +0200")
References: <CADr7kj4FOtove1T-Hw3YKbs0dYeMfUPFHqP=HutuqFh1GMrxQg@mail.gmail.com>
Message-ID: <874nfe5gi6.fsf@vigenere.g10code.de>

On Wed, 10 Apr 2013 10:54, simone.pagangriso at gmail.com said:

> gcc -m64 -D_FILE_OFFSET_BITS=64 -g test2.c -lgpgme
> -L/usr/lib/x86_64-linux-gnu -lgpg-error -o test2

Why do you want to tweak gcc options if you are anyway on a 64 bit
system?  Also they seem to be harmelss, hast gpgme been build with the
same options?  What does
  gpgme-config --cflags --libs
tell you?

> //---- test program
> #include <stdio.h>   /* printf            */
> #include <unistd.h>  /* write             */
> #include <errno.h>   /* errno             */
> #include <locale.h>  /* locale support    */
> #include <string.h>  /* string support    */
> #include <stdlib.h>  /* memory management */

gpgme.h ist missing but below you are using constants defined by
gpgme.h.

>   char *pDest = malloc(65536);

(please always check for malloc error!)

>   p = (char *) gpgme_check_version(NULL);
>   printf("version=%s\n",p);

Don't cast without a good reason.

>   p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP);
>   printf("Protocol name: %s\n",p);

Ditto.


>   err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
>                                enginfo->file_name,enginfo->home_dir);
>   if(err != GPG_ERR_NO_ERROR) return 5;

Try first without setting a non default engine info.


To debug your problem, I suggest to run the program like this:

 GPGME_DEBUG=9:/tmp/gpgme.log:

and check the log file.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From branko at majic.rs  Wed Apr 10 22:57:53 2013
From: branko at majic.rs (Branko Majic)
Date: Wed, 10 Apr 2013 22:57:53 +0200
Subject: Reading key capabilities information before importing a key
Message-ID: <20130410225753.7f5f3760@zetkin.primekey.se>

Hello all,

I'm trying to find a way to list the key capabilities of a key before
importing it. I can obtain some basic information by using the command
(I've seen this one in the mailing list archives):

gpg2 --with-colons test.key

The only catch being that the above command will not list the key
capabilities for the keys contained in a file. Any way to obtain this
information without importing the key into keyring?

I'm using GnuPG 2.0.19 with libgcrypt 1.5.0 on Debian Wheezy 64-bit.

Best regards

-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

?????? ?????
?????: branko at majic.rs
????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20130410/8c52a276/attachment.sig>

From mailinglisten at hauke-laging.de  Thu Apr 11 00:28:49 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 11 Apr 2013 00:28:49 +0200
Subject: Reading key capabilities information before importing a key
In-Reply-To: <20130410225753.7f5f3760@zetkin.primekey.se>
References: <20130410225753.7f5f3760@zetkin.primekey.se>
Message-ID: <1794244.G2GimDx4FY@inno>

Am Mi 10.04.2013, 22:57:53 schrieb Branko Majic:
> Hello all,
> 
> I'm trying to find a way to list the key capabilities of a key before
> importing it. I can obtain some basic information by using the command
> (I've seen this one in the mailing list archives):
> 
> gpg2 --with-colons test.key
> 
> The only catch being that the above command will not list the key
> capabilities for the keys contained in a file. Any way to obtain this
> information without importing the key into keyring?

Two possibilities:

1)
gpg --list-packets hauke__0x1a571df5.asc
[...]
:public sub key packet:
        version 4, algo 1, created 1352000413, expires 0
        pkey[0]: [2048 bits]
        pkey[1]: [17 bits]
        keyid: 486B17AB3F96AD8E
:signature packet: algo 1, keyid BF4B8EEF1A571DF5
        version 4, created 1352000413, md5len 0, sigclass 0x18
        digest algo 2, begin of digest c1 78
        hashed subpkt 2 len 4 (sig created 2012-11-04)
        hashed subpkt 27 len 1 (key flags: 02)
[...]

Subpacket class 27 is the key capabilities.

[http://www.ietf.org/rfc/rfc4880.txt]

       First octet:

       0x01 - This key may be used to certify other keys.

       0x02 - This key may be used to sign data.

       0x04 - This key may be used to encrypt communications.

       0x08 - This key may be used to encrypt storage.

       0x10 - The private component of this key may have been split
              by a secret-sharing mechanism.

       0x20 - This key may be used for authentication.

       0x80 - The private component of this key may be in the
              possession of more than one person.

2) You import the key but direct it to a different keyring, see
--keyring
--secret-keyring
--primary-keyring
--no-default-keyring


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130411/08463df9/attachment.sig>

From jerry at seibercom.net  Wed Apr 10 23:36:47 2013
From: jerry at seibercom.net (Jerry)
Date: Wed, 10 Apr 2013 17:36:47 -0400
Subject: "gpa" reports error: "Unsupported Protocol"
Message-ID: <20130410173647.3ece4b59@scorpio>

gpa 0.9.3
gpgme 1.3.2
FreeBSD 8.3-STABLE -- amd64

GPA continually displays an error screen when I start it. The screen
image is available here:
http://www.seibercom.net/logs/gpa-error.png

I have tried rebuilding the entire port, but the problem persists. I
would welcome any suggestions.

-- 
Jerry ?

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________



From wk at gnupg.org  Thu Apr 11 09:59:09 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 11 Apr 2013 09:59:09 +0200
Subject: "gpa" reports error: "Unsupported Protocol"
In-Reply-To: <20130410173647.3ece4b59@scorpio> (jerry@seibercom.net's message
 of "Wed, 10 Apr 2013 17:36:47 -0400")
References: <20130410173647.3ece4b59@scorpio>
Message-ID: <87r4ih4hwy.fsf@vigenere.g10code.de>

On Wed, 10 Apr 2013 23:36, jerry at seibercom.net said:

> GPA continually displays an error screen when I start it. The screen

Does 

  gpa --disable-x509 

help?  Do you have gpgsm installed (run: gpgsm --version)?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From wk at gnupg.org  Thu Apr 11 09:55:23 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 11 Apr 2013 09:55:23 +0200
Subject: Reading key capabilities information before importing a key
In-Reply-To: <1794244.G2GimDx4FY@inno> (Hauke Laging's message of "Thu, 11 Apr
 2013 00:28:49 +0200")
References: <20130410225753.7f5f3760@zetkin.primekey.se>
 <1794244.G2GimDx4FY@inno>
Message-ID: <87vc7t4i38.fsf@vigenere.g10code.de>

On Thu, 11 Apr 2013 00:28, mailinglisten at hauke-laging.de said:

> 2) You import the key but direct it to a different keyring, see
> --keyring
> --secret-keyring
> --primary-keyring
> --no-default-keyring

You better use a temporary directory.  This is far easier than to play
with all the options and it allows you to use gpgme.

Another option is to import the key and then delete it if you don't want
it.  However, we have a --merge-only option but not a --only-new-key-option.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From hhhobbit at securemecca.net  Thu Apr 11 00:26:23 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Wed, 10 Apr 2013 22:26:23 +0000
Subject: gpg2 does not ask for pass phrase
In-Reply-To: <87li8q5s8p.fsf@vigenere.g10code.de>
References: <5165633A.6030708@securemecca.net>
 <516565CB.2000102@securemecca.net> <87li8q5s8p.fsf@vigenere.g10code.de>
Message-ID: <5165E70F.5040201@securemecca.net>

On 04/10/2013 03:18 PM, Werner Koch wrote:
> Hi,
> 
> please write to gnupg-users at gnupg.org and not to the webmaster address.
> 
> Thanks,
> 
>   Werner
> 

Sorry.

Right now I am not subscribed and haven't been for years.  It is
just that this is a serious issue where I had no way that I could
easily find to turn off the nasty behavior of my pass-phrase being
supplied with no questions asked even after a reboot for using my
secret key on OpenSuse 11.4.  I am also battling spam that gives
me about 100 to a maximum of a thousand spam messages in my
other email account per day.  Sorry about the failed request so I
can post.  I am busy!  Why OpenSuse 11.4 and Ubuntu 10.04?  I have
gone through no less than twelve installs of various Linux distros
and gave up on the iPad like interfaces and went back to something
that gives me four work spaces with two xterms in each.  That is
no longer nice.  It is MANDATORY!

It is just that all of the advice "out there" is wrong.  I don't
know whether you are allowing bots to traverse the old mailings
or not, but DuckDuckGo was NOT finding an answer..  It really
needs to be something that is available some place and the web-site
is authoritative.  Since Ubuntu 10.04 doesn't have a PIN entry
panel it is not an issue there.

This URL while safe won't harm you:

http://preview.tinyurl.com/c42bfqh

It won't help you either.  It seems that gpg2 on OpenSuse 11.4 does
NOT use the ~/.gnupg/gpg-agent.conf file even after you uncomment
this line in the ~/.gnupg/gpg.conf file:

# use-agent

Since I do not have an  ~/.xinitrc file some of this advice will
kill more than just your GnuPG encryption:

http://tr.opensuse.org/SDB:Using_gpg-agent

You will never be able to login again!  Well, since I also have
a clamav user and clamav group I could login as clamav, su to
to root (sudo su -l root for debianesque) and do a

# rm /home/ME/.xinitrc

Then ^D ^D, logout.

Now I can login.  But I still had a problem.  My GnuPG
pass-phrase was still being supplied with no questions asked.
I didn't notice or change anything in the pinentry panel which
I was able to use only the first time.  Ever since then the
pass-phrase was magically supplied and there was no way for
me to set it to ask for it in the man pages or elsewhere because
the pinentry panel never appeared again.

Here is how you get it to ask for your GnuPG pass-phrase again
(and it is at that second URL):

echo "test" | gpg -ase -r 0xMYKEYID | gpg

But you do NOT have to do anything other than that.  Make sure
you set it to something reasonable like ask for it every time
or a time-out before asking for it again.  Never ask for the
GnuPG pass-phrase ever again?  Sheesh!  I may understand that
on a smart-phone but not a desk-top system.

HHH


From dscvlt at gmail.com  Thu Apr 11 07:35:46 2013
From: dscvlt at gmail.com (Ashley Holman)
Date: Thu, 11 Apr 2013 15:05:46 +0930
Subject: Backing up Private Keys
Message-ID: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>

Hi all,

When I export my private key using `gpg --export-secret-key --armor', and
then delete all of my keys and re-impot from the exported secret key, it
seems to give me both the public and private key back.  Does this mean that
the public key is exported along with the private key?

I'm just trying to work out whether I need to export both the public and
private keys or if --export-secret-key is enough.

Thanks very much
Ash
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130411/e069c3f7/attachment-0001.html>

From mailinglisten at hauke-laging.de  Thu Apr 11 10:18:59 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Thu, 11 Apr 2013 10:18:59 +0200
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
Message-ID: <1995194.kRQdyi2j0g@inno>

Am Do 11.04.2013, 15:05:46 schrieb Ashley Holman:
> Does this mean that
> the public key is exported along with the private key?

Yes.


> if --export-secret-key is enough.

Yes.

You can compare the exported files and will notice that those with the private 
keys are larger.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130411/50ee4532/attachment.sig>

From peter at digitalbrains.com  Thu Apr 11 10:43:49 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Thu, 11 Apr 2013 10:43:49 +0200
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
Message-ID: <516677C5.8080208@digitalbrains.com>

> Does this mean that the public key is exported along with the private key?

Yes, indeed.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From jerry at seibercom.net  Thu Apr 11 11:53:27 2013
From: jerry at seibercom.net (Jerry)
Date: Thu, 11 Apr 2013 05:53:27 -0400
Subject: "gpa" reports error: "Unsupported Protocol"
In-Reply-To: <87r4ih4hwy.fsf@vigenere.g10code.de>
References: <20130410173647.3ece4b59@scorpio>
 <87r4ih4hwy.fsf@vigenere.g10code.de>
Message-ID: <20130411055327.6c08e12b@scorpio>

On Thu, 11 Apr 2013 09:59:09 +0200
Werner Koch articulated:

> On Wed, 10 Apr 2013 23:36, jerry at seibercom.net said:
> 
> > GPA continually displays an error screen when I start it. The screen
> 
> Does 
> 
>   gpa --disable-x509 
> 
> help?

Yes, that corrects the problem, but why. Shouldn't it work without
that hack?

> Do you have gpgsm installed (run: gpgsm --version)?

gpgsm --version
gpgsm (GnuPG) 2.0.19
libgcrypt 1.5.0
libksba 1.3.0
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Cipher: 3DES, AES, AES192, AES256, SERPENT128, SERPENT192, SERPENT256, SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256
Pubkey: RSA, ECDSA
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL

-- 
Jerry ?

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________



From wk at gnupg.org  Thu Apr 11 13:52:20 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 11 Apr 2013 13:52:20 +0200
Subject: "gpa" reports error: "Unsupported Protocol"
In-Reply-To: <20130411055327.6c08e12b@scorpio> (jerry@seibercom.net's message
 of "Thu, 11 Apr 2013 05:53:27 -0400")
References: <20130410173647.3ece4b59@scorpio>
 <87r4ih4hwy.fsf@vigenere.g10code.de> <20130411055327.6c08e12b@scorpio>
Message-ID: <87eheh474b.fsf@vigenere.g10code.de>

On Thu, 11 Apr 2013 11:53, jerry at seibercom.net said:

> Yes, that corrects the problem, but why. Shouldn't it work without
> that hack?

Yes.  Actually I recall hat I fixed a bug related to this some time ago,
but this should be in the release.  Do you have any X.509 keys? gpgsm
should auto-import some on the first use.

If nothing helps, you need to debug it using:

  GPGME_DEBUG=3:/tmp/foo/gpgme.log: gpa

you may need to increase the log level up to 9 to see almost everything.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From jerry at seibercom.net  Thu Apr 11 14:42:51 2013
From: jerry at seibercom.net (Jerry)
Date: Thu, 11 Apr 2013 08:42:51 -0400
Subject: "gpa" reports error: "Unsupported Protocol"
In-Reply-To: <87eheh474b.fsf@vigenere.g10code.de>
References: <20130410173647.3ece4b59@scorpio>
 <87r4ih4hwy.fsf@vigenere.g10code.de>
 <20130411055327.6c08e12b@scorpio>
 <87eheh474b.fsf@vigenere.g10code.de>
Message-ID: <20130411084251.183f1ef9@scorpio>

On Thu, 11 Apr 2013 13:52:20 +0200
Werner Koch articulated:

> On Thu, 11 Apr 2013 11:53, jerry at seibercom.net said:
> 
> > Yes, that corrects the problem, but why. Shouldn't it work without
> > that hack?
> 
> Yes.  Actually I recall hat I fixed a bug related to this some time
> ago, but this should be in the release.  Do you have any X.509 keys?
> gpgsm should auto-import some on the first use.
> 
> If nothing helps, you need to debug it using:
> 
>   GPGME_DEBUG=3:/tmp/foo/gpgme.log: gpa
> 
> you may need to increase the log level up to 9 to see almost
> everything.

I ran this command:

gpgsm -k
Warning: using insecure memory!
gpgsm: enabled debug flags: assuan
gpgsm: conversion from `utf-8' to `US-ASCII' failed: Illegal byte sequence

There are numerous keys listed. I have no idea where they originated
from.

A copy of the "gpgme.log" file @ level #9 is available here:

http://www.seibercom.net/logs/gpgme.log

-- 
Jerry ?

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________



From wk at gnupg.org  Thu Apr 11 21:20:50 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 11 Apr 2013 21:20:50 +0200
Subject: "gpa" reports error: "Unsupported Protocol"
In-Reply-To: <20130411084251.183f1ef9@scorpio> (jerry@seibercom.net's message
 of "Thu, 11 Apr 2013 08:42:51 -0400")
References: <20130410173647.3ece4b59@scorpio>
 <87r4ih4hwy.fsf@vigenere.g10code.de> <20130411055327.6c08e12b@scorpio>
 <87eheh474b.fsf@vigenere.g10code.de> <20130411084251.183f1ef9@scorpio>
Message-ID: <87k3o83mct.fsf@vigenere.g10code.de>

On Thu, 11 Apr 2013 14:42, jerry at seibercom.net said:

> A copy of the "gpgme.log" file @ level #9 is available here:

It seems that GPGME has not been build with support for GPGSM.  The
output of configure when building gpgme should tell you this.

Please try the patch for GPA below.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Do-not-bail-out-if-libgpgme-has-no-support-for-GPGSM.patch
Type: text/x-diff
Size: 1272 bytes
Desc: not available
URL: </pipermail/attachments/20130411/48f3f648/attachment.patch>

From branko at majic.rs  Thu Apr 11 22:48:42 2013
From: branko at majic.rs (Branko Majic)
Date: Thu, 11 Apr 2013 22:48:42 +0200
Subject: Reading key capabilities information before importing a key
In-Reply-To: <87vc7t4i38.fsf@vigenere.g10code.de>
References: <20130410225753.7f5f3760@zetkin.primekey.se>
 <1794244.G2GimDx4FY@inno> <87vc7t4i38.fsf@vigenere.g10code.de>
Message-ID: <20130411224842.4b52773f@zetkin.primekey.se>

On Thu, 11 Apr 2013 09:55:23 +0200
Werner Koch <wk at gnupg.org> wrote:

> On Thu, 11 Apr 2013 00:28, mailinglisten at hauke-laging.de said:
> 
> > 2) You import the key but direct it to a different keyring, see
> > --keyring
> > --secret-keyring
> > --primary-keyring
> > --no-default-keyring
> 
> You better use a temporary directory.  This is far easier than to play
> with all the options and it allows you to use gpgme.
> 
> Another option is to import the key and then delete it if you don't
> want it.  However, we have a --merge-only option but not a
> --only-new-key-option.

Hm... Certainly looks better than parsing the --list-packets output.
The background of this question is that I'm working on small
helper/wrapper utility script for encrypting data and storing it in git
repository. This includes having a small local .gnupg in the repository
where the public keys for encryption are stored.

The script includes commands for adding/removing a key from that local
directory keyring, so I was hoping to check the keys being imported to
it for key capabilities.

I'm thinking of trying out the gpgme library, Python bindings to be
more precise, but I'm not sure if I could get all
information/functionality as using GnuPG CLI.

Btw, is there any particular reason why the gpg2 --with-colons key.pub
command does not list key capabilities?

Thanks for all the answers :)

Best regards

-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

?????? ?????
?????: branko at majic.rs
????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20130411/02006552/attachment.sig>

From wk at gnupg.org  Thu Apr 11 23:43:39 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 11 Apr 2013 23:43:39 +0200
Subject: Reading key capabilities information before importing a key
In-Reply-To: <20130411224842.4b52773f@zetkin.primekey.se> (Branko Majic's
 message of "Thu, 11 Apr 2013 22:48:42 +0200")
References: <20130410225753.7f5f3760@zetkin.primekey.se>
 <1794244.G2GimDx4FY@inno> <87vc7t4i38.fsf@vigenere.g10code.de>
 <20130411224842.4b52773f@zetkin.primekey.se>
Message-ID: <87a9p43fqs.fsf@vigenere.g10code.de>

On Thu, 11 Apr 2013 22:48, branko at majic.rs said:

> Btw, is there any particular reason why the gpg2 --with-colons key.pub
> command does not list key capabilities?

It can't do that because it does not do any signature verification.  For
that we would need to look at the entire key and evaluate all packets.
--list-packets or giving a key on the command line is nothing more than
a simple dump of the packets without any signature verification.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From mailinglisten at hauke-laging.de  Fri Apr 12 03:00:22 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Fri, 12 Apr 2013 03:00:22 +0200
Subject: Reading key capabilities information before importing a key
In-Reply-To: <87a9p43fqs.fsf@vigenere.g10code.de>
References: <20130410225753.7f5f3760@zetkin.primekey.se>
 <20130411224842.4b52773f@zetkin.primekey.se>
 <87a9p43fqs.fsf@vigenere.g10code.de>
Message-ID: <2039786.yk4TtgXAzx@inno>

Am Do 11.04.2013, 23:43:39 schrieb Werner Koch:
> On Thu, 11 Apr 2013 22:48, branko at majic.rs said:
> > Btw, is there any particular reason why the gpg2 --with-colons key.pub
> > command does not list key capabilities?
> 
> It can't do that because it does not do any signature verification.  For
> that we would need to look at the entire key and evaluate all packets.
> --list-packets or giving a key on the command line is nothing more than
> a simple dump of the packets without any signature verification.

That is an inconsistent explanation. If --list-packets "can" show data from 
signatures without checking the signatures then obviously --with-colons 
"could" do that as well. The only valid argument I can think of is that --
list-packets may be defined as "stupid dump" and --with-colons is defined as 
showing only validated data. But the latter is obviously not the case. So if 
subkeys and UIDs are shown without checking signatures why not show unverified 
signature data like the key capabilities?

Whether that would be worth the development effort is a different question, of 
course.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130412/a08d2e8f/attachment.sig>

From greg at turnstep.com  Fri Apr 12 03:41:05 2013
From: greg at turnstep.com (Greg Sabino Mullane)
Date: Fri, 12 Apr 2013 01:41:05 -0000
Subject: Reading key capabilities information before importing a key
In-Reply-To: <20130410225753.7f5f3760@zetkin.primekey.se>
Message-ID: <e9f9251655e3e3fae4a75606becd4c60@biglumber.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Branko Majic asked:
> I'm trying to find a way to list the key capabilities of a key before
> importing it. I can obtain some basic information by using the command
> (I've seen this one in the mailing list archives):

In addition to the other suggestions, I prefer using --dry-run 
and a double verbose:

gpg --dry-run --import --verbose --verbose test.key

- -- 
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 201304112056
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAlFnZdcACgkQvJuQZxSWSsj/SwCgkcU/jWIFphT5t4zIL4eHKDya
9gAAn22R0GMK5ltureFUecNOgbFz/EJy
=WvD+
-----END PGP SIGNATURE-----




From wk at gnupg.org  Fri Apr 12 11:23:55 2013
From: wk at gnupg.org (Werner Koch)
Date: Fri, 12 Apr 2013 11:23:55 +0200
Subject: Reading key capabilities information before importing a key
In-Reply-To: <2039786.yk4TtgXAzx@inno> (Hauke Laging's message of "Fri, 12 Apr
 2013 03:00:22 +0200")
References: <20130410225753.7f5f3760@zetkin.primekey.se>
 <20130411224842.4b52773f@zetkin.primekey.se>
 <87a9p43fqs.fsf@vigenere.g10code.de> <2039786.yk4TtgXAzx@inno>
Message-ID: <871uag2jbo.fsf@vigenere.g10code.de>

On Fri, 12 Apr 2013 03:00, mailinglisten at hauke-laging.de said:

> That is an inconsistent explanation. If --list-packets "can" show data from 
> signatures without checking the signatures then obviously --with-colons 

It does not show that.  It dumps the packets.  The key capabilities need
to be computed.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From jerry at seibercom.net  Fri Apr 12 12:40:14 2013
From: jerry at seibercom.net (Jerry)
Date: Fri, 12 Apr 2013 06:40:14 -0400
Subject: "gpa" reports error: "Unsupported Protocol"
In-Reply-To: <87k3o83mct.fsf@vigenere.g10code.de>
References: <20130410173647.3ece4b59@scorpio>
 <87r4ih4hwy.fsf@vigenere.g10code.de>
 <20130411055327.6c08e12b@scorpio>
 <87eheh474b.fsf@vigenere.g10code.de>
 <20130411084251.183f1ef9@scorpio>
 <87k3o83mct.fsf@vigenere.g10code.de>
Message-ID: <20130412064014.1605e328@scorpio>

On Thu, 11 Apr 2013 21:20:50 +0200
Werner Koch articulated:

> It seems that GPGME has not been build with support for GPGSM.  The
> output of configure when building gpgme should tell you this.
> 
> Please try the patch for GPA below.

I completely removed GNUPG, GPA, GPGME and everything else related to
this mix and then did a fresh install. Now everything is working
correctly. I did this BEFORE I received your patch. I had tried
rebuilding the apps before, but I had not deleted them all first.
Evidently, it makes a difference.

Thanks for your time invested though. I appreciate it.

-- 
Jerry ?

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________



From branko at majic.rs  Fri Apr 12 14:35:08 2013
From: branko at majic.rs (Branko Majic)
Date: Fri, 12 Apr 2013 14:35:08 +0200
Subject: Reading key capabilities information before importing a key
In-Reply-To: <871uag2jbo.fsf@vigenere.g10code.de>
References: <20130410225753.7f5f3760@zetkin.primekey.se>
 <20130411224842.4b52773f@zetkin.primekey.se>
 <87a9p43fqs.fsf@vigenere.g10code.de> <2039786.yk4TtgXAzx@inno>
 <871uag2jbo.fsf@vigenere.g10code.de>
Message-ID: <20130412143508.1be5f4b2@zetkin.primekey.se>

On Fri, 12 Apr 2013 11:23:55 +0200
Werner Koch <wk at gnupg.org> wrote:

> On Fri, 12 Apr 2013 03:00, mailinglisten at hauke-laging.de said:
> 
> > That is an inconsistent explanation. If --list-packets "can" show
> > data from signatures without checking the signatures then obviously
> > --with-colons 
> 
> It does not show that.  It dumps the packets.  The key capabilities
> need to be computed.

As a curiosity, what does computation of key capabilities involve? Is
keyring required for it?

Best regards

P.S.
@Werner: Sorry for sending the mail directly to you instead of the list,
it was accidental :)

-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

?????? ?????
?????: branko at majic.rs
????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20130412/7f7a52a6/attachment.sig>

From nelsonsteves at hushmail.com  Fri Apr 12 19:29:06 2013
From: nelsonsteves at hushmail.com (nelsonsteves at hushmail.com)
Date: Fri, 12 Apr 2013 13:29:06 -0400
Subject: Biggest Fake Conference in Computer Science
Message-ID: <20130412172907.3171A10E2D3@smtp.hushmail.com>

We are researchers from different parts of the world and conducted a study on  
the world?s biggest bogus computer science conference WORLDCOMP 
( http://sites.google.com/site/worlddump1 ) organized by Prof. Hamid Arabnia 
from University of Georgia, USA.


We submitted a fake paper to WORLDCOMP 2011 and again (the 
same paper with a modified title) to WORLDCOMP 2012. This paper 
had numerous fundamental mistakes. Sample statements from 
that paper include: 

(1). Binary logic is fuzzy logic and vice versa
(2). Pascal developed fuzzy logic
(3). Object oriented languages do not exhibit any polymorphism or inheritance
(4). TCP and IP are synonyms and are part of OSI model 
(5). Distributed systems deal with only one computer
(6). Laptop is an example for a super computer
(7). Operating system is an example for computer hardware


Also, our paper did not express any conceptual meaning.  However, it 
was accepted both the times without any modifications (and without 
any reviews) and we were invited to submit the final paper and a 
payment of $500+ fee to present the paper. We decided to use the 
fee for better purposes than making Prof. Hamid Arabnia (Chairman 
of WORLDCOMP) rich. After that, we received few reminders from 
WORLDCOMP to pay the fee but we never responded. 


We MUST say that you should look at the above website if you have any thoughts 
to submit a paper to WORLDCOMP.  DBLP and other indexing agencies 
have stopped indexing WORLDCOMP?s proceedings since 2011 due to its fakeness. 
See http://www.informatik.uni-trier.de/~ley/db/conf/icai/index.html for of one of the 
conferences of WORLDCOMP and notice that there is no listing after 2010. See 
http://sites.google.com/site/dumpconf for comments from well-known researchers 
about WORLDCOMP. If WORLDCOMP is not fake then why did DBLP suddenly stopped 
listing the proceedings after? 


The status of your WORLDCOMP papers can be changed from ?scientific? 
to ?other? (i.e., junk or non-technical) at any time. See the comments 
http://www.mail-archive.com/tccc at lists.cs.columbia.edu/msg05168.html   
of a respected researcher on this. Better not to have a paper than 
having it in WORLDCOMP and spoil the resume and peace of mind forever!


Our study revealed that WORLDCOMP is a money making business, 
using University of Georgia mask, for Prof. Hamid Arabnia. He is throwing 
out a small chunk of that money (around 20 dollars per paper published 
in WORLDCOMP?s proceedings) to his puppet (Mr. Ashu Solo or A.M.G. Solo) 
who publicizes WORLDCOMP and also defends it at various forums, using 
fake/anonymous names. The puppet uses fake names and defames other conferences
to divert traffic to WORLDCOMP. He also makes anonymous phone calls and 
threatens the critiques of WORLDCOMP (see Item 7 in Section 5 of 
http://sites.google.com/site/dumpconf ).That is, the puppet does all 
his best to get a maximum number of papers published at WORLDCOMP to 
get more money into his (and Prof. Hamid Arabnia?s) pockets. 


Monte Carlo Resort (the venue of WORLDCOMP until 2012) has refused to 
provide the venue for WORLDCOMP?13 because of the fears of their image 
being tarnished due to WORLDCOMP?s fraudulent activities. WORLDCOMP?13 
will be held at a different resort.


WORLDCOMP will not be held after 2013. 


The paper submission deadline for WORLDCOMP?13 was March 18 and it was 
extended to April 6 and now it is extended to April 20 (it may be extended 
again) but still there are no committee members, no reviewers, and there is no 
conference Chairman. The only contact details available on WORLDCOMP?s 
website is just an email address! Prof. Hamid Arabnia expends the deadline 
to get more papers (means, more registration fee into his pocket!).


Let us make a direct request to Prof. Hamid arabnia: publish all reviews for 
all the papers (after blocking identifiable details) since 2000 conference. 
Reveal the names and affiliations of all the reviewers (for each year) 
and how many papers each reviewer had reviewed on average. We also request 
him to look at the Open Challenge at https://sites.google.com/site/moneycomp1 


Sorry for posting to multiple lists. Spreading the word is the only way to stop 
this bogus conference. Please forward this message to other mailing lists and people. 


We are shocked with Prof. Hamid Arabnia and his puppet?s activities 
http://worldcomp-fake-bogus.blogspot.com   Search Google using the 
keyword worldcomp fake for additional links.



From gnupg.mdmph at gmail.com  Fri Apr 12 11:52:24 2013
From: gnupg.mdmph at gmail.com (Steven C. Morreale, M.D./M.P.H.)
Date: Fri, 12 Apr 2013 05:52:24 -0400
Subject: Mac book Pro - MacGPG2 and Emacs - EasyPG
Message-ID: <5167D958.8050403@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello GNU Privacy Guard Users:

I typically only use GNU/Linux machines, but recently decided to go
pragmatic due to issues with interacting with data and tools that
other collaborators of mine tend to use.  So I broke down my stern
resolve and bought a MacBook Pro.  Nice machine, I really only use
GPL'd software on it for the most part however.  With a little futzing
around I got GNUPG working on it for e-mail thanks to the GNUPG.ORG
links and Thunderbird and the Enigmail Plugin.

However, on my computers I enjoy using Emacs and was delighted that I
could use that tool on the MacBook Pro as well.  I've been enjoying
using EasyPG on my GNU/Linux machines because of the ability to
encrypt/decrypt regions of text withing a document. Actually on one of
my systems it turned out that an upgrade removed the GPG functionality
from Nautilus and GEDIT to my frustration which prompted me to learn
to use Emacs to do the same thing - in the end even more convenient
for my purposes and I love ORG-MODE.

However, when I went to use the Encrypt/Decrypt functionality of my
Emacs installed on the MacBook Pro it was not finding GPG and was
unable to decrypt or encrypt.

I didn't panic however (well, not for long)...
Being a noob with guts to hack around and not afraid to break
things... ;-) I stumbled in the correct direction eventually.

I went into the Emacs settings/configuration editor (Under Emacs in
menu bar of GUI it is called "Preferences") and saw a search feature
so I entered in "GPG." I found entries for Easy GPG.

With a little bit of terminal hunting with the "cd" command I found
the location of GPG and thanks to an "ls -la" I discovered there were
links to MacGPG2.  So inside the EMACS preferences for EasyPG GPG, I
made the epg gpg home directory "default"

For the entry gpg home: /usr/local/bin/gpg

For the entry gpgsm I put in the MacGPG2 location of the gpgsm:
/usr/local/MacGPG2/bin/gpgsm

I ran into some issues which eventually were resolved by importing in
my private key(s) which weren't found initially.
I was then able to find the keys needed with a pop-up prompt to type
the password for the correct key needed to decrypt files containing
regions I had encrypted on another machine with that key.

I hope this information, which lacks some of the details about what I
did may be of help to someone else.

With all of the various internet sites, logins/passwords and other
data that are best when unique/random and kept secure I like to be
able to make an ORG file with encrypted regions containing important
information that is organized by outline format and description.

This is especially important with the rise in the use of cloud
services like dropbox that sync data on multiple computers automatically.

It is great to be able to use multiple machines of one's choice and
needs but to have full access to the shared files and data thanks to
tools that can keep data elements secure and private but continue to
have portability with similar workflows. GPG allows me to do that and
it is awesome to be able to use it in a controlled manner with
powerful tools as versatile as Emacs, and Thunderbird/Enigmail for
e-mail and calendaring on almost any machine!

Have a great day!

- -Steve
a.k.a. DrGNU
Free Software Foundation Contributing Member


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFn2VUACgkQAS9dxxA237pwSgCfUGVCYWjrgNyfMWmTyiPMsRNX
XOoAoNHN0mxfVOBxF4khykaQEW8fhkjh
=G4TF
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x1036DFBA.asc
Type: application/pgp-keys
Size: 20691 bytes
Desc: not available
URL: </pipermail/attachments/20130412/822ec738/attachment-0001.key>

From gnupg.mdmph at gmail.com  Fri Apr 12 11:18:46 2013
From: gnupg.mdmph at gmail.com (Steven C. Morreale, M.D./M.P.H.)
Date: Fri, 12 Apr 2013 05:18:46 -0400
Subject: Gnupg-users Digest, Vol 115, Issue 11
In-Reply-To: <mailman.968.1365668019.24070.gnupg-users@gnupg.org>
References: <mailman.968.1365668019.24070.gnupg-users@gnupg.org>
Message-ID: <5167D176.9020904@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/11/13 4:13 AM, gnupg-users-request at gnupg.org wrote:
> Date: Thu, 11 Apr 2013 15:05:46 +0930 From: Ashley Holman 
> <dscvlt at gmail.com> To: gnupg-users at gnupg.org Subject: Backing up 
> Private Keys Message-ID: 
> <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ at mail.gmail.com>
>
>
> 
Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi all,
> 
> When I export my private key using `gpg --export-secret-key 
> --armor', and then delete all of my keys and re-impot from the 
> exported secret key, it seems to give me both the public and 
> private key back.  Does this mean that the public key is exported 
> along with the private key?
> 
> I'm just trying to work out whether I need to export both the 
> public and private keys or if --export-secret-key is enough.
> 
> Thanks very much Ash

Hello Ash,

I just happened to be looking through the GPG USERS message digest and
saw this post.  Excited, I realized I knew the answer!

Welcome to GNU Privacy Guard!
Your secret keys are able to recreate the public key, but not vice-versa.
So if you need to share a public key with someone, export your public
key and share it or put it on biglumber.com or the key server.

Your secret key should always be backed up and never shared... it is
all you need, you don't need to "back-up" your public key (which is
worthless without the secret key to go with it on your computer(s)).

I hope this helps you.

- -Steve

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFn0W4ACgkQAS9dxxA237qnDwCffAfRDdDJtu4Zigg1pXPEx6Xp
LeUAnRppVcHNTtqviwG02ti2SnPNmSDm
=C7Uf
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x1036DFBA.asc
Type: application/pgp-keys
Size: 20691 bytes
Desc: not available
URL: </pipermail/attachments/20130412/ef579126/attachment.key>

From dkg at fifthhorseman.net  Fri Apr 12 21:45:23 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 12 Apr 2013 15:45:23 -0400
Subject: OT [was: Re: Biggest Fake Conference in Computer Science]
In-Reply-To: <20130412172907.3171A10E2D3@smtp.hushmail.com>
References: <20130412172907.3171A10E2D3@smtp.hushmail.com>
Message-ID: <51686453.3010605@fifthhorseman.net>

On 04/12/2013 01:29 PM, nelsonsteves at hushmail.com wrote:

[ bizarre and off-topic background stripped ]

> Sorry for posting to multiple lists. Spreading the word is the only way to stop 
> this bogus conference. Please forward this message to other mailing lists and people. 

I understand that you have a problem with this situation, and that you
feel it is important, but it's really not relevant to the gnupg-users
mailing list.  Please stay on-topic here, so that this channel remains
relevant for the purposes of discussing GnuPG and does not drown under a
flood of unrelated-yet-important messages.

If you reply to this message, please reply to me personally, not on-list.

Regards,

	--dkg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130412/7c46033a/attachment.sig>

From branko at majic.rs  Sat Apr 13 12:41:58 2013
From: branko at majic.rs (Branko Majic)
Date: Sat, 13 Apr 2013 12:41:58 +0200
Subject: Python bindings for GPGME - PyGPGME vs PyMe
Message-ID: <20130413124158.4157194b@zetkin.primekey.se>

Hello all,

I'm looking for the best way to utilise the GnuPG from within Python
scripts. Instead of wrapping myself around output from gpg2 binary, I
was thinking of starting to use GPGME. I can see there are two bindings
available right now:

http://pyme.sourceforge.net/
https://launchpad.net/pygpgme

The PyMe package seems to be unmaintained, latest release coming from
2008. The PyGPGME seems to be a bit more recent (latest release in
march 2012).

The features I'd be working with are:

1. Adding/removing public keys to a local GnuPG keyring (outside of
user's home).

2. Encrypting/decrypting files. Decryption is done using user's
default keyrings.

3. Listing encryption sub-keys in local GnuPG keyring (so I can
use them for encryption).

4. Listing encryption keys used for encrypting the files (in order to
figure out if all recipients from keyring are included).

So, has anyone played before with Python and GnuPG? Any suggestions on
which library is better?

The script's intention is to more easily manage an encrypted directory
within GIT repository that should contain non-PKI based credentials
(passwords). I am aware that this type of solution has its limits and
flaws, of course. But I'd use it with a small team (for now), until we
develop better tools for something like this - in addition to
switching to PKI-based authentication/authorisation wherever we can, of
course.

Best regards

-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

?????? ?????
?????: branko at majic.rs
????? ??? ?? ??????? ?????? ????????? ? ????????? ?????????.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20130413/047fa2ed/attachment-0001.sig>

From pete at heypete.com  Sat Apr 13 13:04:31 2013
From: pete at heypete.com (Pete Stephenson)
Date: Sat, 13 Apr 2013 13:04:31 +0200
Subject: Using smartcard as RNG
Message-ID: <51693BBF.8030405@heypete.com>

Hi all,

I did some searching in the archives but wasn't able to see if someone
else asked this question before. If it's been discussed before and I
missed it then I apologize in advance for the weakness of my search-fu
and would appreciate it if someone might point me in the right direction.

That said, I was curious if it is possible for GPG to use the hardware
RNG in an OpenPGP smartcard (either the GnuPG-branded one sold by Kernel
Concepts or ones like the GPF Crypto Stick) as an entropy source for
non-card-based operations.

For example, if I were to generate a long-term OpenPGP key (not
generated on the card) I'd like to ensure that the system has a high
degree of entropy. I currently use a Simtec Entropy Key[1] for creating
entropy for otherwise entropy-starved systems (mostly low-activity VMs)
and this works well[2], but it'd be nice to also add in entropy from the
smartcard hardware RNG as well.

While it might be nice to use the smartcard's HRNG to feed /dev/random,
I'm mostly interested in using it as an entropy source for key
generation or other entropy-dependent functions if the card is inserted
and available.

Is this possible?

Cheers!
-Pete

[1] http://www.entropykey.co.uk/ [3]
[2] It generates entropy using two hardware generators, does a series of
tests on them, and assuming they pass the tests, feeds them to a daemon
that feeds into a *nix system's entropy pool. One can then access the
entropy through normal methods, such as by accessing /dev/random.
[3] ObDisclaimer: I have no connection or relationship with the company.
I'm merely a customer who owns the device they sell.


From hhhobbit at securemecca.net  Sun Apr 14 02:18:09 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Sun, 14 Apr 2013 00:18:09 +0000
Subject: Using smartcard as RNG
In-Reply-To: <51693BBF.8030405@heypete.com>
References: <51693BBF.8030405@heypete.com>
Message-ID: <5169F5C1.2020001@securemecca.net>

On 04/13/2013 11:04 AM, Pete Stephenson wrote:
<SNIP>
> [1] http://www.entropykey.co.uk/ [3]
<SNIP>

Are you sure you aren't advertising it?   Using the URL
you supplied, this one has been written about and the link
you are looking for (well, at least one of them) is from
its links:

http://www.entropykey.co.uk/comments/
http://lists.gnupg.org/pipermail/gnupg-users/2009-September/037301.html

David Shaw wrote:

"The developers of  the entropy key were clever and instead of
making programs write new code to use the key, they made a
program that reads the key and feeds the Linux entropy pool.
Thus, anything that uses /dev/random (like gpg) benefits
without code changes."

Or were you after the argument that despite their best efforts
it isn't as random as hoped?  David Shaw intimates along those
lines with "evil".  I would say the self-similarity of Mandelbrot
meaning order is coming out of chaos despite our best efforts to
prevent it.  I don't think the card is some sort of malevolent
creature with a mind of its own.

You should be able to just plug it in and use it with Debian
and Ubuntu after you install the packages for handling it.  For
other Linux distros they have the source code. So from a mechanical
level (meaning no consideration of just how random it is) it works
with very little effort.

Can somebody point to code that can be used for testing how well
it works?  I as going to give my code for making alpha-numeric
hashes for athletic drug samples but it is totally unsuitable.
The labs have been broken into many times so encountering an
alpha-numeric hash rather than a name would foil sample tampering
for physical break-ins in many cases.  I was more concerned with
hash collisions and just used srand() / rand().  WADA would
probably just store the person <--> hash pairings in a DB on
their Windows machines unencrypted anyway.

HHH



From mailinglisten at hauke-laging.de  Sun Apr 14 02:55:58 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Sun, 14 Apr 2013 02:55:58 +0200
Subject: Using smartcard as RNG
In-Reply-To: <5169F5C1.2020001@securemecca.net>
References: <51693BBF.8030405@heypete.com> <5169F5C1.2020001@securemecca.net>
Message-ID: <2935541.aQH1KXTEG3@inno>

Am So 14.04.2013, 00:18:09 schrieb Henry Hertz Hobbit:
> On 04/13/2013 11:04 AM, Pete Stephenson wrote:
> <SNIP>
> 
> > [1] http://www.entropykey.co.uk/ [3]
> 
> <SNIP>
> 
> Are you sure you aren't advertising it?

Would that make sense? I tried to buy one moths ago. Ordered it via their web 
page (and Google) and never heard of them. Not even when asking what's up.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130414/9638cc4f/attachment.sig>

From josef at netpage.dk  Sun Apr 14 03:22:04 2013
From: josef at netpage.dk (Josef Schneider)
Date: Sun, 14 Apr 2013 03:22:04 +0200
Subject: Using smartcard as RNG
In-Reply-To: <5169F5C1.2020001@securemecca.net>
References: <51693BBF.8030405@heypete.com> <5169F5C1.2020001@securemecca.net>
Message-ID: <CAJzbudvrtuTNZ0FvVPVrKBut5Miw2O1vY6Q20UJzO8ocFis7Gg@mail.gmail.com>

On Sun, Apr 14, 2013 at 2:18 AM, Henry Hertz Hobbit <
hhhobbit at securemecca.net> wrote:

> On 04/13/2013 11:04 AM, Pete Stephenson wrote:
> <SNIP>
> > [1] http://www.entropykey.co.uk/ [3]
> <SNIP>
>
> Are you sure you aren't advertising it?   Using the URL
> you supplied, this one has been written about and the link
> you are looking for (well, at least one of them) is from
> its links:
>

Are you sure you actually read the mail you are replying to?
He does NOT want to use this device, his question was if it is possible to
use a smartcard (the OpenPGP card http://g10code.com/p-card.html but as far
as I know almost every smartcard has a TRNG that can be read from with the
same command) as entropy source.
This is, in fact, possible and there is a small tool that does exactly that
available at https://github.com/infincia/cardrand

 Best regards,
Josef Schneider
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130414/619bb1da/attachment.html>

From mailinglisten at hauke-laging.de  Sun Apr 14 06:00:45 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Sun, 14 Apr 2013 06:00:45 +0200
Subject: Using smartcard as RNG
In-Reply-To: <51693BBF.8030405@heypete.com>
References: <51693BBF.8030405@heypete.com>
Message-ID: <4299744.v3f5OU4PTN@inno>

Am Sa 13.04.2013, 13:04:31 schrieb Pete Stephenson:

> I did some searching in the archives but wasn't able to see if someone
> else asked this question before. If it's been discussed before and I
> missed it then I apologize in advance

I did (if I did not just dream it). And as even I don't find that (neither via 
Google nor in my MUA) you are completely excused. :-)


> That said, I was curious if it is possible for GPG to use the hardware
> RNG in an OpenPGP smartcard (either the GnuPG-branded one sold by Kernel
> Concepts or ones like the GPF Crypto Stick) as an entropy source for
> non-card-based operations.

I was told then that this was possible but not the solution to all randomness 
problems. Hardware can have defects, and in case of RNGs it is especially 
difficult to be sure that there are no problems. You need know what the 
hardware errors can be in order to be able to search for the right traces in 
the output. Otherwise non-trivial failure of a hardware RNG may keep 
undetected.


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130414/73a3d89f/attachment.sig>

From hhhobbit at securemecca.net  Sun Apr 14 07:23:17 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Sun, 14 Apr 2013 05:23:17 +0000
Subject: Using smartcard as RNG
In-Reply-To: <2935541.aQH1KXTEG3@inno>
References: <51693BBF.8030405@heypete.com> <5169F5C1.2020001@securemecca.net>
 <2935541.aQH1KXTEG3@inno>
Message-ID: <516A3D45.1020709@securemecca.net>

On 04/14/2013 12:55 AM, Hauke Laging wrote:
> Am So 14.04.2013, 00:18:09 schrieb Henry Hertz Hobbit:
>> On 04/13/2013 11:04 AM, Pete Stephenson wrote:
>> <SNIP>
>>
>>> [1] http://www.entropykey.co.uk/ [3]
>>
>> <SNIP>
>>
>> Are you sure you aren't advertising it?
> 
> Would that make sense? I tried to buy one moths ago. Ordered it via their web 
> page (and Google) and never heard of them. Not even when asking what's up.

I am sorry you are having problems getting it but I do NOT
represent the company in any way.  I knew nothing until the
original question was posed.  Aaron Toponce, Werner and others
know MUCH more than I do.  It is also time for them to speak
up and for me to butt out.

The original question doesn't make sense either given how easy
it was for me to find the answer.  Well it is easy for somebody
like me who can find almost anything on the Internet and even
see some of the problems with hashed JS scripts without even
unsalting them.  I also have one of the RealTek SHA1 certs
that was used in Stuxnet.  It passed muster until the keys
were revoked.  What I had was NOT Stuxnet.  I got it from a
middle school in Southern California.  Think about that long
and hard before specifying SHA1 as your first hash choice.

Maybe you are using the wrong search engine or typing something
wrong or accepting their changes.  I just gave entropykey as the
search term to DuckDuckGo.com and came up with much better
results than those purportedly bad hosts somebody had.  Here is
one of the links:

http://pthree.org/2012/10/05/the-entropy-key/

I have Aaron's key on my key-ring.  Look up
aaron(GNAT)rootcertified.com at MIT's key server and import
his key to see his email addresses.

http://pgp.mit.edu/

I suggest using his gmail address.  Anyway, Aaron said he has
purchased five of them.  They do say on the order form page
that it is in high demand right now.  Aaron will more likely
represent Ubuntu rather than entropykey.co.uk.  He posted it
on 2012-10-05 if that helps you make sense on why you are
having problems getting yours.  But Aaron says they are NOT
mixing them into /dev/random but have their own /dev/entropykey/
folder and you use the ekeyd daemon which sets up a tty for
each connection there.  That means code changes WOULD nned to
be made for gpg and other applications (and that means it is
time for me to shut up and let Werner and the others write).

What I was referring to in the Benoit Mandelbrot self similarity
was that IBM was using the telephone lines for SNA networking.
Benoit was assigned to find why there was a problem with what
they thought were random glitches in the transmission.  What he
found was it wasn't random at all.  The disturbance periods were
periodical (but not symmetric) and repeating in nature.  Even
worse than that, when you made the time durations either longer
or shorter the very same patterns showed up.  When they say
they are using PN semiconductor junctions referse biased driven
to high enough voltages to be near to but not beyond breakdown
in order to generate noise I begin to get worried.  But without
hard tests by MANY people you have no way of knowing just how
random they are

HHH
PS  Don't be surprised if they show up packaged in a Brillo box.
    #^)  - Fairchild Semiconductor


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130414/796f6144/attachment.sig>

From hhhobbit at securemecca.net  Sun Apr 14 09:10:20 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Sun, 14 Apr 2013 07:10:20 +0000
Subject: Using smartcard as RNG
In-Reply-To: <5169F5C1.2020001@securemecca.net>
References: <51693BBF.8030405@heypete.com> <5169F5C1.2020001@securemecca.net>
Message-ID: <516A565C.90906@securemecca.net>

On 04/14/2013 12:18 AM, Henry Hertz Hobbit wrote:
> On 04/13/2013 11:04 AM, Pete Stephenson wrote:
> <SNIP>
>> [1] http://www.entropykey.co.uk/ [3]
> <SNIP>

I take it back.  Farther down Aaron's page it DOES say it fills
up /dev/random.  So it IS compatible. I am doing way too many
things at once and it is way past the time I should have
started my long nap.

http://pthree.org/2012/10/05/the-entropy-key/

I can not find where it says whether it is  USB 2.0 or USB 3.0
compatible.  If it is USB 3.0 capable and he is using USB 2.0
that could explain Aaron's slower speeds than what they claim.

The reason for the slow down on filling orders may be the same
as for why it took so long for the first silicon transistors to
be delivered from Fairchild Semiconductor to IBM in a Brillo
box.  There, some of the time they had nothing when the form
was opened other than dirty sand.  I am sure this is better
than that.

But the demand is probably far greater than the supply is, at
least for now.  What I need is something else and it isn't
hardware.

HHH



From expires2013 at ymail.com  Sun Apr 14 15:36:39 2013
From: expires2013 at ymail.com (MFPA)
Date: Sun, 14 Apr 2013 14:36:39 +0100
Subject: Please fix subscribe at
 http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
In-Reply-To: <5ihajlvhkr.fsf@fencepost.gnu.org>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
Message-ID: <1385792861.20130414143639@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Friday 5 April 2013 at 3:26:12 AM, in
<mid:5ihajlvhkr.fsf at fencepost.gnu.org>, Don Saklad wrote:


> Please fix subscribe at
> http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce

> Subscribe didn't work !... interrupted by the warning
> untrusted.

That's not something that needs "fixing." It provides the user with a
greater level of security if they need to make their own informed
decision to "trust" a certificate, rather than the browser developers
making that decision without any user input.


- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

The One with The Answer is seldom asked The Question
-----BEGIN PGP SIGNATURE-----

iQCVAwUBUWqw/qipC46tDG5pAQohcgP/Z6/9XC1jaHlVrQR2m/s36gWjFG3J7ZCn
8gTHg0Cwt+AnVs96X4GSvNDMNd0YyAOSyFVUvJV403GcK1EtTEFhn7qPBsthmX22
Fibd0UYvjFz0Z9lmWx+AJza/grfiDs5cfvwRS/HK6HhEFGDwSGER2fDpN5r1LWIQ
Iupq4YX+lx4=
=4TJE
-----END PGP SIGNATURE-----



From sttob at mailshack.com  Sun Apr 14 17:53:17 2013
From: sttob at mailshack.com (Stan Tobias)
Date: Sun, 14 Apr 2013 17:53:17 +0200
Subject: gpg for pseudonymous users
In-Reply-To: <5161808C.8070302@fifthhorseman.net>
References: <5151CE6E.6010804@riseup.net>
 <CAEpeLrNec8Lz=XAgomEy30DzTMrPbXjNitEg5VF0z5ymqDjkyA@mail.gmail.com>
 <515225E9.50805@kent.ac.uk> <5152316F.1060705@riseup.net>
 <20130327211504.GC11100@leortable> <515421CC.7030900@digitalbrains.com>
 <51552159.9080106@gmail.com> <5155A766.6080404@riseup.net>
 <5155C44F.9030603@gmail.com> <5155CFC8.10505@fifthhorseman.net>
 <515ef02a.jIHgBkaOamQCwEhW%sttob@mailshack.com>
 <515F0C0A.3030006@fifthhorseman.net>
 <5161291a.9nw+AIE8qA7ltnYF%sttob@mailshack.com>
 <5161808C.8070302@fifthhorseman.net>
Message-ID: <516ad0ed.a3T7JLbHozg0FE7V%sttob@mailshack.com>

Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> On 04/07/2013 04:06 AM, Stan Tobias wrote:
>
> > I'd be willing, too, to sign the Enemy's key, as long as its UID says
> > "Enemy" and not "Friend".
[...]
> If you want to make a statement about whether someone is your enemy or
> your friend, an OpenPGP identity certification might not be the right
> way to do it.

That was just a figure of speech on my part, to express that I wouldn't
have a problem signing anybody's key whatsoever, as long as I'm sure
the UID truthfully describes them.  Any doubt is a reason not to sign.

[...]
> I think we're talking about pseudonyms, not "anonymous identities".
>
> You seem to think that names of the form "Stan Tobias" and "Daniel Kahn
> Gillmor" and "Werner Koch" are somehow more "real" names than
> "adrelanos".  

Not really.  I wouldn't have a problem signing Lady Gaga's key, although
it's probably not what reads in her passport.  It's a pseudonym, but
she's known by that.  In fact, I don't distinguish between pseudonyms
and legal names - for me they're all names; what matters is whether someone
is known by that name.

Actually, it's about more than just being known by a name.  Our public
names are not quite our own choice.  "Lady Gaga" is an invented name,
but it will stick to her for a long time.  "Artist Formerly known as
Prince" or whatever shape he now wants to to be identified by, is still
recognized by his old name "Prince", whether he or his editors like
it or not.  If your group calls you by a nickname, it's often next
to impossible to have it changed.  You may change your legal name,
but it's not without many consequences for you.  A name becomes your
name when people call you by that name.  It's the society that keeps our
names stable.  Therefore public names can be considered good identifiers
(how good is another discussion).

In case of anonymous entities, like "adrelanos", I don't mean to say
they have no reason to protect their "brand" names: they might have
an ambition, a moral inclination etc.  But I don't see any *external*
mechanism that would glue the name to the identity.  The person behind
"adrelanos" may stop using this name when he merely gets bored, without
any consequences for himself.  Just because he can.  For this very reason
I don't consider an anonymous name a good identifier.  Just as the colour
of the tie you're wearing today doesn't identify you well.


> You also seem to think that people's identities are
> immutable over time.  

Yes, that's my understanding:
http://en.wikipedia.org/wiki/Personal_identity_%28philosophy%29


[...]
> However, I am unwilling to constrain my
> beliefs about identity to only cover government statements.  Some people
> have deeply-held identities that their government refuses to certify,
> and some governments are quite willing to issue fraudulent identity
> papers under a variety of circumstances.  So i prefer to reserve the
> right to use my own judgement, and to be able to rely on other
> information besides government endorsement as well.

I'm happy to say I absolutely agree.

> In response to adrelanos'
> question, I tried to give an example of what sort of
> non-government-issued evidence a cautious and open-minded individual
> might consider.  What evidence are you willing to consider to establish
> belief in someone's identity?

That's a really difficult question, and I'm afraid I don't have an
"always works" answer.  I think asking a few people is better than
checking a document.

Another issue is what we use as identifiers.  I've always felt a key uid
was very small and limited in information.  In my perfect world the uid
would be... but that's another discussion.

Regards, Stan Tobias.



From jays at panix.com  Mon Apr 15 03:54:19 2013
From: jays at panix.com (Jay Sulzberger)
Date: Sun, 14 Apr 2013 21:54:19 -0400 (EDT)
Subject: Please fix subscribe at
 http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
In-Reply-To: <1385792861.20130414143639@my_localhost>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
Message-ID: <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>




On Sun, 14 Apr 2013, MFPA <expires2013 at ymail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi
>
>
> On Friday 5 April 2013 at 3:26:12 AM, in
> <mid:5ihajlvhkr.fsf at fencepost.gnu.org>, Don Saklad wrote:
>
>
>> Please fix subscribe at
>> http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
>
>> Subscribe didn't work !... interrupted by the warning
>> untrusted.
>
> That's not something that needs "fixing." It provides the user with a
> greater level of security if they need to make their own informed
> decision to "trust" a certificate, rather than the browser developers
> making that decision without any user input.
>
>
> - --
> Best regards
>
> MFPA                    mailto:expires2013 at ymail.com

What telephone number, what email address should I use to help me
make the decision as to whether to "trust the site"?  Whom should
I speak to?  What method do you recommend to help me make the
right decisions?

oo--JS.



>
> The One with The Answer is seldom asked The Question
> -----BEGIN PGP SIGNATURE-----
>
> iQCVAwUBUWqw/qipC46tDG5pAQohcgP/Z6/9XC1jaHlVrQR2m/s36gWjFG3J7ZCn
> 8gTHg0Cwt+AnVs96X4GSvNDMNd0YyAOSyFVUvJV403GcK1EtTEFhn7qPBsthmX22
> Fibd0UYvjFz0Z9lmWx+AJza/grfiDs5cfvwRS/HK6HhEFGDwSGER2fDpN5r1LWIQ
> Iupq4YX+lx4=
> =4TJE
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>


From dscvlt at gmail.com  Mon Apr 15 07:24:04 2013
From: dscvlt at gmail.com (Ashley Holman)
Date: Mon, 15 Apr 2013 14:54:04 +0930
Subject: Backing up Private Keys
In-Reply-To: <516677C5.8080208@digitalbrains.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
Message-ID: <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>

Thanks very much for the answer.

I also have a followup question.  Is it acceptable practice to make a paper
backup of your private key by exporting it in ascii armored mode and
printing it onto some paper?  (with a passphrase applied of course).  This
would be to prevent against loss in the event of other media failing.  Has
anyone ever had to recover from a paper backup - and if so do you
painstakingly type it to your computer, or use some kind of OCR or perhaps
QR codes to encode it?

I was reading that the passphrase key derivation algorithm for GPG is
PBKDF2 and that perhaps it would be more vulnerable to a brute force attack
than another algorithm such as scrypt.  Would it be advisable to encrypt my
private key with scrypt or is it recommended to stick to PBKDF2?  What are
the strongest settings for --s2k-cipher-algo, --s2k-digest-algo,
and --s2k-count?

Basically I'm looking to have my private key really protected so that even
if it fell into the wrong hands it would be downright unfeasable to brute
force (yes I have a good passphrase - but looking to make the encryption as
strong as it can be).

Thanks


On Thu, Apr 11, 2013 at 6:13 PM, Peter Lebbing <peter at digitalbrains.com>wrote:

> > Does this mean that the public key is exported along with the private
> key?
>
> Yes, indeed.
>
> HTH,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130415/c0adbaa4/attachment.html>

From peter at digitalbrains.com  Mon Apr 15 12:23:39 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 15 Apr 2013 12:23:39 +0200
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
Message-ID: <516BD52B.5010606@digitalbrains.com>

On 15/04/13 07:24, Ashley Holman wrote:
> I also have a followup question.  Is it acceptable practice to make a 
> paper backup of your private key by exporting it in ascii armored mode 
> and printing it onto some paper?

You should take a look at PaperKey[1]. It will produce text with some
redundancy for error checking that is the most concise description of the
secret part of your key. That means it is only the secret part, and in the
case of PaperKey, you /do/ need a separate backup of the public key to
reconstruct your secret key. But public keys are usually kept in several
public places.

> Would it be advisable to encrypt my private key with scrypt or is it 
> recommended to stick to PBKDF2?

The usual answer here is: stick to the defaults. They are the defaults for a
reason. Choose a good passphrase, other than that, the system is secure.

By the way, you say "more vulnerable to a brute-force attack". But a
brute-force attack is usually not associated with vulnerability. Anything
verifiable[2] can be brute-forced. The deciding factors are the number of
possible combinations and the computing power needed to do one guess. Seeing
the number of possible combinations in the crypto primitives used by the
default GnuPG settings, you shouldn't worry about brute forcing. I'd say
it's impossible.

> What are the strongest settings for --s2k-cipher-algo, --s2k-digest-algo,
> and --s2k-count?

There are no strongest settings. Different algorithms have their own strengths.

> Basically I'm looking to have my private key really protected so that 
> even if it fell into the wrong hands it would be downright unfeasable to
> brute force

I think you're confusing the term "brute force" with the term "crack" or
something similar. --s2k-count is the most deciding in how difficult it is
to brute force, I think. A criticism of SHA-3 is that it can be so quick
that this might be an issue in some settings, but you can't choose SHA-3 as
the s2k-digest-algo anyway ;).

The defaults are fine. You could opt to use 3DES or AES instead of the
default CAST5. But your secret key is already safe with CAST5, so there
really is no need. If it were not safe by a big margin, it wouldn't be the
default. The authors of GnuPG weren't born yesterday.

If attackers already need all the energy of 5 suns to crack your private
key, it really doesn't matter if they need an additional 5 when you tweak
the settings. Attackers don't usually have 5 suns in their back pocket.
We're talking about completely hypothetical cracks already, barring any
major (and unforeseeable) advances in mathematics.

If you choose to believe me, obviously. I'm not a cryppie, and even cryppies
are only human.

HTH,

Peter.

[1] http://www.jabberwocky.com/software/paperkey/
[2] Complexity class NP. Apart from the one-time pad, I don't think there is
useful crypto outside NP (I wouldn't call OTP very useful either ;). I'm
interested in hearing any arguments why something outside NP would be useful.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt


From pete at heypete.com  Mon Apr 15 18:08:53 2013
From: pete at heypete.com (Pete Stephenson)
Date: Mon, 15 Apr 2013 18:08:53 +0200
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
Message-ID: <516C2615.2010508@heypete.com>

On 4/15/2013 7:24 AM, Ashley Holman wrote:
> I also have a followup question.  Is it acceptable practice to make a
> paper backup of your private key by exporting it in ascii armored mode
> and printing it onto some paper?  (with a passphrase applied of course).

You're the one who defines "acceptable practice" for you. :)

Although I use a smartcard for my day-to-day signing I have backups of
the secret key and subkeys on CD-R and paper in separate
physically-secured locations.

I have copies of both the Paperkey version of my private key and the
ASCII-armored private key block itself.

>  This would be to prevent against loss in the event of other media
> failing.  Has anyone ever had to recover from a paper backup - and if so
> do you painstakingly type it to your computer, or use some kind of OCR
> or perhaps QR codes to encode it?

I realize that typing errors are inevitable, particularly when manually
entering in long strings of seemingly-random text (the Paperkey output
for my 4096-bit private key is 124 lines long while the ASCII-armored
version is 108 lines long). I ran into a few errors using OCR and it was
a hassle to find out which characters it mis-read, so I just ended up
generating a QR code for each line of the Paperkey output and,
separately, a QR code for each line of the ASCII-armored key block.

As a test, I then imported the keyblock using my computer's webcam to
read the QR codes. While somewhat tedious, it was far easier than typing
everything in. Both the Paperkey and ASCII keyblock were reconstructed
without errors.

I'm sure there's a more efficient way of doing things, like creating a
series of linear barcodes that can be read line-by-line with a laser
barcode scanner or by simply scanning it using a flatbed scanner, but
the QR codes work reasonably well for me.

Cheers!
-Pete


From _ at lvh.io  Mon Apr 15 20:01:00 2013
From: _ at lvh.io (Laurens Van Houtven)
Date: Mon, 15 Apr 2013 20:01:00 +0200
Subject: Extracting the session key using gpme?
Message-ID: <CAE_Hg6ZHBSj9QkCwTNHRP1rWRbR+SwTqhTjecUJ0L_EY8coKHA@mail.gmail.com>

Hi,

I need to make many existing documents available to a new recipient by
revealing the session key to them (in an encrypted message, of course). I
can figure out how to do that with the gpg command line tool, but not with
gpgme. The documentation does not even appear to have the phrase "session
key" in it.

The man page for the gpg command line tool comes with a stern warning about
key escrow, but that doesn't sound at all like what I'm doing, so I take it
I can safely ignore it.

Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130415/5ae38d1c/attachment.html>

From dscvlt at gmail.com  Mon Apr 15 13:33:20 2013
From: dscvlt at gmail.com (Ashley Holman)
Date: Mon, 15 Apr 2013 21:03:20 +0930
Subject: Backing up Private Keys
In-Reply-To: <516BD52B.5010606@digitalbrains.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
 <516BD52B.5010606@digitalbrains.com>
Message-ID: <CAOXABZrMUadR+t3Rbw27RVkXRr0eUOYf4mc1OSsiHGcPnPt==g@mail.gmail.com>

Thanks very much for that information.  That gives me a lot to consider and
look into.. and also some confidence in the defaults :).  Thanks also for
the link to PaperWallet. I will check that out.

What I meant by "brute force" was that an attacker could generate all
possible passphrases in a given keyspace and try each of them in an attempt
to decrypt my passphrased secret key.  Eventually one of the attempts
should succeed.  I did some calculations to try to work out how long it
might take to brute force, and the results were more like decades instead
of something more impressive like "long after the sun has exploded".

So for example's sake, lets say my passphrase keyspace is in order of
10^25.  I'll also assume that a sophisticated attacker might be able to
make 1 million attempts per second (maybe this is where my assumptions are
off - but the bitcoin network generates trillions of hashes per second by
comparison).

>> (10^25/10^6) / 86400 / 365
ans =  3.1710e+11

300 billion years at that rate.  But, if I account for moore's law, I
should assume that the attempts per second will increase each year.  If I
assume 50% increase in computing power per year then I get:

>> log((10^25/10^6) / 86400 / 365) / log(1.5)
ans =  65.314

So 65 years.  I know this is a really long time, but it's not as impressive
as millions of years would be.  Does this mean that people in the 22nd /
23rd century might be able to crack old passphrased keys really easily?
 (ok, maybe there are likely to be maths advances by that point anyway).

Quite likely I've made and mistakes in my calculations and/or bad
assumptions so let me know if that is the case.

Thanks again
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130415/73a72833/attachment.html>

From peter at digitalbrains.com  Mon Apr 15 22:14:04 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 15 Apr 2013 22:14:04 +0200
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZrMUadR+t3Rbw27RVkXRr0eUOYf4mc1OSsiHGcPnPt==g@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
 <516BD52B.5010606@digitalbrains.com>
 <CAOXABZrMUadR+t3Rbw27RVkXRr0eUOYf4mc1OSsiHGcPnPt==g@mail.gmail.com>
Message-ID: <516C5F8C.8090202@digitalbrains.com>

On 15/04/13 13:33, Ashley Holman wrote:
> But, if I account for moore's law, I should assume that the attempts per 
> second will increase each year.  If I assume 50% increase in computing power 
> per year

Just a very quick answer: this doesn't account for thermodynamics. Other
calculations for instance relate to the energy required to destroy/change a
certain amount of information. There's an information-theoretic limit to that,
and if the models hold it is not possible to flip a bit with less energy expended.

Furthermore, you are now indeed in the realm of almost brute force[1]. Security
of a cipher algorithm is no longer significant. What matters is the amount of
calculations needed for one guess. Off the top of my head I don't think this
depends significantly on the cipher. It depends on the hash algorithm (not it's
strength, it's amount of computation), and --s2k-count.

Also, calculating it depends on a good measure of the entropy of your
passphrase; the 10^25 you mention.

> Does this mean that people in the 22nd / 23rd century might be able to crack
> old passphrased keys really easily?

Dunno. What would a 19th century academic say of my Core 2 Duo PC with a video
card that can spit out nearly 50 milliard textures each second?

Other than that: do you care what people by then do with your stuff?

HTH,

Peter.

[1] You're still making educated guesses about the password, right?

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From forlasanto at gmail.com  Mon Apr 15 21:47:41 2013
From: forlasanto at gmail.com (Forlasanto)
Date: Mon, 15 Apr 2013 14:47:41 -0500
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
Message-ID: <516C595D.2000304@gmail.com>

On 4/15/2013 12:24 AM, Ashley Holman wrote:
> Thanks very much for the answer.
>
> I also have a followup question.  Is it acceptable practice to make a
> paper backup of your private key by exporting it in ascii armored mode
> and printing it onto some paper?  (with a passphrase applied of
> course).  This would be to prevent against loss in the event of other
> media failing.  Has anyone ever had to recover from a paper backup -
> and if so do you painstakingly type it to your computer, or use some
> kind of OCR or perhaps QR codes to encode it?
>
> I was reading that the passphrase key derivation algorithm for GPG is
> PBKDF2 and that perhaps it would be more vulnerable to a brute force
> attack than another algorithm such as scrypt.  Would it be advisable
> to encrypt my private key with scrypt or is it recommended to stick to
> PBKDF2?  What are the strongest settings
> for --s2k-cipher-algo, --s2k-digest-algo, and --s2k-count?
>
> Basically I'm looking to have my private key really protected so that
> even if it fell into the wrong hands it would be downright unfeasable
> to brute force (yes I have a good passphrase - but looking to make the
> encryption as strong as it can be).
>
> Thanks

If I were trying to prevent my key from falling into the wrong hands and
make it impossible to brute-force the key, then I'd use Shamir's Secret
Sharing to split the key, and stash all the pieces in separate secure
locations. Then it won't matter if they can brute-force the key; if they
don't collect enough of the pieces, they simply are not going to be able
to reconstruct the key, period. You could /tell /them the password, and
it still wouldn't do any harm, unless they collect enough of the pieces.

http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing


Actually, this can make for great scavenger hunts and geocache hunts, too.

Cryptool also has an implementation of it that helps understand how it
works. http://www.cryptool.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130415/15b74381/attachment.html>

From rjh at sixdemonbag.org  Mon Apr 15 23:07:54 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 15 Apr 2013 17:07:54 -0400
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
Message-ID: <516C6C2A.6090608@sixdemonbag.org>

On 4/15/2013 1:24 AM, Ashley Holman wrote:
> I also have a followup question.  Is it acceptable practice to make a
> paper backup of your private key by exporting it in ascii armored mode
> and printing it onto some paper?  (with a passphrase applied of course).

Let me apologize in advance for being pedantic.  I understand the
question that I think you meant to ask, but that's not quite the same as
the question you asked.  :)

Whether it is acceptable practice depends largely on your local security
policy.  I can imagine some installations would disallow this, on the
grounds that backups are the sole responsibility of system
administration staff.

Whether it is sensible practice, though, is a different question
altogether.  Without commenting on whether it's acceptable for your
particular situation, I can say pretty confidently that a paper hardcopy
of your private certificate is sensible.

Print it out in a monospace font with the largest point size you can
without causing the lines to wrap.  (If you're wondering why, OCR works
best with monospace fonts, and the larger the better.)

> Has anyone ever had to recover from a paper backup - and if so
> do you painstakingly type it to your computer, or use some kind of OCR
> or perhaps QR codes to encode it?

Although I haven't had to recover from a paper backup, I have tested it
a few times using OCR software.  Works fine.  David Shaw also wrote a
tool called 'paperkey' which yanks the unnecessary bits from a private
certificate, leaving behind a much smaller thing more suitable for
printing.  It might be worth looking into.



From rjh at sixdemonbag.org  Mon Apr 15 23:17:25 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 15 Apr 2013 17:17:25 -0400
Subject: Backing up Private Keys
In-Reply-To: <CAOXABZrMUadR+t3Rbw27RVkXRr0eUOYf4mc1OSsiHGcPnPt==g@mail.gmail.com>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
 <516BD52B.5010606@digitalbrains.com>
 <CAOXABZrMUadR+t3Rbw27RVkXRr0eUOYf4mc1OSsiHGcPnPt==g@mail.gmail.com>
Message-ID: <516C6E65.8050001@sixdemonbag.org>

On 4/15/2013 7:33 AM, Ashley Holman wrote:
> So 65 years.  I know this is a really long time, but it's not as
> impressive as millions of years would be.  Does this mean that people in
> the 22nd / 23rd century might be able to crack old passphrased keys
> really easily?

No.  This isn't the sort of question that Moore's Law is useful in
addressing.  You need to get down into the physical limits of the
universe -- particularly things like the Bekenstein and Landauer bounds,
the Margolus-Levitin limit, and so on.  This has been discussed at
length on this list before.  A good synopsis can be found at:

http://lists.gnupg.org/pipermail/gnupg-users/2010-December/040123.html

It's worth noting that these limits are all physical constraints of the
universe.  As such, if a computer operating at the physical limits of
the universe can't brute-force something, it's fair to say that it
simply cannot be brute-forced.




From expires2013 at ymail.com  Tue Apr 16 00:07:36 2013
From: expires2013 at ymail.com (MFPA)
Date: Mon, 15 Apr 2013 23:07:36 +0100
Subject: [OT] Re: Please fix subscribe at
 http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
In-Reply-To: <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
Message-ID: <249190066.20130415230736@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 15 April 2013 at 2:54:19 AM, in
<mid:Pine.NEB.4.64.1304142149510.15168 at panix3.panix.com>, Jay
Sulzberger wrote:


> What telephone number, what email address should I use
> to help me make the decision as to whether to "trust
> the site"?  Whom should I speak to?  What method do you
> recommend to help me make the right decisions?


You could look at the certificate your browser doesn't trust and
follow up the information it contains. You could also search the
internet (and other sources) for information about Intevation GmbH,
and see if it matches what the certificate says. Depending how
paranoid, you could even turn up at their offices and ask relevant
questions.

Decide on the trust level you wish to establish for your intended use
of the site. Then take whatever precautions you think are commensurate
with that level of trust.

Blindly clicking to dismiss the browser's "untrusted" warning is
arguably no more irresponsible than blindly having the browser accept
a certificate signed by a "certification authority" it recognises. I
suspect if you were to look at the list of CAs trusted by your
browser, you would encounter plenty that you see no reason to trust.


- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

Change is inevitable except from a vending machine
-----BEGIN PGP SIGNATURE-----

iQCVAwUBUWx6O6ipC46tDG5pAQqxxwP8CIH5zx1y7Q2aO0ARlVmKdfJKElUodhkC
KyWZNH7diu9OhbEMGQyPc9/YR9lGCRp3jlZ6IvJUlYY3Xo5oon+A+cElh7eH2Gyk
taNaPSU8B61Ih9LorAN3uuOWD8Xzbug6zXNFjLXFSfZPwN3aQStT7aYLQ7XE5DhX
yB3NBgyoqSg=
=4gaV
-----END PGP SIGNATURE-----



From hhhobbit at securemecca.net  Tue Apr 16 03:21:58 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Tue, 16 Apr 2013 01:21:58 +0000
Subject: Backing up Private Keys
In-Reply-To: <516C6C2A.6090608@sixdemonbag.org>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
 <516C6C2A.6090608@sixdemonbag.org>
Message-ID: <516CA7B6.8080402@securemecca.net>

On 04/15/2013 09:07 PM, Robert J. Hansen wrote:
> On 4/15/2013 1:24 AM, Ashley Holman wrote:
>> I also have a followup question.  Is it acceptable practice to make a
>> paper backup of your private key by exporting it in ascii armored mode
>> and printing it onto some paper?  (with a passphrase applied of course).
> 
> Let me apologize in advance for being pedantic.  I understand the
> question that I think you meant to ask, but that's not quite the same as
> the question you asked.  :)
> 
> Whether it is acceptable practice depends largely on your local security
> policy.  I can imagine some installations would disallow this, on the
> grounds that backups are the sole responsibility of system
> administration staff.

I have been a SysAdmin for years and if there is any way I could
make it so that I could exclude .gnupg folders in the home area
I may do that. OTOH, if hackers knew that and used somebody's
.gnupg folder to stash bad stuff then I want a backup but the
OpenPGP keys are really not my concern.  Whether or not the
system is hacked IS my concern.  I have learned to hate sendmail,
wonder why finger was invented, ...  I could care less about
your OpenPGP keys except for maybe restoring them in case you
get them fouled up and have no backup of your own.  I would
advise against ANYTHING on paper except noted below.  But
since they are YOUR OpenPGP keys even if you use them for
company business backing them up is YOUR responsibility, not
mine past a simple file backup. Restoring all of those Engineering
drawings and source code IS  my concern as a SysAdmin even if
you were stupid enough to type "rm -fr" without a second and
third check before you did it.

But as a sysadmin, I would frown on a paper copy of anything as
being problematical and almost useless for a massive backup
of entire systems.  Paper is also an issue from a security
standpoint as well.  Well I guess Judge Hardcastle found the
paper backups of his court cases handy when his side-kick sat
there ready to destroy all the records on the computer.

I think you people are making this too complicated.  Here is
what I do for the same keys everywhere on four different 32
bit LE operating systems.  If you have mixed 32 / 64 and / or
LE / BE, this will NOT work.  You will be doing exporting and
importing for mixed hardware architectures.  Sorry.

1. I make a backup of the ~./gnupg folder as given below in
step 4 and put them in MY ~/tmp folder.  Alternatively you
can copy them to another folder.  your choice,  But having
a backup of what you have makes blowing away the mess you
have and going back to what worked possible.

2. Do something about ~/.gnupg/random_seed if desired.  There
IS a security issue here.  Maybe you want to back up. create
dummy keys and export / import.  Since I use only two systems
for using the keys to create something ...  now is the time
to backup and go the export / import route.

3. Copy the files recursively from ~/.gnupg to
/win/e/gnupg for the windows side of that machine.  I always
have a FAT32 E: partition for copying files.  Those files and
folders are copied in AS IS.  I have never had proglems.
Mixed 32 / 64 or BE / LE?  Start exporting and importing.  It
is the ONLY way you will get it done.  Remember you need the
trustdb unless you want to import and give trust levels again.

4. zip up a copy using 7zip's AES128 with a sufficent password
for a modicum of protection.  Just remember that they keys
are sitting on your machine with NO extra level of protection
so either physical or network access to them poses a security
risk that actually has one LESS hurdle in the way.

$ cd
$ umask 077  # my other stuff is at 022 - my login umask 077
$ 7za a -p gnupg.7z  ./.gnupg

The only part that may be on paper are the passwords used to
make the zips.  If it is a backup I would store the Flash Drive
it is on in a safe some place.  Your drawer with a "gnupg"
written on the flash drive with a Sharpie pen is NOT a safety
deposit box.  You think I am kidding.  The FBI stole the
encryption code at one place I worked at.  My encryption
source code for my platform was encrypted and stored on
media that had something like "stuff" written on them.  I
would also prefer servers that are named with Disney characters
over names that tell what the machine is used for or where it
is at as well.  Good luck on that one as a SysAdmin.  We
MUST name it sdp2 because it is in the Silicon Deposit Process
group and it is their second machine.  Sigh.  There is nothing
like spelling it all out for a hacker.

Make as many copies necessary for the machines / operating
systems you have.  There after you need only the relevant files
that have been changed.  I do the updates of importing keys, et
al on only one machine that has gpg rather than gpg2.  Some day
in the future that will no longer be possible.  At least my
signfile script still works with gpg2 but none of the other
scripts work with gpg2.  Now you know why I use 7-Zip.  I can
make a backup with encryption.

5. I replace the contents of ~/gnupg with the originals when
done.  Usually I just:

$ cd
$ umask 077
$ mv .gnugp new.gnupg
$ mv tmp/gnupg.7z .
$ 7za x gnupg.7z
$ diff -r --brief .gnupg new.gnupg
# if satisfied
$ rm -fr gnugp.7z new.gnupg

Secure?  Not very, but you're infinitely more likely to have
your entire keys (all contents of ~/.gnupg on 'nix) stolen via
physical means like the theft of Amazon's entire VUDI database
where the thieves stole entire drives. They can also be purloined
when hackers can access your machine via a network.  Once they
have that key folder all they lack is the pass-phrase.  A key
logger is useful for that. I have analyzed well over 1,000
malware in the past eight years.  Any more, most malware has
a key-logger that can be dropped on at will if it isn't already
there.

Your major REAL WORLD security problems are:

1. Theft of the entire contents of the ~/.gnupg folder or
equivalent on Windows / Macintosh.  Don't laugh.  I have some
hackers I have dubbed "PeskySpammer" that even had Windows
machines in the RIPE and ICANN network address space (I mean
THEIR control area IP address space) that have drop-on SMTP
agents that directly sent me spam.  Hacked Sheriff web-site
via the stabs of infected PCs, etc.  Search for "PeskySpammer"
with the quotes and some of it is there. I no longer save
any of the messages or update the IP addresses where the
email comes from.  But I am still getting around 100 messages
per day from their bots up to a maximum of a thousand.  Maybe
it is time to change my hosting service.  I get EVERYTHING
sent to any user what so ever at securemecca.com.  It is
useful to help a neighbor without Internet that must supply
an email address but doesn't have one. There are poor people
in the world that don't have computers.  But it is a real
pain with PeskySpammer filling up the email box with garbage.

2. The learning of your pass-phrase or GULP, your keys being
used WITHOUT the pass-phrase being needed.  And on that one I
have white hairs, almost two weeks of sweating it, and one more
thing that needs to be said.  I will say that in a separate
post.  Protecting your pass-phrase is a SERIOUS ISSUE!  Nobody
is mentioning that here.

HHH



From rjh at sixdemonbag.org  Tue Apr 16 05:15:19 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 15 Apr 2013 23:15:19 -0400
Subject: Backing up Private Keys
In-Reply-To: <516CA7B6.8080402@securemecca.net>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516677C5.8080208@digitalbrains.com>
 <CAOXABZoxjeF2mWTuziohnKr0Q3Vm5jXt+gHuv8HOFrVi0zmitA@mail.gmail.com>
 <516C6C2A.6090608@sixdemonbag.org> <516CA7B6.8080402@securemecca.net>
Message-ID: <516CC247.3080703@sixdemonbag.org>

On 4/15/2013 9:21 PM, Henry Hertz Hobbit wrote:
> 3. Copy the files recursively from ~/.gnupg to /win/e/gnupg for the
> windows side of that machine.  I always have a FAT32 E: partition for
> copying files.  Those files and folders are copied in AS IS.  I have
> never had proglems. Mixed 32 / 64 or BE / LE?  Start exporting and
> importing.  It is the ONLY way you will get it done.  Remember you
> need the trustdb unless you want to import and give trust levels
> again.

This is not correct.

GnuPG keyrings are just a stream of OpenPGP octets in a format that
conforms to an OpenPGP message.  Since RFC4880 fully specifies things
like how to handle endianness and whatnot, GnuPG keyrings are
architecture- and endianness-agnostic.

(And yes, I have migrated .gnupg folders between 32- and 64-bit systems,
including from 64-bit PowerPC UNIX to a 32-bit Wintel environment -- the
trifecta of OS, architecture and endianness all changing.  Zero problems.)

> 4. zip up a copy using 7zip's AES128 with a sufficent password for a
> modicum of protection.

Why?  The private certificates are already secured with AES.



From mailinglisten at hauke-laging.de  Tue Apr 16 05:28:19 2013
From: mailinglisten at hauke-laging.de (Hauke Laging)
Date: Tue, 16 Apr 2013 05:28:19 +0200
Subject: Backing up Private Keys
In-Reply-To: <516CC247.3080703@sixdemonbag.org>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516CA7B6.8080402@securemecca.net> <516CC247.3080703@sixdemonbag.org>
Message-ID: <2601539.2dmQfxN6Ae@inno>

Am Mo 15.04.2013, 23:15:19 schrieb Robert J. Hansen:

> The private certificates are already secured with AES.

Really?

--s2k-cipher-algo name
Use name as the cipher algorithm used to protect secret keys.  The default 
cipher is CAST5.

:-)


Hauke
-- 
?
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
http://www.openpgp-schulungen.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130416/e449c0c1/attachment.sig>

From peter at digitalbrains.com  Tue Apr 16 11:50:36 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Tue, 16 Apr 2013 11:50:36 +0200
Subject: [OT] Trusting X.509 certificate
In-Reply-To: <249190066.20130415230736@my_localhost>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost>
Message-ID: <516D1EEC.8050205@digitalbrains.com>

> You could look at the certificate your browser doesn't trust and follow up
> the information it contains. You could also search the internet (and other
> sources) for information about Intevation GmbH, and see if it matches what
> the certificate says.

Everything the certificate "says" is under attacker control when they redirect
the HTTPS session to their own system[1]. You need to find a trust path based
on cryptographic signatures, not on what the Subject and Issuer fields and
what not say in the certificate.

Peter.

[1] With the possible exception of the fingerprint (and perhaps some other
details)

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From rjh at sixdemonbag.org  Tue Apr 16 13:00:02 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 16 Apr 2013 07:00:02 -0400
Subject: Backing up Private Keys
In-Reply-To: <2601539.2dmQfxN6Ae@inno>
References: <CAOXABZrWAuxWGuqGm7Y48+zF1jp84V1Y-wpLRcJHZi9Um6n2AQ@mail.gmail.com>
 <516CA7B6.8080402@securemecca.net> <516CC247.3080703@sixdemonbag.org>
 <2601539.2dmQfxN6Ae@inno>
Message-ID: <516D2F32.6040708@sixdemonbag.org>

On 4/15/2013 11:28 PM, Hauke Laging wrote:
> Use name as the cipher algorithm used to protect secret keys.  The default 
> cipher is CAST5.

My error; I thought that was changed a couple of versions ago.  Thank
you for the correction!




From expires2013 at ymail.com  Tue Apr 16 21:44:24 2013
From: expires2013 at ymail.com (MFPA)
Date: Tue, 16 Apr 2013 20:44:24 +0100
Subject: [OT] Trusting X.509 certificate
In-Reply-To: <516D1EEC.8050205@digitalbrains.com>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost> <516D1EEC.8050205@digitalbrains.com>
Message-ID: <1548377316.20130416204424@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 16 April 2013 at 10:50:36 AM, in
<mid:516D1EEC.8050205 at digitalbrains.com>, Peter Lebbing wrote:


> Everything the certificate "says" is under attacker
> control when they redirect the HTTPS session to their
> own system[1].

Which is why I also suggested searching other sources of information
for comparison.



> You need to find a trust path based on
> cryptographic signatures, not on what the Subject and
> Issuer fields and what not say in the certificate.

Ideally. But I would suggest the necessity depends on the intended use
of (or interaction with) the site.

To register an email address on a mailing list, I would probably spend
practically zero time checking.


- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

I think not, said Descartes, and promptly disappeared
-----BEGIN PGP SIGNATURE-----

iQCVAwUBUW2qK6ipC46tDG5pAQqiiwP+OWETvT8Y/3+L2ApSJAmKmaSWgXWCgeOJ
C4kk6JSnTWGowx6whZLDXmGpCMHpL5Isi6Mbalmj4/iDq6tyeQVgXWYHnixy5U/3
jTVnOiUIjRIQWQ5QPVWhoQRjoRZ/cVqkd+2m85W0UFn22O7GaAdj/M7all+Av7nz
UUdHeImAJdg=
=bm7k
-----END PGP SIGNATURE-----



From wk at gnupg.org  Wed Apr 17 11:57:48 2013
From: wk at gnupg.org (Werner Koch)
Date: Wed, 17 Apr 2013 11:57:48 +0200
Subject: Extracting the session key using gpme?
In-Reply-To: <CAE_Hg6ZHBSj9QkCwTNHRP1rWRbR+SwTqhTjecUJ0L_EY8coKHA@mail.gmail.com>
 (Laurens Van Houtven's message of "Mon, 15 Apr 2013 20:01:00 +0200")
References: <CAE_Hg6ZHBSj9QkCwTNHRP1rWRbR+SwTqhTjecUJ0L_EY8coKHA@mail.gmail.com>
Message-ID: <87obddwkbn.fsf@vigenere.g10code.de>

On Mon, 15 Apr 2013 20:01, _ at lvh.io said:

> I need to make many existing documents available to a new recipient by
> revealing the session key to them (in an encrypted message, of course). I

Yeah, there is long standing request to add a feature to to that
directly in gpg.

> gpgme. The documentation does not even appear to have the phrase "session

There won't be support for it in GPGME.  Why should we make it easy to
do key escrow.  If we ever add a a re-encrypt feature to gpg, if would
make sense to add this to GPGME as well.  But please don't demand it for
the --{show,override}-session-key options.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From ndk.clanbo at gmail.com  Wed Apr 17 14:32:16 2013
From: ndk.clanbo at gmail.com (Diego Zuccato)
Date: Wed, 17 Apr 2013 14:32:16 +0200
Subject: Privacy concerns
Message-ID: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>

Ave all.

IIUC, currently, whoever looks up a key for an identity, automatically
retrieves *all* user's identities!
That could easily be abused (spammers, people writing to personal mailbox
for work-related issues, etc), but even if not abused it's at least
"unpleasant" that all mail addresses gets mixed.

I've been thinking about that for some time, but couldn't yet find a
workaround. Except, maybe, some decoupling between signature key and
identities -- but no idea on how to implement it, keeping the current pros.
W/o having to use multiple different identities (that would mean more
smartcards to manage, for example).

I couldn't find related topics, but I think that's impossible that noone
thought about it before. Am I missing something obvious?

Tks,
 Diego.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130417/2721c80a/attachment.html>

From dougb at dougbarton.us  Wed Apr 17 18:22:26 2013
From: dougb at dougbarton.us (Doug Barton)
Date: Wed, 17 Apr 2013 09:22:26 -0700
Subject: Privacy concerns
In-Reply-To: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
Message-ID: <516ECC42.5060507@dougbarton.us>

It's come up on the list many times. No one has demonstrated that there 
is mass-mining of e-mail addresses from the key servers. Personally, I 
have a mini-honeytrap set up for testing this, and while I get dozens of 
spam messages every day as a result of having had my e-mail addresses 
posted publicly in various places for many years, I get no more than a 
dozen _per year_ pointed at addresses from my key honeytrap.

It's very safe to assume that e-mail address harvesting from the key 
servers is not anything to worry about.

More generally, it's been well documented in the anti-spam community 
that techniques to "hide" your e-mail address from spammers are totally 
fruitless. You want to apply intelligent filters on the receiving side 
of the e-mail transaction to limit the flow seen by the end users. 
That's the only viable long term solution.

hope this helps,

Doug


On 04/17/2013 05:32 AM, Diego Zuccato wrote:
> Ave all.
>
> IIUC, currently, whoever looks up a key for an identity, automatically
> retrieves *all* user's identities!
> That could easily be abused (spammers, people writing to personal
> mailbox for work-related issues, etc), but even if not abused it's at
> least "unpleasant" that all mail addresses gets mixed.
>
> I've been thinking about that for some time, but couldn't yet find a
> workaround. Except, maybe, some decoupling between signature key and
> identities -- but no idea on how to implement it, keeping the current
> pros. W/o having to use multiple different identities (that would mean
> more smartcards to manage, for example).
>
> I couldn't find related topics, but I think that's impossible that noone
> thought about it before. Am I missing something obvious?
>
> Tks,
>   Diego.



From pete at heypete.com  Wed Apr 17 19:09:51 2013
From: pete at heypete.com (Pete Stephenson)
Date: Wed, 17 Apr 2013 19:09:51 +0200
Subject: Privacy concerns
In-Reply-To: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
Message-ID: <516ED75F.9070906@heypete.com>

On 4/17/2013 2:32 PM, Diego Zuccato wrote:
> Ave all.
> 
> IIUC, currently, whoever looks up a key for an identity, automatically
> retrieves *all* user's identities!

Yup.

> That could easily be abused (spammers, people writing to personal
> mailbox for work-related issues, etc), but even if not abused it's at
> least "unpleasant" that all mail addresses gets mixed.

I've had keys on the keyservers for years. Any spam related to
harvesting key data is negligible compared to spam from other sources.
Regardless of source, it gets filtered out so it's no worries to me.

> I've been thinking about that for some time, but couldn't yet find a
> workaround. Except, maybe, some decoupling between signature key and
> identities -- but no idea on how to implement it, keeping the current
> pros. W/o having to use multiple different identities (that would mean
> more smartcards to manage, for example).

While I don't use OpenPGP at my work, it seems reasonable to me to
create separate primary keys for work and personal use.

In the US at least, companies have various regulatory requirements
relating to communications and message storage. It may be compulsory for
a company to have the ability to decrypt, read, and archive your
work-related mail. Since you cannot -- as far as I know -- bind
encryption subkeys to a specific UID, having a separate primary key for
your work seems like a good idea.

Cheers!
-Pete


From _ at lvh.io  Wed Apr 17 19:38:53 2013
From: _ at lvh.io (Laurens Van Houtven)
Date: Wed, 17 Apr 2013 19:38:53 +0200
Subject: Extracting the session key using gpme?
In-Reply-To: <87obddwkbn.fsf@vigenere.g10code.de>
References: <CAE_Hg6ZHBSj9QkCwTNHRP1rWRbR+SwTqhTjecUJ0L_EY8coKHA@mail.gmail.com>
 <87obddwkbn.fsf@vigenere.g10code.de>
Message-ID: <CAE_Hg6YRh5TKD3efx2gN-zNbfXdO71kgD8fBGsc6XdQt4rqHeg@mail.gmail.com>

 Hi Werner,

Thanks for your reply!

On Apr 17, 2013 12:03 PM, "Werner Koch" <wk at gnupg.org> wrote:

> There won't be support for it in GPGME.  Why should we make it easy to
> do key escrow.  If we ever add a a re-encrypt feature to gpg, if would
> make sense to add this to GPGME as well.  But please don't demand it for
> the --{show,override}-session-key options.
>

No worries, I'm not demanding anything, just trying to figure out if what I
want to do is appropriate, and, if so, what the best way to do it is :)

So, to be clear, the reason this isn't in GPGME isn't because what I'm
doing is fundamentally wrong, it's just that the gpgme equivalent of the
way you'd currently do it using the gpg command line tool can be used for
things gpg doesn't intend to support (specifically, key escrow).

Or, perhaps more specifically: what I want isn't wrong, but the only way to
accomplish it is using the gpg command line tool, there are good reasons
for this, and I should just use the gpg command line tool? :)

cheers
lvh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130417/4a25ad1e/attachment.html>

From ndk.clanbo at gmail.com  Wed Apr 17 20:45:01 2013
From: ndk.clanbo at gmail.com (NdK)
Date: Wed, 17 Apr 2013 20:45:01 +0200
Subject: Privacy concerns
In-Reply-To: <516ECC42.5060507@dougbarton.us>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
 <516ECC42.5060507@dougbarton.us>
Message-ID: <516EEDAD.7070406@gmail.com>

Il 17/04/2013 18:22, Doug Barton ha scritto:

> It's very safe to assume that e-mail address harvesting from the key
> servers is not anything to worry about.
At least for now.
But spam is just one of the possible issues...

Anyway I can see that the easiest and more versatile solution is to have
different identities for different communities (one for work, one for
personal use, one for hacking communities, ...). Eventually all
cross-signed.

Then, now, what's needed is a new implementation for OpenPGPCard that
supports enough keys :) But that's another topic that I'll open soon.

BYtE,
 Diego.


From ndk.clanbo at gmail.com  Wed Apr 17 20:53:36 2013
From: ndk.clanbo at gmail.com (NdK)
Date: Wed, 17 Apr 2013 20:53:36 +0200
Subject: Privacy concerns
In-Reply-To: <516ED75F.9070906@heypete.com>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
 <516ED75F.9070906@heypete.com>
Message-ID: <516EEFB0.3010509@gmail.com>

Il 17/04/2013 19:09, Pete Stephenson ha scritto:

> While I don't use OpenPGP at my work, it seems reasonable to me to
> create separate primary keys for work and personal use.
Seems the only reasonable thing... for now :)

> In the US at least, companies have various regulatory requirements
> relating to communications and message storage. It may be compulsory for
> a company to have the ability to decrypt, read, and archive your
> work-related mail. Since you cannot -- as far as I know -- bind
> encryption subkeys to a specific UID, having a separate primary key for
> your work seems like a good idea.
Usually at office they give you a card with an x509 cert on it... And
you have to use it.
But sometimes they let you optionally use other means to sign your mails.
Ability to bind a specific UID with a subkey (implying having multiple
valid encryption keys) doesn't seem too useful...

BYtE,
 Diego.



From lbeith at rwu.edu  Wed Apr 17 23:05:39 2013
From: lbeith at rwu.edu (Beith, Linda)
Date: Wed, 17 Apr 2013 17:05:39 -0400
Subject: question on decryption with missing passcode
Message-ID: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>

Hi folks,
I am new to the list and am hoping someone can provide some suggestions for a situation we have at my University. We have had a rather catastrophic loss of all data from one of our Fall 2012 courses on our Sakai open source learning management server. To compound matters, we have a military student who had an incomplete in that course and is on deadline to finish his work and submit his grades or face being dropped from his academic program.

Since our Sakai instance is hosted by a third-party vendor we don't have direct access to the application at the server level, so each month the vendor makes a backup copy of our full database and encrypts/zips it using GNU PG so we can download it.  We then decrypt it using the passcode they provide and we can run stats against the resulting SQL file.

I had a backup file from early December 2012 that I had downloaded but never opened. I sent the file back to our vendor in hopes of being able to retrieve the course data however when they  tried to unzip/decrypt it, they were not prompted for the passcode and just got an error:

Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg'
Gpg: decrypt_message filed: file open error

We can't have them redo the backup because it is too late - the files are no longer on their server. So the only source of the work is locked in this zipped file. The zipped file is quite large - over 1 GB so we know there is data there - we just can't get to it.

The assumption is  that something went wrong in the original encryption of the file. Do you have idea if it is possible to extract data in this situation?

I appreciate any help or suggestions you can provide,
Linda


Linda L. Beith, Ph.D.
Roger Williams University
Director, Instructional Design
One Old Ferry Road, Bristol RI
401-254-3134
Website: id.rwu.edu<http://id.rwu.edu/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130417/c14a03b0/attachment-0001.html>

From dkg at fifthhorseman.net  Thu Apr 18 00:25:59 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Wed, 17 Apr 2013 18:25:59 -0400
Subject: question on decryption with missing passcode
In-Reply-To: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
Message-ID: <516F2177.4090107@fifthhorseman.net>

On 04/17/2013 05:05 PM, Beith, Linda wrote:
> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg'
> Gpg: decrypt_message filed: file open error


This message suggests that there is a problem in the filesystem, not a
problem with a missing passphrase.  Do you have a copy of the file in
question?  do you know what the symmetric passphrase is supposed to be?

if so, can you try to decrypt it and provide a paste of the full
terminal transcript (see [0] for suggestions on how to do a reasonable
terminal transcript) of you doing the following commands?

 ls -l rwu.dbdump_Nov2012.sql.gz.gpg
 gpg --decrypt rwu.dbdump_Nov2012.sql.gz.gpg

you'd need to run these commands from the directory where the file is
located.

is it possible that the file just needs to be made readable, or needs a
change of ownership?

hope this helps,

	--dkg

[0] https://support.mayfirst.org/wiki/terminal_transcripts

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130417/27e48913/attachment.sig>

From jays at panix.com  Thu Apr 18 01:14:55 2013
From: jays at panix.com (Jay Sulzberger)
Date: Wed, 17 Apr 2013 19:14:55 -0400 (EDT)
Subject: question on decryption with missing passcode
In-Reply-To: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
Message-ID: <Pine.NEB.4.64.1304171849550.17111@panix3.panix.com>




On Wed, 17 Apr 2013, Beith, Linda <lbeith at rwu.edu> wrote:

> Hi folks,
>
> I am new to the list and am hoping someone can provide some
> suggestions for a situation we have at my University. We have
> had a rather catastrophic loss of all data from one of our Fall
> 2012 courses on our Sakai open source learning management
> server. To compound matters, we have a military student who had
> an incomplete in that course and is on deadline to finish his
> work and submit his grades or face being dropped from his
> academic program.
>
> Since our Sakai instance is hosted by a third-party vendor we
> don't have direct access to the application at the server
> level, so each month the vendor makes a backup copy of our full
> database and encrypts/zips it using GNU PG so we can download
> it.  We then decrypt it using the passcode they provide and we
> can run stats against the resulting SQL file.
>
> I had a backup file from early December 2012 that I had
> downloaded but never opened. I sent the file back to our vendor
> in hopes of being able to retrieve the course data

I do not understand.  If usually you just "use the passcode" to
decrypt the backup file, why did you treat the early December
2012 differently?  Whys should the "vendor" handle this?  Why not
you, in the usual way, by using the passcode for that backup
file?

>                                                    however when
> they tried to unzip/decrypt it, they were not prompted for the
> passcode and just got an error:
>
> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg'
> Gpg: decrypt_message filed: file open error

If I understand correctly:

1. There was an original file, call it A .

2. gzip was applied to A to get the file A.gz .

3. Then gpg was applied to get A.gz to get A.gz.gpg .

I ask

What operation of gpg was applied to produce A.gz.gpg from A.gz ?

Is the "passcode" a PGP public key, or something else?

I have likely not understood how things work, but one natural
way, it seems to me, would be to have the course publish a PGP
public key, and anyone who wanted to send a file to the
teachers/administrators of the course could just use gpg to send
the file, not as cleartext, but encrypted with the public key of
the course.  In this situation, there would be no "passcode"
provided by the vendor, but rather just the course's own public
key, with the course carefully keeping the corresponding private
key private.

>
> We can't have them redo the backup because it is too late - the
> files are no longer on their server. So the only source of the
> work is locked in this zipped file. The zipped file is quite
> large - over 1 GB so we know there is data there - we just
> can't get to it.
>
> The assumption is that something went wrong in the original
> encryption of the file. Do you have idea if it is possible to
> extract data in this situation?
>
> I appreciate any help or suggestions you can provide,
> Linda

Perhaps gpg's encryption failed.  But more likely it seems to me
the big file was corrupted in transit.  I have heard, though it
always seemed almost unbelievable, that some http browsers
corrupt files, unless the browser is specifically told not to.
It is also the case, and this I believe easily, that many email
stacks corrupt files sent via the stack.  I believe this easily
because I remember the early, and now traditional, misdesign of
parts of our email system.

I'd try getting hold of the file by transporting it from the
vendor to you by using "rsync --rsh=ssh ...".  In my experience
rsync is reliable for even gigabyte files.

oo--JS.


>
>
> Linda L. Beith, Ph.D.
> Roger Williams University
> Director, Instructional Design
> One Old Ferry Road, Bristol RI
> 401-254-3134
> Website: id.rwu.edu<http://id.rwu.edu/>
>
>


From rjh at sixdemonbag.org  Thu Apr 18 01:24:14 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 17 Apr 2013 19:24:14 -0400
Subject: Privacy concerns
In-Reply-To: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
Message-ID: <516F2F1E.6040005@sixdemonbag.org>

On 4/17/2013 8:32 AM, Diego Zuccato wrote:
> That could easily be abused (spammers, people writing to personal
> mailbox for work-related issues, etc), but even if not abused it's at
> least "unpleasant" that all mail addresses gets mixed.

This has been discussed ad nauseam in the past.  Generally speaking
there are two camps on this subject and neither camp has ever been
successful in persuading the other camp to change their mind.  Check the
list archives for all the gruesome details.

My opinion on this is that arguing about whether it's a problem is
completely useless.  If someone has a concrete proposal to separate
certificates from user identities, and has an actual implementation that
I can download and test, then I'm happy to evaluate that implementation.
 Otherwise, though, talking about this in the abstract is just a recipe
for frustration, stress, and long threads that go nowhere.

(No one has ever produced a proposal that's involved running code, BTW.)



From rjh at sixdemonbag.org  Thu Apr 18 01:37:19 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 17 Apr 2013 19:37:19 -0400
Subject: question on decryption with missing passcode
In-Reply-To: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
Message-ID: <516F322F.5000705@sixdemonbag.org>

On 4/17/2013 5:05 PM, Beith, Linda wrote:
> Gpg: can?t open ?rwu.dbdump_Nov2012.sql.gz.gpg?
> Gpg: decrypt_message failed: file open error

This is almost certainly a file permissions error on their end.  Whoever
is running GnuPG doesn't have the necessary permissions to read the file
they're trying to decrypt.  A quick way to test this would be to try and
open it in Notepad or Emacs (after making a copy, of course!).  If you
can't do that, then the problem isn't with GnuPG but is with the
permissions on the file.

> The assumption is  that something went wrong in the original encryption
> of the file. Do you have idea if it is possible to extract data in this
> situation? 

Your assumption is probably incorrect.  Let's look at the source code.
(It's okay if you don't know C: just skip over the source code and go to
the text under it.)



=====
int
decrypt_message( const char *filename )
{
    IOBUF fp;
    int rc;

    /* Open the message file.  */
    fp = iobuf_open(filename);
    if (fp && is_secured_file (iobuf_get_fd (fp)))
      {
        iobuf_close (fp);
        fp = NULL;
        errno = EPERM;
      }
    if( !fp ) {
        rc = gpg_error_from_syserror ();
	log_error (_("can't open `%s': %s\n"), print_fname_stdin(filename),
                   gpg_strerror (rc));
        release_progress_context (pfx);
	return rc;
    }
=====



(Some non-essential lines have been removed for ease of reading.)

Your error message appears in here.  It doesn't appear anywhere else, so
we know that this is the source code that's relevant to your problem.[*]
 GnuPG is throwing an error before it's read a single byte of the file.
 It tries to open the file, can't, indicates the problem is disk
permissions ("errno = EPERM"; by long-standing UNIX tradition error
codes start with E), and bails out.

The problem is not that the file has been corrupted; it's that the file
is unreadable.  This is good news for you, since file permission
problems are *much* easier to fix than corruption problems.  :)

Hope this helps.  Let us know if we can be of more assistance.






[*] Technically it does appear other places, but those code paths only
get called for decrypting multiple files.  Here you're just decrypting
one, so the other code paths can be ignored.



From hhhobbit at securemecca.net  Thu Apr 18 01:39:22 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Wed, 17 Apr 2013 23:39:22 +0000
Subject: question on decryption with missing passcode
In-Reply-To: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
Message-ID: <516F32AA.4020703@securemecca.net>

On 04/17/2013 09:05 PM, Beith, Linda wrote:

> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg'
> Gpg: decrypt_message filed: file open error

Daniel Kahn Gillmor is correct on this being a file permissions
problem or maybe an OS problem for a file of that large size.
Like Daniel, I assume the first.

I assume from what you said that it is encrypted with a symmetric
cipher rather than a public key.  You need to rule out something
encrypted with public key in which case only you rather than you
and the sender can decrypt which can be done with a symmetric
cipher.

The best thing would be to make sure you have the same thing:

$ sha1sum -b rwu.dbdump_Nov2012.sql.gz.gpg

sha1sum may not be good enough for security but it is good enough
for file permission and corruption problems and should give you
the same sum on both your system and their system.  But the message
looks more like like a file permissions problem and in that case
even something as simple as sha1sum will also fail with a message
like "Permission denied".  If you get that do a:

$ ls -l rwu.dbdump_Nov2012.sql.gz.gpg

That gives the permissions on the file.  Make sure you have
read permissions (you are in the group specified for the
file or read acccess is also given to Other).

HHH



From rjh at sixdemonbag.org  Thu Apr 18 01:45:56 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 17 Apr 2013 19:45:56 -0400
Subject: question on decryption with missing passcode
In-Reply-To: <516F32AA.4020703@securemecca.net>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
 <516F32AA.4020703@securemecca.net>
Message-ID: <516F3434.9090705@sixdemonbag.org>

On 4/17/2013 7:39 PM, Henry Hertz Hobbit wrote:
> Daniel Kahn Gillmor is correct on this being a file permissions
> problem or maybe an OS problem for a file of that large size.

Not for a 1Gb file, it's not.  Even FAT32 can handle that, and FAT32's
about as brain-dead a filesystem as you're ever likely to come across.
Further, if it was a file size issue, then how did the file ever get
successfully copied in the first place?

If this turns out to be a file size issue I'll donate 100EUR to g10
Code.  That's how sure I am it's not a file size issue.



From jays at panix.com  Thu Apr 18 01:51:20 2013
From: jays at panix.com (Jay Sulzberger)
Date: Wed, 17 Apr 2013 19:51:20 -0400 (EDT)
Subject: question on decryption with missing passcode
In-Reply-To: <516F2177.4090107@fifthhorseman.net>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
 <516F2177.4090107@fifthhorseman.net>
Message-ID: <Pine.NEB.4.64.1304171949130.17111@panix3.panix.com>




On Wed, 17 Apr 2013, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> On 04/17/2013 05:05 PM, Beith, Linda wrote:
>> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg'
>> Gpg: decrypt_message filed: file open error
>
>
> This message suggests that there is a problem in the filesystem, not a
> problem with a missing passphrase.  Do you have a copy of the file in
> question?  do you know what the symmetric passphrase is supposed to be?

Ah, I missed that.  Indeed, as others also have suggested and
argued, that message suggests that gpg cannot even open the file.

oo--JS.


>
> if so, can you try to decrypt it and provide a paste of the full
> terminal transcript (see [0] for suggestions on how to do a reasonable
> terminal transcript) of you doing the following commands?
>
> ls -l rwu.dbdump_Nov2012.sql.gz.gpg
> gpg --decrypt rwu.dbdump_Nov2012.sql.gz.gpg
>
> you'd need to run these commands from the directory where the file is
> located.
>
> is it possible that the file just needs to be made readable, or needs a
> change of ownership?
>
> hope this helps,
>
> 	--dkg
>
> [0] https://support.mayfirst.org/wiki/terminal_transcripts
>
>


From dkg at fifthhorseman.net  Thu Apr 18 02:28:47 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Wed, 17 Apr 2013 20:28:47 -0400
Subject: question on decryption with missing passcode
In-Reply-To: <516F2177.4090107@fifthhorseman.net>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
 <516F2177.4090107@fifthhorseman.net>
Message-ID: <516F3E3F.70504@fifthhorseman.net>

On 04/17/2013 06:25 PM, Daniel Kahn Gillmor wrote:
> On 04/17/2013 05:05 PM, Beith, Linda wrote:
>> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg'
>> Gpg: decrypt_message filed: file open error
> 
> 
> This message suggests that there is a problem in the filesystem, 

on further reflection, this might also indicate that the file does not
exist in the location (or with the name) that the operator is indicating.

For example:

0 dkg at alice:~$ gpg --decrypt does.not.exist.gpg
gpg: can't open `does.not.exist.gpg'
gpg: decrypt_message failed: file open error
2 dkg at alice:~$

make sure you know where your file is, and that you are passing the
correct filename to gpg.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130417/267a653f/attachment-0001.sig>

From hhhobbit at securemecca.net  Thu Apr 18 03:27:01 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Thu, 18 Apr 2013 01:27:01 +0000
Subject: question on decryption with missing passcode
In-Reply-To: <516F32AA.4020703@securemecca.net>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
 <516F32AA.4020703@securemecca.net>
Message-ID: <516F4BE5.3010001@securemecca.net>

On 04/17/2013 11:39 PM, Henry Hertz Hobbit wrote:
> On 04/17/2013 09:05 PM, Beith, Linda wrote:
> 
>> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg'
>> Gpg: decrypt_message filed: file open error
> 
> Daniel Kahn Gillmor is correct on this being a file permissions
> problem or maybe an OS problem for a file of that large size.
> Like Daniel, I assume the first.
> 
> I assume from what you said that it is encrypted with a symmetric
> cipher rather than a public key.  You need to rule out something
> encrypted with public key in which case only you rather than you
> and the sender can decrypt which can be done with a symmetric
> cipher.
> 
> The best thing would be to make sure you have the same thing:
> 
> $ sha1sum -b rwu.dbdump_Nov2012.sql.gz.gpg
> 
> sha1sum may not be good enough for security but it is good enough
> for file permission and corruption problems and should give you
> the same sum on both your system and their system.  But the message
> looks more like like a file permissions problem and in that case
> even something as simple as sha1sum will also fail with a message
> like "Permission denied".  If you get that do a:
> 
> $ ls -l rwu.dbdump_Nov2012.sql.gz.gpg
> 
> That gives the permissions on the file.  Make sure you have
> read permissions (you are in the group specified for the
> file or read acccess is also given to Other).

Let us know when the problem is resolved (if it has not
been resolved already).  Having root access and typing
the following may need to be done:

# chmod 640 rwu.dbdump_Nov2012.sql.gz.gpg
# chmod 750

Also adding the user that is typing the commands to
the group for the files may be necessary and is actually
most likely what is wrong.

You may need to use 644 and 755 but I would NOT have
set it up that way.  Only the people in the group should
have access to the folder and files.  Name the group
as desired. They should have done all of this already.
No?  A school database that is THAT insecure?  Impossible!
Each client probably has a different group and the user
that is typing the commands that is NOT in that group will
have file permission problems.  That means you may have
no problems because you are in the group but they will
have problems if their user is not in your group or what
ever group they have put the file into.

More likely than not that will solve ALL of the problems
as long as you and they have write access to the folder
(dir) that the rwu.dbdump_Nov2012.sql.gz.gpg file is in.
Note that root does NOT do the decryption.  Only the user
authorized to do that does it.  But that user can NOT
change the permissions and ownership of the files if they
are not in the group.  The only user that can do that who
is not a member of the group is root.  But root cannot
even see the files in the /opt/swgroup if it is NFS mounted
and root is not in the swgroup group.

As a follow up, if the sha1sum command works and you have the
same check sum and sizes on both machines then we know you
have the same file and read access to it.  Well, I guess
somebody could hack the SHA1 check sum but that is esoteric
and unlikely.  Don't laugh.  I have malware with hacked
SHA1 sums.  It takes LOTS of computer power to do it.  They
used distributed power on the Internet that was supposed to
be used for scientific purposes to do it.  If you have
sha256sum and use it and the sizes and the SHA-256 sums
of both files are the same then you KNOW the files are the
same.

If you BOTH have read access to the file and write access
to the folder and you can decrypt it but they can't decrypt
it then it is very likely that they encrypted it using your
OpenPGP public-key.  In that case only the person that has
the secret key (you or who ever it is at rwu.edu that has
the secret key on their system) and knows the passcode
(more correctly, the pass-phrase) can decrypt the file.
Only the person / people that have the secret keys and
know the pass-phrase can decrypt the file.  Unfortunately
I have a system that set the pinentry to not require
the pass-phrase after I used it once to sign the block
list for Cookie-Safe (with no input from me other than
than my pass-phrase and an Enter).  That is a very
dangerous condition~ I have lots more white hairs. It
requests the pass-phrase now.

They could also use the same passcode (password) even with
symmetric ciphers with each client being assigned the same
password / passcode for ALL files.  It is less secure but
the reason why is multiple passwords for each client can
lead to confusion and data that is lost forever.  But in
that case BOTH of you should be able to decrypt the file.

If you are using Windows, this hash program can quickly
provide all the various hashes for a given file (there
are others but this is only one that has been there for
YEARS):

http://www.slavasoft.com/hashcalc/index.htm

Cross tested with the same check-sums on Linux
both yielding same results.

HHH



From mirimir at riseup.net  Thu Apr 18 05:12:39 2013
From: mirimir at riseup.net (mirimir)
Date: Thu, 18 Apr 2013 03:12:39 +0000
Subject: Privacy concerns
In-Reply-To: <516EEDAD.7070406@gmail.com>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
 <516ECC42.5060507@dougbarton.us> <516EEDAD.7070406@gmail.com>
Message-ID: <516F64A7.4010708@riseup.net>

On 04/17/2013 06:45 PM, NdK wrote:

> Il 17/04/2013 18:22, Doug Barton ha scritto:
> 
>> It's very safe to assume that e-mail address harvesting from the key
>> servers is not anything to worry about.
> At least for now.
> But spam is just one of the possible issues...
> 
> Anyway I can see that the easiest and more versatile solution is to have
> different identities for different communities (one for work, one for
> personal use, one for hacking communities, ...). Eventually all
> cross-signed.

Why would one cross-sign keys for identities used in different
communities? That would link them, which seems counterproductive.



From dshaw at jabberwocky.com  Thu Apr 18 05:54:00 2013
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed, 17 Apr 2013 23:54:00 -0400
Subject: Privacy concerns
In-Reply-To: <516F64A7.4010708@riseup.net>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
 <516ECC42.5060507@dougbarton.us> <516EEDAD.7070406@gmail.com>
 <516F64A7.4010708@riseup.net>
Message-ID: <0C466D7A-6A32-43C3-BAD0-87E78AC200AC@jabberwocky.com>

On Apr 17, 2013, at 11:12 PM, mirimir <mirimir at riseup.net> wrote:

> On 04/17/2013 06:45 PM, NdK wrote:
> 
>> Il 17/04/2013 18:22, Doug Barton ha scritto:
>> 
>>> It's very safe to assume that e-mail address harvesting from the key
>>> servers is not anything to worry about.
>> At least for now.
>> But spam is just one of the possible issues...
>> 
>> Anyway I can see that the easiest and more versatile solution is to have
>> different identities for different communities (one for work, one for
>> personal use, one for hacking communities, ...). Eventually all
>> cross-signed.
> 
> Why would one cross-sign keys for identities used in different
> communities? That would link them, which seems counterproductive.

I think this could go either way, depending on the communities and identities (and people) involved.  For me, if I made a work key, I'd probably cross sign (or at least sign my work key using my personal key) as it would give a better path to the work key in the web of trust.  At the same time, though, if I made a key for a particular community where I wasn't directly known as "David Shaw", I'd probably not cross sign for the reason you imply - I wouldn't want the two identities linked.

David



From hhhobbit at securemecca.net  Thu Apr 18 06:12:16 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Thu, 18 Apr 2013 04:12:16 +0000
Subject: question on decryption with missing passcode
In-Reply-To: <516F3E3F.70504@fifthhorseman.net>
References: <FF5146B43AB9BD458FE7C631B9B09B3A01466C6067B1@RWUCMS.rwu.edu>
 <516F2177.4090107@fifthhorseman.net> <516F3E3F.70504@fifthhorseman.net>
Message-ID: <516F72A0.80004@securemecca.net>

On 04/18/2013 12:28 AM, Daniel Kahn Gillmor wrote:
> On 04/17/2013 06:25 PM, Daniel Kahn Gillmor wrote:
>> On 04/17/2013 05:05 PM, Beith, Linda wrote:
>>> Gpg: can't open 'rwu.dbdump_Nov2012.sql.gz.gpg' Gpg:
>>> decrypt_message filed: file open error
>> 
>> 
>> This message suggests that there is a problem in the filesystem,
>> 
> 
> on further reflection, this might also indicate that the file does
> not exist in the location (or with the name) that the operator is
> indicating.
> 
> For example:
> 
> 0 dkg at alice:~$ gpg --decrypt does.not.exist.gpg gpg: can't open
> `does.not.exist.gpg' gpg: decrypt_message failed: file open error 2
> dkg at alice:~$

I think this is no longer a decryption issue.  If all you want
is something about encryption, TAP DELETE NOW!  Encryption is
not even discussed here!

In that case, either sha1sum or file (why not do two things at
once?) gives a more meaningful message:

$ sha1sum  nonexistentfile
sha1sum: nonexistentfile: No such file or directory

$ sha1sum foo
sha1sum: foo: Permission denied
$ ls -l foo
-rw-r----- 1 root root 32 2013-04-18 00:08 foo

I just wrote Linda privately since it was no longer an encryption
issue IMO. I hope the leading "rwu." does not mean they are
storing everything in one folder.  No IBM main-frame person would
do that and IBM main-frames have ISAM (Indexed Sequential Access
Method).  Almost a million files in one folder (yes I have saw it
stupidly done not once but twice) is not a pretty sight, and if
you have ext4, something like Reiser isn't going to save you.
You still have O(N/2) on average to do anything with files in
that folder (the dir file, not the inodes the various dir entries
point to).  I would give each client their own folder at minimum
and maybe sub-folders.  Things run much quicker that way all the
way around. What was the clue that they are using a one folder
method?  They are removing the older files.  it could be they
are running out of storage space but we have terrabyte disks now
so it is more likely they are having a one folder for all slow
down.  Disks are cheap.  Make /client an NFS mount and squirrel
away the old drives into storage to be replaced by new disks on
the NFS mount.  You could recycle the old disks after a while.
Make the backups resilient to wait for 30 minutes on fail before
trying again while the old disk is umounted and replaced with the
new disk. And I would much rather have the mount device be a hard
/dev/sd# rather than all the other id stuff too.  Have client folder
pre-made and ready to go before the new disk is mounted.  I have
done some of this stuff in my sleep - literally!  A kot of DB
people do it too.

As I read it, they are somehow able to cd into the folder - perm
711 / 751, (please not 755!), but once they get there the file
has the proper permissions (640) and is hopefully owned by owner
rwu and is in group rwu. I would set each user like rwu with a
umask 027 in their shell start up and then assuming files were
stored in something like (it works for me but maybe not for
SQL DBs):

/client/RogerWilliamsUniversity/
- alternatively
/client/rwu/

me$ su -l rwu
rwu$ cd /client/RogerWilliamsUniversity/${RESTOFPATH}
rwu$ sha1sum -b rwu.dbdump_Nov2012.sql.gz.gpg
rwu$ ls -l rwu.dbdump_Nov2012.sql.gz.gpg
# if succes with sha1sum and ls:
rwu$ gpg -d < rwu.dbdump_Nov2012.sql.gz.gpg | tar -xvf -
rwu$ file rwu.dbdump_Nov2012.sql
rwu$ ls -l rwu.dbdump_Nov2012.sql

Use of the "v" in tar optional.  File not there?

rwu$ find  /client/RogerWilliamsUniversity -type f -name \
rwu.dbdump_Nov2012.sql.gz.gpg -print

There again by having their own folder I reduce the work find
has to do by several orders of magnitude.  I also reduce the
work load in normal operations.  I would prefer 2012_11 which
means you could have YYYY folders and if necessary inside the
year folder a MM folder (month in numerics).  That is just one
method to reduce the directory overloaded with too many files.
But all of the methods have the trait of using subfolders (as
many directories as necessary) according to something that is
naturally there in the data / file names.  Like I said, use
/client/rwu/ if that makes more sense and make the real world
name (GECOS field) for user rwu to be Roger Williams University.

I did ask her to respond on the solution.  It may still be an
encryption issue but I doubt it  Oops, I said something about
encryption.  Excusez mow.

HHH


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130418/9f37eaea/attachment.sig>

From wk at gnupg.org  Thu Apr 18 09:56:45 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 18 Apr 2013 09:56:45 +0200
Subject: Extracting the session key using gpme?
In-Reply-To: <CAE_Hg6YRh5TKD3efx2gN-zNbfXdO71kgD8fBGsc6XdQt4rqHeg@mail.gmail.com>
 (Laurens Van Houtven's message of "Wed, 17 Apr 2013 19:38:53 +0200")
References: <CAE_Hg6ZHBSj9QkCwTNHRP1rWRbR+SwTqhTjecUJ0L_EY8coKHA@mail.gmail.com>
 <87obddwkbn.fsf@vigenere.g10code.de>
 <CAE_Hg6YRh5TKD3efx2gN-zNbfXdO71kgD8fBGsc6XdQt4rqHeg@mail.gmail.com>
Message-ID: <87obdcuv9e.fsf@vigenere.g10code.de>

On Wed, 17 Apr 2013 19:38, _ at lvh.io said:

> Or, perhaps more specifically: what I want isn't wrong, but the only way to
> accomplish it is using the gpg command line tool, there are good reasons
> for this, and I should just use the gpg command line tool? :)

Exactly.

gpg has 323 commands and options and some of them have sub-options.
Mapping this all to GPGME is not be justified, given that GPGME stands
for ?GnuPG Made Easy?.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From _ at lvh.io  Thu Apr 18 10:04:36 2013
From: _ at lvh.io (Laurens Van Houtven)
Date: Thu, 18 Apr 2013 10:04:36 +0200
Subject: Extracting the session key using gpme?
In-Reply-To: <87obdcuv9e.fsf@vigenere.g10code.de>
References: <CAE_Hg6ZHBSj9QkCwTNHRP1rWRbR+SwTqhTjecUJ0L_EY8coKHA@mail.gmail.com>
 <87obddwkbn.fsf@vigenere.g10code.de>
 <CAE_Hg6YRh5TKD3efx2gN-zNbfXdO71kgD8fBGsc6XdQt4rqHeg@mail.gmail.com>
 <87obdcuv9e.fsf@vigenere.g10code.de>
Message-ID: <CAE_Hg6bUTLnhPhACEmS1=y+tOavXCJB46eDdUQ1RKDK2FS1VPA@mail.gmail.com>

On Thu, Apr 18, 2013 at 9:56 AM, Werner Koch <wk at gnupg.org> wrote:

> Exactly.
>
> gpg has 323 commands and options and some of them have sub-options.
> Mapping this all to GPGME is not be justified, given that GPGME stands
> for ?GnuPG Made Easy?.
>

Okay, great; I just wanted to make sure I wasn't missing anything. Command
line tool it is.

Thanks again,
lvh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130418/08abc869/attachment.html>

From simone.pagangriso at gmail.com  Thu Apr 18 09:33:19 2013
From: simone.pagangriso at gmail.com (Simone Pagan Griso)
Date: Thu, 18 Apr 2013 09:33:19 +0200
Subject: gpgme fails encrypting on 64bit debian
In-Reply-To: <874nfe5gi6.fsf@vigenere.g10code.de>
References: <CADr7kj4FOtove1T-Hw3YKbs0dYeMfUPFHqP=HutuqFh1GMrxQg@mail.gmail.com>
 <874nfe5gi6.fsf@vigenere.g10code.de>
Message-ID: <CADr7kj4kp5AOT7xk7RuRhLCX7OC3bHw8-MU5P0dhka6PQ0CO2w@mail.gmail.com>

Dear Werner,
 thanks for your answer and help (and sorry my late reply!).
I've changed the test program according to your suggestions.
In particular, to answer your question, the gpgme-config --libs --cflags
gives me:
-lgpgme -L/usr/lib/x86_64-linux-gnu -lgpg-error

I've also left the default engine info and got the same error. Then I
turned on the debug as you suggested.
I attach the output I've got. I went through it trying to get any clue on
the what is causing the error but got a bit lost: the impression I have
from the debug info is that the encryption is successful but then there's
an error right after(?). Thanks for your help, it's really appreciated!
 Cheers,
Simone



On Wed, Apr 10, 2013 at 9:32 PM, Werner Koch <wk at gnupg.org> wrote:

> On Wed, 10 Apr 2013 10:54, simone.pagangriso at gmail.com said:
>
> > gcc -m64 -D_FILE_OFFSET_BITS=64 -g test2.c -lgpgme
> > -L/usr/lib/x86_64-linux-gnu -lgpg-error -o test2
>
> Why do you want to tweak gcc options if you are anyway on a 64 bit
> system?  Also they seem to be harmelss, hast gpgme been build with the
> same options?  What does
>   gpgme-config --cflags --libs
> tell you?
>
> > //---- test program
> > #include <stdio.h>   /* printf            */
> > #include <unistd.h>  /* write             */
> > #include <errno.h>   /* errno             */
> > #include <locale.h>  /* locale support    */
> > #include <string.h>  /* string support    */
> > #include <stdlib.h>  /* memory management */
>
> gpgme.h ist missing but below you are using constants defined by
> gpgme.h.
>
> >   char *pDest = malloc(65536);
>
> (please always check for malloc error!)
>
> >   p = (char *) gpgme_check_version(NULL);
> >   printf("version=%s\n",p);
>
> Don't cast without a good reason.
>
> >   p = (char *) gpgme_get_protocol_name(GPGME_PROTOCOL_OpenPGP);
> >   printf("Protocol name: %s\n",p);
>
> Ditto.
>
>
> >   err = gpgme_ctx_set_engine_info (ceofcontext, GPGME_PROTOCOL_OpenPGP,
> >                                enginfo->file_name,enginfo->home_dir);
> >   if(err != GPG_ERR_NO_ERROR) return 5;
>
> Try first without setting a non default engine info.
>
>
> To debug your problem, I suggest to run the program like this:
>
>  GPGME_DEBUG=9:/tmp/gpgme.log:
>
> and check the log file.
>
>
> Shalom-Salam,
>
>    Werner
>
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130418/24c71351/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpgme.log
Type: application/octet-stream
Size: 24330 bytes
Desc: not available
URL: </pipermail/attachments/20130418/24c71351/attachment-0001.obj>

From wk at gnupg.org  Thu Apr 18 16:40:37 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 18 Apr 2013 16:40:37 +0200
Subject: gpgme fails encrypting on 64bit debian
In-Reply-To: <CADr7kj4kp5AOT7xk7RuRhLCX7OC3bHw8-MU5P0dhka6PQ0CO2w@mail.gmail.com>
 (Simone Pagan Griso's message of "Thu, 18 Apr 2013 09:33:19 +0200")
References: <CADr7kj4FOtove1T-Hw3YKbs0dYeMfUPFHqP=HutuqFh1GMrxQg@mail.gmail.com>
 <874nfe5gi6.fsf@vigenere.g10code.de>
 <CADr7kj4kp5AOT7xk7RuRhLCX7OC3bHw8-MU5P0dhka6PQ0CO2w@mail.gmail.com>
Message-ID: <8738unvr4q.fsf@vigenere.g10code.de>

On Thu, 18 Apr 2013 09:33, simone.pagangriso at gmail.com said:

> from the debug info is that the encryption is successful but then there's
> an error right after(?). Thanks for your help, it's really appreciated!

Here is the interesing part (I removed the hex parts):

  _gpgme_io_read (fd=0x4): enter: buffer=0xea2980, count=1024
  _gpgme_io_read (fd=0x4): check: [...] [GNUPG:] INV_REC
  _gpgme_io_read (fd=0x4): check: [...] P 10 CD6029E7DD3
  _gpgme_io_read (fd=0x4): check: [...] 4991240FCFEE7D94
  _gpgme_io_read (fd=0x4): check: [...] 1FEB9C37DBF71.
  _gpgme_io_read (fd=0x4): leave: result=62

Or as one line:

  [GNUPG:] INV_RECP 10 CD6029E7DD34991240FCFEE7D941FEB9C37DBF71

Now if you look into GnuPG's doc/DETAILS:

  *** INV_RECP, INV_SGNR
    The two similar status codes:

    - INV_RECP <reason> <requested_recipient>
    - INV_SGNR <reason> <requested_sender>

    are issued for each unusable recipient/sender. The reasons codes
    currently in use are:

       -  0 :: No specific reason given
       -  1 :: Not Found
       -  2 :: Ambigious specification
       -  3 :: Wrong key usage
       -  4 :: Key revoked
       -  5 :: Key expired
       -  6 :: No CRL known
       -  7 :: CRL too old
       -  8 :: Policy mismatch
       -  9 :: Not a secret key
       - 10 :: Key not trusted
       - 11 :: Missing certificate
       - 12 :: Missing issuer certificate

Thus the key CD6029E7DD34991240FCFEE7D941FEB9C37DBF71 is not trusted.
You may either sign it locally using gpg, or use the encryption flags 
GPGME_ENCRYPT_ALWAYS_TRUST:

  flags = (GPGME_ENCRYPT_NO_ENCRYPT_TO
           | GPGME_ENCRYPT_ALWAYS_TRUST);
  err = gpgme_op_encrypt(ceofcontext, key, flags, source, dest);

To avoid checking the debnug log each time, you may want to add code
like:

  err = gpgme_op_encrypt (ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
  fail_if_err (err);
  result = gpgme_op_encrypt_result (ctx);
  if (result->invalid_recipients)
    {
      fprintf (stderr, "Invalid recipient encountered: %s\n",
	       result->invalid_recipients->fpr);
      exit (1);
    }

You may use gpgme_op_encrypt_result even if an error is return,ed but in
this case you first need to check that the returned value is not NULL.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From wk at gnupg.org  Thu Apr 18 17:38:56 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 18 Apr 2013 17:38:56 +0200
Subject: [Announce] Libgcrypt 1.5.2 released
Message-ID: <87y5cfu9v3.fsf@vigenere.g10code.de>

Hello!

The GNU project is pleased to announce the availability of Libgcrypt
version 1.5.2.  This is a maintenance release for the stable branch.

Libgcrypt is a general purpose library of cryptographic building
blocks.  It is originally based on code used by GnuPG.  It does not
provide any implementation of OpenPGP or other protocols.  Thorough
understanding of applied cryptography is required to use Libgcrypt.

Noteworthy changes in version 1.5.2:

 * Added support for IDEA.

 * Made the Padlock code work again (regression since 1.5.0).

 * Fixed alignment problems for Serpent.

 * Fixed two bugs in ECC computations.


Source code is hosted at the GnuPG FTP server and its mirrors as
listed at http://www.gnupg.org/download/mirrors.html .  On the primary
server the source file and its digital signatures is:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.bz2 (1.5M)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.bz2.sig

This file is bzip2 compressed.  A gzip compressed version is also
available:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.gz (1.8M)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.gz.sig

Alternativley you may upgrade version 1.5.1 using this patch file:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1-1.5.2.diff.bz2 (12k)

The SHA-1 checksums are:

c9998383532ba3e8bcaf690f2f0d65e814b48d2f  libgcrypt-1.5.2.tar.bz2
fb54bfea3e276a366009c5a6296eb83cf5e7c14b  libgcrypt-1.5.2.tar.gz
086ac76cf91987f66666872cc7d5d5d33c68967e  libgcrypt-1.5.1-1.5.2.diff.bz2


For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1].  A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].

The driving force behind the development of Libgcrypt is my company
g10 Code.  Maintenance and improvement of Libgcrypt and related
software takes up most of our resources.  To allow us to continue our
work on free software, we ask to either purchase a support contract,
engage us for custom enhancements, or to donate money:

  http://g10code.com/gnupg-donation.html

Many thanks to all who contributed to Libgcrypt development, be it bug
fixes, code, documentation, testing or helping users.


Happy hacking,

  Werner



[1] See http://www.gnupg.org/documentation/mailing-lists.html .
[2] See http://www.gnupg.org/service.html

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 204 bytes
Desc: not available
URL: </pipermail/attachments/20130418/17350e16/attachment.sig>
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce

From jays at panix.com  Fri Apr 19 00:18:39 2013
From: jays at panix.com (Jay Sulzberger)
Date: Thu, 18 Apr 2013 18:18:39 -0400 (EDT)
Subject: [OT] Re: Please fix subscribe at
 http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
In-Reply-To: <249190066.20130415230736@my_localhost>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost>
Message-ID: <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>




On Mon, 15 Apr 2013, MFPA <expires2013 at ymail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi
>
>
> On Monday 15 April 2013 at 2:54:19 AM, in
> <mid:Pine.NEB.4.64.1304142149510.15168 at panix3.panix.com>, Jay
> Sulzberger wrote:
>
>
>> What telephone number, what email address should I use
>> to help me make the decision as to whether to "trust
>> the site"?  Whom should I speak to?  What method do you
>> recommend to help me make the right decisions?
>
>
> You could look at the certificate your browser doesn't trust and
> follow up the information it contains. You could also search the
> internet (and other sources) for information about Intevation GmbH,
> and see if it matches what the certificate says. Depending how
> paranoid, you could even turn up at their offices and ask relevant
> questions.
>
> Decide on the trust level you wish to establish for your intended use
> of the site. Then take whatever precautions you think are commensurate
> with that level of trust.
>
> Blindly clicking to dismiss the browser's "untrusted" warning is
> arguably no more irresponsible than blindly having the browser accept
> a certificate signed by a "certification authority" it recognises. I
> suspect if you were to look at the list of CAs trusted by your
> browser, you would encounter plenty that you see no reason to trust.
>
>
> - --
> Best regards
>
> MFPA                    mailto:expires2013 at ymail.com

MFPA, thank you for a very clear and useful answer!

I have just now read the Wikipedia article on X.509 and the article on SSL:

   http://en.wikipedia.org/wiki/X.509
   [page was last modified on 12 April 2013 at 06:34]

   http://en.wikipedia.org/wiki/Secure_Sockets_Layer
   [page was last modified on 18 April 2013 at 09:31]

I read the standard documentation once, but I read it many years
ago, and I never wrote any code, nor ran any simulations of how a
"network" of X.509 certificates might work.  There is much to
think about here.

Here is a short version of what I think is a good question:

Many people buy stuff from Amazon and other
companies/organizations/people by communicating over the Net.
For explame, people use credit cards.  I believe that certain
data is in transit between the buyer and seller, and the reverse
too, encrypted, using as part of the communications stack SSL
(actually TLS nowadays, I think).  I have the impression that
many people learn how to buy stuff by this method, that is, using
a credit card with SSL in the stack.  But learning to use GnuPG
seems much harder to most people who have learned how to buy
stuff using a credit card over the Net.

Here are some pieces of my question:

1. Is the stack used for credit card use over the Net sufficiently "secure"?
Indeed this question is ill defined: "secure" for what, against what?

2. In what ways does the problem of email encryption differ from
the problem of encrypting credit card and other money-valuable
data in transit, with http as the transport protocol?

3. If the stack used for credit card use over the Net is good
enough for most purchases, could we use a similar stack to secure
email in transit?  In particular, could we use a similar stack,
with a similar ease of learning and ease of use, as perceived by
most of the people who today buy stuff using a credit card over
the Net?

oo--JS.


>
> Change is inevitable except from a vending machine
> -----BEGIN PGP SIGNATURE-----
>
> iQCVAwUBUWx6O6ipC46tDG5pAQqxxwP8CIH5zx1y7Q2aO0ARlVmKdfJKElUodhkC
> KyWZNH7diu9OhbEMGQyPc9/YR9lGCRp3jlZ6IvJUlYY3Xo5oon+A+cElh7eH2Gyk
> taNaPSU8B61Ih9LorAN3uuOWD8Xzbug6zXNFjLXFSfZPwN3aQStT7aYLQ7XE5DhX
> yB3NBgyoqSg=
> =4gaV
> -----END PGP SIGNATURE-----
>
>


From dougb at dougbarton.us  Fri Apr 19 00:28:46 2013
From: dougb at dougbarton.us (Doug Barton)
Date: Thu, 18 Apr 2013 15:28:46 -0700
Subject: [OT] Re: Please fix subscribe at
 http://lists.wald.intevation.org/mailman/listinfo/gpg4win-announce
In-Reply-To: <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost>
 <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
Message-ID: <5170739E.10607@dougbarton.us>

This whole thread is wildly off topic for this list. Can people please 
stop replying to it?


From simone.pagangriso at gmail.com  Thu Apr 18 22:09:51 2013
From: simone.pagangriso at gmail.com (Simone Pagan Griso)
Date: Thu, 18 Apr 2013 22:09:51 +0200
Subject: gpgme fails encrypting on 64bit debian
In-Reply-To: <8738unvr4q.fsf@vigenere.g10code.de>
References: <CADr7kj4FOtove1T-Hw3YKbs0dYeMfUPFHqP=HutuqFh1GMrxQg@mail.gmail.com>
 <874nfe5gi6.fsf@vigenere.g10code.de>
 <CADr7kj4kp5AOT7xk7RuRhLCX7OC3bHw8-MU5P0dhka6PQ0CO2w@mail.gmail.com>
 <8738unvr4q.fsf@vigenere.g10code.de>
Message-ID: <CADr7kj4cS9_kaCCCWUsK-pmpzpaFD0mN8t+rbehTjWhHMJrhYw@mail.gmail.com>

Thanks a lot Werner!
This was really helpful, not only for the (stupid) error I had but also on
how I can debug further problems on my own!
 Cheers,
Simone



On Thu, Apr 18, 2013 at 4:40 PM, Werner Koch <wk at gnupg.org> wrote:

> On Thu, 18 Apr 2013 09:33, simone.pagangriso at gmail.com said:
>
> > from the debug info is that the encryption is successful but then there's
> > an error right after(?). Thanks for your help, it's really appreciated!
>
> Here is the interesing part (I removed the hex parts):
>
>   _gpgme_io_read (fd=0x4): enter: buffer=0xea2980, count=1024
>   _gpgme_io_read (fd=0x4): check: [...] [GNUPG:] INV_REC
>   _gpgme_io_read (fd=0x4): check: [...] P 10 CD6029E7DD3
>   _gpgme_io_read (fd=0x4): check: [...] 4991240FCFEE7D94
>   _gpgme_io_read (fd=0x4): check: [...] 1FEB9C37DBF71.
>   _gpgme_io_read (fd=0x4): leave: result=62
>
> Or as one line:
>
>   [GNUPG:] INV_RECP 10 CD6029E7DD34991240FCFEE7D941FEB9C37DBF71
>
> Now if you look into GnuPG's doc/DETAILS:
>
>   *** INV_RECP, INV_SGNR
>     The two similar status codes:
>
>     - INV_RECP <reason> <requested_recipient>
>     - INV_SGNR <reason> <requested_sender>
>
>     are issued for each unusable recipient/sender. The reasons codes
>     currently in use are:
>
>        -  0 :: No specific reason given
>        -  1 :: Not Found
>        -  2 :: Ambigious specification
>        -  3 :: Wrong key usage
>        -  4 :: Key revoked
>        -  5 :: Key expired
>        -  6 :: No CRL known
>        -  7 :: CRL too old
>        -  8 :: Policy mismatch
>        -  9 :: Not a secret key
>        - 10 :: Key not trusted
>        - 11 :: Missing certificate
>        - 12 :: Missing issuer certificate
>
> Thus the key CD6029E7DD34991240FCFEE7D941FEB9C37DBF71 is not trusted.
> You may either sign it locally using gpg, or use the encryption flags
> GPGME_ENCRYPT_ALWAYS_TRUST:
>
>   flags = (GPGME_ENCRYPT_NO_ENCRYPT_TO
>            | GPGME_ENCRYPT_ALWAYS_TRUST);
>   err = gpgme_op_encrypt(ceofcontext, key, flags, source, dest);
>
> To avoid checking the debnug log each time, you may want to add code
> like:
>
>   err = gpgme_op_encrypt (ctx, key, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
>   fail_if_err (err);
>   result = gpgme_op_encrypt_result (ctx);
>   if (result->invalid_recipients)
>     {
>       fprintf (stderr, "Invalid recipient encountered: %s\n",
>                result->invalid_recipients->fpr);
>       exit (1);
>     }
>
> You may use gpgme_op_encrypt_result even if an error is return,ed but in
> this case you first need to check that the returned value is not NULL.
>
>
> Shalom-Salam,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130418/cc238ad0/attachment.html>

From wk at gnupg.org  Fri Apr 19 10:57:55 2013
From: wk at gnupg.org (Werner Koch)
Date: Fri, 19 Apr 2013 10:57:55 +0200
Subject: [OT] X.509 vs. OpenPGP (was: Please fix subscribe at ...)
In-Reply-To: <5170739E.10607@dougbarton.us> (Doug Barton's message of "Thu, 18
 Apr 2013 15:28:46 -0700")
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost>
 <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
 <5170739E.10607@dougbarton.us>
Message-ID: <87obdasxrg.fsf_-_@vigenere.g10code.de>

On Fri, 19 Apr 2013 00:28, dougb at dougbarton.us said:
> This whole thread is wildly off topic for this list. Can people please
> stop replying to it?

Given that GnuPG provides a full X.509 managemnet tool, I don't consider
this entirely off topic.  However, I would appreciate if people strip
the quotes, don't top post, and change the subject if it has changed.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From dougb at dougbarton.us  Fri Apr 19 21:21:45 2013
From: dougb at dougbarton.us (Doug Barton)
Date: Fri, 19 Apr 2013 12:21:45 -0700
Subject: [OT] X.509 vs. OpenPGP
In-Reply-To: <87obdasxrg.fsf_-_@vigenere.g10code.de>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost>
 <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
 <5170739E.10607@dougbarton.us> <87obdasxrg.fsf_-_@vigenere.g10code.de>
Message-ID: <51719949.4020304@dougbarton.us>

On 04/19/2013 01:57 AM, Werner Koch wrote:
> On Fri, 19 Apr 2013 00:28, dougb at dougbarton.us said:
>> This whole thread is wildly off topic for this list. Can people please
>> stop replying to it?
>
> Given that GnuPG provides a full X.509 managemnet tool, I don't consider
> this entirely off topic.  However, I would appreciate if people strip
> the quotes, don't top post, and change the subject if it has changed.

Fair enough, and sorry if I overstepped. It seemed to me that the topic 
had veered into "how do I fix a certain domain whose issues are probably 
not related to gnupg," but you're the boss. :)

Doug



From ndk.clanbo at gmail.com  Sat Apr 20 14:18:11 2013
From: ndk.clanbo at gmail.com (NdK)
Date: Sat, 20 Apr 2013 14:18:11 +0200
Subject: Privacy concerns
In-Reply-To: <516F64A7.4010708@riseup.net>
References: <CADjEZsSHDA-QWERZPXLYMOYjJ4=mj=4oLhzXvkft2m2R92vKVA@mail.gmail.com>
 <516ECC42.5060507@dougbarton.us> <516EEDAD.7070406@gmail.com>
 <516F64A7.4010708@riseup.net>
Message-ID: <51728783.3020904@gmail.com>

Il 18/04/2013 05:12, mirimir ha scritto:

> Why would one cross-sign keys for identities used in different
> communities? That would link them, which seems counterproductive.
That would be useful to improve the WoT, and it wouldn't "link" 'em more
than any other signature: signing a key means you are certifying that
that key belongs to that identity, not that other identity belongs to you :)

BYtE,
 Diego.


From expires2013 at ymail.com  Sun Apr 21 02:03:15 2013
From: expires2013 at ymail.com (MFPA)
Date: Sun, 21 Apr 2013 01:03:15 +0100
Subject: [OT] Trusting X.509 certificate
In-Reply-To: <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost>
 <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
Message-ID: <410431207.20130421010315@my_localhost>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 18 April 2013 at 11:18:39 PM, in
<mid:Pine.NEB.4.64.1304151809210.10719 at panix3.panix.com>, Jay
Sulzberger wrote:


> 1. Is the stack used for credit card use over the Net
> sufficiently "secure"? Indeed this question is ill
> defined: "secure" for what, against what?

People have used payment cards insecurely in person and over the phone
for decades. Many are even daft enough to hand over cards to be kept
behind the counter against open food/drink tabs. The currently-used
systems for card payments over the internet are certainly also
insufficiently secure. But I have no compelling reason to believe
there is more of a problem now than in times gone by, rather than just
greater awareness.



> 2. In what ways does the problem of email encryption
> differ from the problem of encrypting credit card and
> other money-valuable data in transit, with http as the
> transport protocol?

In technical terms, I haven't a clue about the differing problems. But
in my experience credit card purchases are usually secured by https,
with certificates trusted by my browser manufacturer rather than by
me. This contrasts with email encryption using GnuPG, where the
decision to trust keys is nobody's but my own.



> 3. If the stack used for credit card use over the Net
> is good enough for most purchases, could we use a
> similar stack to secure email in transit?  In
> particular, could we use a similar stack, with a
> similar ease of learning and ease of use, as perceived
> by most of the people who today buy stuff using a
> credit card over the Net?

As far as I can tell, the ease of use comes from a blind trust in
browser developers' CA choices. I put it to you that this would be an
undesirable model for securing email communications.

- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

Don't learn safety rules by accident...
-----BEGIN PGP SIGNATURE-----

iQCVAwUBUXMsyqipC46tDG5pAQpPfwQAisBsQuLdSwJvK6yjUoflqWuajIOu5EH/
H+lCFJwUXgXdQid/UgQRfph/AGKZtkIfOsDHtk9eMWoRrMmjL/jvQGMu0vnStbii
xlk2JAODHrb9Z7bcJpBMN3fGDoR2qNoywsQYEeW1M7SqPR5mMPE1bQWzGR2mrE2Q
GK/VrGAKCY8=
=1ahx
-----END PGP SIGNATURE-----



From ndk.clanbo at gmail.com  Sun Apr 21 10:11:27 2013
From: ndk.clanbo at gmail.com (NdK)
Date: Sun, 21 Apr 2013 10:11:27 +0200
Subject: [OT] Re: Trust
In-Reply-To: <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
References: <5ihajlvhkr.fsf@fencepost.gnu.org>
 <1385792861.20130414143639@my_localhost>
 <Pine.NEB.4.64.1304142149510.15168@panix3.panix.com>
 <249190066.20130415230736@my_localhost>
 <Pine.NEB.4.64.1304151809210.10719@panix3.panix.com>
Message-ID: <51739F2F.3070303@gmail.com>

Il 19/04/2013 00:18, Jay Sulzberger ha scritto:
> 1. Is the stack used for credit card use over the Net sufficiently "secure"?
> Indeed this question is ill defined: "secure" for what, against what?
Just cryptographycally secure: the data you send "cannot" be read by
others except the server. That, obviously, tells you nothing about:
- who runs the server
- if the server has been hacked
- what will the "current owner" of the site do with your card data

When you trust a certificate, you're assuming that the CA that signed it
actually did some checks, but have you actually ever read a CA's policy?
The check could simply be that who is requesting the certificate can
read the mail associated with that domain in the DNS...

> 2. In what ways does the problem of email encryption differ from
> the problem of encrypting credit card and other money-valuable
> data in transit, with http as the transport protocol?
For example, you usually want to be able to read your mail "forever"
after you received it, but you aren't interested in "replying" a TLS
session (except for debug purposes in a controlled environment): if you
need to see the movements list on your CC, you just open a new
connection to the bank and get an updated page.

> 3. If the stack used for credit card use over the Net is good
> enough for most purchases, could we use a similar stack to secure
> email in transit?  In particular, could we use a similar stack,
> with a similar ease of learning and ease of use, as perceived by
> most of the people who today buy stuff using a credit card over
> the Net?
Just for mail "in transit": servers can use TLS to encapsulate mail
protocols instead of http. Mail remains cleartext when saved locally.
Or you can add another layer to achieve end-to-end security, given that
"somehow" you know other party's public key.
That "somehow" might be x509 certs or GPG keys or anything else, and the
level of trust you give it depends on many factors. But to know how much
you can trust it, you have to know roughly how it works -- every system
can be abused, and the friendlier the simpler to abuse.

Remember that even a registered commercial activity (that could pass
Extended Validation) can be a scam (recent first-hand experience...).

BYtE,
 Diego.


From ndk.clanbo at gmail.com  Sun Apr 21 10:49:19 2013
From: ndk.clanbo at gmail.com (NdK)
Date: Sun, 21 Apr 2013 10:49:19 +0200
Subject: Developing JavaCard applet
Message-ID: <5173A80F.3060302@gmail.com>

Hello all.

I'm planninng to start work on a "OpenGPGCard TNG" ( :) ) that allows:
- exportable keys only towards user-certified devices
- support for 2048 bit keys -- more if HW allows it
- storage for "many" (thought at least 18 to allow 1 key per year till
2030) encryption keys (current + expired ones), plus regular signature
and auth keys, plus an extra auth key for RFID auth.

What I'd like to achieve is that the user is in control of what to do
with his keys: choose if they're exportable or not, choose to allow
export only to other cards, choose if exported key can be re-exported,
etc. But that policy have to be chosen before generating/importing the
signature key: once a signature key is in-place, policy cannot be
altered any more.
That would allow the use of a single card/token per identity, with keys
that can be backed up but remain safe (well, technically the user could
choose to export against an insecure SW key container, but it's his
coice: why should I forbid it? And even if I'd forbid it, he would
simply generate the key in the SW key container then import to the card,
and sw RNGs are usually "less secure" than TRNGs in cards, or even alter
the applet to disable the check...).

The applet will (obviously) be open-source.
The target card is any GP 2.1.1 (no need for extended APDUs -- they will
be simulated) -- I'll test on JCOP41 72k and SmartCaf? Expert 144k.

Comments? Suggestions? Other missing features?

BYtE,
 Diego.


From esskar at gmail.com  Sun Apr 21 14:33:30 2013
From: esskar at gmail.com (Sascha Kiefer)
Date: Sun, 21 Apr 2013 14:33:30 +0200
Subject: GnuPG with ECC support (on windows)
Message-ID: <CAPz-4ajqGR09zbP=ZCvVKRKkL3n+TRgnsJfTRCKpjbEG6SVBZg@mail.gmail.com>

Hi,

i know that there is an option for ECC available when using the developer
version with --expert command switch. The problem is i cannot compile it.
Not on MinGW and not on my linux web server.
Well, i actually fail to compile libgpg-error-1.11. On linux i get during
make

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I..
-DLOCALEDIR=\"/usr/local/share/locale\" -g -O2 -MT
libgpg_error_la-version.lo -MD -MP -MF .deps/libgpg_error_la-
version.Tpo -c version.c  -fPIC -DPIC -o .libs/libgpg_error_la-version.o


version.c: In function 'cright_blurb':


version.c:41: error: expected ',' or ';' before 'PACKAGE_VERSION'


version.c: In function 'gpg_error_check_version':


version.c:120: error: 'PACKAGE_VERSION' undeclared (first use in this
function)

version.c:120: error: (Each undeclared identifier is reported only once


version.c:120: error: for each function it appears in.)


make[3]: *** [libgpg_error_la-version.lo] Error 1



on cygwin i get when running make install

potomo: './po/pl.po' converting from ISO-8859-2 to utf-8
and this never returns.

Can someone help me? Please CC me, since i am not yet on the list.

Thanks.

Regards,
esskar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130421/97f5da77/attachment.html>

From pete at heypete.com  Sun Apr 21 21:52:28 2013
From: pete at heypete.com (Pete Stephenson)
Date: Sun, 21 Apr 2013 21:52:28 +0200
Subject: GnuPG with ECC support (on windows)
In-Reply-To: <CAPz-4ajqGR09zbP=ZCvVKRKkL3n+TRgnsJfTRCKpjbEG6SVBZg@mail.gmail.com>
References: <CAPz-4ajqGR09zbP=ZCvVKRKkL3n+TRgnsJfTRCKpjbEG6SVBZg@mail.gmail.com>
Message-ID: <5174437C.8010202@heypete.com>

On a related note, Sascha's message reminded me of something: is there
any word on when the OpenPGP+ECC standard (RFC 6637) is going to be
finalized/approved?

I, for one, am really interested in ECC as it'd allow for stronger
security without outrageously-large RSA keys. I'd hate to go through all
the trouble of getting a new 4096-bit RSA key signed and in the WoT only
to have ECC support come out immediately after so I'd have to start
over. :-D

Cheers!
-Pete


From wk at gnupg.org  Mon Apr 22 08:57:00 2013
From: wk at gnupg.org (Werner Koch)
Date: Mon, 22 Apr 2013 08:57:00 +0200
Subject: GnuPG with ECC support (on windows)
In-Reply-To: <5174437C.8010202@heypete.com> (Pete Stephenson's message of
 "Sun, 21 Apr 2013 21:52:28 +0200")
References: <CAPz-4ajqGR09zbP=ZCvVKRKkL3n+TRgnsJfTRCKpjbEG6SVBZg@mail.gmail.com>
 <5174437C.8010202@heypete.com>
Message-ID: <87r4i3njcz.fsf@vigenere.g10code.de>

On Sun, 21 Apr 2013 21:52, pete at heypete.com said:
> On a related note, Sascha's message reminded me of something: is there
> any word on when the OpenPGP+ECC standard (RFC 6637) is going to be
> finalized/approved?

What do you mean?  The RFC has been released and thus it has been
?finalized?.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From pete at heypete.com  Mon Apr 22 10:01:09 2013
From: pete at heypete.com (Pete Stephenson)
Date: Mon, 22 Apr 2013 10:01:09 +0200
Subject: GnuPG with ECC support (on windows)
In-Reply-To: <87r4i3njcz.fsf@vigenere.g10code.de>
References: <CAPz-4ajqGR09zbP=ZCvVKRKkL3n+TRgnsJfTRCKpjbEG6SVBZg@mail.gmail.com>
 <5174437C.8010202@heypete.com> <87r4i3njcz.fsf@vigenere.g10code.de>
Message-ID: <5174EE45.9030005@heypete.com>

On 4/22/2013 8:57 AM, Werner Koch wrote:
> On Sun, 21 Apr 2013 21:52, pete at heypete.com said:
>> On a related note, Sascha's message reminded me of something: is there
>> any word on when the OpenPGP+ECC standard (RFC 6637) is going to be
>> finalized/approved?
> 
> What do you mean?  The RFC has been released and thus it has been
> ?finalized?.

My apologies: I guess I don't know the terminology as well as I'd like. :)

My understanding is that the RFC is on the "standards track" but is not
yet officially approved as a standard. Any idea when that might happen?

Cheers!
-Pete


From kiblema at gmail.com  Mon Apr 22 09:28:45 2013
From: kiblema at gmail.com (Lema KB)
Date: Mon, 22 Apr 2013 09:28:45 +0200
Subject: One Private Key for several users
Message-ID: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>

Hi all

Is there any other way of using one and the same private-key by several
users, except exporting the priv-key?
We are decrypting some csv-files on a virtual machine. and it's for us not
so appropriate to share private-key through exporting. maybe there is a way
out, like giving/taking the right to/from the group of windows users to
decrypt the files.

If someone knows from you, would be very thankful. any help is also
appreciated.

thanks you in advance,
lema (new to GPG/PGP)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130422/a6dd0ac4/attachment.html>

From ndk.clanbo at gmail.com  Mon Apr 22 11:17:04 2013
From: ndk.clanbo at gmail.com (NdK)
Date: Mon, 22 Apr 2013 11:17:04 +0200
Subject: One Private Key for several users
In-Reply-To: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
Message-ID: <51750010.1090308@gmail.com>

Il 22/04/2013 09:28, Lema KB ha scritto:
> Is there any other way of using one and the same private-key by several
> users, except exporting the priv-key?
> We are decrypting some csv-files on a virtual machine. and it's for us not
> so appropriate to share private-key through exporting. maybe there is a way
> out, like giving/taking the right to/from the group of windows users to
> decrypt the files.
Crypto doesn't work this way.
The easiest (most versatile, less secure) solution: decrypt the files
and leverage win's ACL system to make 'em readable only by the right group.
The PGP-way of doing things (not easy but secure): treat the files as
mails to multiple recipients. Session key is re-encrypted with the
public key of every recipient. When you want to add a new user that can
read old files, you have to add him as a recipient. If you want to
revoke access, you have to delete the encoding of the session key under
his public key. For every file. And for every added/deleted user.

As you can see, the secure way is mostly "static": doesn't like changes
in who can read files. The other is much less secure but much more
"versatile" (no need to change old files when staff changes).

BYtE,
 Diego.


From hhhobbit at securemecca.net  Mon Apr 22 12:44:22 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 22 Apr 2013 10:44:22 +0000
Subject: One Private Key for several users
In-Reply-To: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
Message-ID: <51751486.60309@securemecca.net>

On 04/22/2013 07:28 AM, Lema KB wrote:
> Hi all
> 
> Is there any other way of using one and the same private-key by several
> users, except exporting the priv-key?
> We are decrypting some csv-files on a virtual machine. and it's for us not
> so appropriate to share private-key through exporting. maybe there is a way
> out, like giving/taking the right to/from the group of windows users to
> decrypt the files.
> 
> If someone knows from you, would be very thankful. any help is also
> appreciated.

It kind of depends on whether or not you want to use symmetric ciphers
or public-key ciphers.  For symmetric ciphers you can all have your
own private / public key pair.  You could even use 7-Zip unless it
is precluded by regulations.  AES-128 with a great password is usually
more than adequate for many but by no means ALL purposes.  But a
symmetric enciphered file can be deciphered by anyone if they know
the password and have the software to decipher the file.

But if you are using email and public key encryption, when you
encipher the message to send to  multiple people, Enigmail in
Thunderbird and what ever is used in Claws Mail encrypts a separate
copy for everybody using EACH PERSON'S public key.

I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
among my multiple OS with the random_seed file modified with hexedit
and the 0-9 & A-F modified with no plan (pure serendipity) so each of
them have a different random_seed file. There are no guarantees whether
or not that 'F' is going to be replaced by yet another 'F' or any
scheme at all of which nibble gets modified or not.  So each of my
keyrings has its own random_seed file.  ALL of my OS are 32 bit LE
versions even if 64 bit is available.  The two Linux systems have
ways of using all of the 7 GB and 12 GB of RAM (e.g. PAE for
Ubuntu) RAM available.  I rarely use Windows but have two Windows
7 OS.

You can get hexedit (binary) editors for Windows.

But if you have even mixed 32 bit LE and 64 bit LE that approach
will most likely NOT work (not tried, no proof, copying strongly
discouraged).  Ditto for BE (Macintosh Power PC, et al - copying
is IMPOSSIBLE).  You need to export / import under those conditions.
Just be sure to erase the files copied with a pretty strong eraser
for ALL of these files being transferred around, especially the
priv key export files.  I use the included AES-128 symmetric cipher
in 7-Zip for the transfer for anything copied to a flash drive.
You cannot use OpenPGP to do it because you have a chicken versus
egg problem; you are transferring what needs to be on the other
end to get it unpacked..

I apologize if there is a more elegant or better answer.  Does that
answer your question or were you asking something else?

HHH


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130422/b981cb41/attachment.sig>

From peter at digitalbrains.com  Mon Apr 22 13:52:50 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 22 Apr 2013 13:52:50 +0200
Subject: One Private Key for several users
In-Reply-To: <51751486.60309@securemecca.net>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
 <51751486.60309@securemecca.net>
Message-ID: <51752492.4060200@digitalbrains.com>

On 22/04/13 12:44, Henry Hertz Hobbit wrote:
> I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
> among my multiple OS with the random_seed file modified with hexedit
> and the 0-9 & A-F modified with no plan (pure serendipity)

I consider this bad advice; just don't copy the random_seed file and let each
system generate its own.

Humans are notoriously bad at generating randomness, probably due to our
tendency to assign meaning and order to everything we encounter in life.

I also don't really see how it relates to OP's question.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From peter at digitalbrains.com  Mon Apr 22 14:06:03 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 22 Apr 2013 14:06:03 +0200
Subject: One Private Key for several users
In-Reply-To: <51752492.4060200@digitalbrains.com>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
 <51751486.60309@securemecca.net> <51752492.4060200@digitalbrains.com>
Message-ID: <517527AB.1070202@digitalbrains.com>

On 22/04/13 13:52, Peter Lebbing wrote:
> I consider this bad advice

Oops, slight case of grumpiness? Since it's advice given in good faith, let me
rephrase that more pleasantly.

I don't think you should do that.

There, much better :). Sorry. My mistake.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From hhhobbit at securemecca.net  Mon Apr 22 14:41:11 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 22 Apr 2013 12:41:11 +0000
Subject: One Private Key for several users
In-Reply-To: <51752492.4060200@digitalbrains.com>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
 <51751486.60309@securemecca.net> <51752492.4060200@digitalbrains.com>
Message-ID: <51752FE7.7080300@securemecca.net>

On 04/22/2013 11:52 AM, Peter Lebbing wrote:
> On 22/04/13 12:44, Henry Hertz Hobbit wrote:
>> I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
>> among my multiple OS with the random_seed file modified with hexedit
>> and the 0-9 & A-F modified with no plan (pure serendipity)
> 
> I consider this bad advice; just don't copy the random_seed file and let each
> system generate its own.

They are on Windows.  I tried not copying random_seed and
PGP4Win never generated a new random_seed file for me.  Maybe
GnuPG for WIndows uses something else?

> I also don't really see how it relates to OP's question.

They wanted to know if they could have several people sharing
the same secret (private) key.  I don't think it is practical.
Actually they are on fishing expedition to find what will
work best and don't seem to know how to ask for it.

OTOH, if what they are searching for is a way that the files
are encrypted but once the person is removed from the group
(leaves the company etc.) there is no elegant solution.  You
would need a separte publicly encrypted file for each person
and they would still have all of the previous decrypted files
even after they were removed from the group.  Again, it is
not a practical solution.  If it is required by regulations
(doubtful) that may be the best you can do.

IMHO, NdK's response is best.  Use Windows ACL to control who
has what.  I THINK that is what they are looking for anyway.
They just want to control who has access to the files and how
long they can have access.  On 'nix machines this could be done
with a group.  If you are not in the ACL or group list, then
you have no legitimate access to the files. Immediately remove
those people that no longer need access from the ACL or group.

HHH



From wk at gnupg.org  Mon Apr 22 15:37:35 2013
From: wk at gnupg.org (Werner Koch)
Date: Mon, 22 Apr 2013 15:37:35 +0200
Subject: GnuPG with ECC support (on windows)
In-Reply-To: <5174EE45.9030005@heypete.com> (Pete Stephenson's message of
 "Mon, 22 Apr 2013 10:01:09 +0200")
References: <CAPz-4ajqGR09zbP=ZCvVKRKkL3n+TRgnsJfTRCKpjbEG6SVBZg@mail.gmail.com>
 <5174437C.8010202@heypete.com> <87r4i3njcz.fsf@vigenere.g10code.de>
 <5174EE45.9030005@heypete.com>
Message-ID: <87ip3eofds.fsf@vigenere.g10code.de>

On Mon, 22 Apr 2013 10:01, pete at heypete.com said:

> My understanding is that the RFC is on the "standards track" but is not
> yet officially approved as a standard. Any idea when that might happen?

Most RFCs are not in the INTERNET STANDARD state.  Even widely used
protocols like HTTP are still in DRAFT STANDARD.  The PROPOSED STANDARD
state of OpenPGP is thus a normal experience for a protocol.  Don't
expect that it will be lifted to DRAFT any time soon.  We tried for more
than a decade to setup interop tests to no result.  I was interested to
help but the other major implementer was sold too often to allocated
resources to setup a test.

I just figured that CMS is indeed now in the INTERNET STANDARD state but
the X.509 RFC, which is required by CMS, is still at PROPOSED STANDARD.

RFC2026 has the details about the states.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From kiblema at gmail.com  Mon Apr 22 15:43:54 2013
From: kiblema at gmail.com (Lema KB)
Date: Mon, 22 Apr 2013 15:43:54 +0200
Subject: One Private Key for several users
In-Reply-To: <51752FE7.7080300@securemecca.net>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
 <51751486.60309@securemecca.net>
 <51752492.4060200@digitalbrains.com>
 <51752FE7.7080300@securemecca.net>
Message-ID: <CANsSn+73UT69Q2zdC-x0SQywyjDVmJ_eLy2L4u=JJkgviHUbOg@mail.gmail.com>

thank you all very much.

i'll follow the way from NdK. if it not works, than i set a right for users
to the folder with decrypted files. but to decrypt the files, there is one
account with which priv-key is created and with which they log in to
virtual machine (win2008) to decrypt files.. i do not see any other
solution, do you..

best regards,
newtogpg


On Mon, Apr 22, 2013 at 2:41 PM, Henry Hertz Hobbit <
hhhobbit at securemecca.net> wrote:

> On 04/22/2013 11:52 AM, Peter Lebbing wrote:
> > On 22/04/13 12:44, Henry Hertz Hobbit wrote:
> >> I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
> >> among my multiple OS with the random_seed file modified with hexedit
> >> and the 0-9 & A-F modified with no plan (pure serendipity)
> >
> > I consider this bad advice; just don't copy the random_seed file and let
> each
> > system generate its own.
>
> They are on Windows.  I tried not copying random_seed and
> PGP4Win never generated a new random_seed file for me.  Maybe
> GnuPG for WIndows uses something else?
>
> > I also don't really see how it relates to OP's question.
>
> They wanted to know if they could have several people sharing
> the same secret (private) key.  I don't think it is practical.
> Actually they are on fishing expedition to find what will
> work best and don't seem to know how to ask for it.
>
> OTOH, if what they are searching for is a way that the files
> are encrypted but once the person is removed from the group
> (leaves the company etc.) there is no elegant solution.  You
> would need a separte publicly encrypted file for each person
> and they would still have all of the previous decrypted files
> even after they were removed from the group.  Again, it is
> not a practical solution.  If it is required by regulations
> (doubtful) that may be the best you can do.
>
> IMHO, NdK's response is best.  Use Windows ACL to control who
> has what.  I THINK that is what they are looking for anyway.
> They just want to control who has access to the files and how
> long they can have access.  On 'nix machines this could be done
> with a group.  If you are not in the ACL or group list, then
> you have no legitimate access to the files. Immediately remove
> those people that no longer need access from the ACL or group.
>
> HHH
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130422/d071dd2a/attachment.html>

From peter at digitalbrains.com  Mon Apr 22 19:26:35 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 22 Apr 2013 19:26:35 +0200
Subject: BCC'ing recipients on a mailing list
In-Reply-To: <51752FE7.7080300@securemecca.net>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
 <51751486.60309@securemecca.net> <51752492.4060200@digitalbrains.com>
 <51752FE7.7080300@securemecca.net>
Message-ID: <517572CB.5000304@digitalbrains.com>

Hello HHH,

It would appear that you BCC'd me on the message I'm replying to, because I got
it twice: once without going through gnupg-users and a copy sent through
gnupg-users. The messages have the same Message-ID and ID assigned by the first
mail server, so it's really a duplicate.

Please try not to BCC people that are on the list. The mailing list managing
software can't know that I was BCC'd and will send me a copy, which it wouldn't
do if it saw me in To or CC.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From kristian.fiskerstrand at sumptuouscapital.com  Mon Apr 22 17:43:49 2013
From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand)
Date: Mon, 22 Apr 2013 17:43:49 +0200
Subject: One Private Key for several users
In-Reply-To: <CANsSn+73UT69Q2zdC-x0SQywyjDVmJ_eLy2L4u=JJkgviHUbOg@mail.gmail.com>
References: <CANsSn+7GDCp0wc-sjik5j+jArf2=tjXWr-t0Qxb=kxUpooA-QQ@mail.gmail.com>
 <51751486.60309@securemecca.net> <51752492.4060200@digitalbrains.com>
 <51752FE7.7080300@securemecca.net>
 <CANsSn+73UT69Q2zdC-x0SQywyjDVmJ_eLy2L4u=JJkgviHUbOg@mail.gmail.com>
Message-ID: <51755AB5.5070605@sumptuouscapital.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 04/22/2013 03:43 PM, Lema KB wrote:
> thank you all very much.
> 
> i'll follow the way from NdK. if it not works, than i set a right
> for users to the folder with decrypted files. but to decrypt the
> files, there is one account with which priv-key is created and with
> which they log in to virtual machine (win2008) to decrypt files.. i
> do not see any other solution, do you..
> 

It might've been mentioned in earlier posts, but it can be an
alternative to use an encryption subkey that where the private key is
shared between the various parties. This could make key management
easier as it allows for more frequent key-generation (when revoking
someone's access) without losing out on the certificate history
(signatures etc).


- -- 
- ----------------------------
Kristian Fiskerstrand
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Uxor formosa et vinum sunt dulcia venena
Beautiful women and wine are sweet venom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta163 (GNU/Linux)

iQIcBAEBCAAGBQJRdVq1AAoJEAt/i2Dj7frjENMP/1Texk1aXjS7oIAvB56LHYci
mz26lZVsZq9AlOwGv5iq6AjD6cEgtt2QE6kBsBbZr7s5k2YEZsAfTtarpsZ16ghk
wutw4czjQ8Z7ENnSSoOMXI19Pa83nAsEHzmn6ZENR+tfmrg/w+eU+Xluj5yH9N88
dhXmoZ91f/RVCAnWGIGJvVqOy78ZGn51wTXeipKUtEMYOUiyniL1+JRd1UoZf2we
y5oHVFU1qEb/qAHA6pDI5+3y4JT1ijcg9CqnMIJ6zZuF+NduHzFOQMv5qwiQjfNR
BuSHDMczEWBmsBcQXubFj0l6mOWXlSM14YA8229Pd5tjCItvP5Dq+tVadB2VUKzZ
oBhVnvemVhux/ejSzWWmiilYoVGCDK1J6QuzbXAFpE9cKyyLYkNSxXFgO314+Kmr
KcVhyNTa8crQACGTvw/9K5wlwcl+qHJLor0vnnAMuJlO/ZUn08LNSh+DaHclHXuF
5Aw2zpjove+67/0rjHlu/jpizmn98B7Gy5wM9dmMwBEriR518/dLpa+/cdaPcbEx
b1Th9tVK8crmJKbd9aR7dM7GJFdGsqY0tBY0ZsUc9ZV3PvMNOMwH3i8xl8wPxMl7
MqlrsGYHoltLaJ0kZ9j7kfbYLK+CCQdYkixpiPuC1OuTPFWlCz6JM/NSdtbnY9I4
2gU6dOK2RwBjzgC/Jzll
=UzqR
-----END PGP SIGNATURE-----


From hhhobbit at securemecca.net  Tue Apr 23 01:54:35 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 22 Apr 2013 23:54:35 +0000
Subject: No passphrase required
Message-ID: <5175CDBB.2060000@securemecca.net>

Both of my Linux systems were recently involved in a test of
about a dozen plus replacments for OpenSuse 11.4 and Ubuntu 10.04.

After all the experimenting was over I ended up with the same
operating systems but swapped with each having the OS that was
on the other machine before the experimentation started.  This
means the last great gasp of using Gnome 2.  I will have to
switch to KDE or something else but not for at least another
year. Gnome 3 is OUT as is Unity on Ubuntu!

Everything went fine and the ~/.gnupg folders are the same
except for the random_seed file. That worked before so why
shouldn't it work now?  Ubuntu 10.04 of course still uses gpg.
and OpenSuse 11.4 uses gpg2.  Then I signed the updated cookie
block list for the Firefox add-on named CookieSafe which I
create on the OpenSuse system.  Nothing was checked on the
options so I assumed I was using the default of a pass-phrase
requested each time I sign a file like it did before.

Less than a week went past until I signed my PAC filter files.
Lo and behold instead of being requested for the pass-phrase
for each of the twelve files they got signed with no questions
asked.  IMHO, this is an inherently dangerous situation.  But
searches were yielding nothing that made sense.  But I tried
every one of them (with a backup to scramble back to) in the
hopes that one of them would give me my pass-phrase request
back. The one that made the least sense was adding a certain
line to the ~/xinitrc file.  With OpenSuse using KMS since
11.3 I I can tell you that you should NOT create a ~/.xinitrc
file.  Because I have another user for damage control and for
the ClamAV's AV. I tried it anyway because at that point I was
getting frantic about a way to have the pinentry ask for my
pass-phrase again. Predictably, when I tried to login I just
got logged back out and was given the login screen.  I
repeated the test two more times with the exact same results
of me not being able to login. So I logged in as clamaV and did:

1. started an xterm
2. su -l root
3  rm -f /home/ME/.xinitrc
4. In the xterm - control-D, control-D
5. Logged out as clamav.
6. logged in as me and put everything back the way it originally
   was.

But I still had the problem of not being asked for my pass-phrase.
At the very same URL as where they said to put the line in the
~/xinitrc file they had this line to do a test:

echo "test" | gpg -ase -r 0xMYKEYID | gpg
(replace MYKEYID with what ever your key is)

I will ignore for the moment that you really have gpg2 on
OpenSuse because gpg is just a symlink to gpg2.  But the real
line should be:

$ echo "test" | gpg2 -ase -r 0xMYKEYID | gpg2

It doesn't matter because both work.  The first may NOT work
if you don't have a symlink of gpg pointing to gpg2. You get a
pinentry window!  So I hastily set it to require a pass-phrase
again.  Like I said, contents of the ~/.gnupg folder on both
systems are identical except for different random_seed files.

Will this work-around work for other versions of Linux that
use gpg2 and a pinentry?  I don't know. Is it a good idea to
have it set for no pass-phrase required to sign a file with
OpenPGP?  I don't think so.  It is NOT a good idea to do it
without at least three warnings before it accepts the change
and it being mandatory that you have to click / alter it to
do it that way in the pinentry. Why did it do a no-phrase
this time around and the first time it didn't do it that way?
Again I don't know but the last time I upgreaded from 11.2 to
11.4. This time I installed 11.4 fresh. That may have made
the difference.

I am giving this in the hopes that if anybody else has a
similar no pass-phrase required problem that it will help
them.

I really don't like the pinentry way becase I still haven't
figured out a work-around for encrypting files from an
xterm with my scripts.  Yes, I set both BASH ways of
keeping the history to no history in the scripts:

http://www.securemecca.com/public/GnuPG/

The pass-phrase is now required for signing.

Au Revoir



From wk at gnupg.org  Wed Apr 24 21:40:51 2013
From: wk at gnupg.org (Werner Koch)
Date: Wed, 24 Apr 2013 21:40:51 +0200
Subject: 2.0.20 beta available
Message-ID: <87bo93wwcc.fsf@vigenere.g10code.de>

Hi,

it is now more than a year since we released 2.0.19.  Thus it is really
time to get 2.0.20 out of the door.  If you want to quickly try a beta
you may use:

  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-2.0.20-beta118.tar.bz2

Please send bug reports only to the mailing list.


Noteworthy changes in version 2.0.20 (unreleased)
-------------------------------------------------

 * The hash algorithm is now printed for sig records in key listings.

 * Decryption using smartcards keys > 3072 bit does not work.

 * New meta option ignore-invalid-option to allow using the same
   option file by other GnuPG versions.

 * [gpg] Skip invalid keyblock packets during import to avoid a DoS.

 * [gpg] Correctly handle ports from DNS SRV records.

 * [gpg-agent] Avoid tty corruption when killing pinentry.

 * [scdaemon] Rename option --disable-keypad to --disable-pinpad.

 * [scdaemon] Better support for CCID readers.  Now, the internal CCID
   driver supports readers without the auto configuration feature.

 * [scdaemon] Add pinpad input for PC/SC, if your reader has pinpad
   and it supports variable length PIN input, and you specify
   --enable-pinpad-varlen option.

 * [scdaemon] New option --enable-pinpad-varlen.

 * [scdaemon] Install into libexecdir to avoid accidental execution
   from the command line.


The code also builds for Windows and we plan to do a Gpg4win release
soon after 2.0.20.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From david at systemoverlord.com  Wed Apr 24 23:04:50 2013
From: david at systemoverlord.com (David Tomaschik)
Date: Wed, 24 Apr 2013 14:04:50 -0700
Subject: 2.0.20 beta available
In-Reply-To: <87bo93wwcc.fsf@vigenere.g10code.de>
References: <87bo93wwcc.fsf@vigenere.g10code.de>
Message-ID: <CAOy4VzfR9PhywO96rv=XnF2PNLKyfkUWV89xii1pV+LG_F3MFQ@mail.gmail.com>

Hi Werner,

A question about the release notes:

* Decryption using smartcards keys > 3072 bit does not work.

Is this a regression (since it's listed as a change) or should it read
"does now work"?  I don't have any 4k keys on smartcards to try with, but
I'm interested to know the status.

Thanks,
David


On Wed, Apr 24, 2013 at 12:40 PM, Werner Koch <wk at gnupg.org> wrote:

> Hi,
>
> it is now more than a year since we released 2.0.19.  Thus it is really
> time to get 2.0.20 out of the door.  If you want to quickly try a beta
> you may use:
>
>   ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-2.0.20-beta118.tar.bz2
>
> Please send bug reports only to the mailing list.
>
>
> Noteworthy changes in version 2.0.20 (unreleased)
> -------------------------------------------------
>
>  * The hash algorithm is now printed for sig records in key listings.
>
>  * Decryption using smartcards keys > 3072 bit does not work.
>
>  * New meta option ignore-invalid-option to allow using the same
>    option file by other GnuPG versions.
>
>  * [gpg] Skip invalid keyblock packets during import to avoid a DoS.
>
>  * [gpg] Correctly handle ports from DNS SRV records.
>
>  * [gpg-agent] Avoid tty corruption when killing pinentry.
>
>  * [scdaemon] Rename option --disable-keypad to --disable-pinpad.
>
>  * [scdaemon] Better support for CCID readers.  Now, the internal CCID
>    driver supports readers without the auto configuration feature.
>
>  * [scdaemon] Add pinpad input for PC/SC, if your reader has pinpad
>    and it supports variable length PIN input, and you specify
>    --enable-pinpad-varlen option.
>
>  * [scdaemon] New option --enable-pinpad-varlen.
>
>  * [scdaemon] Install into libexecdir to avoid accidental execution
>    from the command line.
>
>
> The code also builds for Windows and we plan to do a Gpg4win release
> soon after 2.0.20.
>
>
> Shalom-Salam,
>
>    Werner
>


-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130424/0d89701b/attachment-0001.html>

From jharris at widomaker.com  Thu Apr 25 01:11:00 2013
From: jharris at widomaker.com (Jason Harris)
Date: Wed, 24 Apr 2013 19:11:00 -0400
Subject: 2.0.20 beta available
In-Reply-To: <87bo93wwcc.fsf@vigenere.g10code.de>
References: <87bo93wwcc.fsf@vigenere.g10code.de>
Message-ID: <20130424231100.GA28205@wave>

On Wed, Apr 24, 2013 at 09:40:51PM +0200, Werner Koch wrote:
> Hi,
> 
> it is now more than a year since we released 2.0.19.  Thus it is really
> time to get 2.0.20 out of the door.  If you want to quickly try a beta
> you may use:
> 
>   ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-2.0.20-beta118.tar.bz2
> 
> Please send bug reports only to the mailing list.

I don't see a .sig, so do these hashes (SHA1, SHA256) look correct?

4dafebee7b0c7adde2b27473faca7236851cf472	72af477e33b15baf6733af3e5e5c49c18ddf398b8a90e93c65d04cb34f04f00b	4277493	./alpha/gnupg/gnupg-2.0.20-beta118.tar.bz2

Thanks.

-- 
Jason Harris           |  PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 314 bytes
Desc: not available
URL: </pipermail/attachments/20130424/09ad65cc/attachment.sig>

From wk at gnupg.org  Thu Apr 25 09:34:38 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 25 Apr 2013 09:34:38 +0200
Subject: 2.0.20 beta available
In-Reply-To: <CAOy4VzfR9PhywO96rv=XnF2PNLKyfkUWV89xii1pV+LG_F3MFQ@mail.gmail.com>
 (David Tomaschik's message of "Wed, 24 Apr 2013 14:04:50 -0700")
References: <87bo93wwcc.fsf@vigenere.g10code.de>
 <CAOy4VzfR9PhywO96rv=XnF2PNLKyfkUWV89xii1pV+LG_F3MFQ@mail.gmail.com>
Message-ID: <87ppxjukq9.fsf@vigenere.g10code.de>

On Wed, 24 Apr 2013 23:04, david at systemoverlord.com said:

> * Decryption using smartcards keys > 3072 bit does not work.

s/not/now/


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



From wk at gnupg.org  Thu Apr 25 09:35:37 2013
From: wk at gnupg.org (Werner Koch)
Date: Thu, 25 Apr 2013 09:35:37 +0200
Subject: 2.0.20 beta available
In-Reply-To: <20130424231100.GA28205@wave> (Jason Harris's message of "Wed, 24
 Apr 2013 19:11:00 -0400")
References: <87bo93wwcc.fsf@vigenere.g10code.de> <20130424231100.GA28205@wave>
Message-ID: <87li87ukom.fsf@vigenere.g10code.de>

On Thu, 25 Apr 2013 01:11, jharris at widomaker.com said:

> I don't see a .sig, so do these hashes (SHA1, SHA256) look correct?

It is now there.

>
> 4dafebee7b0c7adde2b27473faca7236851cf472
> 72af477e33b15baf6733af3e5e5c49c18ddf398b8a90e93c65d04cb34f04f00b
> 4277493	./alpha/gnupg/gnupg-2.0.20-beta118.tar.bz2

sha1-looks fine:

4dafebee7b0c7adde2b27473faca7236851cf472  gnupg-2.0.20-beta118.tar.bz2


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 204 bytes
Desc: not available
URL: </pipermail/attachments/20130425/ac051771/attachment.sig>

From sansay1 at gmail.com  Thu Apr 25 23:17:03 2013
From: sansay1 at gmail.com (sansay)
Date: Thu, 25 Apr 2013 21:17:03 +0000 (UTC)
Subject: Unable to change passphrase
Message-ID: <loom.20130425T230605-951@post.gmane.org>

Hi all,

I am completely stumped.
I can't change the passphrase on a gpg key. Here is the whole interaction:

bash-4.1$ gpg --edit-key 8267977F
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/8267977F  created: 2013-01-16  expires: never       usage: SC
                     trust: unknown       validity: unknown
sub  2048R/3F32FB05  created: 2013-01-16  expires: never       usage: E
[ unknown] (1). am_prod <navsrv at blackhole.sm.net>

Command> passwd
Key is protected.

You need a passphrase to unlock the secret key for
user: "am_prod <navsrv at blackhole.sm.net>"
2048-bit RSA key, ID 8267977F, created 2013-01-16

gpg: cancelled by user
Can't edit this key: General error

Command>

Thanks for your help.



From sansay1 at gmail.com  Fri Apr 26 00:35:25 2013
From: sansay1 at gmail.com (sansay)
Date: Thu, 25 Apr 2013 22:35:25 +0000 (UTC)
Subject: Unable to change passphrase
References: <loom.20130425T230605-951@post.gmane.org>
Message-ID: <loom.20130426T002843-713@post.gmane.org>

sansay <sansay1 <at> gmail.com> writes:

> 
> Hi all,
> 
> I am completely stumped.
> I can't change the passphrase on a gpg key. Here is the whole interaction:
> 
> bash-4.1$ gpg --edit-key 8267977F
> gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Secret key is available.
> 
> pub  2048R/8267977F  created: 2013-01-16  expires: never       usage: SC
>                      trust: unknown       validity: unknown
> sub  2048R/3F32FB05  created: 2013-01-16  expires: never       usage: E
> [ unknown] (1). am_prod <navsrv <at> blackhole.sm.net>
> 
> Command> passwd
> Key is protected.
> 
> You need a passphrase to unlock the secret key for
> user: "am_prod <navsrv <at> blackhole.sm.net>"
> 2048-bit RSA key, ID 8267977F, created 2013-01-16
> 
> gpg: cancelled by user
> Can't edit this key: General error
> 
> Command>
> 
> Thanks for your help.
> 

OK I finally figured it all out.

The special user which runs the apps on this host, doesn't have the proper
TTY rights when I sudo to it. So, gpg being unable to show the TTY GUI, just
fails without giving the real reason.
In order to be able to do this I had to exit my navsrv sudo session, and
make the following call:
chmod o+rw `tty` && sudo -i -u navsrv gpg --edit-key 8267977F

Next, I entered the navsrv login password.
Then, at the gpg command prompt, when I did "passwd", I got the Enter
Passphrase GUI.





From raubvogel at gmail.com  Thu Apr 25 23:33:22 2013
From: raubvogel at gmail.com (Mauricio Tavares)
Date: Thu, 25 Apr 2013 17:33:22 -0400
Subject: Unable to change passphrase
In-Reply-To: <loom.20130425T230605-951@post.gmane.org>
References: <loom.20130425T230605-951@post.gmane.org>
Message-ID: <CAHEKYV4657=zgPP9SejgDb-1z-Y-PRJjqDLf1o9uUXi6J5CWbw@mail.gmail.com>

On Thu, Apr 25, 2013 at 5:17 PM, sansay <sansay1 at gmail.com> wrote:
> Hi all,
>
> I am completely stumped.
> I can't change the passphrase on a gpg key. Here is the whole interaction:
>
> bash-4.1$ gpg --edit-key 8267977F
> gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Secret key is available.
>
> pub  2048R/8267977F  created: 2013-01-16  expires: never       usage: SC
>                      trust: unknown       validity: unknown
> sub  2048R/3F32FB05  created: 2013-01-16  expires: never       usage: E
> [ unknown] (1). am_prod <navsrv at blackhole.sm.net>
>
> Command> passwd
> Key is protected.
>
> You need a passphrase to unlock the secret key for
> user: "am_prod <navsrv at blackhole.sm.net>"
> 2048-bit RSA key, ID 8267977F, created 2013-01-16
>
> gpg: cancelled by user
> Can't edit this key: General error
>
> Command>
>
> Thanks for your help.
>
      So you entered the old passphrase and it cheerfully ignored you?
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


From mason at blisses.org  Fri Apr 26 03:13:12 2013
From: mason at blisses.org (Mason Loring Bliss)
Date: Thu, 25 Apr 2013 21:13:12 -0400
Subject: Confusion with signature digest type.
Message-ID: <20130426011312.GA427@blisses.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi all.

I've been reading some "best practises" documents, and it was suggested that
I not use SHA-1 as my self-signature digest algorithm:

https://we.riseup.net/debian/openpgp-best-practices#self-signatures-must-not-use-sha1

This says, "To fix this, you will need to regenerate a key after setting the
following in your ~/.gnupg/gpg.conf" and then tells me to set something
beefier.

What I cannot figure out is how to remove my signature from my key and
re-sign it with the new digest algorithm. I delete my signature, or at least
I think I do, and it lets me sign my key again, but when I check using their
suggested pipeline:

gpg --export-options export-minimal --export <keyid> | gpg --list-packets | grep 'pref-hash-algos'

...I see algorithm 2 still there.

My understanding is that I have a key pair, and I sign it by unlocking the
secret half, and the signature is distinct from the key pair, so I should be
able to generate a new signature with a different digest algorithm. But
clearly that's not happening, so either my method is wrong or my under-
standing of something is wrong, and I'd be grateful for help either way.

I created a new key, and the new key seems to have done the right thing, but
it really seems as thought I'd ought to have been able to convert my old
key's signature.

Thanks in advance for clues!

- -- 
Mason Loring Bliss  <--------->  mason at blisses.org
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRedSoAAoJEJ6yV3B27yVVsMgQAMipIix9PAXP+GkLhRo8+8Gf
7w8G6vX5rflB1HWpCs7CFMkn2hXtocnWTmFyInHZDwrcVk+j4UKu+JXHD2XMIURZ
L8qekUGLj6IA0GZORfjZErGG6p5R5iFKET3qTqzMoshox4C+uu2zv3WU+Cd1okZr
3E4XEQ3OXbgAUJBJZiL+eXOQxRUX6RNTKxIk7YMqrxPtjLYkpA/8ayLa7qOq4w9m
JAjARQybz9EBlA8k4hYX4978XXloQuR/oyB52bT+3pgeVfu+kuvaGXcow4uV4qTv
Nv7rD7jhxHxlFov8VRKPJ+PuiybTqGhT+8RfAj/ZriDXFOnLNonYKU6TqTGTVjWC
DDRQwDUr4mvRKjoaTBT31NXqLbJ+jsSMR/ujaChnOuu6KW0vQpOXo5cHshVfR3YA
GV+am0yLt7Twh7RNnk/aLIH2D8OKp07rk4azZRR36Ksnq/fvHwV19h4BYAI1iN6i
xXlRJvMjOgsLPjYo5rtsgAAFesX/eR1fhAuYvtVAqD/UdOj+xHVU8T06wut4i5+S
GbjZsRKsB92smONhqxWB0YBxqjXQ+9XCzSVtnl4xFLSsVl/YT3y/wd5t9ofgLTyg
P1LspDY14CxTa6EYPozrm4113IMplhXyKiCMm5SADkJ5o46IGaK/pN6stnuwQwZ5
fZjnEzYR6wT7f+Pyiz5g
=ScVO
-----END PGP SIGNATURE-----


From rjh at sixdemonbag.org  Fri Apr 26 05:47:49 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 25 Apr 2013 23:47:49 -0400
Subject: Confusion with signature digest type.
In-Reply-To: <20130426011312.GA427@blisses.org>
References: <20130426011312.GA427@blisses.org>
Message-ID: <5179F8E5.1080504@sixdemonbag.org>

On 4/25/2013 9:13 PM, Mason Loring Bliss wrote:
> I've been reading some "best practises" documents, and it was suggested that
> I not use SHA-1 as my self-signature digest algorithm:

Beware of "best practices."  What makes a practice best depends greatly
on the specific threats you face, and unless the author knows your
particular threat model a healthy amount of skepticism is warranted.
Examine each claim critically and ask yourself, "does this practice give
me any real, measurable, quantifiable advantage in the context of my
threat model?"

For my own lookout, I don't see that this practice would give me very
much.  If SHA-1 falls victim to preimage attacks then I'm completely
screwed anyway on a few dozen fronts simultaneously, and my certificate
is the least of my worries.

If I wake up in the middle of the night and discover my house is on fire
I'm not going to care very much about whether I forgot to turn off the
coffeepot.  A preimage attack on SHA-1 is my house being on fire:
avoiding SHA-1 for self-signatures is making sure to turn off the coffeepot.

I suspect that quite a lot of us are in that same boat.


From pete at heypete.com  Fri Apr 26 12:51:35 2013
From: pete at heypete.com (Pete Stephenson)
Date: Fri, 26 Apr 2013 12:51:35 +0200
Subject: Confusion with signature digest type.
In-Reply-To: <5179F8E5.1080504@sixdemonbag.org>
References: <20130426011312.GA427@blisses.org>
 <5179F8E5.1080504@sixdemonbag.org>
Message-ID: <517A5C37.9000009@heypete.com>

On 4/26/2013 5:47 AM, Robert J. Hansen wrote:
> For my own lookout, I don't see that this practice would give me very
> much.  If SHA-1 falls victim to preimage attacks then I'm completely
> screwed anyway on a few dozen fronts simultaneously, and my certificate
> is the least of my worries.
> 
> If I wake up in the middle of the night and discover my house is on fire
> I'm not going to care very much about whether I forgot to turn off the
> coffeepot.  A preimage attack on SHA-1 is my house being on fire:
> avoiding SHA-1 for self-signatures is making sure to turn off the coffeepot.
> 
> I suspect that quite a lot of us are in that same boat.

Indeed. SHA-1 is used pretty much everywhere. If preimage attacks for
SHA-1 become practical a *lot* of stuff will be affected.

That said, it certainly isn't a bad idea to being gracefully
transitioning away from SHA-1.

For existing keys it's probably not a major issue (there's still a *ton*
of 1024-bit DSA keys with SHA-1 in the wild), but it'd probably make
sense for new keys to be generated with stronger defaults (e.g. SHA-256
or higher and, once implemented, SHA-3) and to also use those stronger
hash algorithms for things like certifying keys.

Cheers!
-Pete


From mason at blisses.org  Fri Apr 26 18:18:06 2013
From: mason at blisses.org (Mason Loring Bliss)
Date: Fri, 26 Apr 2013 12:18:06 -0400
Subject: Confusion with signature digest type.
In-Reply-To: <5179F8E5.1080504@sixdemonbag.org>
References: <20130426011312.GA427@blisses.org>
 <5179F8E5.1080504@sixdemonbag.org>
Message-ID: <20130426161806.GB427@blisses.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, Apr 25, 2013 at 11:47:49PM -0400, Robert J. Hansen wrote:

> A preimage attack on SHA-1 is my house being on fire: avoiding SHA-1 for
> self-signatures is making sure to turn off the coffeepot.

While I agree with what you're saying, the big difference between this
situation and your example is that it's trivially easy for me to say "use
this digest method instead of this other one" and then forget about it. The
coffee pot will take care of itself. The question becomes invisible to me as
soon as I've set the default, and if the effort is so low to do it, I don't
see any real reason *not* to do it. Security is about nudging up the bar.

Now, that said, I still don't understand why I was seemingly unable to change
the digest algorithm I'm using for my old key. I'd be grateful if someone
could enlighten me on that point, as I really want to grasp what was
happening.

- -- 
Mason Loring Bliss           mason at blisses.org           Ewige Blumenkraft!
$awake ? $sleep : int rand 2 ? $dream : $sleep; -- Hamlet, Act III, Scene I
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJReqi+AAoJEJ6yV3B27yVVeWEQAM8Zq23t23ZPUWylHDttflrR
h/gqg2QQd1VUeOiIdjUebrWfq7wREj2w+quO3mnIipoGIkloTBtSWfuoXz6Molnl
n+y1ye5/EcyNpsEWJmeilwg8WhxLvc1KiFzbB50dbeg5KEasTKR1vs0tQ3+cPZho
ItfhnaxGWsSTVt5y4i7Ulqn7bPeXk0EjDOXHGKlPQI334/qgU+4wCs/cDK1o5uux
1bpgewvpea63q2O3d8b5xNl6INwdmPlTsl1DOUanIvD9I6TAEeD5YM6d8u/wPl7A
k7U4qf0PbhCcK5SvjdXQRFc1w50SzPgNuQSHgbIHD5zD7tzfN7elHH5i0+zRXF/W
wIBnzBDfZzVYgJgCc7OgfjyMe2aCpPml8hPCwBBN8l49EivUbgVvTXY9caGPA/zE
Sq24QuChpUmPeNpO5aFhcmZHwhce2en28uryaOpmXZddHO5HTROBwkOPFhx51cHB
g8ywoz/dvjcwmTwDgN23xBD/WBkaEUfrmzwdlywv3ldZNvduy1YamHrBEwNY61Hb
M6cw/7buYlBv9hcXfiVaA1GtNBCJ/ASGlC9Mp3dwgCuhJ2kcPKVucmBo8z2uGJ8w
UPm9bYqgs91eodUT1DxKEv+e18+h+PVRIYXd65fhPiBjfZ2ja+2hE6q5Xj9czhfP
OsGxVaeV1D57CNkkxbzo
=V6uB
-----END PGP SIGNATURE-----


From dshaw at jabberwocky.com  Fri Apr 26 19:28:29 2013
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri, 26 Apr 2013 13:28:29 -0400
Subject: Confusion with signature digest type.
In-Reply-To: <20130426161806.GB427@blisses.org>
References: <20130426011312.GA427@blisses.org>
 <5179F8E5.1080504@sixdemonbag.org> <20130426161806.GB427@blisses.org>
Message-ID: <61447FF9-FBA0-4F93-AB1E-DDF1C0A37CBA@jabberwocky.com>

On Apr 26, 2013, at 12:18 PM, Mason Loring Bliss <mason at blisses.org> wrote:

> On Thu, Apr 25, 2013 at 11:47:49PM -0400, Robert J. Hansen wrote:
> 
>> A preimage attack on SHA-1 is my house being on fire: avoiding SHA-1 for
>> self-signatures is making sure to turn off the coffeepot.
> 
> While I agree with what you're saying, the big difference between this
> situation and your example is that it's trivially easy for me to say "use
> this digest method instead of this other one" and then forget about it. The
> coffee pot will take care of itself. The question becomes invisible to me as
> soon as I've set the default, and if the effort is so low to do it, I don't
> see any real reason *not* to do it. Security is about nudging up the bar.
> 
> Now, that said, I still don't understand why I was seemingly unable to change
> the digest algorithm I'm using for my old key. I'd be grateful if someone
> could enlighten me on that point, as I really want to grasp what was
> happening.

The answer to your question from your original mail is that you're using the "check if SHA-1 is in my preferences" test to instead of the "check if my selfsig is SHA-1" test.  The proper test for checking your selfsig from the document you were referencing is:

  gpg --export-options export-minimal --export <keyid> | gpg --list-packets |grep -A 2 signature|grep 'digest algo 2,'

David



From peter at digitalbrains.com  Fri Apr 26 19:29:55 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Fri, 26 Apr 2013 19:29:55 +0200
Subject: Confusion with signature digest type.
In-Reply-To: <20130426011312.GA427@blisses.org>
References: <20130426011312.GA427@blisses.org>
Message-ID: <517AB993.80408@digitalbrains.com>

On 26/04/13 03:13, Mason Loring Bliss wrote:
> gpg --export-options export-minimal --export <keyid> | gpg --list-packets |
> grep 'pref-hash-algos'
> 
> ...I see algorithm 2 still there.

I think you're mixing things up. pref-hash-algos is the algorithms you'll
accept from others.

The page you linked to mentioned this to test if you use SHA-1 as the
self-signature digest algo:

gpg --export-options export-minimal --export <keyid> | gpg --list-packets
|grep -A 2 signature|grep 'digest algo 2,'

(should be one line)

The pref-hash-algos is the next section of the document.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From mason at blisses.org  Fri Apr 26 20:42:35 2013
From: mason at blisses.org (Mason Loring Bliss)
Date: Fri, 26 Apr 2013 14:42:35 -0400
Subject: Confusion with signature digest type.
In-Reply-To: <517AB993.80408@digitalbrains.com>
 <61447FF9-FBA0-4F93-AB1E-DDF1C0A37CBA@jabberwocky.com>
Message-ID: <20130426184235.GH427@blisses.org>

On Fri, Apr 26, 2013 at 01:28:29PM -0400, David Shaw wrote:

> The answer to your question from your original mail is that you're using
> the "check if SHA-1 is in my preferences" test


On Fri, Apr 26, 2013 at 07:29:55PM +0200, Peter Lebbing wrote:

> I think you're mixing things up. pref-hash-algos is the algorithms you'll
> accept from others.


Yes, you're both right - I was confusedly mixing up my grep arguments,
despite my certainty that I was not.

Thank you for the help!

-- 
Mason Loring Bliss             mason at blisses.org            Ewige Blumenkraft!
(if awake 'sleep (aref #(sleep dream) (random 2))) -- Hamlet, Act III, Scene I


From rjh at sixdemonbag.org  Fri Apr 26 20:54:10 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 26 Apr 2013 14:54:10 -0400
Subject: Confusion with signature digest type.
In-Reply-To: <20130426161806.GB427@blisses.org>
References: <20130426011312.GA427@blisses.org>
 <5179F8E5.1080504@sixdemonbag.org> <20130426161806.GB427@blisses.org>
Message-ID: <517ACD52.2040002@sixdemonbag.org>

On 4/26/2013 12:18 PM, Mason Loring Bliss wrote:
> While I agree with what you're saying, the big difference between this
> situation and your example is that it's trivially easy for me to say "use
> this digest method instead of this other one" and then forget about it.

Sure: but what does it gain you?  The answer would seem to be, "on the
balance of probabilities, virtually nothing."

All the hash algorithms in OpenPGP are mathematically similar.  They're
all built around Merkle-Damgard constructions.  History shows us that
when there's a successful attack against one Merkle-Damgard
construction, quite often this attack spurs new equivalent attacks
against other hashes in the Merkle-Damgard family.  This is one of the
reasons why so few people recommend RIPEMD-160, for instance: despite
the fact that there are no effective attacks against it, the consensus
opinion seems to be that RIPEMD-160 is just too similar to SHA-1 and MD5
for there to be real confidence in it.

Let me repeat: *all* the hash algorithms in OpenPGP are Merkle-Damgards.

So if there's not just a collision attack against SHA-1, but a preimage
attack, well... are you really going to have any confidence in your
signatures just because you're using SHA-256?  I wouldn't.  A preimage
attack on SHA-1 would tell me the entirety of the Merkle-Damgard family
is suspect and I need to stop using them immediately.

> Security is about nudging up the bar.

Yes: and is what you're talking about really a nudge?  Or is it an act
that appears to be a nudge, while in reality achieving effectively zero?

(Note that I'm not expressing doubt.  You're the one who knows your
threat model, not me.  If you tell me that yes, this is a real nudge up,
then that settles the question.  I'm only raising a question: I am
entirely apathetic as to the answer.)


From wood.quinn.s at gmail.com  Sat Apr 27 18:31:56 2013
From: wood.quinn.s at gmail.com (Quinn Wood)
Date: Sat, 27 Apr 2013 11:31:56 -0500
Subject: Web of Trust in Practical Usage
Message-ID: <CAM83q7D4GPWNa_mrV9-jNSVbrYdOjupKP1gmFA_OU1a8Yc7axQ@mail.gmail.com>

Key signing is held up as an integral part of asymmetric encryption's
usefulness- determining that you are indeed communicating with who you
think you are.

However, gnupg does not recurse signatures on imported or updated keys, and
I am unable to find a single reference to a simple method of determining
the most trusted (based on signature webs, hops, and/or other web of trust
concepts) key matching a full or partial ID (name, comment, or email.)

I would very much like to know if tools like this exist. Are any known, and
if so where can I find more information about them?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130427/be00091f/attachment.html>

From dougb at dougbarton.us  Sun Apr 28 00:02:39 2013
From: dougb at dougbarton.us (Doug Barton)
Date: Sat, 27 Apr 2013 15:02:39 -0700
Subject: Web of Trust in Practical Usage
In-Reply-To: <CAM83q7D4GPWNa_mrV9-jNSVbrYdOjupKP1gmFA_OU1a8Yc7axQ@mail.gmail.com>
References: <CAM83q7D4GPWNa_mrV9-jNSVbrYdOjupKP1gmFA_OU1a8Yc7axQ@mail.gmail.com>
Message-ID: <517C4AFF.3030306@dougbarton.us>

On 04/27/2013 09:31 AM, Quinn Wood wrote:
> Key signing is held up as an integral part of asymmetric encryption's
> usefulness- determining that you are indeed communicating with who you
> think you are.
>
> However, gnupg does not recurse signatures on imported or updated keys,
> and I am unable to find a single reference to a simple method of
> determining the most trusted (based on signature webs, hops, and/or
> other web of trust concepts) key matching a full or partial ID (name,
> comment, or email.)
>
> I would very much like to know if tools like this exist. Are any known,
> and if so where can I find more information about them?


http://pgp.cs.uu.nl/


From dkg at fifthhorseman.net  Sun Apr 28 02:01:20 2013
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Sun, 28 Apr 2013 08:01:20 +0800
Subject: Confusion with signature digest type.
In-Reply-To: <5179F8E5.1080504@sixdemonbag.org>
References: <20130426011312.GA427@blisses.org>
 <5179F8E5.1080504@sixdemonbag.org>
Message-ID: <517C66D0.2070705@fifthhorseman.net>

On 04/26/2013 11:47 AM, Robert J. Hansen wrote:

> For my own lookout, I don't see that this practice would give me very
> much.  If SHA-1 falls victim to preimage attacks 

I don't think this recommendation was made to defend against preimage
attacks.  Avoiding the use of SHA-1 in certifications in general is a
step towards defend against collision attacks, which is territory that
SHA-1 is heading into.  (i agree that if sha-1 falls victim to preimage
attacks we have much much bigger problems).

That is: if SHA-1 becomes vulnerable to collision attacks, you'd like to
update as many OpenPGP clients as possible to avoid relying on
signatures made over an SHA-1 digest.  If (when?) that transition
happens, everyone whose self-sigs are made using SHA-1 will find their
keys considered invalid by updated clients because they have no
correctly-bound User ID.

So ensuring that your self-sig uses a stronger digest than SHA-1 is
worth doing because it prepares you for such a transition.

	--dkg

PS MD5 *is* vulnerable to collision attacks (and has been actively
exploited [0]), and those attacks are cheaper to execute with each
passing year.  At the moment, gpg still accepts certifications made over
MD5, which arguably makes it vulnerable to compromise in the same way
that regular web browsers that accepted MD5 certs were vulnerable to the
bogus CA created in [0].

For example, if you place ultimate trust in Gene Gotimer's key
0x7833F0F5, then gpg is willing to rely on an MD5-based certification
made by that key to prove identity validity:

> 0 dkg at alice:/tmp/cdtemp.b9QnBL$ gpg --list-options show-uid-validity --list-keys
> ./pubring.gpg
> -------------
> pub   1024R/7833F0F5 2000-02-01
> uid       [ultimate] Gene Gotimer <gotimer at portinfo.com>
> 
> pub   1024D/DB42A60E 1999-09-23
> uid       [  full  ] Red Hat, Inc <security at redhat.com>
> sub   2048g/961630A2 1999-09-23
> 
> 0 dkg at alice:/tmp/cdtemp.b9QnBL$ gpg --with-colons --check-sigs security at redhat.com | grep -v ?
> tru::1:1367047560:0:3:1:5
> pub:f:1024:17:219180CDDB42A60E:1999-09-23:::-:Red Hat, Inc <security at redhat.com>::scaESCA:
> sig:!::17:219180CDDB42A60E:1999-09-23::::Red Hat, Inc <security at redhat.com>:13x:
> sig:!::17:219180CDDB42A60E:1999-09-23::::Red Hat, Inc <security at redhat.com>:13x:
> sig:!::1:B272C7707833F0F5:2002-07-18::::Gene Gotimer <gotimer at portinfo.com>:10x:
> sub:f:2048:16:C9CC699F961630A2:1999-09-23::::::e:
> sig:!::17:219180CDDB42A60E:1999-09-23::::Red Hat, Inc <security at redhat.com>:18x:
> 0 dkg at alice:/tmp/cdtemp.b9QnBL$ 

The only warning a gpg user gets is that this is happening (if they're
not careful) is two lines during key import that says:

 gpg: WARNING: digest algorithm MD5 is deprecated
 gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for
more information

It does not indicate which certification(s) in particular is using MD5,
or that gpg is actually accepting that certificate when doing its WoT
calculations.

[0] http://www.win.tue.nl/hashclash/rogue-ca/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130428/57f948cd/attachment.sig>

From rjh at sixdemonbag.org  Sun Apr 28 10:26:03 2013
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 28 Apr 2013 04:26:03 -0400
Subject: Confusion with signature digest type.
In-Reply-To: <517C66D0.2070705@fifthhorseman.net>
References: <20130426011312.GA427@blisses.org>
 <5179F8E5.1080504@sixdemonbag.org> <517C66D0.2070705@fifthhorseman.net>
Message-ID: <517CDD1B.2030906@sixdemonbag.org>

On 4/27/2013 8:01 PM, Daniel Kahn Gillmor wrote:
> I don't think this recommendation was made to defend against preimage
> attacks.  Avoiding the use of SHA-1 in certifications in general is a
> step towards defend against collision attacks, which is territory that
> SHA-1 is heading into.  (i agree that if sha-1 falls victim to preimage
> attacks we have much much bigger problems).

I'm having a little bit of trouble connecting the dots, Daniel.  (This
may be due to the late hour: at 4:30am I'm only awake due to a caffeine IV.)

If I sign my certificate using SHA-1 today, how does that facilitate a
collision attack against that certification?  Collision attacks on SHA-1
seem to be more in the realm of message signatures and automated systems
that may generate a ton of signatures on user-provided data without
human intervention.  It doesn't seem to be particularly relevant to the
case of a certificate signature: it seems as if to attack that you'd
have to move from generating random collisions into preimage attacks.

It is, of course, quite possible that I'm tired and missing something
important.  :)



From jimhass at gmail.com  Sun Apr 28 11:21:15 2013
From: jimhass at gmail.com (James Hassinger)
Date: Sun, 28 Apr 2013 02:21:15 -0700 (PDT)
Subject: No subject
Message-ID: <1367140874971.440e9e52@Nodemailer>

?
Sent from Mailbox for iPhone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130428/01a83f96/attachment.html>

From peter at digitalbrains.com  Sun Apr 28 13:34:39 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Sun, 28 Apr 2013 13:34:39 +0200
Subject: Web of Trust in Practical Usage
In-Reply-To: <CAM83q7D4GPWNa_mrV9-jNSVbrYdOjupKP1gmFA_OU1a8Yc7axQ@mail.gmail.com>
References: <CAM83q7D4GPWNa_mrV9-jNSVbrYdOjupKP1gmFA_OU1a8Yc7axQ@mail.gmail.com>
Message-ID: <517D094F.4040507@digitalbrains.com>

I might be misinterpreting your request, because I can see two slightly
different interpretations and I'm going with only one of those! ;)

On 27/04/13 18:31, Quinn Wood wrote:
> However, gnupg does not recurse signatures on imported or updated keys[...]
> determining the most trusted (based on signature webs, hops, and/or other web
> of trust concepts) key

While signatures have a certain transitive quality (A signed B, B signed C,
there is a path from A to C), /ownertrust/ is not applied transitively[1]. This
means you'll still need to assign trust to a key introducing another key.

So if you're A, A signed B, B signed C, C signed D, you still need to assign
ownertrust to C /yourself/ to get D valid, and this has nothing to do with
ownertrust you assign to B.

So while tools like PGP Pathfinder can find signature paths, it doesn't really
help for validity, which needs ownertrust of a direct parent of the key you want
validated. There are no ownertrust paths.

Suppose you are downloading key D from a keyserver, and some tool decides there
is a path from A to D and it needs key C for that. If C is not already in your
keyring, it could download C for you. Superficially, this would seem to help
establish trust in D. But what good does it really do? Because you'll need to
assign ownertrust to C, and if you don't know C, how can you trust him or her?
And if you know C, why isn't he or she in your keyring already?[2]

I am most definitely not saying your request isn't a good one. Neither am I
saying there isn't a beatiful, elegant solution. Because I don't have enough
grasp of the material myself, and I might miss a lot. I'm also personally very
interested in tools to (meaningfully) expand the number of valid keys in my
keyring, which is why I was thinking about the exact same thing as you, but in
that line of thought I encountered the obstacles I just described.

So yay for more meaningfully valid keys on my keyring. I just don't see how :).

HTH,

Peter.

[1] I'm leaving trust signatures out of the picture, as they're uncommon in the WoT.

[2] If C was in your keyring already and you assigned ownertrust, the newly
imported D would immediately get some validity, so there's no extra tool needed.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From wood.quinn.s at gmail.com  Mon Apr 29 06:29:09 2013
From: wood.quinn.s at gmail.com (Quinn Wood)
Date: Sun, 28 Apr 2013 23:29:09 -0500
Subject: Web of Trust in Practical Usage
In-Reply-To: <517D094F.4040507@digitalbrains.com>
References: <CAM83q7D4GPWNa_mrV9-jNSVbrYdOjupKP1gmFA_OU1a8Yc7axQ@mail.gmail.com>
 <517D094F.4040507@digitalbrains.com>
Message-ID: <CAM83q7Dv3w_CkWCrCVELJJFP3C8LEQApyk3OLAGJ8_0MYc-qTQ@mail.gmail.com>

My question in simpler terms could probably be summed up "How can one find
the most popular- most signed- key (matching some query such as name or
email of course) while successfully avoiding falsely inflated signature
counts (such as keys which only have more signatures than another due to
their age or due to actual malicious acts like mass signing.)


On Sun, Apr 28, 2013 at 6:34 AM, Peter Lebbing <peter at digitalbrains.com>wrote:

> I might be misinterpreting your request, because I can see two slightly
> different interpretations and I'm going with only one of those! ;)
>
> On 27/04/13 18:31, Quinn Wood wrote:
> > However, gnupg does not recurse signatures on imported or updated
> keys[...]
> > determining the most trusted (based on signature webs, hops, and/or
> other web
> > of trust concepts) key
>
> While signatures have a certain transitive quality (A signed B, B signed C,
> there is a path from A to C), /ownertrust/ is not applied transitively[1].
> This
> means you'll still need to assign trust to a key introducing another key.
>
> So if you're A, A signed B, B signed C, C signed D, you still need to
> assign
> ownertrust to C /yourself/ to get D valid, and this has nothing to do with
> ownertrust you assign to B.
>
> So while tools like PGP Pathfinder can find signature paths, it doesn't
> really
> help for validity, which needs ownertrust of a direct parent of the key
> you want
> validated. There are no ownertrust paths.
>
> Suppose you are downloading key D from a keyserver, and some tool decides
> there
> is a path from A to D and it needs key C for that. If C is not already in
> your
> keyring, it could download C for you. Superficially, this would seem to
> help
> establish trust in D. But what good does it really do? Because you'll need
> to
> assign ownertrust to C, and if you don't know C, how can you trust him or
> her?
> And if you know C, why isn't he or she in your keyring already?[2]
>
> I am most definitely not saying your request isn't a good one. Neither am I
> saying there isn't a beatiful, elegant solution. Because I don't have
> enough
> grasp of the material myself, and I might miss a lot. I'm also personally
> very
> interested in tools to (meaningfully) expand the number of valid keys in my
> keyring, which is why I was thinking about the exact same thing as you,
> but in
> that line of thought I encountered the obstacles I just described.
>
> So yay for more meaningfully valid keys on my keyring. I just don't see
> how :).
>
> HTH,
>
> Peter.
>
> [1] I'm leaving trust signatures out of the picture, as they're uncommon
> in the WoT.
>
> [2] If C was in your keyring already and you assigned ownertrust, the newly
> imported D would immediately get some validity, so there's no extra tool
> needed.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>



-- 
--
Quinn
http://woodquinn.x10.mx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130428/be1f6016/attachment-0001.html>

From r132 at rufon.com.tw  Mon Apr 29 05:39:15 2013
From: r132 at rufon.com.tw (=?big5?B?vqett7resnqzoS2876VrpOU=?=)
Date: Mon, 29 Apr 2013 11:39:15 +0800
Subject: gpgee operation failed
Message-ID: <002701ce448b$1f339460$5d9abd20$@com.tw>

Hi there ,

Can someone help me with this error?

I reinstalled the program ,  and encrypt the file again, still don?t work.

I used to encrypt file without any issue.  My program version is 1.1.4.

Thanks.

cid:image007.jpg at 01CE44C1.3D560EB0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130429/ce55b553/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: application/octet-stream
Size: 115514 bytes
Desc: not available
URL: </pipermail/attachments/20130429/ce55b553/attachment-0001.obj>

From hhhobbit at securemecca.net  Mon Apr 29 15:41:59 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 29 Apr 2013 13:41:59 +0000
Subject: gpgee operation failed
In-Reply-To: <002701ce448b$1f339460$5d9abd20$@com.tw>
References: <002701ce448b$1f339460$5d9abd20$@com.tw>
Message-ID: <517E78A7.4050503@securemecca.net>

On 04/29/2013 03:39 AM, ?????-??? wrote:
> Hi there ,
> 
> Can someone help me with this error?
> 
> I reinstalled the program ,  and encrypt the file again, still don?t work.
> 
> I used to encrypt file without any issue.  My program version is 1.1.4.
> 
> Thanks.

Has the key expired?  I notice you have three files selected
and am wondering why you haven't zipped them and then
encrypted the zip but that is (or should not be) an issue.

I will try it to see what happens.



From peter at digitalbrains.com  Mon Apr 29 16:02:03 2013
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 29 Apr 2013 16:02:03 +0200
Subject: gpgee operation failed
In-Reply-To: <002701ce448b$1f339460$5d9abd20$@com.tw>
References: <002701ce448b$1f339460$5d9abd20$@com.tw>
Message-ID: <517E7D5B.6050702@digitalbrains.com>

On 29/04/13 05:39, ?????-??? wrote:
> Can someone help me with this error?

It says "Key validity - Unknown", so it seems you haven't signed the key and
GnuPG is refusing to encrypt to a key of which the identity is unverified.

> My program version is 1.1.4.

Are we talking about GnuPG 1.1.4? Because that should be exhibited in a museum
instead of run on your computer. It is way too old to use.

If it's the GPG4Win version, I can't tell how old it is.

HTH,

Peter.

PS: I might be mistaken, but I think you're not supposed to include pictures in
mails on the mailing list. It's better to put it on the web somewhere and
include a link to it in your mail.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


From brewsome at hotmail.com  Mon Apr 29 16:43:54 2013
From: brewsome at hotmail.com (M Russell)
Date: Mon, 29 Apr 2013 09:43:54 -0500
Subject: random_seed - no locks available
Message-ID: <BAY171-W78910061947D71D69E7DA5D9B20@phx.gbl>

Hello,

I hope someone might be able to lend me a hand.  I am running into an error message that I resolve.  I get a lock error when trying to encrypt or decrypt a file.  I found other forums that suggest deleting the random_seed file and killing the rpm process, but I don't have a rpm process running.  Renaming the file allowed the system to recreate the random_seed file, but the error persists.  I have noticed the file size is 0 which would be appropriate since the file cannot be locked.  An strace shows the error message, but it doesn't appear to point anything else out.  A lsof doesn't show the file is open.  I'm not sure where else to look.  Has anyone seen this and have any suggestions?

I'm running centos 6.2, gnupg 2.0.14, libgcrypt 1.4.5

can't lock `/home/mruss/.gnupg/random_seed': No locks available
note: random_seed file not updated


open("/home/mruss/.gnupg/random_seed", O_RDONLY) = 10
fcntl(10, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = -1 ENOLCK (No locks available)
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "can't lock `/home/mruss/.gnupg/random_seed': No locks available\n", 68) = 68
close(10)                               = 0
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130429/3e4ec975/attachment.html>

From hhhobbit at securemecca.net  Mon Apr 29 17:34:23 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 29 Apr 2013 15:34:23 +0000
Subject: gpgee operation failed
In-Reply-To: <002701ce448b$1f339460$5d9abd20$@com.tw>
References: <002701ce448b$1f339460$5d9abd20$@com.tw>
Message-ID: <517E92FF.9050403@securemecca.net>

On 04/29/2013 03:39 AM, ?????-??? wrote:
> Hi there ,
> 
> Can someone help me with this error?
> 
> I reinstalled the program ,  and encrypt the file again, still don?t work.
> 
> I used to encrypt file without any issue.  My program version is 1.1.4.
> 
> Thanks.

Are you saing it used to encrypt but stopped encrypting before you
installed the GPG4Win 1.14 again?

Oops.  I should not have spoke up so fast.  I didn't have time to
load GPG4Win, 7-Zip, Firefox, and a lot of other stuff for Windows.
Even worse I haven't had time to tame Windows Explorer to show some
folders. extensions, use lists, etc.  I have that partially done now.

1.1.4 is pretty old and the new GPG4Win 2.10 has worked just
fine for me on both Windows XP Home / Pro and now on Windows
7 Pro (remember, I just installed it, Firefox, and 7-Zip).
Your pictures shows that the validity of the key is unknown.
Have you signed it? But the way you said things sounded like
it was working that way (it should).

I just loaded GPG4Win 2.10 on Windows 7 Pro.  I could not see
where it put things so I generated dummy keys to find the
location.  I found them here:

C:\Users\YOUR_USER_NAME\AppData\Roaming\gnupg

I deleted the files (keeping random_seed) and then copied my files
from Linux (w/o random_seed) into the folder. I have 32 bit LE
throughout, although Linux is set up with PAE so I can exceed the
3 GB memory barrier. GPG4Win 2.10 uses the newer gpgex and
Kleopatra.  Encrypting the file was easy though.  All I had to do
was:

1. Right click on a Firefox.txt file in Windows Explorer
2. Select encrypt from GPG4Win menu
3. Select a proper recipient (I picked me)
4. Let it encrypt it.

I moved the encrypted file onto a flash drive and decrypted it
on another Linux system.  It decrypted fine with me supplying
my pass-phrase.  I tried an additional test of another recipient
and it could NOT be decrypted which is to be expected.  I don't
have their private keys or know their pass-phrase.

I am trying to think of what could be going wrong.  When you
installed the program again did you still have your exisiting
keys?  You should.  I have upgraded through several versions
of GPG4Win with no problems.  In fact I haven't had any problems
at all on Windows.  Encrypting on OpenSuse 11.4 via GPG
(symmetric or public key) may be impossible.  I now use 7-Zip
with it's bundled AES-128 for symmetric encryption on OpenSuse
and to transfer files back and forth with another Linux system.

Unless it is a damaged key-ring (in which case, why could you see
anything?) I see no reason why you can not just upgrade to
GPG4WIN 2.10 and go from there:

http://www.gpg4win.org/

You have ALL the information including where you may need to
move your keys if you have moved from Windows XP to Windows 7.
Hopefully you don't have Vista.  If you do I don't know
where the files go if you have to move / copy them.

HHH



From hhhobbit at securemecca.net  Mon Apr 29 19:48:48 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 29 Apr 2013 17:48:48 +0000
Subject: OpenSuse 11.4 - OOPS!
In-Reply-To: <517E92FF.9050403@securemecca.net>
References: <002701ce448b$1f339460$5d9abd20$@com.tw>
 <517E92FF.9050403@securemecca.net>
Message-ID: <517EB280.5000102@securemecca.net>


Correction.  My signfile script makes detached signatures
with no problems, the pcrypt script makes public encrypted
files with no problems, and the decrypt script decrypts the
publicly encrypted files with no problems on OpenSuse 11.4.

Here is what gets printed in the xterm when I try to do a
a symmetric cipher:

gpg: problem with the agent: Bad CA certificate

But despite the message it DOES do a symmetrice encrypion.

Here is where the scripts are:

http://www.securemecca.com/public/GnuPG/

And here all this time I thought the symmetric encryption
was failing.  I don't get an error on decryption.



From hhhobbit at securemecca.net  Mon Apr 29 23:29:58 2013
From: hhhobbit at securemecca.net (Henry Hertz Hobbit)
Date: Mon, 29 Apr 2013 21:29:58 +0000
Subject: random_seed - no locks available
In-Reply-To: <BAY171-W78910061947D71D69E7DA5D9B20@phx.gbl>
References: <BAY171-W78910061947D71D69E7DA5D9B20@phx.gbl>
Message-ID: <517EE656.8030305@securemecca.net>

On 04/29/2013 02:43 PM, M Russell wrote:
> Hello,
> 
> I hope someone might be able to lend me a hand.  I am running
> into an error message that I resolve.  I get a lock error when
> trying to encrypt or decrypt a file.  I found other forums
> that suggest deleting the random_seed file and killing the rpm
> process, but I don't have a rpm process running.  Renaming the
> file allowed the system to recreate the random_seed file, but
> the error persists.  I have noticed the file size is 0 which
> would be appropriate since the file cannot be locked.  An
> strace shows the error message, but it doesn't appear to point
> anything else out.  A lsof doesn't show the file is open.  I'm
> not sure where else to look.  Has anyone seen this and have any
>  suggestions?
> 
> I'm running centos 6.2, gnupg 2.0.14, libgcrypt 1.4.5
> 
> can't lock `/home/mruss/.gnupg/random_seed': No locks available
> note: random_seed file not updated
> 
> 
> open("/home/mruss/.gnupg/random_seed", O_RDONLY) = 10
> fcntl(10, F_SETLK, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = -1 ENOLCK (No locks available)
> open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
> write(2, "can't lock `/home/mruss/.gnupg/random_seed': No locks available\n", 68) = 68
> close(10)                               = 0

Note that random_seed is opened RDONLY.  The lock is just for
reading and it is non-blocking.  Why it should be there at
all when you are really locking nothing (len=0) is a bit of
a mystery.  The length was probably set from a file stat.

There are basically three reasons for errno to be set to ENOLCK:

1. You are out of lock table space (most likely).  Closing down
   everything and then rebooting is perhaps the best way to
   return sanity to the world.

2. You have too many segment lockdowns.  What segements?
   Notice that the length is zero.

3. Something like an NFS system problem.  That probably is not
   applicable.

If you want to test for the first this may or may not work
since I am almost asleep and am REALLY rusty on my use of
fcntl for file locking:

http://www.securemecca.com/public/GnuPG/TestLock/

Pick your own zip poisoning.  If you get lucky and the program
tells you that you have a locking problem then you are probably
out of available file locks.

In any case I don't know what work-around gnugpg 2.0.14 has for
this particular case or if it has one.  It probably does have
a work-around.

Do you still have the old random_seed file?  If so, after
rebooting I would put it back in place and make sure it has
the proper permissions.  The Read flags and eXecute flag on
the directory are probably okay since you can open the file
for reading.   Just make the sure the Write flags are also
set.  If one of the write permisions is turned off that could
explain a zero length file.

$ cd
$ umask
0077
$ ls -al | grep gnupg
drwx------  3 USER_NAME GROUP_NAME    4096 Apr 29 19:32 .gnupg
$ cd .gnupg
$ ls -l random_seed
-rw------- 1 USER_NAME GROUP_NAME 600 Apr 29 16:59 random_seed

My bet is your lock table space is filled up so closing down and
rebooting with your old random_seed file set to the proper
permissions will cure the problem.

NAP TIME!



From wk at gnupg.org  Tue Apr 30 11:41:05 2013
From: wk at gnupg.org (Werner Koch)
Date: Tue, 30 Apr 2013 11:41:05 +0200
Subject: random_seed - no locks available
In-Reply-To: <517EE656.8030305@securemecca.net> (Henry Hertz Hobbit's message
 of "Mon, 29 Apr 2013 21:29:58 +0000")
References: <BAY171-W78910061947D71D69E7DA5D9B20@phx.gbl>
 <517EE656.8030305@securemecca.net>
Message-ID: <87haios6dq.fsf@vigenere.g10code.de>

On Mon, 29 Apr 2013 23:29, hhhobbit at securemecca.net said:

> reading and it is non-blocking.  Why it should be there at
> all when you are really locking nothing (len=0) is a bit of
> a mystery.  The length was probably set from a file stat.

len==0 means to keep a lock from the start position to the end of the
file.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.