From benjaminlee@users.sf.net Fri Aug 1 05:36:02 2003 From: benjaminlee@users.sf.net (Benjamin Lee) Date: Fri Aug 1 04:36:02 2003 Subject: New RPM spec file for 1.2.3 In-Reply-To: <20030731143630.GY614@jabberwocky.com> References: <20030731143630.GY614@jabberwocky.com> Message-ID: <20030801023722.GA25041@xaos.realthought.net> For what it's worth, .spec file works fine with RedHat 9 and some Rawhide packages (not many though). On Friday, 2003-08-01 at 12:36:30 AM, David Shaw scribbled: > I've gotten a few reports that the RPM spec file included in 1.2.3rc2 > doesn't work properly with RPM 4.1 (which is the standard version in > RedHat 9). >=20 > Here is a new spec file, that will probably go into 1.2.3 when it is > released. As always, testing and comments appreciated. >=20 > David --=20 Benjamin Lee Melbourne, Australia "Always real." http://www.realthought.net/ __________________________________________________________________________ Man 1: Ask me the what the most important thing about telling a good joke i= s. Man 2: OK, what is the most impo -- Man 1: ______=08=08=08=08=08=08TIMING! From Jeffery.Martinez@shell.com Sat Aug 2 10:53:02 2003 From: Jeffery.Martinez@shell.com (Martinez, Jeffery JM SITI-ITDGA) Date: Sat Aug 2 09:53:02 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) Message-ID: <9D910085C6997747A7BBE00A7B84C23401F787E1@HOUIC-S-340.americas.shell.com> I have not been able to get the GNUpg 1.2.2 to work with AIX 5.2 using the /dev/random device to pull random information. The program is not able to gather enough data and just sits there waiting forever for more random data to appear: # ./gpg --gen-key gpg (GnuPG) 1.2.2; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Root user Email address: root@hostname Comment: Root user You selected this USER-ID: "Root user (Root user) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 16 more bytes) (WAIT FOREVER here) I ran some quick tests with dd on the /dev/random device to see if it was generating data and it appears to be generating data just fine--especially for something just waiting for 16 more bytes). I used the command: dd if=/dev/random of=/tmp/junkfile Do you know of anyone who has been able to successfully compile and run GNUpg on AIX 5.2 to encrypt files and generate keys using /dev/random? On a similar system I tried installing an AIX 5.2 (ML1) APAR fix related to /dev/random which installed an updated fileset for bos.rte.security to version 5.2.0.11--but now on this server I receive an out of memory error when I run a command to encrypt a file. I would greatly appreciate any help/advice you can offer. Thanks, Jeffery Martinez Shell Information Technology International P.O. Box 20329, Houston, TX 77025-0329, United States of America Tel: +1 713-245 2774 Email: Jeffery.Martinez@shell.com Internet: http://www.shell.com From Benjamin Lee Sat Aug 2 10:53:05 2003 From: Benjamin Lee (Benjamin Lee) Date: Sat Aug 2 09:53:05 2003 Subject: New RPM spec file for 1.2.3 In-Reply-To: <20030731143630.GY614@jabberwocky.com> References: <20030731143630.GY614@jabberwocky.com> Message-ID: <20030801023335.GA23210@xaos.realthought.net> For what it's worth, .spec file works fine with RedHat 9 and some Rawhide packages (not many though). On Friday, 2003-08-01 at 12:36:30 AM, David Shaw scribbled: > I've gotten a few reports that the RPM spec file included in 1.2.3rc2 > doesn't work properly with RPM 4.1 (which is the standard version in > RedHat 9). >=20 > Here is a new spec file, that will probably go into 1.2.3 when it is > released. As always, testing and comments appreciated. >=20 > David --=20 Benjamin Lee Melbourne, Australia "Always real." http://www.realthought.net/ __________________________________________________________________________ Man 1: Ask me the what the most important thing about telling a good joke i= s. Man 2: OK, what is the most impo -- Man 1: ______=08=08=08=08=08=08TIMING! From wk@gnupg.org Sat Aug 2 11:52:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Aug 2 10:52:02 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) In-Reply-To: <9D910085C6997747A7BBE00A7B84C23401F787E1@HOUIC-S-340.americas.shell.com> (Jeffery Martinez's message of "Wed, 30 Jul 2003 18:51:41 -0500") References: <9D910085C6997747A7BBE00A7B84C23401F787E1@HOUIC-S-340.americas.shell.com> Message-ID: <87vftgzbjs.fsf@alberti.g10code.de> On Wed, 30 Jul 2003 18:51:41 -0500, Martinez, Jeffery JM SITI-ITDGA said: > I have not been able to get the GNUpg 1.2.2 to work with AIX 5.2 using the > /dev/random device to pull random information. The program is not able to > gather enough data and just sits there waiting forever for more random data I don't know how /dev/random is implemented in AIX. You could try ./configure --enable-static-rnd=unix to use the generic Unix random gatherer as a workaround. > dd if=/dev/random of=/tmp/junkfile To make your tests with GnuPG easier, you can use this command gpg -a --gen-random 2 300 This generated 300 bytes of random and prints them base64 encoded. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From beebe@math.utah.edu Sat Aug 2 17:34:02 2003 From: beebe@math.utah.edu (Nelson H. F. Beebe) Date: Sat Aug 2 16:34:02 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) In-Reply-To: Your message of Wed, 30 Jul 2003 18:51:41 -0500 Message-ID: Jeffery Martinez writes on Wed, 30 Jul 2003 18:51:41 -0500 >> ... >> I have not been able to get the GNUpg 1.2.2 to work with AIX 5.2 using the >> /dev/random device to pull random information. The program is not able to >> gather enough data and just sits there waiting forever for more random data >> to appear: >> ... Try using /dev/urandom instead. /dev/random is cryptographically strong, and will not return data until sufficient entropy has been collected. /dev/urandom is somewhat weaker, and can produce a steady stream of data without delay. Most systems that have these devices have this property, although at least one that I've seen has a nonstop /dev/random. ------------------------------------------------------------------------------- - Nelson H. F. Beebe Tel: +1 801 581 5254 - - Center for Scientific Computing FAX: +1 801 581 4148 - - University of Utah Internet e-mail: beebe@math.utah.edu - - Department of Mathematics, 110 LCB beebe@acm.org beebe@computer.org - - 155 S 1400 E RM 233 beebe@ieee.org - - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe - ------------------------------------------------------------------------------- From tamer.higazi@web.de Sat Aug 2 22:48:02 2003 From: tamer.higazi@web.de (Tamer Higazi) Date: Sat Aug 2 21:48:02 2003 Subject: gpg recognize problem with EMail Plugins Message-ID: <2840000.1059853772@localhost> Hi! I installed gpg and gpg me under linux (1.2.2) from the source this way under SuSE Linux 8.2: ./configure --prefix=/usr make make install All GPG Plugins can't recognize gpg, i guess. Not KGPG, Enigmall (http://enigmail.mozdev.org) Mozilla Mail Plugin recognize GPG and my keys. Every message I receive and try to decrypt doesn't succeed. I receive always the message "Bad Passphrase" what is not true. If i encrypt/decrpyt from the commandline a message then it works. So, it's not a a wrong password i entered. I guess, it is a configuration problem. If somebody could help me, thank you. Tamer Higazi From wk@gnupg.org Sun Aug 3 12:47:01 2003 From: wk@gnupg.org (Werner Koch) Date: Sun Aug 3 11:47:01 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) In-Reply-To: (Nelson H. F. Beebe's message of "Sat, 2 Aug 2003 08:35:09 -0600 (MDT)") References: Message-ID: <871xw3ysw2.fsf@alberti.g10code.de> On Sat, 2 Aug 2003 08:35:09 -0600 (MDT), Nelson H F Beebe said: > Try using /dev/urandom instead. /dev/random is cryptographically > strong, and will not return data until sufficient entropy has been GnuPG knows about this and uses boths devices depending on the purpose of the required random. We try to make sure that the GnuPG internal random pool has been seeded with a sufficient ammount of strong entropy (/dev/random) and in addition a certain amoount of this entropy is required for key generation. For other purposes the GnuPG internal pool might be just seeded by a possible PRNG (/dev/urandom). The bottom line is that one should not replace /dev/random by /dev/urandom. If you don't want to generate keys, a workaround is to pre-create the random-seed file (take 600 bytes random from somewhere). Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jon.soong@imvs.sa.gov.au Mon Aug 4 06:25:02 2003 From: jon.soong@imvs.sa.gov.au (jonathan soong) Date: Mon Aug 4 05:25:02 2003 Subject: proxy authentication - i presume it doesn't work. Message-ID: <3F2DD232.9000703@imvs.sa.gov.au> Hi everyone, I'm trying to get gpg to work through an Authenticating Squid proxy, with not much luck. I am presuming it is broken. Below are the steps i have tried: If i use a non-authenticating Squid proxy, it works fine (i needed the 'broken-http-proxy' option), however authenticating Squid proxies don't seem to work. I have tried setting the proxy username/password in the http_proxy variable: $> export http_proxy=http://agent:agent@proxy.mydomain.com:8080 I receieve: $> ./gpg --keyserver-options "honor-http-proxy broken-http-proxy" --keyserver=XXX.XXX.XXX.XXX --search-keys haze01 gpg: searching for "haze01" from HKP server 150.101.60.75 gpg: agent: host not found: ec=11001 gpg: can't search keyserver: No such file or directory And i have tried to set the http_proxy_username and http_proxy_password environment variables: $> export https_proxy_password=agent $> export http_proxy_password=agent $> export https_proxy_username=agent $> export http_proxy_username=agent $> export http_proxy=http://proxy.mydomain.com:8080 I receive: $> $ ./gpg --keyserver-options "honor-http-proxy broken-http-proxy" --keyserver=150.101.60.75 --search-keys haze01 gpg: searching for "haze01" from HKP server 150.101.60.75 gpg: key "haze01" not found on keyserver And in the squid logs: 10.20.103.89 - - [04/Aug/2003:12:52:28 +0930] "GET http://XXX.XXX.XXX.XXX:11371/pks/lookup? HTTP/1.0" 407 1773 TCP_DENIED:NONE So i presume it is not getting authenticated at all. If anyone has any suggestions or advice i'd be most grateful. If not, my next plan is to write something to send the public keys over normal HTTP and write a script on the other end to upload a key to a keyserver. Kind Regards Jonathan From albrecht.dress@arcor.de Mon Aug 4 22:23:02 2003 From: albrecht.dress@arcor.de (Albrecht =?iso-8859-1?Q?Dre=DF?=) Date: Mon Aug 4 21:23:02 2003 Subject: Bug in gpgme 0.4.2? Message-ID: <20030804192424.GG1072@antares.localdomain> --MW5yreqqjyrRcusr Content-Type: text/plain; format=flowed; charset=ISO-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, when porting the gpg support in balsa from gpgme 0.3.15 to 0.4.2, I think= =20 I ran into a bug. If I run gpgme_op_verify() on a message for which the key is missing, I=20 get a GPGME general error as result instead of GPG_ERR_NO_PUBKEY. A simple= =20 test program is attached. To test it, run it e.g. on a RFC 2440 signed=20 message body for which you do not have the public key (e.g. this message,= =20 if you delete my public key from your ring before): [albrecht@antares albrecht]$ ./gpgme-key-test TEST-NoKey gpgme version is= =20 0.4.2 signature status: 117440513 =3D GPGME: General error gpgme 0.3.15 correctly says that the signature could not be verified due=20 to a missing key. The test app works fine if the key is present, even if=20 the signature is bad: [albrecht@antares albrecht]$ ./gpgme-key-test TEST-GoodKeySig gpgme version is 0.4.2 signature status: 0 =3D Unspecified source: Success [albrecht@antares albrecht]$ ./gpgme-key-test TEST-GoodKeyBadSig gpgme version is 0.4.2 signature status: 117440520 =3D GPGME: Bad signature However, for the latter case, IMHO the example on pg. 52=20 (gpgme_get_sig_status) is wrong, as "switch(sig->status)" will not hit=20 GPG_ERR_BAD_SIGNATURE (missing gpgme_err_code()). System details: gpgme 0.4.2, gpg-error 0.3, gpg 1.2.2, glibc-2.2.5-1.2.3a,= =20 gcc-3.2.3 on a Powermac running Yellowdog Linux 2.3. Any ideas? Cheers, Albrecht. - --=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre=DF - Johanna-Kirchner-Stra=DFe 13 - D-53123 Bonn (German= y) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/LrLon/9unNAn/9ERAj3BAKC+9W+WDhSjdOKDpl6/xGkxbCNLhQCgsJuL qmlN2mXsRZdxamkyRIvBbXE=3D =3DvUMJ -----END PGP SIGNATURE----- --MW5yreqqjyrRcusr Content-Type: text/x-c; charset=us-ascii Content-Disposition: attachment; filename="gpgme-key-test.c" #include #include #include static void check_file_sig(const char * filename); int main(int argc, char **argv) { if (argc < 2) { fprintf(stderr, "usage: %s \n", argv[0]); return 1; } printf ("gpgme version is %s\n", gpgme_check_version(NULL)); check_file_sig(argv[1]); return 0; } static void check_file_sig(const char * filename) { gpgme_error_t err; gpgme_ctx_t ctx; gpgme_data_t sig, out; gpgme_new(&ctx); if ((err = gpgme_data_new_from_file(&sig, filename, 1)) != GPG_ERR_NO_ERROR) { fprintf(stderr, "gpgme could not get data from file: %s: %s\n", gpgme_strsource(err), gpgme_strerror(err)); exit(1); } gpgme_data_new(&out); if ((err = gpgme_op_verify(ctx, sig, NULL, out)) != GPG_ERR_NO_ERROR) { fprintf(stderr, "gpgme signature verification failed: %s: %s\n", gpgme_strsource(err), gpgme_strerror(err)); exit(1); } else { gpgme_verify_result_t result; if (!(result = gpgme_op_verify_result(ctx)) || result->signatures == NULL) { fprintf(stderr, "gpgme_op_verify_result() did not return a result.\n"); exit(1); } printf("signature status: %d = %s: %s\n", result->signatures->status, gpgme_strsource(result->signatures->status), gpgme_strerror(result->signatures->status)); } gpgme_data_release(sig); gpgme_data_release(out); gpgme_release(ctx); } --MW5yreqqjyrRcusr-- From jharris@widomaker.com Mon Aug 4 23:10:01 2003 From: jharris@widomaker.com (Jason Harris) Date: Mon Aug 4 22:10:01 2003 Subject: [keyanalyze-discuss] The web of trust tightens over time In-Reply-To: <200308042054.51096@fortytwo.ch> References: <20030803055345.GH22222@parcelfarce.linux.theplanet.co.uk> <20030803231457.GR31089@dtype.org> <20030804004912.GC4380@pm1.ric-08.lft.widomaker.com> <200308042054.51096@fortytwo.ch> Message-ID: <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> --JGq01gMRpXZxBGpH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 04, 2003 at 08:54:47PM +0200, Adrian 'Dagurashibanipal' von Bid= der wrote: > On Monday 04 August 2003 02:49, Jason Harris wrote: >=20 > > With a keyring of any given strong set, someone could easily run > > "gpg --check-sigs" on it without invoking any mad (programming) skillz. >=20 > And a --check-sigs of *the* strong set would take exactly how long? At le= ast a=20 > few days if not weeks is my guess. David, Werner, would you care to hazard a guess? 20,814 keys are in the 2003-07-27 strong set. Assume a single 2.x GHz x86 CPU and ~250,000 signatures. Would splitting such a large keyring help any? Are there any optimizations that could be done? Would the best-case scenario be 20,814 individual keyrings with the key=20 being checked located first in the keyring and the signing keys located in order based on their keyid? --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --JGq01gMRpXZxBGpH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/Lr3lSypIl9OdoOMRAuhYAJsF8ttvlvsnum/OrWb2IAQuhjqPvgCfcy2Q fBPg/i5g5L54U/FVVw9Bz5k= =1AR8 -----END PGP SIGNATURE----- --JGq01gMRpXZxBGpH-- From Marcus.Brinkmann@ruhr-uni-bochum.de Tue Aug 5 00:13:04 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Mon Aug 4 23:13:04 2003 Subject: Bug in gpgme 0.4.2? In-Reply-To: <20030804192424.GG1072@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> Message-ID: <20030804211420.GD2690@212.23.136.22> On Mon, Aug 04, 2003 at 09:24:25PM +0200, Albrecht Dreß wrote: > If I run gpgme_op_verify() on a message for which the key is missing, I > get a GPGME general error as result instead of GPG_ERR_NO_PUBKEY. Yes, this is a simple parser error (I compare against 9 instead '9' :(), which is now fixed in CVS. > However, for the latter case, IMHO the example on pg. 52 > (gpgme_get_sig_status) is wrong, as "switch(sig->status)" will not hit > GPG_ERR_BAD_SIGNATURE (missing gpgme_err_code()). Right, also fixed in CVS now. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From marcosp_belem@ig.com.br Tue Aug 5 08:24:02 2003 From: marcosp_belem@ig.com.br (MARCOS SOUSA) Date: Tue Aug 5 07:24:02 2003 Subject: Help Java and GnuPg Message-ID: dear gentlemen, Does anybody know some program in Java that encrypt and decrypt files through the gnupg 1.X, and code source available? Thanks, Marcos Sousa _________________________________________________________ Voce quer um iGMail protegido contra vírus e spams? Clique aqui: http://www.igmailseguro.ig.com.br Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/ From JPClizbe@comcast.net Tue Aug 5 10:16:02 2003 From: JPClizbe@comcast.net (John Clizbe) Date: Tue Aug 5 09:16:02 2003 Subject: Help Java and GnuPg In-Reply-To: References: Message-ID: <3F2F5A09.9020802@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MARCOS SOUSA wrote: > Does anybody know some program in Java that encrypt and decrypt files > through the gnupg 1.X, and code source available? > A quick Google search yielded: Cryptix OpenPGP - Open source and claims RFC 2440 compliance: http://www.cryptix.org/products/openpgp/index.html More at: http://www.google.com/search?&q=java+encryption+gpg - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/L1oJHQSsSmCNKhARAllvAKCmBDY33D9hdQccZ0deFK/sB74UbwCgjsM/ uyXoAD5cXAMoE9GnJGhtMSk= =ZDd3 -----END PGP SIGNATURE----- From wk@gnupg.org Tue Aug 5 10:37:02 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Aug 5 09:37:02 2003 Subject: [keyanalyze-discuss] The web of trust tightens over time In-Reply-To: <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> (Jason Harris's message of "Mon, 4 Aug 2003 16:11:19 -0400") References: <20030803055345.GH22222@parcelfarce.linux.theplanet.co.uk> <20030803231457.GR31089@dtype.org> <20030804004912.GC4380@pm1.ric-08.lft.widomaker.com> <200308042054.51096@fortytwo.ch> <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> Message-ID: <87wudswo7l.fsf@alberti.g10code.de> On Mon, 4 Aug 2003 16:11:19 -0400, Jason Harris said: > David, Werner, would you care to hazard a guess? 20,814 keys are in the > 2003-07-27 strong set. Assume a single 2.x GHz x86 CPU and ~250,000 > signatures. Don't try it. I won't give an estimation as I know that the algorithm is too worse. > Would splitting such a large keyring help any? Are there any optimizations > that could be done? No. The obvious optimization is to allow random access to the keyring and have an index. Years ago I tried this with a gdb based key storage but it was too hard to maintain. gpgsm uses a new key storage format which allows for an index and random access to each keyblock without parsing all the precedeeng keyblocks. It is X.509, though. Part of gpg 1.9 is to replace the keyrings with that new system. I am pretty sure that this will boost the performance so that you can try a --check-trustdb on 20000 keys. > Would the best-case scenario be 20,814 individual keyrings with the key > being checked located first in the keyring and the signing keys located > in order based on their keyid? No, the algorithm ist simply: for all-keyrings do for all-keys-in-keyring do foo Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From colstar@iprimus.com.au Tue Aug 5 11:14:02 2003 From: colstar@iprimus.com.au (colstar@iprimus.com.au) Date: Tue Aug 5 10:14:02 2003 Subject: Help Java and GnuPg In-Reply-To: Message-ID: <3F1ED5CD00004B75@cpms02.int.iprimus.net.au> Marcos I have done it in C#, the languages arn't that far appart, I can have a look at a (quick and dirty) converting it to a java should not take long. it is quite simple routing with a couple of threads Best Wishes Colin. >-- Original Message -- >To: gnupg-devel@gnupg.org >From: MARCOS SOUSA >Cc: >Subject: Help Java and GnuPg >Date: Tue, 5 Aug 2003 02:24:53 -0300 > > >dear gentlemen, > >Does anybody know some program in Java that encrypt and decrypt files >through the gnupg 1.X, and code source available? > >Thanks, >Marcos Sousa > >_________________________________________________________ >Voce quer um iGMail protegido contra v?rus e spams? >Clique aqui: http://www.igmailseguro.ig.com.br >Ofertas imperd?veis! Link: http://www.americanas.com.br/ig/ > > >_______________________________________________ >Gnupg-devel mailing list >Gnupg-devel@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-devel From albrecht.dress@arcor.de Tue Aug 5 18:53:03 2003 From: albrecht.dress@arcor.de (Albrecht =?iso-8859-1?Q?Dre=DF?=) Date: Tue Aug 5 17:53:03 2003 Subject: Bug in gpgme 0.4.2? In-Reply-To: <20030804211420.GD2690@212.23.136.22>; from Marcus.Brinkmann@ruhr-uni-bochum.de on Mon, Aug 04, 2003 at 23:14:20 +0200 References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> Message-ID: <20030805155418.GA13270@antares.localdomain> --fdj2RfSjLxBAspz7 Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Am 04.08.03 23:14 schrieb(en) Marcus Brinkmann: > Yes, this is a simple parser error (I compare against 9 instead '9' :(), > which is now fixed in CVS. Building the CVS fails on my system in the tests section: [tons of messages] /bin/sh ../../libtool --mode=3Dlink /opt/gcc-3.2.3/bin/gcc-3.2.3 -g -O2 -= =20 Wall -Wcast-align -Wshadow -Wstrict-prototypes -o t-encrypt t-encrypt.=20 o ../../gpgme/libgpgme.la -L/opt/gpgme-0.4/lib -lgpg-error /opt/gcc-3.2.3/bin/gcc-3.2.3 -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-= =20 prototypes -o .libs/t-encrypt t-encrypt.o ../../gpgme/.libs/libgpgme.so -= =20 L/opt/gpgme-0.4/lib /opt/gpgme-0.4/lib/libgpg-error.so -Wl,--rpath -Wl,/=20 opt/gpgme-0.4/lib =2E./../gpgme/.libs/libgpgme.so: undefined reference to =20 `_gpgme_ath_pthread_available' collect2: ld returned 1 exit status I copied gpgme/verify.c to the gpgme-0.4.2 folder, rebuilt it, and now it = =20 works correctly. Thanks for fixing that problem! As I am now almost finished with moving balsa from gpgme 0.3.15 to 0.4.3, = =20 I would like to submit the patch for migration soon. Do you have a =20 timeline for releasing gpgme 0.4.3? I guess people would complain if they = =20 had to use CVS gpgme, and I want to make 0.4.3 as minumum requirement to = =20 avoid endless discussions about missing pub keys not detected correctly. Cheers, Albrecht. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre=DF - Johanna-Kirchner-Stra=DFe 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/L9Mqn/9unNAn/9ERAsqiAKCB4O2qB2hMk24bRcByr+c1ttStmQCgxZzn JK3hUmT+OZ2/H0DgmxQs3DE= =Cqq7 -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7-- From Marcus.Brinkmann@ruhr-uni-bochum.de Tue Aug 5 19:23:02 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Aug 5 18:23:02 2003 Subject: Bug in gpgme 0.4.2? In-Reply-To: <20030805155418.GA13270@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> Message-ID: <20030805162450.GB3914@212.23.136.22> On Tue, Aug 05, 2003 at 05:54:18PM +0200, Albrecht Dreß wrote: > Building the CVS fails on my system in the tests section: Nothing of relevance to this failure has changed from 0.4.2 to 0.4.3. So if you can compile 0.4.2 I assume that something is wrong in your build environment. > As I am now almost finished with moving balsa from gpgme 0.3.15 to 0.4.3, > I would like to submit the patch for migration soon. Do you have a > timeline for releasing gpgme 0.4.3? I first want to do a bit more work on GPGME, but maybe I can make another bug fix release within the next one and a half week. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From wk@gnupg.org Tue Aug 5 21:52:03 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Aug 5 20:52:03 2003 Subject: NewPG is now GnuPG 1.9 Message-ID: <87he4wvsvh.fsf@alberti.g10code.de> Hi! I just did the first release of GnuPG 1.9 which aims to integrate newpg with gpg. It should work as a drop in replacement for gpg-agent, scdaemon and gpgsm. Some things have bin fixed there since the last newpg releases. gpg is also included but renamed to gpg2 and gpgv2 to avoid conflicts with stable GnuPG versions. The whole thing is not very well tested but it works for me and the changes to the software already existing in newpg are straightforward. gpg2 has been changed to use libgcrypt but secret key management is still done by itself and not by gpg-agent. However, --use-agent is the default now and we support the new OpenPGP smartcards. If you want to check it out: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.0.tar.gz (1135k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.0.tar.gz.sig Some NEWS: * gpg has been renamed to gpg2 and gpgv to gpgv2. This is a temporary change to allow co-existing with stable gpg versions. * ~/.gnupg/gpg.conf-1.9.0 is fist tried as config file before the usual gpg.conf. * Removed the -k, -kv and -kvv commands. -k is now an alias to --list-keys. New command -K as alias for --list-secret-keys. * Removed --run-as-shm-coprocess feature. * gpg does now also use libgcrypt, libgpg-error is required. * New gpgsm commands --call-dirmngr and --call-protect-tool. * Changing a passphrase is now possible using "gpgsm --passwd" * The content-type attribute is now recognized and created. * The agent does now reread certain options on receiving a HUP. * The pinentry is now forked for each request so that clients with different environments are supported. When running in daemon mode and --keep-display is not used the DISPLAY variable is ignored. * Merged stuff from the newpg branch and started this new development branch. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jas@extundo.com Wed Aug 6 01:31:02 2003 From: jas@extundo.com (Simon Josefsson) Date: Wed Aug 6 00:31:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <87he4wvsvh.fsf@alberti.g10code.de> (Werner Koch's message of "Tue, 05 Aug 2003 20:53:06 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: ... checking for libassuan-config... no checking for LIBASSUAN - version >= 0.0.1... no ... make[2]: Entering directory `/home/jas/src/gnupg/common' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/include -I/usr/local/include -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -MT maperror.o -MD -MP -MF ".deps/maperror.Tpo" \ -c -o maperror.o `test -f 'maperror.c' || echo './'`maperror.c; \ then mv -f ".deps/maperror.Tpo" ".deps/maperror.Po"; \ else rm -f ".deps/maperror.Tpo"; exit 1; \ fi maperror.c:30:20: assuan.h: No such file or directory maperror.c: In function `map_assuan_err': maperror.c:97: error: `ASSUAN_Canceled' undeclared (first use in this function) maperror.c:97: error: (Each undeclared identifier is reported only once maperror.c:97: error: for each function it appears in.) maperror.c:98: error: `ASSUAN_Invalid_Index' undeclared (first use in this function) maperror.c:100: error: `ASSUAN_Not_Implemented' undeclared (first use in this function) maperror.c:101: error: `ASSUAN_Server_Fault' undeclared (first use in this function) maperror.c:102: error: `ASSUAN_No_Public_Key' undeclared (first use in this function) maperror.c:103: error: `ASSUAN_No_Secret_Key' undeclared (first use in this function) maperror.c:105: error: `ASSUAN_Cert_Revoked' undeclared (first use in this function) maperror.c:106: error: `ASSUAN_No_CRL_For_Cert' undeclared (first use in this function) maperror.c:107: error: `ASSUAN_CRL_Too_Old' undeclared (first use in this function) maperror.c:109: error: `ASSUAN_Not_Trusted' undeclared (first use in this function) maperror.c:111: error: `ASSUAN_Card_Error' undeclared (first use in this function) maperror.c:112: error: `ASSUAN_Invalid_Card' undeclared (first use in this function) maperror.c:113: error: `ASSUAN_No_PKCS15_App' undeclared (first use in this function) maperror.c:114: error: `ASSUAN_Card_Not_Present' undeclared (first use in this function) maperror.c:115: error: `ASSUAN_Not_Confirmed' undeclared (first use in this function) maperror.c:116: error: `ASSUAN_Invalid_Id' undeclared (first use in this function) make[2]: *** [maperror.o] Error 1 make[2]: Leaving directory `/home/jas/src/gnupg/common' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/jas/src/gnupg' make: *** [all] Error 2 jas@latte:~/src/gnupg$ Thanks. From wk@gnupg.org Wed Aug 6 10:57:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Aug 6 09:57:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 00:33:10 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: <87wudrusni.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 00:33:10 +0200, Simon Josefsson said: > checking for libassuan-config... no > checking for LIBASSUAN - version >= 0.0.1... no Aiih, seems we have not yet released it but it is installed on all my development boxes :-(. I'll make a release today. Thanks, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk@gnupg.org Wed Aug 6 12:37:04 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Aug 6 11:37:04 2003 Subject: First Libassuan release References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: <87oez3unvy.fsf@alberti.g10code.de> Hi! Yesterday I forgot to make a release of libassuan which is required for GnupG 1.9. This beast is lingering around for a long time on our boxes and in CVS, so that I falsely assumedt it must have been released. Anyway, the first release has now been done and libassuan is available at: ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/libassuan-0.6.0.tar.gz (240k) ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/libassuan-0.6.0.tar.gz.sig Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jas@extundo.com Wed Aug 6 14:37:02 2003 From: jas@extundo.com (Simon Josefsson) Date: Wed Aug 6 13:37:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <87wudrusni.fsf@alberti.g10code.de> (Werner Koch's message of "Wed, 06 Aug 2003 09:55:29 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> Message-ID: Compiles fine now, thanks. However, when I try to sign something, it selects an expired key. $ mv .gnupg .gnupg-v1 $ rm -rf .gnupg $ gpg ... ^D $ cp .gnupg-v1/secring.gpg .gnupg-v1/pubring.gpg .gnupg $ gpg2 -b -a Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1024-bit DSA key, ID 5C980097, created 2001-04-10 gpg: gpg-agent is not available in this session foo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.1-cvs (GNU/Linux) iD8DBQA/MOdZ8U/viFyYAJcRAlJ5AKDT0lZHS7h0ccLKEi0sQNA9xzLlCACg4Mr3 Klo0rGd7XcpOGd3qUw80QJI= =kg3x -----END PGP SIGNATURE----- $ The key selected expired long time ago: pub 1024D/5C980097 2001-04-10 Simon Josefsson uid Simon Josefsson uid Simon Josefsson uid Simon Josefsson sub 768g/368A26A6 2001-04-10 [expires: 2002-04-10] Perhaps this isn't a new problem though (gpg 1.3 behave the same), but it would be nice to have GnuPG prefer a valid key, when available. However, when I try to use my current key, it doesn't work: $ gpg2 -b -a --default-key B565716F Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1280-bit RSA key, ID B565716F, created 2002-05-05 gpg: gpg-agent is not available in this session foo gpg: signing failed: Invalid public key algorithm gpg: signing failed: Invalid public key algorithm $ Old GnuPG work fine: $ gpg -b -a --default-key B565716F gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1280-bit RSA key, ID B565716F, created 2002-05-05 foo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.2-cvs (GNU/Linux) iQC1AwUAPzDn5e2iHpS1ZXFvAQKnFQT/Tt+ws4XisVsFlYmpbjQmTZp7zRvP0KBf M2jAvIxv9oKXgbGhN2jUeVRNR7y+phXdv1hBcZ1hDkeF0WUI2ONqNIKeu/s0N9Nc /bKnLTgnMZD/grKgF7NuAPRokO9OQM80LqI6QNiZNqqZFIeRDFDi5SYqz3mGvYsi 7Hl8NipQW7IL6edj5rws+I26q4VGN7r/KUcOncwqXDQUBqTh56wrNw== =gjuh -----END PGP SIGNATURE----- jas@latte:~$ Here's the key: pub 1280R/B565716F 2002-05-05 Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2003-11-06] Any ideas? From wk@gnupg.org Wed Aug 6 15:47:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Aug 6 14:47:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 13:38:49 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> Message-ID: <878yq7uf2b.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 13:38:49 +0200, Simon Josefsson said: > Perhaps this isn't a new problem though (gpg 1.3 behave the same), but > it would be nice to have GnuPG prefer a valid key, when available. Oops. It should not allow to use an expired key. 1.9 has been forked from 1.3 not too long ago and I try to keep it in sync. > 1280-bit RSA key, ID B565716F, created 2002-05-05 > gpg: signing failed: Invalid public key algorithm Part of the code is from 1.1.2. Here is the fix: diff -u -r1.1.2.3 pkglue.c --- g10/pkglue.c 5 Aug 2003 17:11:02 -0000 1.1.2.3 +++ g10/pkglue.c 6 Aug 2003 12:42:56 -0000 @@ -48,6 +48,13 @@ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", skey[0], skey[1], skey[2], skey[3], skey[4]); } + else if (algo == GCRY_PK_RSA) + { + rc = gcry_sexp_build (&s_skey, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4], + skey[5]); + } else if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E) { rc = gcry_sexp_build (&s_skey, NULL, -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jas@extundo.com Wed Aug 6 21:31:02 2003 From: jas@extundo.com (Simon Josefsson) Date: Wed Aug 6 20:31:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <878yq7uf2b.fsf@alberti.g10code.de> (Werner Koch's message of "Wed, 06 Aug 2003 14:49:00 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> Message-ID: Werner Koch writes: >> gpg: signing failed: Invalid public key algorithm > > Part of the code is from 1.1.2. Here is the fix: Thanks, now it says: jas@latte:~$ gpg2 -b -a --default-key B565716F Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1280-bit RSA key, ID B565716F, created 2002-05-05 gpg-agent[26370]: can't connect to the PIN entry module: connect failed gpg-agent[26370]: command get_passphrase failed: No pinentry gpg: problem with the agent - disabling agent use foo gpg2: pkglue.c:83: pk_sign: Assertion `list' failed. Aborted jas@latte:~$ From wk@gnupg.org Thu Aug 7 09:47:02 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Aug 7 08:47:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 20:32:18 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> Message-ID: <871xvyt16z.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 20:32:18 +0200, Simon Josefsson said: > gpg-agent[26370]: can't connect to the PIN entry module: connect failed > gpg-agent[26370]: command get_passphrase failed: No pinentry Do you have an pinentry installed (pinentry-gtk) and if it is not in a standard localtion, did you add pinentry-program /somepath/pinentry-gtk into your gpg-agent.conf? > gpg: problem with the agent - disabling agent use > foo > gpg2: pkglue.c:83: pk_sign: Assertion `list' failed. > Aborted Okay, thats a wrong error behaviour. Thanks, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk@gnupg.org Thu Aug 7 10:12:02 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Aug 7 09:12:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 20:32:18 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> Message-ID: <87wudqrlca.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 20:32:18 +0200, Simon Josefsson said: > gpg2: pkglue.c:83: pk_sign: Assertion `list' failed. > Aborted I forgot something yesterday. Actually tested with a newly generated RSA key. --- g10/pkglue.c 5 Aug 2003 17:11:02 -0000 1.1.2.3 +++ g10/pkglue.c 7 Aug 2003 07:05:38 -0000 1.1.2.4 @@ -70,6 +77,14 @@ if (rc) ; + else if (algo == GCRY_PK_RSA) + { + list = gcry_sexp_find_token (s_sig, "s", 0); + assert (list); + data[0] = gcry_sexp_nth_mpi (list, 1, 0); + assert (data[0]); + gcry_sexp_release (list); + } else { list = gcry_sexp_find_token (s_sig, "r", 0); -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From tamer@higazi.net Thu Aug 7 13:52:02 2003 From: tamer@higazi.net (Tamer Higazi) Date: Thu Aug 7 12:52:02 2003 Subject: gpg recognize problem with EMail Plugins Message-ID: <1980000.1059853639@linux.local> Hi! I installed gpg and gpg me under linux (1.2.2) from the source this way under SuSE Linux 8.2: ./configure --prefix=/usr make make install All GPG Plugins can't recognize gpg, i guess. Not KGPG, Enigmall (http://enigmail.mozdev.org) Mozilla Mail Plugin recognize GPG and my keys. Every message I receive and try to decrypt doesn't succeed. I receive always the message "Bad Passphrase" what is not true. If i encrypt/decrpyt from the commandline a message then it works. So, it's not a a wrong password i entered. I guess, it is a configuration problem. If somebody could help me, thank you. Tamer Higazi From aaronl@vitelus.com Thu Aug 7 13:52:06 2003 From: aaronl@vitelus.com (Aaron Lehmann) Date: Thu Aug 7 12:52:06 2003 Subject: [keyanalyze-discuss] The web of trust tightens over time In-Reply-To: <87wudswo7l.fsf@alberti.g10code.de> References: <20030803055345.GH22222@parcelfarce.linux.theplanet.co.uk> <20030803231457.GR31089@dtype.org> <20030804004912.GC4380@pm1.ric-08.lft.widomaker.com> <200308042054.51096@fortytwo.ch> <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> <87wudswo7l.fsf@alberti.g10code.de> Message-ID: <20030805153919.GT7657@vitelus.com> --HuscSE0D68UGttcd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Aug 05, 2003 at 09:36:14AM +0200, Werner Koch wrote: > No. The obvious optimization is to allow random access to the keyring > and have an index. Years ago I tried this with a gdb based key > storage but it was too hard to maintain. gpgsm uses a new key storage > format which allows for an index and random access to each keyblock > without parsing all the precedeeng keyblocks. It is X.509, though. > Part of gpg 1.9 is to replace the keyrings with that new system. I am > pretty sure that this will boost the performance so that you can try a > --check-trustdb on 20000 keys. That would be nice. Right now, it is painful to use even 1000 keys, especially when gpg rechecks the trustdb after any modification to a key. Is there any way I and other outsiders could help speed up the transition to a better format? gpg has had this problem since it was first writen and it is the biggest problem with the software, IMHO. --HuscSE0D68UGttcd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/L8+ndtqQf66JWJkRAqgEAKDrjD0Y3XF3hgcMMP1n5H+9V5LhRACfX4jS xCsGJ7oZdPcKsxJomwA9cIQ= =NmRh -----END PGP SIGNATURE----- --HuscSE0D68UGttcd-- From Marcus.Brinkmann@ruhr-uni-bochum.de Thu Aug 7 14:17:02 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu Aug 7 13:17:02 2003 Subject: gpg recognize problem with EMail Plugins In-Reply-To: <1980000.1059853639@linux.local> Message-ID: Hi, in general, when reporting such problems, please include all relevant information (like version number of GPGME, the plugins you tried etc). In your particular case, you probably didn't set up gpg-agent properly. Thanks, Marcus From jas@extundo.com Thu Aug 7 15:15:02 2003 From: jas@extundo.com (Simon Josefsson) Date: Thu Aug 7 14:15:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <871xvyt16z.fsf@alberti.g10code.de> (Werner Koch's message of "Thu, 07 Aug 2003 08:46:12 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> <871xvyt16z.fsf@alberti.g10code.de> Message-ID: Werner Koch writes: > On Wed, 06 Aug 2003 20:32:18 +0200, Simon Josefsson said: > >> gpg-agent[26370]: can't connect to the PIN entry module: connect failed >> gpg-agent[26370]: command get_passphrase failed: No pinentry > > Do you have an pinentry installed (pinentry-gtk) and if it is not in a > standard localtion, did you add > > pinentry-program /somepath/pinentry-gtk > > into your gpg-agent.conf? Thanks, this helps. > I forgot something yesterday. Actually tested with a newly generated > RSA key. It works, thanks! From fnord@binarydigit.de Thu Aug 7 15:56:02 2003 From: fnord@binarydigit.de (Frederik Harwath) Date: Thu Aug 7 14:56:02 2003 Subject: gnupg morphos port Message-ID: hey, I'm just trying to port gnupg to MorphOS (www.morphos.net), which is an amiga-os like operating system. As gnupg seems to be written in a very portable way, I hadn't many problems compiling it using the ixemul library (posix compatibility layer, similar to cygwin for windows) and the "geek gadgets" (GNU tools ported to MorphOS, gcc etc.). Now I'd only need some "entropy" source. There's no /dev/random or equivalent and egd won't help as well, as it still requires a "unixish" environment (for example, it doesn't make sense to check the logged in users, even if you had who on MorphOS, as it's a single user OS). So ... is there anybody out there, who could give me a hint or two. Maybe some (ex?)Amiga coder or anybody else who has an idea what to use to get some "randomness". Afair the old PGP for amiga only used direct user input (mouse, keyboard) to do this, but that doesn't seem very secure to me, or am I wrong? Greetings and thanks in advance, Frederik -- Give the anarchist a cigarette! From wk@gnupg.org Thu Aug 7 16:37:02 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Aug 7 15:37:02 2003 Subject: gnupg morphos port In-Reply-To: (Frederik Harwath's message of "Thu, 07 Aug 2003 13:41:25 +0100") References: Message-ID: <87smodpp0h.fsf@alberti.g10code.de> On Thu, 07 Aug 2003 13:41:25 +0100, Frederik Harwath said: > gadgets" (GNU tools ported to MorphOS, gcc etc.). Now I'd only need some > "entropy" source. There's no /dev/random or equivalent and egd won't help The usual problem and one of the reasons why there is no OS/2 version. It seems that this OS is not Free Software, so you have to ask the vendor to provide a way to extract entropy, i.e. implement /dev/random - the code is available under the BSD license, so there won't be a problem to add it to proprietary software. Over the last years most OSes added such a device which is something you really want for "e-business". > who has an idea what to use to get some "randomness". Afair the old PGP for > amiga only used direct user input (mouse, keyboard) to do this, but that Not a good idea under multi-tasking OSed because keystrokes usally get queued und you can't access the interrupt handler. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From avbidder@fortytwo.ch Thu Aug 7 19:46:01 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Thu Aug 7 18:46:01 2003 Subject: gnupg morphos port In-Reply-To: References: Message-ID: <200308071847.21566@fortytwo.ch> --Boundary-02=_ZKoM/+WIznTGJ3p Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Thursday 07 August 2003 14:41, Frederik Harwath wrote: [/dev/random] Do you have access to some hardware counters? (blocks read/written to hd,=20 bytes sent/received from network, interrupt counters, does the system have= =20 sensors, like temperature or fan speed? Things like that should generate=20 quite a bit randomness on the lower bits. cheers =2D- vbi =2D-=20 random link of the day: http://fortytwo.ch/sienapei/edeiquea --Boundary-02=_ZKoM/+WIznTGJ3p Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iKcEABECAGcFAj8ygplgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fW/g4AnRpWY+IBayKcFgzAf0ziNAhO UV+NAKCVdnMdLA8oLAq6coMVMvKd+X5dbQ== =ggMq -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e --Boundary-02=_ZKoM/+WIznTGJ3p-- From wk@gnupg.org Thu Aug 7 21:02:02 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Aug 7 20:02:02 2003 Subject: gnupg morphos port In-Reply-To: <200308071847.21566@fortytwo.ch> (Adrian von Bidder's message of "Thu, 7 Aug 2003 18:47:18 +0200") References: <200308071847.21566@fortytwo.ch> Message-ID: <87he4twdlx.fsf@alberti.g10code.de> On Thu, 7 Aug 2003 18:47:18 +0200, Adrian 'Dagurashibanipal' von Bidder said: > Do you have access to some hardware counters? (blocks read/written to hd, > bytes sent/received from network, interrupt counters, does the system have All of them are predictable and don't make a good seed for a PRNG or can even be used purely for a RNG. According to Peter Gutmann, network traffic and even its timing does not yield much entropy. What you want is interrupt and disk command command timings becuase these are variable values in general and not even identical from machine to machine. Stuff that EGD collects is at least influenced by such parameters. All in all it is not easy to get entropy from a predictable machine. > sensors, like temperature or fan speed? Things like that should generate > quite a bit randomness on the lower bits. And line noise from audio ports Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From rjwyler@us.ibm.com Thu Aug 7 23:08:02 2003 From: rjwyler@us.ibm.com (Ryan Wyler) Date: Thu Aug 7 22:08:02 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM P660s and P690s. I have tried compiling gnupg on the actual systems having the problems. This does not resolve the issue. It appears gnupg hangs and cannot even be killed with a -9 signal. I have to reboot the systems to get gnupg to free up the resources. They appear to be chewing up quite a bit of CPU also. I have several AIX 5.1 servers using gnupg, but for some reason these P660s and P690s are not working properly. Anyone have any suggestions? Here is the version of GPG I'm using: gpg (GnuPG) 1.2.2 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB Ryan Wyler IBM Global Services From wk@gnupg.org Fri Aug 8 11:12:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Aug 8 10:12:02 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: (Ryan Wyler's message of "Thu, 7 Aug 2003 13:22:05 -0700") References: Message-ID: <87he4s8t6h.fsf@alberti.g10code.de> On Thu, 7 Aug 2003 13:22:05 -0700, Ryan Wyler said: > I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM > P660s and P690s. I have tried compiling gnupg on the actual systems having > the problems. This does not resolve the issue. Before we start to look into this, please try again using ftp://ftp.gnupg.org;/cgrypt/alpha/gnupg/gnupg-1.2.3rc2.tar.gz If the box happens to be down, use one of the mirrors as listed at www.gnupg.org/mirrors.html, -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From Holger.Sesterhenn@smgwtest.aachen.utimaco.de Fri Aug 8 11:51:09 2003 From: Holger.Sesterhenn@smgwtest.aachen.utimaco.de (Holger Sesterhenn) Date: Fri Aug 8 10:51:09 2003 Subject: Different output of list-secret-keys Message-ID: <3F336418.2040807@smgwtest.aachen.utimaco.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have added a second uid to an old RSA key old uid: myname new uid: myname Real name is the same on both IDs! Using GnuPG 1.2.2 and the 'primary' command I set the new uid to be the primary one. gpg --with-colons --fixed-list-mode --list-secret-keys myname shows the new ID first, the old ID second. BUT without 'myname' (no parameter for --list-secret-keys) the old ID is show first then the new ID second. Unfortunately I have a script which relies on the order of the 'uid:' entries. Any comments on this? Best Regards, Holger Sesterhenn - -- Internet http://www.utimaco.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Utimaco Safeware AG - SecurE-Mail Gateway - http://www.utimaco.com iD8DBQE/M2SFAjGAzXjV7iURAo1gAJ4qh14DZebra9yMJNORlL/9NutWPQCcCx1q Co+QdBRlUd4aGHmQEPol4Vo= =unaq -----END PGP SIGNATURE----- From rjwyler@us.ibm.com Fri Aug 8 19:51:02 2003 From: rjwyler@us.ibm.com (Ryan Wyler) Date: Fri Aug 8 18:51:02 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: I just finished compiling and running gnupg-1.2.3rc2.tar.gz with the same results. I did the 'make check' after 'make' and it is hanging now. I tried to 'kill -9' the process with no luck. I have called IBM support about the inability to kill the process, they say it's a feature, not a bug. They say processes doing certain things with the kernel will not die until they are complete and they are unable to research this further for this product because it is not supported by IBM. (Obvious answer) .... Here is the output of the 'make check' and the process ----- snip ----- # ps -ef | grep -i gpg root 46154 50648 68 09:45:08 pts/1 1:01 ../g10/gpg --homedir . --passphrase-fd 0 -o y --yes ./plain-1.asc root 52262 48972 1 09:46:09 pts/3 0:00 grep -i gpg ---- snip ----- # make check Making check in intl Target "check" is up to date. Making check in zlib Target "check" is up to date. Making check in util Target "check" is up to date. Making check in mpi Target "check" is up to date. Making check in cipher Target "check" is up to date. Making check in tools Target "check" is up to date. Making check in g10 Target "check" is up to date. Making check in keyserver Target "check" is up to date. Making check in po Target "check" is up to date. Making check in doc make check-am Target "check-am" is up to date. Making check in checks make check-TESTS gpg (GnuPG) 1.2.3rc2 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: . Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB PASS: version.test Hash algorithm TIGER/192 is not installed (not an error) Hash algorithm SHA-384 is not installed (not an error) Hash algorithm SHA-512 is not installed (not an error) PASS: mds.test ------------------- snip ------------------ Werner Koch To: gnupg-devel@gnupg.org Sent by: cc: gnupg-devel-admin Subject: Re: gnupg 1.2.2 on aix 5.1 on P660s and P690s @gnupg.org 08/08/2003 01:11 AM On Thu, 7 Aug 2003 13:22:05 -0700, Ryan Wyler said: > I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM > P660s and P690s. I have tried compiling gnupg on the actual systems having > the problems. This does not resolve the issue. Before we start to look into this, please try again using ftp://ftp.gnupg.org;/cgrypt/alpha/gnupg/gnupg-1.2.3rc2.tar.gz If the box happens to be down, use one of the mirrors as listed at www.gnupg.org/mirrors.html, -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-devel From Marcus.Brinkmann@ruhr-uni-bochum.de Fri Aug 8 20:03:03 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Aug 8 19:03:03 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: References: Message-ID: <20030808170418.GE1025@212.23.136.22> On Thu, Aug 07, 2003 at 01:22:05PM -0700, Ryan Wyler wrote: > I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM > P660s and P690s. I have tried compiling gnupg on the actual systems having > the problems. This does not resolve the issue. > > It appears gnupg hangs and cannot even be killed with a -9 signal. I have > to reboot the systems to get gnupg to free up the resources. They appear > to be chewing up quite a bit of CPU also. I am not excluding that there are bugs in GnuPG, but if a task can not be killed with kill -9, then there seems to be a problem with the operating system, a bug that might actually be triggered by another bug in GPGME. kill -9 is not actually a signal to be delivered to the application (just as SIGSTOP). It is a signal to the OS to kill the task no matter what. You might want to look into that as well. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From Marcus.Brinkmann@ruhr-uni-bochum.de Fri Aug 8 20:09:02 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Aug 8 19:09:02 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: References: Message-ID: <20030808171103.GF1025@212.23.136.22> On Fri, Aug 08, 2003 at 10:05:32AM -0700, Ryan Wyler wrote: > I just finished compiling and running gnupg-1.2.3rc2.tar.gz with the same > results. I did the 'make check' after 'make' and it is hanging now. I > tried to 'kill -9' the process with no luck. I have called IBM support > about the inability to kill the process, they say it's a feature, not a > bug. They say processes doing certain things with the kernel will not die > until they are complete and they are unable to research this further for > this product because it is not supported by IBM. (Obvious answer) .... Sounds lame. Can you attach a debugger (gdb?) to the hanging process and get a full backtrace, so we can at least see where it hangs? Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From rjwyler@us.ibm.com Sat Aug 9 00:00:02 2003 From: rjwyler@us.ibm.com (Ryan Wyler) Date: Fri Aug 8 23:00:02 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: = = Marcus Brinkmann = = cc: gnupg= -devel@gnupg.org = Subject: Re: g= nupg 1.2.2 on aix 5.1 on P660s and P690s = 08/08/2003 10:11 AM = = = = = = Sounds lame. Can you attach a debugger (gdb?) to the hanging process a= nd get a full backtrace, so we can at least see where it hangs? Thanks, Marcus I am in the process of putting gdb on the system, but until then here's= the truss output file. (Yes AIX now has truss....) Ryan Wyler ---------------- output.truss of gpg ------------- 51232: execve("./gpg", 0x2FF22B64, 0x2FF22B8C) arg= c: 9 51232: sbrk(0x00000000) =3D 0x20028C9= 8 51232: sbrk(0x00000008) =3D 0x20028C9= 8 51232: sbrk(0x00010010) =3D 0x20028CA= 0 51232: appsetrlimit(0x00000004, 0x2FF228B0, 0x20028CAB, 0x00000000, 0x67706700, 0x00000000, 0x00000080, 0x7F7F7F7F) =3D 0x00000000 51232: _sigaction(2, 0x00000000, 0x2FF22870) =3D 0 51232: _sigaction(2, 0x2FF22880, 0x00000000) =3D 0 51232: _sigaction(1, 0x00000000, 0x2FF22870) =3D 0 51232: _sigaction(1, 0x2FF22880, 0x00000000) =3D 0 51232: _sigaction(15, 0x00000000, 0x2FF22870) =3D = 0 51232: _sigaction(15, 0x2FF22880, 0x00000000) =3D = 0 51232: _sigaction(3, 0x00000000, 0x2FF22870) =3D 0 51232: _sigaction(3, 0x2FF22880, 0x00000000) =3D 0 51232: _sigaction(11, 0x00000000, 0x2FF22870) =3D = 0 51232: _sigaction(11, 0x2FF22880, 0x00000000) =3D = 0 51232: _sigaction(30, 0x2FF22880, 0x00000000) =3D = 0 51232: _sigaction(13, 0x2FF22880, 0x00000000) =3D = 0 51232: getuidx(4) =3D 0x00000000 51232: getuidx(2) =3D 0x00000000 51232: getuidx(1) =3D 0x00000000 51232: getgidx(4) =3D = 0 51232: getgidx(2) =3D = 0 51232: getgidx(1) =3D = 0 51232: __loadx(0x01000080, 0x2FF1E5B0, 0x00003E80, 0x2FF22540, 0x00000000, 0x00000000, 0x00008000, 0x7F7F7F7F) =3D 0xD0077130 51232: __loadx(0x01000180, 0x2FF1E5A0, 0x00003E80, 0xF0048C9C, 0xF0048BCC, 0x00000000, 0xFFFFFFFD, 0xD0079388) =3D 0x200398A8 51232: __loadx(0x07080000, 0xF0048C6C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A6C4 51232: __loadx(0x07080000, 0xF0048BAC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A6D0 51232: __loadx(0x07080000, 0xF0048C7C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A700 51232: __loadx(0x07080000, 0xF0048BBC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A70C 51232: __loadx(0x07080000, 0xF0048C3C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A6DC 51232: __loadx(0x07080000, 0xF0048BEC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A6F4 51232: __loadx(0x07080000, 0xF0048C4C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A718 51232: __loadx(0x07080000, 0xF0048C5C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A748 51232: __loadx(0x07080000, 0xF0048BDC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A730 51232: __loadx(0x07080000, 0xF0048BFC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) =3D 0x2003A7C0 51232: kmmap(0x00000000, 0x00008000, 0x00000003, 0x00000012, 0xFFFFF= FFF, 0x00000000, 0x00000000, 0x00000080) =3D 0x30000000 51232: getuidx(2) =3D 0x00000000 51232: plock(DATLOCK) =3D = 0 51232: access("/tmp/gpg/.gnupg/gpg.conf", 04) Err#= 2 ENOENT 51232: statx("/tmp/gpg/.gnupg", 0x2FF227A0, 128, 010) =3D 0 51232: statx("/tmp/gpg", 0x2FF22820, 128, 010) =3D = 0 51232: getuidx(2) =3D 0x00000000 51232: open("/tmp/gpg/.gnupg/options", 0400000000) Err#2 ENOENT= 51232: kwrite(2, " g p g", 3) =3D = 3 51232: kwrite(2, " : ", 2) =3D = 2 51232: kwrite(2, " N O T E : T H I S I".., 37) =3D 37 51232: kwrite(2, " g p g", 3) =3D = 3 51232: kwrite(2, " : ", 2) =3D = 2 51232: kwrite(2, " I t i s o n l y i".., 56) =3D 56 51232: kwrite(2, " g p g", 3) =3D = 3 51232: kwrite(2, " : ", 2) =3D = 2 51232: kwrite(2, " u s e d i n a p r".., 58) =3D 58 51232: open("/tmp/gpg/.gnupg/secring.gpg", 0400000000) =3D 3 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY= 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY= 51232: kread(3, "9501 =E104 >8A 80F1104\0 =A0".., 4096) =3D 1029 51232: close(3) =3D 0 51232: access("/tmp/gpg/.gnupg/secring.gpg", 0) =3D 0 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) =3D 3 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY= 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY= 51232: kread(3, "9901 =A204 >8A 80F1104\0 =A0".., 4096) =3D 3092 51232: close(3) =3D 0 51232: access("/tmp/gpg/.gnupg/pubring.gpg", 0) =3D 0 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) =3D 3 51232: kread(3, "9901 =A204 >8A 80F1104\0 =A0".., 8192) =3D 3092 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x00000007, 0x0000001B, 0x19DCE886, 0x153DFFAB, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF210C0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x0000005F, 0x00000073, 0x19DE28D1, 0x153F3FF6, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF210C0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x000000B7, 0x000000EF, 0x19DEE047, 0x153FF76C, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF210C0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x0000010F, 0x00000090, 0x19DFA212, 0x1540B937, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF210C0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x00000167, 0x00000011, 0x19E05AC2, 0x154171E7, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF210C0) =3D 15428387 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) =3D 4 51232: kread(4, "9901 =A204 >8A 80F1104\0 =A0".., 8192) =3D 3092 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x000001BF, 0x000000F3, 0x19E1C2A5, 0x1542D9CA, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20DC0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x00000217, 0x00000069, 0x19E27819, 0x15438F3E, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20DC0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x00000017, 0x0000006D, 0x19E3A03E, 0x1544B763, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20DC0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x0000006F, 0x000000FC, 0x19E45D11, 0x15457436, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20DC0) =3D 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x000000C7, 0x0000007B, 0x19E51505, 0x15462C2A, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20DC0) =3D 15428388 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) =3D 5 51232: klseek(5, 0, 2122, 0x00000000) =3D = 0 51232: kread(5, "9901 =A204 >87 =D1 =D01104\0 =F9".., 8192) =3D 9= 70 51232: kread(5, "9901 =A204 >87 =D1 =D01104\0 =F9".., 8192) =3D 0= 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x0000011F, 0x000000B7, 0x19E7743E, 0x15488B63, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20DC0) =3D 15428388 51232: appgetrusage(0x00000000, 0x2FF20E78, 0x30000008, 0x00000177, 0x000000E5, 0x19E85ECD, 0x154975F2, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20E10) =3D 15428388 51232: access("/tmp/gpg/.gnupg/trustdb.gpg", 04) =3D 0 51232: _getpid() =3D = 51232 51232: uname(0x2FF20F48, 0x2FF20F43, 0x2000B490, 0x00003332, 0xD0348= 6B0, 0x00002500, 0x0A000000, 0x00808080) =3D 0x00000000 51232: _getpid() =3D = 51232 51232: open("/tmp/gpg/.gnupg/.#lk2002ddc8.apqmd001.51232", 040000240= 1) =3D 6 51232: kwrite(6, " 5 1 2 3 2\n", 11) =3D = 11 51232: close(6) =3D 0 51232: open("/tmp/gpg/.gnupg/trustdb.gpg", 0400000002) =3D 6 51232: kread(6, "01 g p g03", 5) =3D 5 51232: klseek(6, 0, 0, 0x00000000) =3D 0 51232: kread(6, "01 g p g03030105\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 40, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 80, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 120, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 160, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 200, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 240, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 280, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\01E\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 320, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 360, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 400, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 440, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 480, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 520, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 560, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0 "\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 600, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 640, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 680, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 720, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 760, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 800, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 840, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 880, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 920, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 960, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1000, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1040, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1080, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1120, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1160, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1200, 0x00000000) =3D = 0 51232: kread(6, "\f\0 6\0 =3D { =FE D =E490 =BE '".., 40) =3D 4= 0 51232: klseek(6, 0, 1240, 0x00000000) =3D = 0 51232: kread(6, "\r\0 m )0190 @ =FF =EB : =F9 +".., 40) =3D 40 51232: klseek(6, 0, 1280, 0x00000000) =3D = 0 51232: kread(6, "\f\0 # y =A2 8 # Y =D480 =EE18".., 40) =3D 40 51232: klseek(6, 0, 1320, 0x00000000) =3D = 0 51232: kread(6, "\r\09C | ^ C X18 =D1 ) =A29C".., 40) =3D 40 51232: klseek(6, 0, 1360, 0x00000000) =3D = 0 51232: kread(6, "\f\0 u =D1 # T8F : =A0 =D2 =EF8D".., 40) =3D 4= 0 51232: klseek(6, 0, 1400, 0x00000000) =3D = 0 51232: kread(6, "\r\0 Y1D T =D4 =D7 =B31B ) =A2 =D1".., 40) =3D= 40 51232: klseek(6, 0, 1440, 0x00000000) =3D = 0 51232: kread(6, "\r\0 Y1D T =D4 =D7 =B31B ) =A2 =D1".., 40) =3D= 0 51232: appgetrusage(0x00000000, 0x2FF20F78, 0x30000008, 0x000001CF, 0x00000015, 0x1A1512AE, 0x157629D3, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF20F10) =3D 15428392 51232: klseek(6, 0, 0, 0x00000000) =3D 0 51232: kread(6, "01 g p g03030105\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 560, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0 "\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1360, 0x00000000) =3D = 0 51232: kread(6, "\f\0 u =D1 # T8F : =A0 =D2 =EF8D".., 40) =3D 4= 0 51232: klseek(4, 0, 0, 0x00000000) =3D 0 51232: klseek(4, 0, 2122, 0x00000000) =3D = 0 51232: kread(4, "9901 =A204 >87 =D1 =D01104\0 =F9".., 8192) =3D 9= 70 51232: kread(4, "9901 =A204 >87 =D1 =D01104\0 =F9".., 8192) =3D 0= 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x00000227, 0x000000CA, 0x1A194F30, 0x157A6655, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF210C0) =3D 15428392 51232: klseek(6, 0, 0, 0x00000000) =3D 0 51232: kread(6, "01 g p g03030105\0\0\0\0".., 40) =3D 40 51232: appgetrusage(0x00000000, 0x2FF212A8, 0x30000008, 0x00000027, 0x00000003, 0x1A1B1A0E, 0x157C3133, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF21240) =3D 15428392 51232: appgetrusage(0x00000000, 0x2FF211E8, 0x30000008, 0x0000007F, 0x00000061, 0x1A1BC8A8, 0x157CDFCD, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF21180) =3D 15428392 51232: klseek(6, 0, 560, 0x00000000) =3D = 0 51232: kread(6, "\n\0\0\0\0 "\0\0\0\0\0\0".., 40) =3D 40 51232: klseek(6, 0, 1360, 0x00000000) =3D = 0 51232: kread(6, "\f\0 u =D1 # T8F : =A0 =D2 =EF8D".., 40) =3D 4= 0 51232: klseek(6, 0, 1400, 0x00000000) =3D = 0 51232: kread(6, "\r\0 Y1D T =D4 =D7 =B31B ) =A2 =D1".., 40) =3D= 40 51232: open("/tmp/encrypt", 0400000000) =3D 7 51232: open("/tmp/encrypt", 0400000000) =3D 8 51232: fstatx(8, 0x2FF215C0, 128, 010) =3D = 0 51232: kread(8, " # ! / u s r / b i n / p".., 8192) =3D 1475 51232: appgetrusage(0x00000000, 0x2FF215C8, 0x30000008, 0x000000D7, 0x00000056, 0x1A23D634, 0x1584ED59, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF21560) =3D 15428393 51232: open("/tmp/gpg/.gnupg/random_seed", 0400000000) =3D 9 51232: fstatx(9, 0x2FF21278, 128, 010) =3D = 0 51232: kread(9, " l =BD =E9 =DA =DD S8F - 7 t0E15".., 600) =3D 6= 00 51232: close(9) =3D 0 51232: _getpid() =3D = 51232 51232: times(0x2FF21210) =3D 15428393 51232: access("/dev/random", 04) Err#2 ENOENT= 51232: socket(0x00000001, 0x00000001, 0x00000000, 0x00000000, 0x6F707900, 0x6F707900, 0x79000000, 0x00808080) =3D 0x00000009 51232: connext(0x00000009, 0x2FF210FC, 0x00000019, 0x2FF21094, 0x2FF21090, 0x60180018, 0x60052965, 0x00000000) Err#2 ENOENT 51232: close(9) =3D 0 51232: appgetrusage(0x00000000, 0x2FF21508, 0x30000008, 0x0000013B, 0x00000008, 0x1A2811AF, 0x158928D3, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF214A0) =3D 15428393 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x00000193, 0x000000AD, 0x1A29B1EE, 0x158AC913, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF21450) =3D 15428394 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x000001EB, 0x00000086, 0x1A2B177B, 0x158C2EA0, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF21450) =3D 15428394 51232: appgetrusage(0x00000000, 0x2FF213C8, 0x30000008, 0x00000243, 0x000000FC, 0x1A2CAA3F, 0x158DC164, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF21360) =3D 15428394 51232: fstatx(7, 0x2FF21630, 128, 010) =3D = 0 51232: appgetrusage(0x00000000, 0x2FF213B8, 0x30000008, 0x00000043, 0x00000092, 0x1A731E84, 0x15D435A9, 0x049EE8DA) =3D 0x00000000 51232: times(0x2FF21350) =3D 15428400= From jurgen@botz.org Sat Aug 9 00:07:02 2003 From: jurgen@botz.org (=?ISO-8859-1?Q?J=FCrgen_Botz?=) Date: Fri Aug 8 23:07:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <87he4wvsvh.fsf@alberti.g10code.de> References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: <3F341183.7060904@botz.org> Werner Koch wrote: > gpg2 has been changed to use libgcrypt but secret key management is > still done by itself and not by gpg-agent. However, --use-agent is > the default now and we support the new OpenPGP smartcards. Could you explain what you mean by this for those of us who are not very familiar with the code base? I mean, superficially this statement doesn't make sense, if key management isn't done by the agent what good is the agent? :j From avbidder@fortytwo.ch Sat Aug 9 08:08:04 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Sat Aug 9 07:08:04 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <3F341183.7060904@botz.org> References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> Message-ID: <200308090709.32850@fortytwo.ch> --Boundary-02=_MIIN/54vRkjtEjN Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Friday 08 August 2003 23:09, J=FCrgen Botz wrote: > Werner Koch wrote: > > gpg2 has been changed to use libgcrypt but secret key management is > > still done by itself and not by gpg-agent. However, --use-agent is > > the default now and we support the new OpenPGP smartcards. > > Could you explain what you mean by this for those of us who are > not very familiar with the code base? I mean, superficially this > statement doesn't make sense, if key management isn't done by the > agent what good is the agent? As far as I understand it, the agent at the moment takes care of requesting= =20 the password from the user. Which will probably break all application using= =20 secret key operations and managing the pw themselves. I think --passphrase-fd should automatically imply --no-use-agent. (Or do y= ou=20 already do this?). When the agent does secret key handling: is there a way = to=20 continue using --passphrase-fd (and have gpg supply the pw to the agent)? greetings =2D- vbi =2D-=20 featured product: GNU Privacy Guard - http://gnupg.org --Boundary-02=_MIIN/54vRkjtEjN Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iKcEABECAGcFAj80ggxgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fW5LoAn0L3yqrM/6QpeuXtV3tvbtFt lTAaAKCR8nBwHmIEs2jxTsZF1Pj3GXay0w== =VPQM -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e --Boundary-02=_MIIN/54vRkjtEjN-- From wk@gnupg.org Sat Aug 9 11:27:01 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Aug 9 10:27:01 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <200308090709.32850@fortytwo.ch> (Adrian von Bidder's message of "Sat, 9 Aug 2003 07:09:29 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> <200308090709.32850@fortytwo.ch> Message-ID: <87ptjf44la.fsf@alberti.g10code.de> On Sat, 9 Aug 2003 07:09:29 +0200, Adrian 'Dagurashibanipal' von Bidder said: > I think --passphrase-fd should automatically imply --no-use-agent. (Or do you > already do this?). When the agent does secret key handling: is there a way to This is in 1.2.3rc2 -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk@gnupg.org Sat Aug 9 11:32:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Aug 9 10:32:02 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <3F341183.7060904@botz.org> ( =?iso-8859-1?q?J=FCrgen_Botz's_message_of?= "Fri, 08 Aug 2003 14:09:23 -0700") References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> Message-ID: <87llu344bu.fsf@alberti.g10code.de> On Fri, 08 Aug 2003 14:09:23 -0700, Jürgen Botz said: > not very familiar with the code base? I mean, superficially this > statement doesn't make sense, if key management isn't done by the > agent what good is the agent? Key management is never done by the agent. gpg-agent simply takes care of all operations involving private keys - that is just a small part of the key managenent. The current 1.9 code uses the gpg-agent in the same way as 1.2: It is only used as a way to invoke the pinentry and cache the passphrase. So the private key operations are still done in the gpg process. With the smartcard support there is another use of the agent (calling scdaemon), but it uses a different code path. As soon as we have migrated the private key oeprations to the gpg-agent, the --use-agent option won't have an effect anymore. --passphrase-fd (and the --command-fd way) will continue to exist, so that passphrases used for symmetric only encryption can be passed by other programs to gpg during unattended operations. Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk@gnupg.org Sat Aug 9 11:57:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Aug 9 10:57:02 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: (Ryan Wyler's message of "Fri, 8 Aug 2003 14:14:03 -0700") References: Message-ID: <87he4r43ar.fsf@alberti.g10code.de> On Fri, 8 Aug 2003 14:14:03 -0700, Ryan Wyler said: > 51232: access("/dev/random", 04) Err#2 ENOENT Tries /dev/random -> does not exist > 51232: socket(0x00000001, 0x00000001, 0x00000000, 0x00000000, > 0x6F707900, 0x6F707900, 0x79000000, 0x00808080) = 0x00000009 Fallback to EGD > 51232: connext(0x00000009, 0x2FF210FC, 0x00000019, 0x2FF21094, > 0x2FF21090, 0x60180018, 0x60052965, 0x00000000) Err#2 ENOENT No EGD running. > 51232: close(9) = 0 > 51232: appgetrusage(0x00000000, 0x2FF21508, 0x30000008, 0x0000013B, > 0x00000008, 0x1A2811AF, 0x158928D3, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF214A0) = 15428393 > 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x00000193, > 0x000000AD, 0x1A29B1EE, 0x158AC913, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF21450) = 15428394 That is are several fast random polls. However I expected to see a few other system calls. Can you please grep through config.h and tell us how HAVE_GETHRTIME HAVE_BROKEN_GETHRTIME HAVE_GETTIMEOFDAY HAVE_CLOCK_GETTIME HAVE_TIMES are defined. This is definitely not the hanging problem, though. You can also try to run this: GNUPG_RNDUNIX_DBG=/tmp/foo GNUPG_RNDUNIX_DBGALL=1 \ ./gpg -a --gen-random 2 10 /tmp/foo will be filled with info regarding the tools execed by the rndunix entropy gatherer. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From mwy-opgp97@the-youngs.org Sat Aug 9 14:17:02 2003 From: mwy-opgp97@the-youngs.org (Michael Young) Date: Sat Aug 9 13:17:02 2003 Subject: Detached signature as a pass-through filter? Message-ID: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use GnuPG to sign an intermediate result, something like: command ... | gpg --detach-sign -o signature_file | other_command ... This specific incantation doesn't work. Standard output is empty. Is there any way to convince GnuPG to pass the input through to standard output? (And if not, would it be reasonable to add a switch to do this?) -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPzPLmOc3iHYL8FknEQJIjwCeJVIyTe2OmG0ijSui03JCYMCKeXsAnjoW Z1fiPv+4yddhe1b1qrf6P1RV =SCCM -----END PGP SIGNATURE----- From mwy-opgp97@the-youngs.org Sat Aug 9 14:17:05 2003 From: mwy-opgp97@the-youngs.org (Michael Young) Date: Sat Aug 9 13:17:05 2003 Subject: Selective import; pop-up trust dialog Message-ID: <001a01c35dce$c4f45960$2ac52609@transarc.ibm.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While I'm asking about features, here are a couple that I've wanted for a long time, but have never gotten around to asking about: When importing a file that contains many keys, I'd like to be able to select only a subset to be incorporated into my keyring. This might take the form of a dialog (like PGP does) or a pattern to accept. Is there any such mechanism? - - and - When encrypting to a key that I haven't signed locally, I get a dialog that displays the fingerprint of the *encryption* subkey. I'd really like to see the *signing* key's fingerprint; that's what I use to verify identity in other situations, and it's what I keep handy. Another notable OpenPGP product won't even show the encryption subkey fingerprint. I suppose some people might still want to see the encryption key's fingerprint, but would it be reasonable to show both? [Yes, I can (and regularly do) stop the dialog and get the signing key fingerprint separately, but it's a nuisance.] Thanks for any suggestions! -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPzPXWOc3iHYL8FknEQILOACgg7UaRjt69fbV7DICVh5CeVkckFgAniLC 5fhAh0O4XQOJQyS36N+AaplA =UzsO -----END PGP SIGNATURE----- From avbidder@fortytwo.ch Sat Aug 9 15:24:02 2003 From: avbidder@fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Sat Aug 9 14:24:02 2003 Subject: --show-policy behaviour? Message-ID: <200308091426.03490@fortytwo.ch> --Boundary-02=_bhON/dtUURG11LF Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline Yo! What exactly is the behaviour of show-policy? I've been slightly annoyed to= day=20 (easily workaroundable(tm), so no problem) gpg --clearsign on the terminal: the signature policy is displayed in the=20 signed message part like =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 blah fasel Signature policy:=20 http://fortytwo.ch/legal/gpg/email.20020822?version=3D1.5&md5sum=3D5dff868d= 11843276071b25eb7006da3e =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAj805qJgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fWcJoAnRtDEAvMeFsdl9zKiR2Sy8/i DgnXAKDazHLB3AYdVOuQvgR3KyuK8NnnKg=3D=3D =3DxnWr =2D----END PGP SIGNATURE----- so copy-pasting (damn pseudo english verbs today) from the console breaks.= =20 Apparently it's displayed on stdout, too, so 2>/dev/null doesn't help eithe= r. =46unnily when redirecting stdout to a file, the signature policy is displa= yed=20 after the signature, so it doesn't break the sig. Proposal: display signature policy only when verifying a signature. (And Werner, if you're going to say it's in 1.2.3rcX already one more time,= I=20 shall definitely throw something out of the window or whatever ;-) greetings =2D- vbi =2D-=20 Could this mail be a fake? (Answer: No! - http://fortytwo.ch/gpg/intro) --Boundary-02=_bhON/dtUURG11LF Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iKcEABECAGcFAj806FtgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fWTocAoMDSSIKPQYKElXvo0nMEh1Jg TpWfAJ9JyUiFAz8t4FnI61m+55Huk585jA== =8EjR -----END PGP SIGNATURE----- Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e --Boundary-02=_bhON/dtUURG11LF-- From dshaw@jabberwocky.com Sat Aug 9 15:54:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Aug 9 14:54:01 2003 Subject: Detached signature as a pass-through filter? In-Reply-To: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> References: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> Message-ID: <20030809125515.GA31373@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 08, 2003 at 12:11:14PM -0400, Michael Young wrote: > I'd like to use GnuPG to sign an intermediate result, something like: > > command ... | gpg --detach-sign -o signature_file | other_command ... > > This specific incantation doesn't work. Standard output is empty. > > Is there any way to convince GnuPG to pass the input through to > standard output? (And if not, would it be reasonable to add a > switch to do this?) Why not use "tee"? That's the standard resource for constructing a pipeline when a command consumes data. echo "foo" | tee tempfile | gpg --detach-sign -o sigfile.gpg ; cat tempfile David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iEYEARECAAYFAj807zMACgkQ4mZch0nhy8lWjQCfeOjUIncyQsVvZZd2kI8p+7mA izsAniHjPNpPcoxPBXjFHAfwOgVWjrpp =IkmK -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sat Aug 9 15:58:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sat Aug 9 14:58:01 2003 Subject: Selective import; pop-up trust dialog In-Reply-To: <001a01c35dce$c4f45960$2ac52609@transarc.ibm.com> References: <001a01c35dce$c4f45960$2ac52609@transarc.ibm.com> Message-ID: <20030809125918.GB31373@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 08, 2003 at 01:01:53PM -0400, Michael Young wrote: > While I'm asking about features, here are a couple that I've wanted > for a long time, but have never gotten around to asking about: > > When importing a file that contains many keys, I'd like to be able > to select only a subset to be incorporated into my keyring. This > might take the form of a dialog (like PGP does) or a pattern to > accept. Is there any such mechanism? gpg --interactive --import foo.gpg > When encrypting to a key that I haven't signed locally, I get a > dialog that displays the fingerprint of the *encryption* subkey. > I'd really like to see the *signing* key's fingerprint; that's what > I use to verify identity in other situations, and it's what I keep > handy. Another notable OpenPGP product won't even show the > encryption subkey fingerprint. I suppose some people might still > want to see the encryption key's fingerprint, but would it be > reasonable to show both? [Yes, I can (and regularly do) stop the > dialog and get the signing key fingerprint separately, but it's a > nuisance.] Which version of GnuPG are you using? GnuPG has displayed both since version 1.1.91. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iEYEARECAAYFAj808CYACgkQ4mZch0nhy8n76ACePTHYrgdKV8OAMTnTjp8Pbfql 2tkAoMWx/qolJl+rt7iVuOA6dYKUq5Y+ =Es2L -----END PGP SIGNATURE----- From JPClizbe@comcast.net Sat Aug 9 17:59:02 2003 From: JPClizbe@comcast.net (John Clizbe) Date: Sat Aug 9 16:59:02 2003 Subject: Detached signature as a pass-through filter? In-Reply-To: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> References: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> Message-ID: <3F34E213.9040403@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Young wrote: > I'd like to use GnuPG to sign an intermediate result, something like: > > command ... | gpg --detach-sign -o signature_file | other_command ... > > This specific incantation doesn't work. Standard output is empty. > > Is there any way to convince GnuPG to pass the input through to > standard output? (And if not, would it be reasonable to add a > switch to do this?) > using tee to split the output stream before you pipe to gpg would be the standard way to do it (I'm sure named pipes & file descriptors could be woven in some way) command ... | tee | gpg --detach-sign -o sig_file; cat | other_command ... If you're on Windows, you can get tee from Cygwin, MinGW/MSys, UWin, or Services for Unix - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/NOIMHQSsSmCNKhARAv8bAJ9KCkTZoVbOpQJBusfcXODQPxhQIwCg06bv +dSTJkKRMcKIDdR6mBg3IZo= =iGhP -----END PGP SIGNATURE----- From dshaw@jabberwocky.com Sun Aug 10 02:27:03 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Aug 10 01:27:03 2003 Subject: --show-policy behaviour? In-Reply-To: <200308091426.03490@fortytwo.ch> References: <200308091426.03490@fortytwo.ch> Message-ID: <20030809232841.GF4538@jabberwocky.com> --xesSdrSSBC0PokLI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 09, 2003 at 02:26:00PM +0200, Adrian 'Dagurashibanipal' von Bid= der wrote: [ policy urls appear in the middle of clearsigned data on the console ] > so copy-pasting (damn pseudo english verbs today) from the console breaks= =2E=20 > Apparently it's displayed on stdout, too, so 2>/dev/null doesn't help eit= her. Ugh, this is a problem. The same thing happens with sig notations. It's a bigger problem than clearsigning, actually. Try doing an --encrypt and --sign > redirected to a file. It breaks the MDC so you always get the "encrypted message has been manipulated!" warning. It'll be fixed in 1.2.3. David --xesSdrSSBC0PokLI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iEYEARECAAYFAj81g6kACgkQ4mZch0nhy8lKKACfTKKfNL2FhA0fH7Ar61XJX//y 9D8An26sBCjnCOZOMlcImYqhxdsuURGN =k7RT -----END PGP SIGNATURE----- --xesSdrSSBC0PokLI-- From rjwyler@us.ibm.com Mon Aug 11 19:28:02 2003 From: rjwyler@us.ibm.com (Ryan Wyler) Date: Mon Aug 11 18:28:02 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: Here are the requested greps out of config.h: /* #undef HAVE_GETHRTIME */ /* #undef HAVE_BROKEN_GETHRTIME */ #define HAVE_GETTIMEOFDAY 1 #define HAVE_CLOCK_GETTIME 1 #define HAVE_TIMES 1 Here is the outputed /tmp/foo: START RNDUNIX DEBUG pid=55616 Skipping /usr/bin/vmstat Skipping /usr/bin/vmstat /usr/bin/pfstat not present Skipping /usr/bin/vmstat /usr/ucb/netstat not present, has alternatives Skipping /usr/sbin/netstat Skipping /usr/etc/netstat /usr/bin/nfsstat not present /usr/ucb/netstat not present, has alternatives Skipping /usr/sbin/netstat Skipping /usr/etc/netstat Skipping /usr/ucb/netstat Skipping /usr/bin/netstat Skipping /usr/sbin/netstat Skipping /usr/etc/netstat /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/bin/mpstat not present Skipping /usr/bsd/w Skipping /bin/df /usr/sbin/portstat not present Skipping /usr/bsd/uptime Skipping /usr/bin/vmstat Skipping /usr/bin/vmstat /usr/ucb/netstat not present, has alternatives Skipping /usr/sbin/netstat Skipping /usr/etc/netstat /usr/ucb/ps not present, has alternatives Skipping /bin/ps Skipping /bin/ipcs /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present Skipping /usr/bsd/last /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /etc/arp not present, has alternatives /usr/etc/arp not present, has alternatives /usr/bin/arp not present, has alternatives Skipping /usr/bin/lpstat Skipping /usr/ucb/lpstat /usr/bin/tcpdump not present /usr/sbin/advfsstat not present /usr/sbin/advfsstat not present /usr/sbin/advfsstat not present /bin/vmstat -c contributed 0 bytes, usefulness = 2 /bin/vmstat -s contributed 534 bytes, usefulness = 4 /bin/vmstat -i contributed 601 bytes, usefulness = 3 /usr/bin/netstat -s contributed 6405 bytes, usefulness = 12 /usr/bin/netstat -m contributed 1477 bytes, usefulness = 2 /bin/netstat -in contributed 259 bytes, usefulness = 1 /usr/bin/w contributed 192 bytes, usefulness = 0 /usr/bin/df contributed 5211 bytes, usefulness = 5 /usr/bin/iostat contributed 123 bytes, usefulness = 0 /usr/bin/uptime contributed 67 bytes, usefulness = 0 /bin/vmstat -f contributed 13 bytes, usefulness = 0 /bin/vmstat contributed 145 bytes, usefulness = 0 /usr/bin/netstat -n contributed 18393 bytes, usefulness = 8 /usr/bin/ps aux contributed 10275 bytes, usefulness = 3 /bin/ps -A contributed 3877 bytes, usefulness = 1 /usr/bin/ipcs -a contributed 1073 bytes, usefulness = 0 /usr/bin/last -n 50 contributed 27 bytes, usefulness = 0 /usr/sbin/arp -a contributed 381 bytes, usefulness = 0 /usr/sbin/ripquery -nw 1 127.0.0.1 contributed 99 bytes, usefulness = 0 /bin/lpstat -t contributed 0 bytes, usefulness = 0 Got 49152 bytes, usefulness = 39 Werner Koch To: gnupg-devel@gnupg.org Sent by: cc: gnupg-devel-admin Subject: Re: gnupg 1.2.2 on aix 5.1 on P660s and P690s @gnupg.org 08/09/2003 01:56 AM On Fri, 8 Aug 2003 14:14:03 -0700, Ryan Wyler said: > 51232: access("/dev/random", 04) Err#2 ENOENT Tries /dev/random -> does not exist > 51232: socket(0x00000001, 0x00000001, 0x00000000, 0x00000000, > 0x6F707900, 0x6F707900, 0x79000000, 0x00808080) = 0x00000009 Fallback to EGD > 51232: connext(0x00000009, 0x2FF210FC, 0x00000019, 0x2FF21094, > 0x2FF21090, 0x60180018, 0x60052965, 0x00000000) Err#2 ENOENT No EGD running. > 51232: close(9) = 0 > 51232: appgetrusage(0x00000000, 0x2FF21508, 0x30000008, 0x0000013B, > 0x00000008, 0x1A2811AF, 0x158928D3, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF214A0) = 15428393 > 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x00000193, > 0x000000AD, 0x1A29B1EE, 0x158AC913, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF21450) = 15428394 That is are several fast random polls. However I expected to see a few other system calls. Can you please grep through config.h and tell us how HAVE_GETHRTIME HAVE_BROKEN_GETHRTIME HAVE_GETTIMEOFDAY HAVE_CLOCK_GETTIME HAVE_TIMES are defined. This is definitely not the hanging problem, though. You can also try to run this: GNUPG_RNDUNIX_DBG=/tmp/foo GNUPG_RNDUNIX_DBGALL=1 \ ./gpg -a --gen-random 2 10 /tmp/foo will be filled with info regarding the tools execed by the rndunix entropy gatherer. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-devel From mwy-gpg41@the-youngs.org Mon Aug 11 23:21:02 2003 From: mwy-gpg41@the-youngs.org (Michael Young) Date: Mon Aug 11 22:21:02 2003 Subject: Detached signature as a pass-through filter? References: <20030810042724.17356.25966.Mailman@trithemius.gnupg.org> Message-ID: <004801c36046$357a71a0$2ac52609@transarc.ibm.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw suggested: > Why not use "tee"? That's the standard resource for constructing a > pipeline when a command consumes data. > > echo "foo" | tee tempfile | gpg --detach-sign -o sigfile.gpg ; cat tempfile Using a regular "tempfile", there are two reasons: this requires storage for the intermediary result (which may be large); and, the second command doesn't get started until the output is complete. The same thing can be accomplished without "tee" at all: echo "foo" > tempfile gpg ... < tempfile using tee to split the output stream before you pipe to gpg would be the > standard way to do it (I'm sure named pipes & file descriptors could be > woven in some way) Yes, "tee" combined with a FIFO should work, but it's not very portable. I could always write my own "tee" that emits to additional file descriptors (rather than files), and do descriptor redirections. This may be slightly more portable (e.g., *might* work on Cygwin). Or, I could hack a private version of GnuPG that does what I want -- that would be portable, but it adds an upkeep burden (as GnuPG changes, I'd like to follow). Again, I was just hoping that I could get GnuPG to act as a passthrough. It seems not. Thanks for the responses, though! -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPzf63ec3iHYL8FknEQId+gCg/QrnIBfuXS21W4AaHXOddDoB5Q0An1mn zdcAQhCCvkM75iWBj2H7dFI4 =RJ3u -----END PGP SIGNATURE----- From marcosp_belem@ig.com.br Wed Aug 13 03:08:02 2003 From: marcosp_belem@ig.com.br (MARCOS SOUSA) Date: Wed Aug 13 02:08:02 2003 Subject: decryption in gnupg 1.2.1 Message-ID: I am making test of code of files with a computer windows 98 using files of *. bat to execute commands in the gnupg 1.2.1 to encrypt and to decrypt files. To codify I didn't have problems, however in the moment of the decryption, it is necessary to interact in the prompt DOS to supply the password. Is it possible that automatic process to turn, sending some parameter without the interaction with the user to put the password? Marcos Paulo _________________________________________________________ Voce quer um iGMail protegido contra vírus e spams? Clique aqui: http://www.igmailseguro.ig.com.br Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/ From jharris@widomaker.com Wed Aug 20 23:35:03 2003 From: jharris@widomaker.com (Jason Harris) Date: Wed Aug 20 22:35:03 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030820164632.GA12604@netserv.nl> References: <20030820164632.GA12604@netserv.nl> Message-ID: <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> --syxNSs/hKlQka4Wt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 20, 2003 at 06:46:32PM +0200, Matto Fransen wrote: > I have not been able to the expire-date of a subkey. I have copied a > part of the edit-key procedure below: [moved from gnupg-users to gnupg-devel] Indeed, is there any combination of options to allow GPG (1.2.1 or 1.2.2) to encrypt to an _expired_ subkey? It seems to me that --ignore-time- conflict, perhaps combined with --expert, should have been sufficient, although adding --trusted-key and fully specifying the subkey to use via -r ! didn't help either. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --syxNSs/hKlQka4Wt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/Q9vbSypIl9OdoOMRAhA5AJ9krSZxvzaKwVBYHXYnJ2hKv6BA8QCdEQGo 0EcV/DbEcVmvq+IgpSSrRAY= =8ZDJ -----END PGP SIGNATURE----- --syxNSs/hKlQka4Wt-- From Marcus.Brinkmann@ruhr-uni-bochum.de Wed Aug 20 23:58:01 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Wed Aug 20 22:58:01 2003 Subject: thread support in GPGME (was: Re: Bug in gpgme 0.4.2?) In-Reply-To: <20030805155418.GA13270@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> Message-ID: <20030820205922.GF6997@212.23.136.22> On Tue, Aug 05, 2003 at 05:54:18PM +0200, Albrecht Dre? wrote: > As I am now almost finished with moving balsa from gpgme 0.3.15 to 0.4.3, > I would like to submit the patch for migration soon. Do you have a > timeline for releasing gpgme 0.4.3? I guess people would complain if they > had to use CVS gpgme, and I want to make 0.4.3 as minumum requirement to > avoid endless discussions about missing pub keys not detected correctly. I have now reworked GPGME's support for thread. The old autodetect code is still there for compatibility, but it is deprecated. Instead, a new library is built, libgpgme-pthread, which you can use to link against. This library links explicitely against libpthread, so libtool will get the ordering right. What is still missing is support for that in gpgme-config, which will get a new option --thread= to select the thread package, and new autoconf macros AM_PATH_GPGME_PTHREAD (or whatever the name should be). The same for pth, by the way. The libraries libgpgme, libgpgme-pthread, ... are almost identical, they differ only in a few functions :-/ but the alternative to link all three against a libgpgme-real library that contains the main code requires to have the thread support in other libraries (let's call them libgpg-ath, libgpg-ath-pthread, libgpg-ath-pth), because they'd have to be linked in _after_ libgpgme-real. So we would have another stand alone package you would have to download, compile, install, and maintain. We thought long about it, and eventually decided that wasting a bit of disk space is better than wasting a lot of man power, so this is what we are doing now. When we have the gpgme-config and AM_ stuff done, and fixed the documentation, I think it is time for another gpgme release. That would be early next week. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From Marcus.Brinkmann@ruhr-uni-bochum.de Thu Aug 21 00:03:02 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Wed Aug 20 23:03:02 2003 Subject: preparing GPGME 0.4.3 Message-ID: <20030820210446.GG6997@212.23.136.22> Hi, we are in for another GPGME release shortly. If there is anything that bugs you in 0.4.2, or even better the CVS version, please let me know within the next days, and I will try to fix it. If there are any outstanding bug reports or patches, that I have not addressed yet, chances are that I will still get to them, but there is also a chance that I will miss the opportunity. So please don't be shy to remind me of something I might have forgotten or postponed. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From dshaw@jabberwocky.com Thu Aug 21 00:52:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Wed Aug 20 23:52:01 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> References: <20030820164632.GA12604@netserv.nl> <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030820215309.GA16339@jabberwocky.com> --EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 20, 2003 at 04:36:45PM -0400, Jason Harris wrote: > On Wed, Aug 20, 2003 at 06:46:32PM +0200, Matto Fransen wrote: >=20 > > I have not been able to the expire-date of a subkey. I have copied a > > part of the edit-key procedure below: >=20 > [moved from gnupg-users to gnupg-devel] >=20 > Indeed, is there any combination of options to allow GPG (1.2.1 or 1.2.2) > to encrypt to an _expired_ subkey? It seems to me that --ignore-time- > conflict, perhaps combined with --expert, should have been sufficient, > although adding --trusted-key and fully specifying the subkey to use > via -r ! didn't help either. I'll admit to a certain curiosity as to why someone would want to do such a thing. This key is no more. It has ceased to be. It's *expired*. Using it after expiration is against the express wishes of the person who put the key out there in the first place - the key owner. David --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iEYEARECAAYFAj9D7cUACgkQ4mZch0nhy8nYEQCZAeojTFimTgMV0AOJ3knzTIPT W/AAoKmH+hVdPWUMYXjpeTwe14JX28d0 =qDna -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- From stephane@sente.ch Thu Aug 21 12:59:05 2003 From: stephane@sente.ch (=?ISO-8859-1?Q?St=E9phane_Corth=E9sy?=) Date: Thu Aug 21 11:59:05 2003 Subject: preparing GPGME 0.4.3 In-Reply-To: <20030820210446.GG6997@212.23.136.22> Message-ID: <910F0C65-D3A3-11D7-9DB2-0003938D796E@sente.ch> Hi, I encountered some strange problems on MacOS X with gpgme 0.4.2 when=20 using threads (pthreads IIRC); I have no code to submit yet, but here=20 are the symptoms: in a new thread I create a context, then try to=20 decrypt something or list secret keys in that thread; my thread blocks=20= (it is waiting on a select() return); if I interrupt my process, when=20 under gdb control, and simply continue, then the thread is un-blocked=20 and expected results come out. Everything works fine when I work in the=20= main thread. I'll try to submit you a test case this week-end. Cheers, St=E9phane On Wednesday, Aug 20, 2003, at 23:04 Europe/Zurich, Marcus Brinkmann=20 wrote: > Hi, > > we are in for another GPGME release shortly. If there is anything = that > bugs you in 0.4.2, or even better the CVS version, please let me know=20= > within > the next days, and I will try to fix it. > > If there are any outstanding bug reports or patches, that I have not > addressed yet, chances are that I will still get to them, but there is=20= > also > a chance that I will miss the opportunity. So please don't be shy to=20= > remind > me of something I might have forgotten or postponed. > > Thanks, > Marcus > > > --=20 > `Rhubarb is no Egyptian god.' GNU http://www.gnu.org =20 > marcus@gnu.org > Marcus Brinkmann The Hurd=20 > http://www.gnu.org/software/hurd/ > Marcus.Brinkmann@ruhr-uni-bochum.de > http://www.marcus-brinkmann.de/ > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel From Marcus.Brinkmann@ruhr-uni-bochum.de Thu Aug 21 14:21:02 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu Aug 21 13:21:02 2003 Subject: preparing GPGME 0.4.3 In-Reply-To: <910F0C65-D3A3-11D7-9DB2-0003938D796E@sente.ch> References: <20030820210446.GG6997@212.23.136.22> <910F0C65-D3A3-11D7-9DB2-0003938D796E@sente.ch> Message-ID: <20030821105357.GD941@212.23.136.22> On Thu, Aug 21, 2003 at 08:49:09AM +0200, St?phane Corth?sy wrote: > Hi, > > I encountered some strange problems on MacOS X with gpgme 0.4.2 when > using threads (pthreads IIRC); I have no code to submit yet, but here > are the symptoms: in a new thread I create a context, then try to > decrypt something or list secret keys in that thread; my thread blocks > (it is waiting on a select() return); if I interrupt my process, when > under gdb control, and simply continue, then the thread is un-blocked > and expected results come out. Everything works fine when I work in the > main thread. This suspiciously sounds like it could also be a bug in the thread implementation of MacOS X. > I'll try to submit you a test case this week-end. You should also possibly try to runa test case on MacOS X that just forks(), forks() again (double fork is used in GPGME to daemonize) and in the inital parent select(), for example for reading from a pipe, and in the child write() to the pipe. However, more might be necessary to provoke the same behaviour as in GPGME, for example the signal setup GPGME is using (see posix-io.c's spawn function, which you could use in your non-gpgme test case). Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From t.schorpp@gmx.de Thu Aug 21 17:55:01 2003 From: t.schorpp@gmx.de (thomas schorpp) Date: Thu Aug 21 16:55:01 2003 Subject: Smartcard Support, open system security, law,( certificate sig removed) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi, im against and dont like using smartcards due to certain security flaws with its whole system: - - it makes no sense to protect and provide electronic signatures with strong algorithms and then using weak smartcard pins of 4-6 decimal digits, this would be the way of the german signature law (SigG) and its well known providers regtp (the old bundespost), bmi, tuvit, d-trust... - - the cards and its commercial systems will be hacked, loosed, pin-compromised faster than you think. - - the reasonable use of smartcards to protect data requires protecting the pin in a encrypted file using a strong passphrase in brain only and never to loose on a personal high secure mobile unit or a workstation (staged concept), i'm doing so with the insecure pin numbers of my credit and ec bank cards. for such a project we need not only open software, we would need OPEN HARDWARE systems of intelligent mobile devices (a stupid smartcard or usb-stick isnt that way), too. maybe off-topic, if this discussion is going on elsewhere please let me know: besides, our open sytems should include the ability to handle the TWO personals needs of a todays electronic individual or organisation (juristic persons): we need 2 personal signature/encryption keys/certificates, one requires privacy and anonymity in electronic worlds, the second requires acceptance by at least by DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures Code 5 Part 2, says, a court has to recognize signatures even NOT approved as "qualified" by national authorities(!). not to mention international treaties. that would be our chance to bridge between the nowadays seperated systems, accepted for both individual needs, otherwise commercial systems and microsoft will lead in the future. gnupg is therefor funded in part by the german ministry of economics to adopt later in civil "government"(?). so politics is in here, too, dont miss it! Y tom Key ID: 0x31E21ABA www.keys.de.pgp.net - ---------------------------------------- Elektronische Unterschrift ist nach Import meines Stammzertifikats gültig gemäß RICHTLINIE 1999/93/EG DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 13. Dezember 1999 über gemeinschaftliche Rahmenbedingungen für elektronische Signaturen Artikel 5 Abs. 2 i.V.m. §23 SigG "ausländische Produkte" Produkte der Microsoft Corporation behandeln Signaturvertrauen in diesem Sinne unvollständig. Benutzen Sie besser Open Source Produkte (Linux, etc.) Digital Signature is valid after importing my Root Certificate by DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures Code 5 Part 2 Products of the Microsoft Coporation handle signature trust in this case not fully. Better use open source products (Linux, etc.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9ElmYACgkQzvbvBTHiGrp+QACg5Q5XfUuMSmX75rm40AryRGNW wloAoJ5FqwXfGxwMoDpJVVp9IT9q9g2T =QrmE -----END PGP SIGNATURE----- From wk@gnupg.org Thu Aug 21 18:52:01 2003 From: wk@gnupg.org (Werner Koch) Date: Thu Aug 21 17:52:01 2003 Subject: Smartcard Support, open system security, law,( certificate sig removed) In-Reply-To: (thomas schorpp's message of "Thu, 21 Aug 2003 16:56:10 +0200") References: Message-ID: <878ypn9fb4.fsf@alberti.g10code.de> On Thu, 21 Aug 2003 16:56:10 +0200, thomas schorpp said: > im against and dont like using smartcards due to certain security flaws with > its whole system: It has been said at least 42 times: What constitutes a security flaw depends on your threat model. So before you talk about it, define your threat model. > - it makes no sense to protect and provide electronic signatures with > strong algorithms and then using weak smartcard pins of 4-6 decimal digits, > this would be the way of the german signature law (SigG) and its well known > providers regtp (the old bundespost), bmi, tuvit, d-trust... The PIN is simply a countermeasure to increase the time window you have to relalise that your card has been stolen/abused, to create a revocation and distribute that. That's all a PIN is good for. Similar for GnuPG's passphrase. Nobody expects any strong security in a PIN. > - the cards and its commercial systems will be hacked, loosed, > pin-compromised faster than you think. Please define commercial system - I guess you mean proprietary system. All what you describe above constitutes local attacks requiring physical access to the card or reader. There is not much one can do about it except for plain old phsical security diligence. A smartcard protects very well against any remote key compromise attack. It can't protect you from malicious software on the host, though. > - the reasonable use of smartcards to protect data requires protecting the > pin in a encrypted file using a strong passphrase in brain only and never to This won't help. The box you are using to keep the encrypted file may already run malicious software. > for such a project we need not only open software, we would need OPEN > HARDWARE systems of intelligent mobile devices (a stupid smartcard or > usb-stick isnt that way), too. I don't know what you mean by open hardware? Hardware is entirely different from software because you can't build it at home from a piece of silicon and copying is is not of near-zero cost. Of course, I'd like to see free designs of chips, so that you can take the design to any fab and have them produce N of those chips. This is an expensive task and those chips won't be as cheap as we are used to - getting the critical mass to make the production cheaper is far harder than with software. For many application domains a smartcard is a thing you want to have. For example: The key I use to sign GnuPG is on some box which is somehow connected to the net and thus this key is a possible target for an attack. I would feel much safer with that key on a smartcard with an integrated signature counter and only used in the few seconds every once in a while while signing a package. Then, it will be much harder to trick my box into signing something without my attention. Well, there is still the question whether the right thing has been signed but a malicious signature will be detected very shortly after it. The real problem is how to assure that the source has not been tampered with - I review the diffs before a stable release - but that is a boring task and prone to errors. Hopefully others are watching the code too. > besides, our open sytems should include the ability to handle the TWO > personals needs of a todays electronic individual or organisation (juristic > persons): we need 2 personal signature/encryption keys/certificates, one The OpenPGP smartcard comes with thre keys: Signing (useful digital signatures), encryption and authentication (ssh, pam). > microsoft will lead in the future. gnupg is therefor funded in part by the > german ministry of economics to adopt later in civil "government"(?). so [ It is a long long time ago that we received some funds. The development is for ~95% done without any financial support. You can change this of course, see for example: http://g10code.com/products.html#maintpoints ] Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From t.schorpp@gmx.de Thu Aug 21 21:09:02 2003 From: t.schorpp@gmx.de (thomas schorpp) Date: Thu Aug 21 20:09:02 2003 Subject: Smartcards, one alternative solution to it..? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi, for workstation: what about booting a secure protected mode virtual machine minimal open source linux box within a normal-use os? all security software and secure shells, mails, document editors running in this box? modern processors protected mode should work well... is there a open counterpart to vmware? maybe a solution. comments? for mobile: < thinking... > y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9FCrIACgkQzvbvBTHiGrpsSQCg8C33UTrmd1QiSPqkfeGvFpqu 08MAn1HtW8G2E5dIZsgw+yLglqE2jwub =i/HS -----END PGP SIGNATURE----- From alex@syjon.fantastyka.net Thu Aug 21 21:19:02 2003 From: alex@syjon.fantastyka.net (Janusz A. Urbanowicz) Date: Thu Aug 21 20:19:02 2003 Subject: Smartcards, one alternative solution to it..? In-Reply-To: References: Message-ID: <20030821182002.GA31085@syjon.fantastyka.net> > for workstation: > > what about booting a secure protected mode virtual machine minimal open > source linux box within a normal-use os? > all security software and secure shells, mails, document editors running in > this box? > modern processors protected mode should work well... You are reinventing MS Palladium/NGSCB here. > is there a open counterpart to vmware? Bochs86. > maybe a solution. It is not a solution. Alex From t.schorpp@gmx.de Thu Aug 21 21:48:01 2003 From: t.schorpp@gmx.de (thomas schorpp) Date: Thu Aug 21 20:48:01 2003 Subject: AW: Smartcards, one alternative solution to it..? In-Reply-To: <20030821182002.GA31085@syjon.fantastyka.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 > -----Ursprungliche Nachricht----- > Von: gnupg-devel-admin@gnupg.org [mailto:gnupg-devel-admin@gnupg.org]Im > Auftrag von Janusz A. Urbanowicz > Gesendet: Donnerstag, 21. August 2003 20:20 > An: thomas schorpp > Cc: Gnupg-Devel; Winpt-Users; Winpt-Dev; Gnupg-Users > Betreff: Re: Smartcards, one alternative solution to it..? > > > > for workstation: > > > > what about booting a secure protected mode virtual machine minimal open > > source linux box within a normal-use os? > > all security software and secure shells, mails, document > editors running in > > this box? > > modern processors protected mode should work well... > > You are reinventing MS Palladium/NGSCB here. if i read the msdn right, thats not the thing i suggested, cause its no real pm, even if running from processor ring 0. and the politics behind that is a completly different, you know it. locking safe pages in virtual menory has pgp already done...? > > > is there a open counterpart to vmware? > > Bochs86. thx. > > > maybe a solution. > > It is not a solution. why?, please let me learn... please tell me your alternative to smartcards. > > Alex > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9FE/QACgkQzvbvBTHiGrpwpQCgmowkNvxU1QsFecIv39THRVuM kBgAoJdjAB8D/46Fzq53pMZ2ua76o/PR =tOAi -----END PGP SIGNATURE----- From jharris@widomaker.com Thu Aug 21 23:47:02 2003 From: jharris@widomaker.com (Jason Harris) Date: Thu Aug 21 22:47:02 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030820215309.GA16339@jabberwocky.com> References: <20030820164632.GA12604@netserv.nl> <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> <20030820215309.GA16339@jabberwocky.com> Message-ID: <20030821204843.GC4380@pm1.ric-08.lft.widomaker.com> --vZDMF4x1t6HnyzWs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 20, 2003 at 05:53:09PM -0400, David Shaw wrote: > I'll admit to a certain curiosity as to why someone would want to do > such a thing. This key is no more. It has ceased to be. It's > *expired*. > Using it after expiration is against the express wishes of the person > who put the key out there in the first place - the key owner. Assuming the keyholder can figure out their software and can easily transmit key updates to those who would use the otherwise-expired key, then yes. But, just as one can use a telephone to verify the finger- print of a new key, one should also be able to say: "Use my existing key for another week, I'm unable to create and transmit a new one right now." Why preclude this? --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --vZDMF4x1t6HnyzWs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/RTAqSypIl9OdoOMRAjQCAJ97Z10JTuxn62oAavfo4qgQ1BzSlACfZPQj PwRdw9wje9x/2HkEAzFvp9Y= =Cp4T -----END PGP SIGNATURE----- --vZDMF4x1t6HnyzWs-- From dshaw@jabberwocky.com Fri Aug 22 06:50:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Aug 22 05:50:02 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030821204843.GC4380@pm1.ric-08.lft.widomaker.com> References: <20030820164632.GA12604@netserv.nl> <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> <20030820215309.GA16339@jabberwocky.com> <20030821204843.GC4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030822035146.GC21837@jabberwocky.com> --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 21, 2003 at 04:48:43PM -0400, Jason Harris wrote: > On Wed, Aug 20, 2003 at 05:53:09PM -0400, David Shaw wrote: >=20 > > I'll admit to a certain curiosity as to why someone would want to do > > such a thing. This key is no more. It has ceased to be. It's > > *expired*. >=20 > > Using it after expiration is against the express wishes of the person > > who put the key out there in the first place - the key owner. >=20 > Assuming the keyholder can figure out their software and can easily > transmit key updates to those who would use the otherwise-expired key, > then yes. But, just as one can use a telephone to verify the finger- > print of a new key, one should also be able to say: "Use my existing key > for another week, I'm unable to create and transmit a new one right now." > Why preclude this? The protocol doesn't preclude this, of course, but then again, the protocol doesn't preclude nearly anything. There are many things that could theoretically be overridden by a smart user who "knows better". Unrevoke keys, unexpire user IDs or subkeys, change key flags (turn a sign-only key into an encryption key, etc) and so on. In general, I'm somewhat against this sort of thing unless there is a pretty concrete example of it being needed in the field. It's always possible to construct a reason why a particular validation needs to be overridden ("Oops, I didn't mean to revoke my key - it's okay, go ahead and use it anyway" or "I don't have time to sign Joe's key right now, but go ahead and use it as if I had signed it."), but every override gives additional complexity to GnuPG and is an additional place where the wrong thing can happen (How sure are you that you spoke to the right person on the phone? Are you sure that the "Joe" key that is being authorized is the same "Joe" that you have a copy of?) David --J/dobhs11T7y2rNN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iEYEARECAAYFAj9Fk1EACgkQ4mZch0nhy8n0UgCg3N0pE/id6MA3tOXDIZFyFBZS ODsAniKSb6tqUSHBdfjglI5xwm7YfKxl =B3N+ -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN-- From itojun@iijlab.net Fri Aug 22 12:14:02 2003 From: itojun@iijlab.net (Jun-ichiro itojun Hagino) Date: Fri Aug 22 11:14:02 2003 Subject: gnupg 1.2.2: IPv6 support Message-ID: <20030815065120.3AF04793@starfruit.itojun.org> the following diff should add IPv6 support (keyserver access) to gnupg 1.2.2. config.h.in should be automatically generated, however, i'm not too familiar with automake so i hand-patched it. please consider integrating it into future distribution. itojun Index: config.h.in =================================================================== RCS file: /cvsroot/apps/gnupg/config.h.in,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- config.h.in 15 Aug 2003 05:12:06 -0000 1.1.1.1 +++ config.h.in 15 Aug 2003 06:44:46 -0000 1.2 @@ -537,3 +537,4 @@ #include "g10defs.h" +#undef HAVE_GETADDRINFO Index: configure =================================================================== RCS file: /cvsroot/apps/gnupg/configure,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- configure 15 Aug 2003 05:12:08 -0000 1.1.1.1 +++ configure 15 Aug 2003 06:47:49 -0000 1.2 @@ -13111,7 +13111,7 @@ -for ac_func in waitpid wait4 sigaction sigprocmask rand pipe stat +for ac_func in waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_func" >&5 Index: configure.ac =================================================================== RCS file: /cvsroot/apps/gnupg/configure.ac,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- configure.ac 15 Aug 2003 05:12:08 -0000 1.1.1.1 +++ configure.ac 15 Aug 2003 06:47:49 -0000 1.3 @@ -586,7 +586,7 @@ AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid) AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) -AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat) +AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo) AC_REPLACE_FUNCS(mkdtemp) # Index: util/http.c =================================================================== RCS file: /cvsroot/apps/gnupg/util/http.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- util/http.c 15 Aug 2003 05:12:28 -0000 1.1.1.1 +++ util/http.c 15 Aug 2003 06:44:46 -0000 1.2 @@ -753,6 +753,28 @@ sock_close (sd); return -1; } +#elif defined(HAVE_GETADDRINFO) + struct addrinfo hints, *res0, *res; + char portstr[20]; + + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + snprintf(portstr, sizeof(portstr), "%u", port); + if (getaddrinfo(server, portstr, &hints, &res0) != 0) + return -1; + for (res = res0; res; res = res->ai_next) { + sd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (sd < 0) + continue; + if (connect(sd, res->ai_addr, res->ai_addrlen) < 0) { + close(sd); + sd = -1; + continue; + } + break; + } + freeaddrinfo(res0); + return sd; #else struct sockaddr_in addr; struct hostent *host; From bernhard@intevation.de Fri Aug 22 12:14:06 2003 From: bernhard@intevation.de (Bernhard Reiter) Date: Fri Aug 22 11:14:06 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <3F341183.7060904@botz.org> References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> Message-ID: <20030819190323.GF23531@intevation.de> --/i8j2F0k9BYX4qLc Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 08, 2003 at 02:09:23PM -0700, J=FCrgen Botz wrote: > Werner Koch wrote: > >gpg2 has been changed to use libgcrypt but secret key management is > >still done by itself and not by gpg-agent. However, --use-agent is > >the default now and we support the new OpenPGP smartcards. >=20 > Could you explain what you mean by this for those of us who are > not very familiar with the code base? I mean, superficially this > statement doesn't make sense, if key management isn't done by the > agent what good is the agent? The agent does secret key management for gpgsm. AFAIU for gpg2 it can hold the passphrase, thus working in a similiar manner like gpgsm. Bernhard --/i8j2F0k9BYX4qLc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/QnR7h9ag3dpKERYRAtTEAJ9Dgej4nE+CUZWRxgb0vXE86AjWxwCgmM/5 Hj82Z+MAgEIVfnPEHRYbiHk= =X4v5 -----END PGP SIGNATURE----- --/i8j2F0k9BYX4qLc-- From tv@pobox.com Fri Aug 22 12:14:11 2003 From: tv@pobox.com (Todd Vierling) Date: Fri Aug 22 11:14:11 2003 Subject: Patch for PR gnupg/199 Message-ID: I replied to GNATS, but it doesn't seem that my reply made it there. Note that I am *NOT* on this list; please include me in Cc: in responses. In the PR, use of --search-keys in a "PGP/GPG frontend" (pgpenvelope, GnuPG::Interface) is useless because the non-tty stdout default is block-buffered rather than line-buffered. Thus the key list, which is written to stdout, may never show up until entering (Q)uit. The following patch adds a fflush(stdout) to ensure that the list of keys in --search-keys is flushed to stdout before writing the prompt to the user. (BTW, I'd really like to see this in 1.2.3 as well, if possible. 8-) Index: g10/keyserver.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/keyserver.c,v retrieving revision 1.31 diff -u -r1.31 keyserver.c --- g10/keyserver.c 10 Jul 2003 14:30:07 -0000 1.31 +++ g10/keyserver.c 20 Aug 2003 21:06:12 -0000 @@ -486,6 +486,9 @@ from=numdesc+1; } + /* flush key list before displaying prompt */ + fflush(stdout); + answer=cpr_get_no_help("keysearch.prompt", _("Enter number(s), N)ext, or Q)uit > ")); /* control-d */ -- -- Todd Vierling From wk@gnupg.org Fri Aug 22 13:27:02 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Aug 22 12:27:02 2003 Subject: Patch for PR gnupg/199 In-Reply-To: (Todd Vierling's message of "Wed, 20 Aug 2003 17:13:56 -0400 (EDT)") References: Message-ID: <87fzju6l3w.fsf@alberti.g10code.de> On Wed, 20 Aug 2003 17:13:56 -0400 (EDT), Todd Vierling said: > I replied to GNATS, but it doesn't seem that my reply made it there. Note > that I am *NOT* on this list; please include me in Cc: in responses. It went into a new bug report; I merged it. It is definitely time to upgarde to GNATS 4.0 but die to the kached gnu server it is still not available. > --search-keys is flushed to stdout before writing the prompt to the user. > (BTW, I'd really like to see this in 1.2.3 as well, if possible. 8-) The fflush won't harm, so I added it for 1.2.3 (which is alrweady available). Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From albrecht.dress@arcor.de Fri Aug 22 14:52:01 2003 From: albrecht.dress@arcor.de (Albrecht =?iso-8859-1?Q?Dre=DF?=) Date: Fri Aug 22 13:52:01 2003 Subject: thread support in GPGME (was: Re: Bug in gpgme 0.4.2?) In-Reply-To: <20030820205922.GF6997@212.23.136.22>; from Marcus.Brinkmann@ruhr-uni-bochum.de on Mit, Aug 20, 2003 at 22:59:22 +0200 References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> <20030820205922.GF6997@212.23.136.22> Message-ID: <20030822114539.GC1154@antares.localdomain> --bKyqfOwhbdpXa4YI Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Am 20.08.03 22:59 schrieb(en) Marcus Brinkmann: > What is still missing is support for that in gpgme-config, which will get > a > new option --thread=3D to select the thread package, and new autoconf That should be a usable implementation for balsa, as the config script=20 knows if threads should be used or not... > would have to download, compile, install, and maintain. We thought long > about it, and eventually decided that wasting a bit of disk space is > better than wasting a lot of man power, so this is what we are doing now. Sounds complicated. Did you think about a new function like=20 "gpgme_init_threads({"pthread"|"pth"|...})" to trigger the thread=20 initialisation? Maybe that's easier to maintain... > When we have the gpgme-config and AM_ stuff done, and fixed the > documentation, I think it is time for another gpgme release. That would > be > early next week. I hope the patch for balsa (which uses threads) will be ready about two=20 weeks later (as I'm on holidays in between ;-)). Cheers, Albrecht. --=20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre=DF - Johanna-Kirchner-Stra=DFe 13 - D-53123 Bonn (German= y) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ --bKyqfOwhbdpXa4YI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/RgJjn/9unNAn/9ERAijsAJ9muQaeRryQXGvbmU0N7qlbQGfxkACgoHri 23aJbqGDPmhqa0YjSU8TZ9c= =0V/L -----END PGP SIGNATURE----- --bKyqfOwhbdpXa4YI-- From Marcus.Brinkmann@ruhr-uni-bochum.de Fri Aug 22 15:19:02 2003 From: Marcus.Brinkmann@ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri Aug 22 14:19:02 2003 Subject: thread support in GPGME (was: Re: Bug in gpgme 0.4.2?) In-Reply-To: <20030822114539.GC1154@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> <20030820205922.GF6997@212.23.136.22> <20030822114539.GC1154@antares.localdomain> Message-ID: <20030822121006.GA745@killarney> On Fri, Aug 22, 2003 at 01:45:39PM +0200, Albrecht Dre? wrote: > Am 20.08.03 22:59 schrieb(en) Marcus Brinkmann: > >What is still missing is support for that in gpgme-config, which will get > >a > >new option --thread= to select the thread package, and new autoconf > > That should be a usable implementation for balsa, as the config script > knows if threads should be used or not... Yeah, in general the application this is finally linked to its libraries will know if it wants thread support or not. > >would have to download, compile, install, and maintain. We thought long > >about it, and eventually decided that wasting a bit of disk space is > >better than wasting a lot of man power, so this is what we are doing now. > > Sounds complicated. Did you think about a new function like > "gpgme_init_threads({"pthread"|"pth"|...})" to trigger the thread > initialisation? Maybe that's easier to maintain... Yes, we considered that, but what do you do if you have a library using GPGME? Then you'd have to export the interface to give the user of that library a choice. It would also not eliminate the link order problem using libtool. In the end, even the current solution is not ideal in the case of a library using GPGME, as such a library needs to make a decision to which of the GPGME variants it wants to be linked to! And this is sort of problematic, but I don't really know a solution, except to provide several variants of that library if necessary. Also please note that you can not freely mix threaded and non-threaded code, at least not in GNU/Linux based systems. libpthread overrides functions like fork, and that can cause spurious failures (like, for example, if you have a single-threaded apache and link it with a threaded mod_python). We can only hope that eventually all applications will always link to pthread, and no other thread system exists that people want to use :) Thanks, Marcus From t.schorpp@gmx.de Fri Aug 22 15:29:01 2003 From: t.schorpp@gmx.de (thomas schorpp) Date: Fri Aug 22 14:29:01 2003 Subject: Smartcard Support, open system security, law, i'm standing down and apologize In-Reply-To: <871xve86q4.fsf@alberti.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 @ALL, hi guys, since i've been the only one against smartcards and since the declared circumstances with the openpgp smartcards ARE REASONABLE AND ACCEPTABLE, i'm hereby standing down. i'm sorry and apologize, especially to mr. koch, for being rude. but i had to be provocant to learn about you guys ;). i like this project and if you got some work for me, please feel free to assign to me :). skills are electronics engineering, software engineering, project management, SPI, SW-QA/QM, ergonomics, PKI, MKI, law, and many more. go on with the great work. Y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9GDHcACgkQzvbvBTHiGrpF+gCgsrIvJsoDivWSRGZljURwyAWE 6/MAoPFbByb/Dcx/aN92IPWe8XQ/BXTP =jq7N -----END PGP SIGNATURE----- From wk@gnupg.org Fri Aug 22 17:11:20 2003 From: wk@gnupg.org (Werner Koch) Date: Fri Aug 22 16:11:20 2003 Subject: [Announce] GnuPG one-two-three released Message-ID: <877k557reu.fsf@alberti.g10code.de> --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hello! =20=20=20=20 We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.3 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.=20 This release solves a performance problem introduced with 1.2.2 and make building on less common platforms easier. Getting the Software =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D GnuPG 1.2.3 can be downloaded from one of the GnuPG mirror sites or From=20direct from ftp://ftp.gnupg.org/gcrypt . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the follwing files in the *gnupg* directory: gnupg-1.2.3.tar.bz2 (2240k) gnupg-1.2.3.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.2.3.tar.gz (3228k) gnupg-1.2.3.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.2.2-1.2.3.diff.gz (915k) A patch file to upgrade a 1.2.2 GnuPG source. This file is signed; you have to use GnuPG > 0.9.5 to verify the signature. GnuPG has a feature to allow clear signed patch files which can still be processed by the patch utility. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date.=20=20 In the *binary* directory, you should find these files: gnupg-w32cli-1.2.3.zip (1309k) gnupg-w32cli-1.2.3.zip.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and comes without a graphical installer tool. You have to use an UNZIP utility to extract the files and install them manually. The included file README.W32 has further instructions.=20 Checking the Integrity =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.2.3.tar.bz2 you would use this command: gpg --verify gnupg-1.2.3.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key by=20 finger wk 'at' g10code.com . Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation. * If you are not able to use an old version of GnuPG, you have to verify the MD5 checksum. Assuming you downloaded the file gnupg-1.2.3.tar.bz2, you would run the md5sum command like this: md5sum gnupg-1.2.3.tar.bz2 and check that the output matches the first line from the following list: cdca1282d7901f9ddb52f9725b001af2 gnupg-1.2.3.tar.bz2 46b990908019422535a08ce91b370ae7 gnupg-1.2.3.tar.gz 64c305371e658764006439b73ecbd8c3 gnupg-1.2.2-1.2.3.diff.gz 208f98809a6e533fed08846723795477 gnupg-w32cli-1.2.3.zip Upgrade Information =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D If you are upgrading from a version prior to 1.0.7, you should run the script tools/convert-from-106 once. Please note also that due to a bug in versions prior to 1.0.6 it may not be possible to downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . If you have any problems, please see the FAQ and the mailing list archive at http://lists.gnupg.org. Please direct questions to the gnupg-users@gnupg.org mailing list. What's New =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Here is a list of major user visible changes since 1.2.2: * New "--gnupg" option (set by default) that disables --openpgp, and the various --pgpX emulation options. This replaces --no-openpgp, and --no-pgpX, and also means that GnuPG has finally grown a --gnupg option to make GnuPG act like GnuPG. * A number of portability changes to make building GnuPG on less-common platforms easier. * Romanian translation. * Two new %-expandos for use in notation and policy URLs. "%g" expands to the fingerprint of the key making the signature (which might be a subkey), and "%p" expands to the fingerprint of the primary key that owns the key making the signature. * New "tru" record in --with-colons --list-keys listings. It shows the status of the trust database that was used to calculate the key validity in the listings. See doc/DETAILS for the specifics of this. * New REVKEYSIG status tag for --status-fd. It indicates a valid signature that was issued by a revoked key. See doc/DETAILS for the specifics of this. Internationalization =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D GnuPG comes with support for these langauges: American English Indonesian (id)=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20 Catalan (ca) Italian (it)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 Czech (cs) Japanese (ja)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 Danish (da)[*] Polish (pl)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 Dutch (nl)[*] Brazilian Portuguese (pt_BR)[*]=20=20=20=20 Esperanto (eo)[*] Portuguese (pt)=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20 Estonian (et) Romanian (ro)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20 Finnish (fi) Slovak (sk)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20 French (fr) Spanish (es)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 Galician (gl) Swedish (sv)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 German (de) Traditional Chinese (zh_TW)=20=20=20=20=20 Greek (el) Turkish (tr)=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20 Hungarian (hu)=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20 Languages marked with [*] were not updated for this releases and you may notice untranslated messages. Many thanks to the translators for their ongoing support of GnuPG. Future Directions =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D GnuPG 1.2.x is the current stable branch and won't undergo any serious changes. We will just fix bugs and add compatibility fixes as required. GnuPG 1.3.x is the version were we do most new stuff and it will lead to the next stable version 1.4 not too far away. GnuPG 1.9.x is brand new and flagged as experimental. This version merged the code from the Aegypten project and thus it includes the gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we won't support any ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. 1.9 is based on the current 1.3 code and has been released to have software ready to play with the forthcoming OpenPGP smartcard. The OpenPGP smartcard is a soon to be released specification of an ISO 7816 based application to generate or import keys into a smartcard and provide all functionality to use this card with OpenPGP. The specification features 3 1024 bit RSA keys (signing, decryption and authentication) as well as utility data objects to make integration easy. We will be able to give about 50 test cards to selected developers and soon after distribute real cards. For other developments you may want to consult the task list at http://g10code.com/en/tasklist.html . Happy Hacking, The GnuPG team (David, Stefan, Timo and Werner) Let's not forget about all the other contributors; here is list of them (from the THANKS file): The GNU Privacy Guard has been created by the GnuPG team: David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils Ellmenreich, R=E9mi Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch. Birger Langkjer, Daniel Resare, Dokianakis Theofanis, Edmund GRIMLEY EVANS, Ga=EBl Qu=E9ri, Gregory Steuck, Nagy Ferenc L=E1szl=F3, Ivo Timmermans, Jac= obo Tarri'o Barreiro, Janusz Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos Santos, Toomas Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the official translations. Mike Ashley wrote and maintains the GNU Privacy Handbook. David Scribner is the current FAQ editor. Lorenzo Cappelletti maintains the web site. The following people helped greatly by suggesting improvements, testing, fixing bugs, providing resources and doing other important tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews, Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere, Christian Kurz, Christian von Roques, Christopher Oliver, Christian Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave Dykstra, David C Niemi, David Champion, David Ellement, David Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Ga=EBl Qu=E9ri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni, Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John A. Martin, Johnny Teve=DFen, J=F6rg Schilling, Jos Backus, Joseph Walton, Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde, Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl, Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev, Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye, Oliver Haakert, Oskari J=E4=E4skel=E4inen, Pascal Scheffers, Paul D. Smith, Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong, Ralph Gillen, Rat, Reinhard Wobst, R=E9mi Guyomarch, Reuben Sumner, Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann, Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann, Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen, Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf M=F6ller, Urko Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann, Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki IIDA, Yoshihiro Kajiki and Gerlinde Klaes. This software has been made possible by the previous work of Chris Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson, Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA mathematicians and all the folks who have worked hard to create complete and free operating systems. =2D-=20 Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/RhqYbH7huGIcwBMRAvSoAKC5bIp4kiMGiAqviL/5JZY/pGuYdQCfWYPu 4uGpybJPNSikKKvyQyq4E1w= =xEog -----END PGP SIGNATURE----- --=-=-=-- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From t.schorpp@gmx.de Fri Aug 22 23:49:01 2003 From: t.schorpp@gmx.de (thomas schorpp) Date: Fri Aug 22 22:49:01 2003 Subject: open pgp on smart devices, maxim/dallas ibutton,(the very) LIMITATION OF LIABILITY Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi, seems, maxim/dallas dont trust their own best products...: http://www.ibutton.com/store/license/crypto.html 5. LIMITED WARRANTIES. DS expressly disclaims any warranty for the Java powered iButton product other than replacement of a returned defective Java powered iButton for one (1) year. The Java powered iButton product AND ANY RELATED DOCUMENTATION, IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OR MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE Java powered iButton REMAINS WITH YOU. DS is under no obligation to issue new Java powered iButtons. 6. LIMITATION OF LIABILITY. To the maximum extent permitted by applicable law, in no event shall DS be liable for any special, incidental, indirect, or consequential damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use the Java powered iButton or the provision of or failure to provide Support Services, even if DS has been advised of the possibility of such damages. In any case, DS' entire liability under any provision of this Agreement shall be limited to the greater of the amount actually paid by you for the Java powered iButton or US$4.00. Because some states and jurisdictions do not allow the exclusion or limitation of liability, the above limitation may not apply to you. You assume the entire risk for theft, damage, destruction or loss of the Java powered iButton during the term of this Agreement and thereafter. ... a 4-60$ guarantee, eu providers must guarantee with 250.000? euros. cant find any open hw specs, neither. y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9GgWAACgkQzvbvBTHiGrq8fQCg/pShTcfhypO9GcJoI7AAtKsu bHoAn2ODaNkWMXlZRvbpjC7/h2AKPHjX =nqvG -----END PGP SIGNATURE----- From wk@gnupg.org Sat Aug 23 08:57:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Aug 23 07:57:02 2003 Subject: open pgp on smart devices, maxim/dallas ibutton,(the very) LIMITATION OF LIABILITY In-Reply-To: (thomas schorpp's message of "Fri, 22 Aug 2003 22:49:25 +0200") References: Message-ID: <87wud43ofm.fsf@alberti.g10code.de> On Fri, 22 Aug 2003 22:49:25 +0200, thomas schorpp said: > hi, > seems, maxim/dallas dont trust their own best products...: > http://www.ibutton.com/store/license/crypto.html > 5. LIMITED WARRANTIES. DS expressly disclaims any warranty for the Java That is a common disclaimer, have you never been to the U.S.? Do you know the movie The Fortune Cookie: "I slipped on a banana skin - okay, lets sue United Fruit."? I don't think that it is much different for any other semiconductor you buy anywhere in the world. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From lists@lina.inka.de Sat Aug 23 23:52:02 2003 From: lists@lina.inka.de (Bernd Eckenfels) Date: Sat Aug 23 22:52:02 2003 Subject: Patch for PR gnupg/199 In-Reply-To: References: Message-ID: <20030823205344.GA11253@lina.inka.de> On Wed, Aug 20, 2003 at 05:13:56PM -0400, Todd Vierling wrote: > + /* flush key list before displaying prompt */ > + fflush(stdout); > + > answer=cpr_get_no_help("keysearch.prompt", > _("Enter number(s), N)ext, or Q)uit > ")); wouldnt it be much better to add that flush to the prompt function itself? Greetings Bernd -- (OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de -- ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! From dshaw@jabberwocky.com Sun Aug 24 02:00:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Aug 24 01:00:02 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030815065120.3AF04793@starfruit.itojun.org> References: <20030815065120.3AF04793@starfruit.itojun.org> Message-ID: <20030823230108.GC1271@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 15, 2003 at 03:51:19PM +0900, Jun-ichiro itojun Hagino wrote: > the following diff should add IPv6 support (keyserver access) > to gnupg 1.2.2. > config.h.in should be automatically generated, however, i'm not too > familiar with automake so i hand-patched it. please consider > integrating it into future distribution. I am planning to add IPv6 support to the next devel branch release of GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you (or anyone reading this) be willing to test? David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9H8jQqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJOaoAoNtFplVKgE/9Um2szmdIz243gHveAJ4p QRFscU+A+N8zw0BaxhAoqlqQYw== =WX7D -----END PGP SIGNATURE----- From mhw@wittsend.com Sun Aug 24 17:21:01 2003 From: mhw@wittsend.com (Michael H. Warfield) Date: Sun Aug 24 16:21:01 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030823230108.GC1271@jabberwocky.com> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> Message-ID: <20030824142248.GA22028@alcove.wittsend.com> --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 23, 2003 at 07:01:08PM -0400, David Shaw wrote: > On Fri, Aug 15, 2003 at 03:51:19PM +0900, Jun-ichiro itojun Hagino wrote: > > the following diff should add IPv6 support (keyserver access) > > to gnupg 1.2.2. > > config.h.in should be automatically generated, however, i'm not too > > familiar with automake so i hand-patched it. please consider > > integrating it into future distribution. > I am planning to add IPv6 support to the next devel branch release of > GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you > (or anyone reading this) be willing to test? I can certainly test it from a client stand-point. Are there some IPv6 keyservers out there to test against? > David > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel Mike --=20 Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=3Dmhw=3D|\/\/ | (678) 463-0932 | http://www.wittsend.com/= mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUBP0jKOOHJS0bfHdRxAQH1wQQAhaJPMwMtVvBRbnTYfb8p9BkQasA1ePTN m7Ggz9NcA+J0MLRNQoGJpBkN6c0/Ejk1xknyJYZAdN908BEk13QJ02DYJB5sQu0X Mdif88YbVkueHt53CM/qiLSRy4dwLd1THwwGlLy1bpdxrUGSLZBzgojiP63Sqh74 P2ORUqSvMX0= =PspP -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- From wk@gnupg.org Sun Aug 24 19:34:02 2003 From: wk@gnupg.org (Werner Koch) Date: Sun Aug 24 18:34:02 2003 Subject: Patch for PR gnupg/199 In-Reply-To: <20030823205344.GA11253@lina.inka.de> (Bernd Eckenfels's message of "Sat, 23 Aug 2003 22:53:44 +0200") References: <20030823205344.GA11253@lina.inka.de> Message-ID: <87znhzyq1a.fsf@alberti.g10code.de> On Sat, 23 Aug 2003 22:53:44 +0200, Bernd Eckenfels said: > wouldnt it be much better to add that flush to the prompt function itself? Yes. However, it was a last minute change and thus I did it the fast way. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From dshaw@jabberwocky.com Mon Aug 25 17:00:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Mon Aug 25 16:00:01 2003 Subject: Patch for PR gnupg/199 In-Reply-To: <87znhzyq1a.fsf@alberti.g10code.de> References: <20030823205344.GA11253@lina.inka.de> <87znhzyq1a.fsf@alberti.g10code.de> Message-ID: <20030825140133.GA28588@jabberwocky.com> On Sun, Aug 24, 2003 at 06:32:49PM +0200, Werner Koch wrote: > On Sat, 23 Aug 2003 22:53:44 +0200, Bernd Eckenfels said: > > > wouldnt it be much better to add that flush to the prompt function itself? > > Yes. However, it was a last minute change and thus I did it the fast > way. Hopefully, this whole thing can go away at some point. This flush is to support external programs reading and displaying the keyserver search list, but the format of the list is not fixed and is already very different in 1.3.x. Programs should use the --with-colons format, but unfortunately there is no --with-colons --search-keys menu in 1.2.x (there is in 1.3.x.). It would work fine to display the exact text GnuPG outputs, but any program that tries to actually parse the search list is going to break when 1.4 comes out. Possibly the answer is to backport the --with-colons --search-keys to 1.2.x (it's minor). David From cova@ferrara.linux.it Mon Aug 25 23:02:01 2003 From: cova@ferrara.linux.it (Fabio Coatti) Date: Mon Aug 25 22:02:01 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030824142248.GA22028@alcove.wittsend.com> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> <20030824142248.GA22028@alcove.wittsend.com> Message-ID: <200308252203.26617.cova@ferrara.linux.it> Alle 16:22, domenica 24 agosto 2003, Michael H. Warfield ha scritto: > > I can certainly test it from a client stand-point. Are there > some IPv6 keyservers out there to test against? Well, here (Ferrara Linux User Group/deepspace6.net project) we have the possibility to set up a "test" IPv6 keyserver; is there any recommended package to set up such a thing? -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. From jharris@widomaker.com Tue Aug 26 00:01:02 2003 From: jharris@widomaker.com (Jason Harris) Date: Mon Aug 25 23:01:02 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <200308252203.26617.cova@ferrara.linux.it> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> <20030824142248.GA22028@alcove.wittsend.com> <200308252203.26617.cova@ferrara.linux.it> Message-ID: <20030825210236.GL4380@pm1.ric-08.lft.widomaker.com> --fLJtL2Vwvoz5kz8d Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 25, 2003 at 10:03:26PM +0200, Fabio Coatti wrote: > Alle 16:22, domenica 24 agosto 2003, Michael H. Warfield ha scritto: >=20 > > > > I can certainly test it from a client stand-point. Are there > > some IPv6 keyservers out there to test against? >=20 > Well, here (Ferrara Linux User Group/deepspace6.net project) we have the= =20 > possibility to set up a "test" IPv6 keyserver; is there any recommended= =20 > package to set up such a thing? http://www.earth.li/projectpurple/progs/onak.html , IIRC, and I think just the DB4 snapshot/branch of pks, http://pks.sf.net/ . Also, http://lists.alt.org/pipermail/pgp-keyserver-folk/ is the (new) place to signup for the keyserver mailing list, if you want to reach more keyserver folks. --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ --fLJtL2Vwvoz5kz8d Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/SnlrSypIl9OdoOMRAvUTAJ0bG+qZBm/iSZKeA0A7lSC+Tu6MsACfVZl5 LfnIXjUZEt8Z4o0HtNMNUrE= =zATh -----END PGP SIGNATURE----- --fLJtL2Vwvoz5kz8d-- From udjinrg@forenet.by Tue Aug 26 15:08:02 2003 From: udjinrg@forenet.by (Maxim Britov) Date: Tue Aug 26 14:08:02 2003 Subject: gnupg.pot Message-ID: <20030826145915.65479bb3.udjinrg@forenet.by> --S90_ld.NAKj=.H+Z Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Where I can get last gnupg.pot? I cannot find it in CVS version. -- MaxBritov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB --S90_ld.NAKj=.H+Z Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc1 (GNU/Linux) iQEVAwUBP0tLnVJphUrYR8fHAQKLXQf/U6HKku3PSMhMmVXJDgzGqjmtma+3MOEc LrozK5+GmC8GaQj/5S86xNOV+2OROuod3BgHmg2gNMw+me34hGCEg8DiYLZYpscA CFKMW8/O0X9qRZ6PIpQmMG4f6h5vY3ZeNm9zKdqe4J+Yjg+dVqfesbrJhw9Z6zGA u2JKydoPSUvvnH73KCVRAm7erBSYNdL3bdbsl1g1mIm1y4BvKUO9d8RdRtJ/9zOX rYKDa3e3j1fPF0KuGfWb/HClMCZbEbax/m6jeWbbn4EbDDfhyU41EJG1EpXiPXE4 +dKVmbc/bqoBWXteWX8/Zh7wpvrXH6wQlftT71u/LQ0u2doSMyzpow== =dTPp -----END PGP SIGNATURE----- --S90_ld.NAKj=.H+Z-- From redbird@mac.com Tue Aug 26 15:27:02 2003 From: redbird@mac.com (Gordon Worley) Date: Tue Aug 26 14:27:02 2003 Subject: GnuPG binaries with IDEA Message-ID: Hi, everyone. This morning I was trying to look at it, but I'm not 100% clear on what the situation with IDEA is. I know that it's patented in some countries and can't be used there without a license, although IIUC the US is surprisingly not one of those countries. At any rate, what would be the legal situation on releasing binaries of GnuPG that included the IDEA code? Would there be potential legal issues to deal with or is it more a matter of needing to maintain two separate binaries? Obviously I'd like to avoid legal trouble, but this morning I was thinking about it and couldn't really see why not to release a version of IDEA built-in for those who can use it other than that for some reason way in the past I decided that we couldn't. Thanks for any advice. -- Gordon Worley - Mac GPG Project http://macgpg.sourceforge.net/ ``Doveriai no proveriai.'' redbird@mac.com --Russian proverb PGP: 0xBBD3B003 From cortana@earthlink.net Tue Aug 26 16:16:01 2003 From: cortana@earthlink.net (Robert J. Hansen) Date: Tue Aug 26 15:16:01 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: <1061903862.28410.7.camel@localhost.localdomain> > This morning I was trying to look at it, but I'm not 100% clear on what > the situation with IDEA is. Still patented in the U.S., patent still held by Ascom-Tech A.G. last I heard. My most recent information says that it's free for use in noncommercial software, which means if you're using GnuPG noncommercially you can use it without a license; otherwise, you need to pay Ascom-Tech. > I know that it's patented in some countries and can't be used there > without a license, although IIUC the US is surprisingly not one of > those countries. Incorrect. It's patented basically in every Western nation where software patents are considered valid, which (unfortunately) includes the US. > At any rate, what would be the legal situation on releasing binaries of > GnuPG that included the IDEA code? You need to ask a lawyer this question, not the GnuPG-devel mailing list. We're coders here; law is far beyond our professional specialties. Having said that, you couldn't include IDEA in a GnuPG build. The "no commercial use" clause of the free-distribution IDEA license conflicts with the "no additional restrictions" requirement of the GNU GPL. -- Robert J. Hansen From dshaw@jabberwocky.com Tue Aug 26 16:27:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Tue Aug 26 15:27:02 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: <20030826132842.GD368@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Aug 26, 2003 at 08:27:23AM -0400, Gordon Worley wrote: > This morning I was trying to look at it, but I'm not 100% clear on what > the situation with IDEA is. I know that it's patented in some > countries and can't be used there without a license, although IIUC the > US is surprisingly not one of those countries. At any rate, what would > be the legal situation on releasing binaries of GnuPG that included the > IDEA code? Would there be potential legal issues to deal with or is it > more a matter of needing to maintain two separate binaries? > > Obviously I'd like to avoid legal trouble, but this morning I was > thinking about it and couldn't really see why not to release a version > of IDEA built-in for those who can use it other than that for some > reason way in the past I decided that we couldn't. There is a licencing conflict between the IDEA licence (patented, but no cost for non-commercial use only) and the GnuPG licence (the GPL). The GPL requires that someone distributing the program gives everyone else the same rights that they themselves got when they received the program. Adding IDEA violates this, as GnuPG can be used for any purpose, and a combined GnuPG+IDEA package can only be used for non-commercial purposes. Section 7 of the GPL even gives this example: "For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program." I know about the Nullify release of GnuPG. It's questionable whether this is compliant with the GPL. Of course, I'm not a lawyer, so you shouldn't take this as legal advice. By the way, IDEA is definitely patented in the US: patent #5,214,703. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9LYIoqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJqLsAoK4Z7WH3GU5qGBNl9Hb6D866vyBdAJ9D z+glK/hjGdtdyHAebe8q1RAcTQ== =e+Jc -----END PGP SIGNATURE----- From venona@gmx.ch Tue Aug 26 16:33:01 2003 From: venona@gmx.ch (venona@gmx.ch) Date: Tue Aug 26 15:33:01 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: <20030826223121.AF9F.VENONA@gmx.ch> On Tue, 26 Aug 2003 08:27:23 -0400 Gordon Worley wrote: >This morning I was trying to look at it, but I'm not 100% clear on what >the situation with IDEA is. See http://www.mediacrypt.com/engl/Content/licenses.htm for the view of IDEA patent owner. >countries and can't be used there without a license, although IIUC the >US is surprisingly not one of those countries. IDEA has been patented in the US (and will be patented to 2010). http://www.mediacrypt.com/engl/Content/patent_info.htm From wk@gnupg.org Tue Aug 26 17:02:01 2003 From: wk@gnupg.org (Werner Koch) Date: Tue Aug 26 16:02:01 2003 Subject: GnuPG binaries with IDEA In-Reply-To: <20030826132842.GD368@jabberwocky.com> (David Shaw's message of "Tue, 26 Aug 2003 09:28:42 -0400") References: <20030826132842.GD368@jabberwocky.com> Message-ID: <87ptistt0z.fsf@alberti.g10code.de> On Tue, 26 Aug 2003 09:28:42 -0400, David Shaw said: > There is a licencing conflict between the IDEA licence (patented, but > no cost for non-commercial use only) and the GnuPG licence (the GPL). [And only allowed after getting explict permission for the software.] > I know about the Nullify release of GnuPG. It's questionable whether > this is compliant with the GPL. It is released in violation of the GPL. The trick with the IDEA module is there to workaround this license problems in the few countries where IDEA is not patented. The GPL is about distribution and not about running a program, so using an already existing module is okay. It is not okay to distribute it. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From beebe@math.utah.edu Tue Aug 26 18:37:01 2003 From: beebe@math.utah.edu (Nelson H. F. Beebe) Date: Tue Aug 26 17:37:01 2003 Subject: IDEA patent URL Message-ID: For the record to backup recent discussions about the IDEA encryption algorithm and its patent in the US, here is the US Patent Office's Web page for it: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=5,214,703.WKU.&OS=PN/5,214,703&RS=PN/5,214,703 You can do searches for patents by keyword and number at http://patft.uspto.gov/netahtml/srchnum.htm http://www.uspto.gov/patft/index.html The algorithm, and its patent, is discussed section 13.9, pp. 319--325, of Bruce Schneier's Advanced Cryptography, 2nd ed. ------------------------------------------------------------------------------- - Nelson H. F. Beebe Tel: +1 801 581 5254 - - Center for Scientific Computing FAX: +1 801 581 4148 - - University of Utah Internet e-mail: beebe@math.utah.edu - - Department of Mathematics, 110 LCB beebe@acm.org beebe@computer.org - - 155 S 1400 E RM 233 beebe@ieee.org - - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe - ------------------------------------------------------------------------------- From apm35@student.open.ac.uk Tue Aug 26 22:04:01 2003 From: apm35@student.open.ac.uk (Andrew Marlow) Date: Tue Aug 26 21:04:01 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: redbird@mac.com writes: >Hi, everyone. > >This morning I was trying to look at it, but I'm not 100% clear on what >the situation with IDEA is. [snip] > >Obviously I'd like to avoid legal trouble, but this morning I was >thinking about it and couldn't really see why not to release a version >of IDEA built-in for those who can use it I don't want any patent-encumberances in GPL'd code. I object to IDEA being in other open source projects, e.g openssl. I'm glad it's not in GPG. $0.02 Regards, Andrew Marlow ---- There is an emerald here the size of a plover's egg! From wk@gnupg.org Wed Aug 27 09:54:01 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Aug 27 08:54:01 2003 Subject: gnupg.pot In-Reply-To: <20030826145915.65479bb3.udjinrg@forenet.by> (Maxim Britov's message of "Tue, 26 Aug 2003 14:59:15 +0300") References: <20030826145915.65479bb3.udjinrg@forenet.by> Message-ID: <87vfskjvvc.fsf@alberti.g10code.de> On Tue, 26 Aug 2003 14:59:15 +0300, Maxim Britov said: > Where I can get last gnupg.pot? It is a generated file and thus not in the CVS. You find it in the tarball: po/gnupg.pot. I don't think that it makes any sense to use the POT without access to the source. Thus I usullay don't send it to the TP robot. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From udjinrg@forenet.by Wed Aug 27 11:07:02 2003 From: udjinrg@forenet.by (Maxim Britov) Date: Wed Aug 27 10:07:02 2003 Subject: gnupg.pot In-Reply-To: <87vfskjvvc.fsf@alberti.g10code.de> References: <20030826145915.65479bb3.udjinrg@forenet.by> <87vfskjvvc.fsf@alberti.g10code.de> Message-ID: <20030827103702.5a967b91.udjinrg@forenet.by> --OUnp+XLXSAb=.jmW Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit > > Where I can get last gnupg.pot? > It is a generated file and thus not in the CVS. You find it in the > tarball: po/gnupg.pot. > I don't think that it makes any sense to use the POT without access to > the source. Thus I usullay don't send it to the TP robot. Is CVS not source? I got GnuPG from CVS and I must load tarball too? :( And what I must do to include my ru.po into GnuPG? Can you help me? -- MaxBritov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB --OUnp+XLXSAb=.jmW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc1 (GNU/Linux) iQEVAwUBP0xftlJphUrYR8fHAQLlLwf/f2fGcBZdiy++RnpW0INebRFDGmkp71n9 AxIy49yZ7HRA1zu3zU8Ou4+d5lGvuTgSFD9JZfNTdSIW8zrQnvfMPCZT4rJThTmI ZMW338n5zSsZ4BaPBe/TUmpYx3l3hJ8qzfIrH4cS9wEZJc1zmPWb8cEat3RlTjCc jFHS/G/mRanrXdL9eCl8BKJLMX67cJy87NuII1tUnRtKOkLSMxn7nvnpCc7i2+KV ikFlT2+tNUBT0DXJzv4gUh0sXtVJP66gIypmgcrapm+KWjqXWeVbxpP6vIdVF6Z5 pUzqIOJ9zUEOU8f8fhueO8BqFAvr+YcBzHKzwfyoCoAa9qN/ikXuNg== =8zrN -----END PGP SIGNATURE----- --OUnp+XLXSAb=.jmW-- From md@Linux.IT Wed Aug 27 12:52:02 2003 From: md@Linux.IT (Marco d'Itri) Date: Wed Aug 27 11:52:02 2003 Subject: [Announce] GnuPG one-two-three released In-Reply-To: <877k557reu.fsf@alberti.g10code.de> References: <877k557reu.fsf@alberti.g10code.de> Message-ID: <20030822144506.GA4311@wonderland.linux.it> --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Aug 22, Werner Koch wrote: >The OpenPGP smartcard is a soon to be released specification of an ISO >7816 based application to generate or import keys into a smartcard and >provide all functionality to use this card with OpenPGP. The >specification features 3 1024 bit RSA keys (signing, decryption and >authentication) as well as utility data objects to make integration >easy. Why this limitation? Is it really so much expensive to store more keys? I'd like to import all my keys (the mail ones and the two I use to sign Usenet control messages) and it would be inconvenient having to switch card every time... --=20 ciao, | Marco | [1407 laWxklGGi8sjM] --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/RixyFGfw2OHuP7ERApA1AJ0fByvyFgiM5ZiCVCK5FaN15OTUEACeP/Kv FzwNbv/Kv7TUJmg3mQlGsys= =LurR -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- From itojun@iijlab.net Wed Aug 27 12:52:05 2003 From: itojun@iijlab.net (itojun@iijlab.net) Date: Wed Aug 27 11:52:05 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: dshaw's message of Sat, 23 Aug 2003 19:01:08 -0400. <20030823230108.GC1271@jabberwocky.com> Message-ID: <20030823230304.1738490@coconut.itojun.org> >> the following diff should add IPv6 support (keyserver access) >> to gnupg 1.2.2. >> config.h.in should be automatically generated, however, i'm not too >> familiar with automake so i hand-patched it. please consider >> integrating it into future distribution. >I am planning to add IPv6 support to the next devel branch release of >GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you >(or anyone reading this) be willing to test? of course, i'm very happy to test. itojun From itojun@iijlab.net Wed Aug 27 12:52:07 2003 From: itojun@iijlab.net (itojun@iijlab.net) Date: Wed Aug 27 11:52:07 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: itojun's message of Sun, 24 Aug 2003 08:03:04 +0900. <20030823230304.1738490@coconut.itojun.org> Message-ID: <20030823230745.5C0C794@coconut.itojun.org> >>> the following diff should add IPv6 support (keyserver access) >>> to gnupg 1.2.2. >>> config.h.in should be automatically generated, however, i'm not too >>> familiar with automake so i hand-patched it. please consider >>> integrating it into future distribution. >>I am planning to add IPv6 support to the next devel branch release of >>GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you >>(or anyone reading this) be willing to test? > > of course, i'm very happy to test. btw i'm using the patch for --search-keys from behind IPv6-only network to pgp.mit.edu over IPv6. IPv6-only ---IPv6--> IPv6-to-IPv4 translation ---IPv4--> pgp.mit.edu itojun From tv@pobox.com Wed Aug 27 12:52:09 2003 From: tv@pobox.com (Todd Vierling) Date: Wed Aug 27 11:52:09 2003 Subject: Patch for PR gnupg/199 In-Reply-To: <20030823205344.GA11253@lina.inka.de> References: <20030823205344.GA11253@lina.inka.de> Message-ID: On Sat, 23 Aug 2003, Bernd Eckenfels wrote: : > + /* flush key list before displaying prompt */ : > + fflush(stdout); : > + : > answer=cpr_get_no_help("keysearch.prompt", : > _("Enter number(s), N)ext, or Q)uit > ")); : : wouldnt it be much better to add that flush to the prompt function itself? Well, that depends on what the flush is intending to address. (In other words, I haven't checked if this particular situation affects other prompts that use cpr_get_no_help(); I only fixed the one for --search-keys, which is nearly always a pick-from-list menu.) "Whatever works" is fine with me. -- -- Todd Vierling From wk@gnupg.org Wed Aug 27 14:07:02 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Aug 27 13:07:02 2003 Subject: [Announce] GnuPG one-two-three released In-Reply-To: <20030822144506.GA4311@wonderland.linux.it> (Marco d'Itri's message of "Fri, 22 Aug 2003 16:45:06 +0200") References: <877k557reu.fsf@alberti.g10code.de> <20030822144506.GA4311@wonderland.linux.it> Message-ID: <877k4zgy3b.fsf@alberti.g10code.de> On Fri, 22 Aug 2003 16:45:06 +0200, Marco d'Itri said: > Why this limitation? Is it really so much expensive to store more keys? More than 1024 bit is too expensive or not possible at all with current chips. We have restricted the implementaion to 3 keys for simplicity and to match what most people actually use. This also saves space and may help to implement it on low cost cards. > I'd like to import all my keys (the mail ones and the two I use to sign > Usenet control messages) and it would be inconvenient having to switch > card every time... 2 Readers? -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk@gnupg.org Wed Aug 27 14:07:06 2003 From: wk@gnupg.org (Werner Koch) Date: Wed Aug 27 13:07:06 2003 Subject: gnupg.pot In-Reply-To: <20030827103702.5a967b91.udjinrg@forenet.by> (Maxim Britov's message of "Wed, 27 Aug 2003 10:37:02 +0300") References: <20030826145915.65479bb3.udjinrg@forenet.by> <87vfskjvvc.fsf@alberti.g10code.de> <20030827103702.5a967b91.udjinrg@forenet.by> Message-ID: <873cfngxwt.fsf@alberti.g10code.de> On Wed, 27 Aug 2003 10:37:02 +0300, Maxim Britov said: > Is CVS not source? I got GnuPG from CVS and I must load tarball too? :( You don't need the traball if you have the CVS version and all required tools. make -C po gnupg.pot creates it. > And what I must do to include my ru.po into GnuPG? Can you help me? I'll answer your private mail soon. Basically we need a copyright disclaimer for the FSF. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From udjinrg@forenet.by Wed Aug 27 14:48:02 2003 From: udjinrg@forenet.by (Maxim Britov) Date: Wed Aug 27 13:48:02 2003 Subject: gnupg.pot In-Reply-To: <873cfngxwt.fsf@alberti.g10code.de> References: <20030826145915.65479bb3.udjinrg@forenet.by> <87vfskjvvc.fsf@alberti.g10code.de> <20030827103702.5a967b91.udjinrg@forenet.by> <873cfngxwt.fsf@alberti.g10code.de> Message-ID: <20030827144720.109fc6c4.udjinrg@forenet.by> --=.LZ1vP8B55,XD,R Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit > > Is CVS not source? I got GnuPG from CVS and I must load tarball too? :( > > You don't need the traball if you have the CVS version and all > required tools. > make -C po gnupg.pot > creates it. Thank you > > And what I must do to include my ru.po into GnuPG? Can you help me? > > I'll answer your private mail soon. Basically we need a copyright > disclaimer for the FSF. Ok. I read http://www.gnu.org/prep/maintain_5.html yesterday. -- MaxBritov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB --=.LZ1vP8B55,XD,R Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc1 (GNU/Linux) iQEVAwUBP0yaT1JphUrYR8fHAQKL3gf/Tkeyohc1AJFYXUFCz6JFhlpFe6TvIi3r UfOIM8BJMgEe9JmE3ub12LTDzhG9uZFx1bYA9gzrIFY7WgPqlSNiKMvDVohTMWX3 Bw1m5l+PG7t7WxG4NwGmJWA8r5cGnw5JOzv5ckAechxzDtYbDo2pA4d2a85n5spz lSTUh0GL3zSeB+Br+rFh2dH9vy2BMvTv7RCwdyFLHHjo+72xWY9UMLfi7iMn6GX8 3Jj+5M89OgVMkXRmDpPTgBEWBUHOAWqXztxj2XEX2fpNL0rPwk+4LKljQoufGNMO KnsmZg9P3pthTEJYcODVs58QdpXv1Yv5oW/Yk57ZVaeCJG+uYvDZKA== =5ioY -----END PGP SIGNATURE----- --=.LZ1vP8B55,XD,R-- From dshaw@jabberwocky.com Fri Aug 29 02:45:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Aug 29 01:45:01 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030825210236.GL4380@pm1.ric-08.lft.widomaker.com> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> <20030824142248.GA22028@alcove.wittsend.com> <200308252203.26617.cova@ferrara.linux.it> <20030825210236.GL4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030828234600.GA23595@jabberwocky.com> --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 25, 2003 at 05:02:36PM -0400, Jason Harris wrote: > On Mon, Aug 25, 2003 at 10:03:26PM +0200, Fabio Coatti wrote: > > Alle 16:22, domenica 24 agosto 2003, Michael H. Warfield ha scritto: > >=20 > > > > > > I can certainly test it from a client stand-point. Are there > > > some IPv6 keyservers out there to test against? > >=20 > > Well, here (Ferrara Linux User Group/deepspace6.net project) we have th= e=20 > > possibility to set up a "test" IPv6 keyserver; is there any recommended= =20 > > package to set up such a thing? >=20 > http://www.earth.li/projectpurple/progs/onak.html , IIRC, and I think just > the DB4 snapshot/branch of pks, http://pks.sf.net/ . Ok, the CVS GnuPG now has IPv6 support. If anyone is tracking the CVS version, you can test with that, or wait for the next 1.3.x release (hopefully soon). Thanks for all testers :) David --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9OlDgqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJooAAn3krRgjM5GOeJ8LaOVbYpeuyQV9yAJ9D fjUqI8vzwqV0uFS7VN3t1EPsYw== =6P0z -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- From dshaw@jabberwocky.com Fri Aug 29 15:06:01 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Fri Aug 29 14:06:01 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <1062154898.16458.9.camel@decathlon> References: <1062154898.16458.9.camel@decathlon> Message-ID: <20030829120702.GB27524@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 29, 2003 at 07:01:38PM +0800, Calvin wrote: > Hi, there, > Please reply to me explicitly for I'm in none of above mail list. > Thanks. > > There is a line in gnupg "Feature" page, which says, "Easy > implementation of new algorithms using extension modules." > > But I can't find where to configure to use my own algorithms. And what's > the "extension modules" mean? > > Do I need to add my algorithm module to source code of gnupg and > rebuild it? Or there is some easier way, just follow a specific > interface in my module and register it into gnupg with some > configuration file? Or the 3rd way? The first way. The extension module feature was removed from GnuPG for several reasons (portability, code simplicity, lack of use). To add a new algorithm, you need to: a) Write the code for your new algorithm. See the files in cipher/ for examples on the GnuPG interface for hashes (see sha1.c), public key algorithms (see rsa.c), and symmetric algorithms (see dsa.c). b) When you need an algorithm number, use something in the 100-110 range. These numbers are reserved for this sort of use. c) Add your algorithm to the necessary table in GnuPG (cipher/md.c for hashes, cipher/pubkey.c for public key, and cipher/cipher.c for symmetric). David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9PQeUqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJKV4AnjBmMauB39sby6+xdP09j1C46RahAKDi TG19FW+Ia0vzlJ0V69ar326jaA== =TsfM -----END PGP SIGNATURE----- From mctylr@privacy.nb.ca Fri Aug 29 16:40:01 2003 From: mctylr@privacy.nb.ca (M Taylor) Date: Fri Aug 29 15:40:01 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <20030829120702.GB27524@jabberwocky.com>; from dshaw@jabberwocky.com on Fri, Aug 29, 2003 at 08:07:02AM -0400 References: <1062154898.16458.9.camel@decathlon> <20030829120702.GB27524@jabberwocky.com> Message-ID: <20030829144151.A17221@pull.privacy.nb.ca> On Fri, Aug 29, 2003 at 08:07:02AM -0400, David Shaw wrote: > The first way. The extension module feature was removed from GnuPG > for several reasons (portability, code simplicity, lack of use). To > add a new algorithm, you need to: > > a) Write the code for your new algorithm. See the files in cipher/ > b) When you need an algorithm number, use something in the 100-110 > c) Add your algorithm to the necessary table in GnuPG (cipher/md.c for d) Do not get upset or disappointed if your new algorithm / implmentation does not become popular. Cryptography is a fairly conversative bunch in practice, and if your algorithm is not well known, and greatly cryptanalyzed, I don't think many people will want to become bleeding edge testers / victims. From mo@g10code.com Fri Aug 29 20:12:01 2003 From: mo@g10code.com (Moritz Schulte) Date: Fri Aug 29 19:12:01 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <20030829120702.GB27524@jabberwocky.com> (David Shaw's message of "Fri, 29 Aug 2003 08:07:02 -0400") References: <1062154898.16458.9.camel@decathlon> <20030829120702.GB27524@jabberwocky.com> Message-ID: <87vfsgwfr2.fsf@hell.lan> David Shaw writes: > The extension module feature was removed from GnuPG for several > reasons (portability, code simplicity, lack of use). I wonder, does this only refer to the original `extension module' code that was used by GnuPG or is the concept as a whole not wanted anymore? Regarding code simplicity, the module handling code is contained in Libgcrypt [GnuPG would have to load the external algorithm implementation and then pass the according functions to Libgcrypt...]. moritz -- ((gpg-key-id . "6F984199") (email . "moritz@duesseldorf.ccc.de") (webpage . "http://duesseldorf.ccc.de/~moritz/")) From wk@gnupg.org Sat Aug 30 12:32:01 2003 From: wk@gnupg.org (Werner Koch) Date: Sat Aug 30 11:32:01 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <87vfsgwfr2.fsf@hell.lan> (Moritz Schulte's message of "Fri, 29 Aug 2003 19:11:29 +0200") References: <1062154898.16458.9.camel@decathlon> <20030829120702.GB27524@jabberwocky.com> <87vfsgwfr2.fsf@hell.lan> Message-ID: <874qzz8pce.fsf@alberti.g10code.de> On Fri, 29 Aug 2003 19:11:29 +0200, Moritz Schulte said: > I wonder, does this only refer to the original `extension module' code > that was used by GnuPG or is the concept as a whole not wanted > anymore? Regarding code simplicity, the module handling code is It does not make sense to GnupG because it is an OpenPGP implementation and as long as the standard does not define new algorithms every week there is no need for the extension feature. The extension feature orginally aimed owards non-US PGP 2 users, so that they could use there old RSA keys (e.g. for Usenet). > contained in Libgcrypt [GnuPG would have to load the external > algorithm implementation and then pass the according functions to > Libgcrypt...]. Libgcrypt is a different story and the new external extension scheme is indeed much simpler. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From ehmsen@imada.sdu.dk Sat Aug 30 22:29:01 2003 From: ehmsen@imada.sdu.dk (Martin Ehmsen) Date: Sat Aug 30 21:29:01 2003 Subject: Possible --list-keys bug in 1.2.3 Message-ID: <20030827214853.GA18406@matrix.opasia.dk> Hi... I think I have found a bug in gnupg-1.2.3. It has to do with listing the keyring filename. It all started because psi (a jabber client) couldn't parse the output from gnupg-1.2.3. Is the following the intended output from gnupg??: #gpg --fixed-list-mode --with-colons --list-public-keys tru::0:1052827211:1122902031 pub:u:1024:17:A028881BDEA361F6:1052827202:1122902031::u:::scESC: uid:u::::::::Martin Ehmsen : ... and so on #gpg --fixed-list-mode --list-public-keys /home/ehmsen/.gnupg/pubring.gpg ------------------------------- pub 1024D/DEA361F6 2003-05-13 Martin Ehmsen sub 2048g/0D121BB5 2003-05-13 ... and so on The problem is the missing: /home/ehmsen/.gnupg/pubring.gpg ------------------------------- in the first output where --with-colons is turned on. Even with the --show-keyring option on, it dosen't show the keyring filename when --with-colons in turned on. Is this a bug or is this the intended behaviour?? (This is has changed between 1.2.2 and 1.2.3.) Thanks in advance Martin Ehmsen -- "No harm," The Boss burbles on. "So anyway, I thought maybe we should do something about Branding." "Branding?" I ask, match poised against the striker behind my back. "You mean as in burning a mark onto any user that complains?" - BOFH From calvin.liu@sun.com Sat Aug 30 22:29:04 2003 From: calvin.liu@sun.com (Calvin) Date: Sat Aug 30 21:29:04 2003 Subject: How to add my own algorithm to gnupg? Message-ID: <1062154898.16458.9.camel@decathlon> Hi, there, Please reply to me explicitly for I'm in none of above mail list. Thanks. There is a line in gnupg "Feature" page, which says, "Easy implementation of new algorithms using extension modules." But I can't find where to configure to use my own algorithms. And what's the "extension modules" mean? Do I need to add my algorithm module to source code of gnupg and rebuild it? Or there is some easier way, just follow a specific interface in my module and register it into gnupg with some configuration file? Or the 3rd way? Thanks for help. Best regards, Calvin From dshaw@jabberwocky.com Sun Aug 31 01:54:02 2003 From: dshaw@jabberwocky.com (David Shaw) Date: Sun Aug 31 00:54:02 2003 Subject: Possible --list-keys bug in 1.2.3 In-Reply-To: <20030827214853.GA18406@matrix.opasia.dk> References: <20030827214853.GA18406@matrix.opasia.dk> Message-ID: <20030830225522.GD11925@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Aug 27, 2003 at 11:48:53PM +0200, Martin Ehmsen wrote: > Hi... > > I think I have found a bug in gnupg-1.2.3. > It has to do with listing the keyring filename. It all started because > psi (a jabber client) couldn't parse the output from gnupg-1.2.3. > Is the following the intended output from gnupg??: > > #gpg --fixed-list-mode --with-colons --list-public-keys > tru::0:1052827211:1122902031 > pub:u:1024:17:A028881BDEA361F6:1052827202:1122902031::u:::scESC: > uid:u::::::::Martin Ehmsen : > ... and so on > > #gpg --fixed-list-mode --list-public-keys > /home/ehmsen/.gnupg/pubring.gpg > ------------------------------- > pub 1024D/DEA361F6 2003-05-13 Martin Ehmsen > sub 2048g/0D121BB5 2003-05-13 > ... and so on > > The problem is the missing: > /home/ehmsen/.gnupg/pubring.gpg > ------------------------------- > in the first output where --with-colons is turned on. Even with the > --show-keyring option on, it dosen't show the keyring filename when > --with-colons in turned on. > Is this a bug or is this the intended behaviour?? > (This is has changed between 1.2.2 and 1.2.3.) Believe it or not, this is a bug *fix* in 1.2.3. The --with-colons output wasn't supposed to contain the keyring filename. The - --with-colons output is for machine parsing, and the keyring filename was for human parsing (note the underline). David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9RK1oqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJO+IAoLHOP1k1pXQZFWmb19f8DYtFphxQAJwI xdVw2Dt1dNLV0qy5Fr08yuHLXg== =/YHi -----END PGP SIGNATURE----- From benjaminlee at users.sf.net Fri Aug 1 05:36:02 2003 From: benjaminlee at users.sf.net (Benjamin Lee) Date: Tue Oct 7 21:31:46 2003 Subject: New RPM spec file for 1.2.3 In-Reply-To: <20030731143630.GY614@jabberwocky.com> References: <20030731143630.GY614@jabberwocky.com> Message-ID: <20030801023722.GA25041@xaos.realthought.net> For what it's worth, .spec file works fine with RedHat 9 and some Rawhide packages (not many though). On Friday, 2003-08-01 at 12:36:30 AM, David Shaw scribbled: > I've gotten a few reports that the RPM spec file included in 1.2.3rc2 > doesn't work properly with RPM 4.1 (which is the standard version in > RedHat 9). > > Here is a new spec file, that will probably go into 1.2.3 when it is > released. As always, testing and comments appreciated. > > David -- Benjamin Lee Melbourne, Australia "Always real." http://www.realthought.net/ __________________________________________________________________________ Man 1: Ask me the what the most important thing about telling a good joke is. Man 2: OK, what is the most impo -- Man 1: ______TIMING! From Jeffery.Martinez at shell.com Sat Aug 2 10:53:02 2003 From: Jeffery.Martinez at shell.com (Martinez, Jeffery JM SITI-ITDGA) Date: Tue Oct 7 21:31:46 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) Message-ID: <9D910085C6997747A7BBE00A7B84C23401F787E1@HOUIC-S-340.americas.shell.com> I have not been able to get the GNUpg 1.2.2 to work with AIX 5.2 using the /dev/random device to pull random information. The program is not able to gather enough data and just sits there waiting forever for more random data to appear: # ./gpg --gen-key gpg (GnuPG) 1.2.2; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: Root user Email address: root@hostname Comment: Root user You selected this USER-ID: "Root user (Root user) " Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 16 more bytes) (WAIT FOREVER here) I ran some quick tests with dd on the /dev/random device to see if it was generating data and it appears to be generating data just fine--especially for something just waiting for 16 more bytes). I used the command: dd if=/dev/random of=/tmp/junkfile Do you know of anyone who has been able to successfully compile and run GNUpg on AIX 5.2 to encrypt files and generate keys using /dev/random? On a similar system I tried installing an AIX 5.2 (ML1) APAR fix related to /dev/random which installed an updated fileset for bos.rte.security to version 5.2.0.11--but now on this server I receive an out of memory error when I run a command to encrypt a file. I would greatly appreciate any help/advice you can offer. Thanks, Jeffery Martinez Shell Information Technology International P.O. Box 20329, Houston, TX 77025-0329, United States of America Tel: +1 713-245 2774 Email: Jeffery.Martinez@shell.com Internet: http://www.shell.com From benjamin.lee at realthought.net Sat Aug 2 10:53:05 2003 From: benjamin.lee at realthought.net (Benjamin Lee) Date: Tue Oct 7 21:31:46 2003 Subject: New RPM spec file for 1.2.3 In-Reply-To: <20030731143630.GY614@jabberwocky.com> References: <20030731143630.GY614@jabberwocky.com> Message-ID: <20030801023335.GA23210@xaos.realthought.net> For what it's worth, .spec file works fine with RedHat 9 and some Rawhide packages (not many though). On Friday, 2003-08-01 at 12:36:30 AM, David Shaw scribbled: > I've gotten a few reports that the RPM spec file included in 1.2.3rc2 > doesn't work properly with RPM 4.1 (which is the standard version in > RedHat 9). > > Here is a new spec file, that will probably go into 1.2.3 when it is > released. As always, testing and comments appreciated. > > David -- Benjamin Lee Melbourne, Australia "Always real." http://www.realthought.net/ __________________________________________________________________________ Man 1: Ask me the what the most important thing about telling a good joke is. Man 2: OK, what is the most impo -- Man 1: ______TIMING! From wk at gnupg.org Sat Aug 2 11:52:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:46 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) In-Reply-To: <9D910085C6997747A7BBE00A7B84C23401F787E1@HOUIC-S-340.americas.shell.com> (Jeffery Martinez's message of "Wed, 30 Jul 2003 18:51:41 -0500") References: <9D910085C6997747A7BBE00A7B84C23401F787E1@HOUIC-S-340.americas.shell.com> Message-ID: <87vftgzbjs.fsf@alberti.g10code.de> On Wed, 30 Jul 2003 18:51:41 -0500, Martinez, Jeffery JM SITI-ITDGA said: > I have not been able to get the GNUpg 1.2.2 to work with AIX 5.2 using the > /dev/random device to pull random information. The program is not able to > gather enough data and just sits there waiting forever for more random data I don't know how /dev/random is implemented in AIX. You could try ./configure --enable-static-rnd=unix to use the generic Unix random gatherer as a workaround. > dd if=/dev/random of=/tmp/junkfile To make your tests with GnuPG easier, you can use this command gpg -a --gen-random 2 300 This generated 300 bytes of random and prints them base64 encoded. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From beebe at math.utah.edu Sat Aug 2 17:34:02 2003 From: beebe at math.utah.edu (Nelson H. F. Beebe) Date: Tue Oct 7 21:31:46 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) In-Reply-To: Your message of Wed, 30 Jul 2003 18:51:41 -0500 Message-ID: Jeffery Martinez writes on Wed, 30 Jul 2003 18:51:41 -0500 >> ... >> I have not been able to get the GNUpg 1.2.2 to work with AIX 5.2 using the >> /dev/random device to pull random information. The program is not able to >> gather enough data and just sits there waiting forever for more random data >> to appear: >> ... Try using /dev/urandom instead. /dev/random is cryptographically strong, and will not return data until sufficient entropy has been collected. /dev/urandom is somewhat weaker, and can produce a steady stream of data without delay. Most systems that have these devices have this property, although at least one that I've seen has a nonstop /dev/random. ------------------------------------------------------------------------------- - Nelson H. F. Beebe Tel: +1 801 581 5254 - - Center for Scientific Computing FAX: +1 801 581 4148 - - University of Utah Internet e-mail: beebe@math.utah.edu - - Department of Mathematics, 110 LCB beebe@acm.org beebe@computer.org - - 155 S 1400 E RM 233 beebe@ieee.org - - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe - ------------------------------------------------------------------------------- From tamer.higazi at web.de Sat Aug 2 22:48:02 2003 From: tamer.higazi at web.de (Tamer Higazi) Date: Tue Oct 7 21:31:46 2003 Subject: gpg recognize problem with EMail Plugins Message-ID: <2840000.1059853772@localhost> Hi! I installed gpg and gpg me under linux (1.2.2) from the source this way under SuSE Linux 8.2: ./configure --prefix=/usr make make install All GPG Plugins can't recognize gpg, i guess. Not KGPG, Enigmall (http://enigmail.mozdev.org) Mozilla Mail Plugin recognize GPG and my keys. Every message I receive and try to decrypt doesn't succeed. I receive always the message "Bad Passphrase" what is not true. If i encrypt/decrpyt from the commandline a message then it works. So, it's not a a wrong password i entered. I guess, it is a configuration problem. If somebody could help me, thank you. Tamer Higazi From wk at gnupg.org Sun Aug 3 12:47:01 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:46 2003 Subject: Problems with GNUpg 1.2.2 on AIX 5.2.0 (ML 1) In-Reply-To: (Nelson H. F. Beebe's message of "Sat, 2 Aug 2003 08:35:09 -0600 (MDT)") References: Message-ID: <871xw3ysw2.fsf@alberti.g10code.de> On Sat, 2 Aug 2003 08:35:09 -0600 (MDT), Nelson H F Beebe said: > Try using /dev/urandom instead. /dev/random is cryptographically > strong, and will not return data until sufficient entropy has been GnuPG knows about this and uses boths devices depending on the purpose of the required random. We try to make sure that the GnuPG internal random pool has been seeded with a sufficient ammount of strong entropy (/dev/random) and in addition a certain amoount of this entropy is required for key generation. For other purposes the GnuPG internal pool might be just seeded by a possible PRNG (/dev/urandom). The bottom line is that one should not replace /dev/random by /dev/urandom. If you don't want to generate keys, a workaround is to pre-create the random-seed file (take 600 bytes random from somewhere). Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jon.soong at imvs.sa.gov.au Mon Aug 4 06:25:02 2003 From: jon.soong at imvs.sa.gov.au (jonathan soong) Date: Tue Oct 7 21:31:46 2003 Subject: proxy authentication - i presume it doesn't work. Message-ID: <3F2DD232.9000703@imvs.sa.gov.au> Hi everyone, I'm trying to get gpg to work through an Authenticating Squid proxy, with not much luck. I am presuming it is broken. Below are the steps i have tried: If i use a non-authenticating Squid proxy, it works fine (i needed the 'broken-http-proxy' option), however authenticating Squid proxies don't seem to work. I have tried setting the proxy username/password in the http_proxy variable: $> export http_proxy=http://agent:agent@proxy.mydomain.com:8080 I receieve: $> ./gpg --keyserver-options "honor-http-proxy broken-http-proxy" --keyserver=XXX.XXX.XXX.XXX --search-keys haze01 gpg: searching for "haze01" from HKP server 150.101.60.75 gpg: agent: host not found: ec=11001 gpg: can't search keyserver: No such file or directory And i have tried to set the http_proxy_username and http_proxy_password environment variables: $> export https_proxy_password=agent $> export http_proxy_password=agent $> export https_proxy_username=agent $> export http_proxy_username=agent $> export http_proxy=http://proxy.mydomain.com:8080 I receive: $> $ ./gpg --keyserver-options "honor-http-proxy broken-http-proxy" --keyserver=150.101.60.75 --search-keys haze01 gpg: searching for "haze01" from HKP server 150.101.60.75 gpg: key "haze01" not found on keyserver And in the squid logs: 10.20.103.89 - - [04/Aug/2003:12:52:28 +0930] "GET http://XXX.XXX.XXX.XXX:11371/pks/lookup? HTTP/1.0" 407 1773 TCP_DENIED:NONE So i presume it is not getting authenticated at all. If anyone has any suggestions or advice i'd be most grateful. If not, my next plan is to write something to send the public keys over normal HTTP and write a script on the other end to upload a key to a keyserver. Kind Regards Jonathan From albrecht.dress at arcor.de Mon Aug 4 22:23:02 2003 From: albrecht.dress at arcor.de (Albrecht =?iso-8859-1?Q?Dre=DF?=) Date: Tue Oct 7 21:31:47 2003 Subject: Bug in gpgme 0.4.2? Message-ID: <20030804192424.GG1072@antares.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, when porting the gpg support in balsa from gpgme 0.3.15 to 0.4.2, I think I ran into a bug. If I run gpgme_op_verify() on a message for which the key is missing, I get a GPGME general error as result instead of GPG_ERR_NO_PUBKEY. A simple test program is attached. To test it, run it e.g. on a RFC 2440 signed message body for which you do not have the public key (e.g. this message, if you delete my public key from your ring before): [albrecht@antares albrecht]$ ./gpgme-key-test TEST-NoKey gpgme version is 0.4.2 signature status: 117440513 = GPGME: General error gpgme 0.3.15 correctly says that the signature could not be verified due to a missing key. The test app works fine if the key is present, even if the signature is bad: [albrecht@antares albrecht]$ ./gpgme-key-test TEST-GoodKeySig gpgme version is 0.4.2 signature status: 0 = Unspecified source: Success [albrecht@antares albrecht]$ ./gpgme-key-test TEST-GoodKeyBadSig gpgme version is 0.4.2 signature status: 117440520 = GPGME: Bad signature However, for the latter case, IMHO the example on pg. 52 (gpgme_get_sig_status) is wrong, as "switch(sig->status)" will not hit GPG_ERR_BAD_SIGNATURE (missing gpgme_err_code()). System details: gpgme 0.4.2, gpg-error 0.3, gpg 1.2.2, glibc-2.2.5-1.2.3a, gcc-3.2.3 on a Powermac running Yellowdog Linux 2.3. Any ideas? Cheers, Albrecht. - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre? - Johanna-Kirchner-Stra?e 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/LrLon/9unNAn/9ERAj3BAKC+9W+WDhSjdOKDpl6/xGkxbCNLhQCgsJuL qmlN2mXsRZdxamkyRIvBbXE= =vUMJ -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: gpgme-key-test.c Type: text/x-c Size: 1430 bytes Desc: not available Url : /pipermail/attachments/20030804/297f2636/gpgme-key-test.bin From jharris at widomaker.com Mon Aug 4 23:10:01 2003 From: jharris at widomaker.com (Jason Harris) Date: Tue Oct 7 21:31:47 2003 Subject: [keyanalyze-discuss] The web of trust tightens over time In-Reply-To: <200308042054.51096@fortytwo.ch> References: <20030803055345.GH22222@parcelfarce.linux.theplanet.co.uk> <20030803231457.GR31089@dtype.org> <20030804004912.GC4380@pm1.ric-08.lft.widomaker.com> <200308042054.51096@fortytwo.ch> Message-ID: <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> On Mon, Aug 04, 2003 at 08:54:47PM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > On Monday 04 August 2003 02:49, Jason Harris wrote: > > > With a keyring of any given strong set, someone could easily run > > "gpg --check-sigs" on it without invoking any mad (programming) skillz. > > And a --check-sigs of *the* strong set would take exactly how long? At least a > few days if not weeks is my guess. David, Werner, would you care to hazard a guess? 20,814 keys are in the 2003-07-27 strong set. Assume a single 2.x GHz x86 CPU and ~250,000 signatures. Would splitting such a large keyring help any? Are there any optimizations that could be done? Would the best-case scenario be 20,814 individual keyrings with the key being checked located first in the keyring and the signing keys located in order based on their keyid? -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20030804/8e4a9abf/attachment.bin From Marcus.Brinkmann at ruhr-uni-bochum.de Tue Aug 5 00:13:04 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:47 2003 Subject: Bug in gpgme 0.4.2? In-Reply-To: <20030804192424.GG1072@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> Message-ID: <20030804211420.GD2690@212.23.136.22> On Mon, Aug 04, 2003 at 09:24:25PM +0200, Albrecht Dre? wrote: > If I run gpgme_op_verify() on a message for which the key is missing, I > get a GPGME general error as result instead of GPG_ERR_NO_PUBKEY. Yes, this is a simple parser error (I compare against 9 instead '9' :(), which is now fixed in CVS. > However, for the latter case, IMHO the example on pg. 52 > (gpgme_get_sig_status) is wrong, as "switch(sig->status)" will not hit > GPG_ERR_BAD_SIGNATURE (missing gpgme_err_code()). Right, also fixed in CVS now. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From marcosp_belem at ig.com.br Tue Aug 5 08:24:02 2003 From: marcosp_belem at ig.com.br (MARCOS SOUSA) Date: Tue Oct 7 21:31:47 2003 Subject: Help Java and GnuPg Message-ID: dear gentlemen, Does anybody know some program in Java that encrypt and decrypt files through the gnupg 1.X, and code source available? Thanks, Marcos Sousa _________________________________________________________ Voce quer um iGMail protegido contra vírus e spams? Clique aqui: http://www.igmailseguro.ig.com.br Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/ From JPClizbe at comcast.net Tue Aug 5 10:16:02 2003 From: JPClizbe at comcast.net (John Clizbe) Date: Tue Oct 7 21:31:47 2003 Subject: Help Java and GnuPg In-Reply-To: References: Message-ID: <3F2F5A09.9020802@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MARCOS SOUSA wrote: > Does anybody know some program in Java that encrypt and decrypt files > through the gnupg 1.X, and code source available? > A quick Google search yielded: Cryptix OpenPGP - Open source and claims RFC 2440 compliance: http://www.cryptix.org/products/openpgp/index.html More at: http://www.google.com/search?&q=java+encryption+gpg - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/L1oJHQSsSmCNKhARAllvAKCmBDY33D9hdQccZ0deFK/sB74UbwCgjsM/ uyXoAD5cXAMoE9GnJGhtMSk= =ZDd3 -----END PGP SIGNATURE----- From wk at gnupg.org Tue Aug 5 10:37:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:47 2003 Subject: [keyanalyze-discuss] The web of trust tightens over time In-Reply-To: <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> (Jason Harris's message of "Mon, 4 Aug 2003 16:11:19 -0400") References: <20030803055345.GH22222@parcelfarce.linux.theplanet.co.uk> <20030803231457.GR31089@dtype.org> <20030804004912.GC4380@pm1.ric-08.lft.widomaker.com> <200308042054.51096@fortytwo.ch> <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> Message-ID: <87wudswo7l.fsf@alberti.g10code.de> On Mon, 4 Aug 2003 16:11:19 -0400, Jason Harris said: > David, Werner, would you care to hazard a guess? 20,814 keys are in the > 2003-07-27 strong set. Assume a single 2.x GHz x86 CPU and ~250,000 > signatures. Don't try it. I won't give an estimation as I know that the algorithm is too worse. > Would splitting such a large keyring help any? Are there any optimizations > that could be done? No. The obvious optimization is to allow random access to the keyring and have an index. Years ago I tried this with a gdb based key storage but it was too hard to maintain. gpgsm uses a new key storage format which allows for an index and random access to each keyblock without parsing all the precedeeng keyblocks. It is X.509, though. Part of gpg 1.9 is to replace the keyrings with that new system. I am pretty sure that this will boost the performance so that you can try a --check-trustdb on 20000 keys. > Would the best-case scenario be 20,814 individual keyrings with the key > being checked located first in the keyring and the signing keys located > in order based on their keyid? No, the algorithm ist simply: for all-keyrings do for all-keys-in-keyring do foo Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From colstar at iprimus.com.au Tue Aug 5 11:14:02 2003 From: colstar at iprimus.com.au (colstar@iprimus.com.au) Date: Tue Oct 7 21:31:47 2003 Subject: Help Java and GnuPg In-Reply-To: Message-ID: <3F1ED5CD00004B75@cpms02.int.iprimus.net.au> Marcos I have done it in C#, the languages arn't that far appart, I can have a look at a (quick and dirty) converting it to a java should not take long. it is quite simple routing with a couple of threads Best Wishes Colin. >-- Original Message -- >To: gnupg-devel@gnupg.org >From: MARCOS SOUSA >Cc: >Subject: Help Java and GnuPg >Date: Tue, 5 Aug 2003 02:24:53 -0300 > > >dear gentlemen, > >Does anybody know some program in Java that encrypt and decrypt files >through the gnupg 1.X, and code source available? > >Thanks, >Marcos Sousa > >_________________________________________________________ >Voce quer um iGMail protegido contra v?rus e spams? >Clique aqui: http://www.igmailseguro.ig.com.br >Ofertas imperd?veis! Link: http://www.americanas.com.br/ig/ > > >_______________________________________________ >Gnupg-devel mailing list >Gnupg-devel@gnupg.org >http://lists.gnupg.org/mailman/listinfo/gnupg-devel From albrecht.dress at arcor.de Tue Aug 5 18:53:03 2003 From: albrecht.dress at arcor.de (Albrecht =?iso-8859-1?Q?Dre=DF?=) Date: Tue Oct 7 21:31:47 2003 Subject: Bug in gpgme 0.4.2? In-Reply-To: <20030804211420.GD2690@212.23.136.22>; from Marcus.Brinkmann@ruhr-uni-bochum.de on Mon, Aug 04, 2003 at 23:14:20 +0200 References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> Message-ID: <20030805155418.GA13270@antares.localdomain> Am 04.08.03 23:14 schrieb(en) Marcus Brinkmann: > Yes, this is a simple parser error (I compare against 9 instead '9' :(), > which is now fixed in CVS. Building the CVS fails on my system in the tests section: [tons of messages] /bin/sh ../../libtool --mode=link /opt/gcc-3.2.3/bin/gcc-3.2.3 -g -O2 - Wall -Wcast-align -Wshadow -Wstrict-prototypes -o t-encrypt t-encrypt. o ../../gpgme/libgpgme.la -L/opt/gpgme-0.4/lib -lgpg-error /opt/gcc-3.2.3/bin/gcc-3.2.3 -g -O2 -Wall -Wcast-align -Wshadow -Wstrict- prototypes -o .libs/t-encrypt t-encrypt.o ../../gpgme/.libs/libgpgme.so - L/opt/gpgme-0.4/lib /opt/gpgme-0.4/lib/libgpg-error.so -Wl,--rpath -Wl,/ opt/gpgme-0.4/lib ../../gpgme/.libs/libgpgme.so: undefined reference to `_gpgme_ath_pthread_available' collect2: ld returned 1 exit status I copied gpgme/verify.c to the gpgme-0.4.2 folder, rebuilt it, and now it works correctly. Thanks for fixing that problem! As I am now almost finished with moving balsa from gpgme 0.3.15 to 0.4.3, I would like to submit the patch for migration soon. Do you have a timeline for releasing gpgme 0.4.3? I guess people would complain if they had to use CVS gpgme, and I want to make 0.4.3 as minumum requirement to avoid endless discussions about missing pub keys not detected correctly. Cheers, Albrecht. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre? - Johanna-Kirchner-Stra?e 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20030805/e40a40ca/attachment.bin From Marcus.Brinkmann at ruhr-uni-bochum.de Tue Aug 5 19:23:02 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:47 2003 Subject: Bug in gpgme 0.4.2? In-Reply-To: <20030805155418.GA13270@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> Message-ID: <20030805162450.GB3914@212.23.136.22> On Tue, Aug 05, 2003 at 05:54:18PM +0200, Albrecht Dre? wrote: > Building the CVS fails on my system in the tests section: Nothing of relevance to this failure has changed from 0.4.2 to 0.4.3. So if you can compile 0.4.2 I assume that something is wrong in your build environment. > As I am now almost finished with moving balsa from gpgme 0.3.15 to 0.4.3, > I would like to submit the patch for migration soon. Do you have a > timeline for releasing gpgme 0.4.3? I first want to do a bit more work on GPGME, but maybe I can make another bug fix release within the next one and a half week. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From wk at gnupg.org Tue Aug 5 21:52:03 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:47 2003 Subject: NewPG is now GnuPG 1.9 Message-ID: <87he4wvsvh.fsf@alberti.g10code.de> Hi! I just did the first release of GnuPG 1.9 which aims to integrate newpg with gpg. It should work as a drop in replacement for gpg-agent, scdaemon and gpgsm. Some things have bin fixed there since the last newpg releases. gpg is also included but renamed to gpg2 and gpgv2 to avoid conflicts with stable GnuPG versions. The whole thing is not very well tested but it works for me and the changes to the software already existing in newpg are straightforward. gpg2 has been changed to use libgcrypt but secret key management is still done by itself and not by gpg-agent. However, --use-agent is the default now and we support the new OpenPGP smartcards. If you want to check it out: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.0.tar.gz (1135k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.0.tar.gz.sig Some NEWS: * gpg has been renamed to gpg2 and gpgv to gpgv2. This is a temporary change to allow co-existing with stable gpg versions. * ~/.gnupg/gpg.conf-1.9.0 is fist tried as config file before the usual gpg.conf. * Removed the -k, -kv and -kvv commands. -k is now an alias to --list-keys. New command -K as alias for --list-secret-keys. * Removed --run-as-shm-coprocess feature. * gpg does now also use libgcrypt, libgpg-error is required. * New gpgsm commands --call-dirmngr and --call-protect-tool. * Changing a passphrase is now possible using "gpgsm --passwd" * The content-type attribute is now recognized and created. * The agent does now reread certain options on receiving a HUP. * The pinentry is now forked for each request so that clients with different environments are supported. When running in daemon mode and --keep-display is not used the DISPLAY variable is ignored. * Merged stuff from the newpg branch and started this new development branch. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jas at extundo.com Wed Aug 6 01:31:02 2003 From: jas at extundo.com (Simon Josefsson) Date: Tue Oct 7 21:31:47 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <87he4wvsvh.fsf@alberti.g10code.de> (Werner Koch's message of "Tue, 05 Aug 2003 20:53:06 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: ... checking for libassuan-config... no checking for LIBASSUAN - version >= 0.0.1... no ... make[2]: Entering directory `/home/jas/src/gnupg/common' if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/include -I/usr/local/include -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -MT maperror.o -MD -MP -MF ".deps/maperror.Tpo" \ -c -o maperror.o `test -f 'maperror.c' || echo './'`maperror.c; \ then mv -f ".deps/maperror.Tpo" ".deps/maperror.Po"; \ else rm -f ".deps/maperror.Tpo"; exit 1; \ fi maperror.c:30:20: assuan.h: No such file or directory maperror.c: In function `map_assuan_err': maperror.c:97: error: `ASSUAN_Canceled' undeclared (first use in this function) maperror.c:97: error: (Each undeclared identifier is reported only once maperror.c:97: error: for each function it appears in.) maperror.c:98: error: `ASSUAN_Invalid_Index' undeclared (first use in this function) maperror.c:100: error: `ASSUAN_Not_Implemented' undeclared (first use in this function) maperror.c:101: error: `ASSUAN_Server_Fault' undeclared (first use in this function) maperror.c:102: error: `ASSUAN_No_Public_Key' undeclared (first use in this function) maperror.c:103: error: `ASSUAN_No_Secret_Key' undeclared (first use in this function) maperror.c:105: error: `ASSUAN_Cert_Revoked' undeclared (first use in this function) maperror.c:106: error: `ASSUAN_No_CRL_For_Cert' undeclared (first use in this function) maperror.c:107: error: `ASSUAN_CRL_Too_Old' undeclared (first use in this function) maperror.c:109: error: `ASSUAN_Not_Trusted' undeclared (first use in this function) maperror.c:111: error: `ASSUAN_Card_Error' undeclared (first use in this function) maperror.c:112: error: `ASSUAN_Invalid_Card' undeclared (first use in this function) maperror.c:113: error: `ASSUAN_No_PKCS15_App' undeclared (first use in this function) maperror.c:114: error: `ASSUAN_Card_Not_Present' undeclared (first use in this function) maperror.c:115: error: `ASSUAN_Not_Confirmed' undeclared (first use in this function) maperror.c:116: error: `ASSUAN_Invalid_Id' undeclared (first use in this function) make[2]: *** [maperror.o] Error 1 make[2]: Leaving directory `/home/jas/src/gnupg/common' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/jas/src/gnupg' make: *** [all] Error 2 jas@latte:~/src/gnupg$ Thanks. From wk at gnupg.org Wed Aug 6 10:57:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:47 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 00:33:10 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: <87wudrusni.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 00:33:10 +0200, Simon Josefsson said: > checking for libassuan-config... no > checking for LIBASSUAN - version >= 0.0.1... no Aiih, seems we have not yet released it but it is installed on all my development boxes :-(. I'll make a release today. Thanks, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk at gnupg.org Wed Aug 6 12:37:04 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:47 2003 Subject: First Libassuan release References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: <87oez3unvy.fsf@alberti.g10code.de> Hi! Yesterday I forgot to make a release of libassuan which is required for GnupG 1.9. This beast is lingering around for a long time on our boxes and in CVS, so that I falsely assumedt it must have been released. Anyway, the first release has now been done and libassuan is available at: ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/libassuan-0.6.0.tar.gz (240k) ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/libassuan-0.6.0.tar.gz.sig Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jas at extundo.com Wed Aug 6 14:37:02 2003 From: jas at extundo.com (Simon Josefsson) Date: Tue Oct 7 21:31:48 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <87wudrusni.fsf@alberti.g10code.de> (Werner Koch's message of "Wed, 06 Aug 2003 09:55:29 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> Message-ID: Compiles fine now, thanks. However, when I try to sign something, it selects an expired key. $ mv .gnupg .gnupg-v1 $ rm -rf .gnupg $ gpg ... ^D $ cp .gnupg-v1/secring.gpg .gnupg-v1/pubring.gpg .gnupg $ gpg2 -b -a Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1024-bit DSA key, ID 5C980097, created 2001-04-10 gpg: gpg-agent is not available in this session foo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.9.1-cvs (GNU/Linux) iD8DBQA/MOdZ8U/viFyYAJcRAlJ5AKDT0lZHS7h0ccLKEi0sQNA9xzLlCACg4Mr3 Klo0rGd7XcpOGd3qUw80QJI= =kg3x -----END PGP SIGNATURE----- $ The key selected expired long time ago: pub 1024D/5C980097 2001-04-10 Simon Josefsson uid Simon Josefsson uid Simon Josefsson uid Simon Josefsson sub 768g/368A26A6 2001-04-10 [expires: 2002-04-10] Perhaps this isn't a new problem though (gpg 1.3 behave the same), but it would be nice to have GnuPG prefer a valid key, when available. However, when I try to use my current key, it doesn't work: $ gpg2 -b -a --default-key B565716F Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1280-bit RSA key, ID B565716F, created 2002-05-05 gpg: gpg-agent is not available in this session foo gpg: signing failed: Invalid public key algorithm gpg: signing failed: Invalid public key algorithm $ Old GnuPG work fine: $ gpg -b -a --default-key B565716F gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1280-bit RSA key, ID B565716F, created 2002-05-05 foo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.2-cvs (GNU/Linux) iQC1AwUAPzDn5e2iHpS1ZXFvAQKnFQT/Tt+ws4XisVsFlYmpbjQmTZp7zRvP0KBf M2jAvIxv9oKXgbGhN2jUeVRNR7y+phXdv1hBcZ1hDkeF0WUI2ONqNIKeu/s0N9Nc /bKnLTgnMZD/grKgF7NuAPRokO9OQM80LqI6QNiZNqqZFIeRDFDi5SYqz3mGvYsi 7Hl8NipQW7IL6edj5rws+I26q4VGN7r/KUcOncwqXDQUBqTh56wrNw== =gjuh -----END PGP SIGNATURE----- jas@latte:~$ Here's the key: pub 1280R/B565716F 2002-05-05 Simon Josefsson uid Simon Josefsson sub 1280R/4D5D40AE 2002-05-05 [expires: 2003-11-06] Any ideas? From wk at gnupg.org Wed Aug 6 15:47:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:48 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 13:38:49 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> Message-ID: <878yq7uf2b.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 13:38:49 +0200, Simon Josefsson said: > Perhaps this isn't a new problem though (gpg 1.3 behave the same), but > it would be nice to have GnuPG prefer a valid key, when available. Oops. It should not allow to use an expired key. 1.9 has been forked from 1.3 not too long ago and I try to keep it in sync. > 1280-bit RSA key, ID B565716F, created 2002-05-05 > gpg: signing failed: Invalid public key algorithm Part of the code is from 1.1.2. Here is the fix: diff -u -r1.1.2.3 pkglue.c --- g10/pkglue.c 5 Aug 2003 17:11:02 -0000 1.1.2.3 +++ g10/pkglue.c 6 Aug 2003 12:42:56 -0000 @@ -48,6 +48,13 @@ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", skey[0], skey[1], skey[2], skey[3], skey[4]); } + else if (algo == GCRY_PK_RSA) + { + rc = gcry_sexp_build (&s_skey, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4], + skey[5]); + } else if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E) { rc = gcry_sexp_build (&s_skey, NULL, -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From jas at extundo.com Wed Aug 6 21:31:02 2003 From: jas at extundo.com (Simon Josefsson) Date: Tue Oct 7 21:31:48 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <878yq7uf2b.fsf@alberti.g10code.de> (Werner Koch's message of "Wed, 06 Aug 2003 14:49:00 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> Message-ID: Werner Koch writes: >> gpg: signing failed: Invalid public key algorithm > > Part of the code is from 1.1.2. Here is the fix: Thanks, now it says: jas@latte:~$ gpg2 -b -a --default-key B565716F Secure memory is not locked into core gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! You need a passphrase to unlock the secret key for user: "Simon Josefsson " 1280-bit RSA key, ID B565716F, created 2002-05-05 gpg-agent[26370]: can't connect to the PIN entry module: connect failed gpg-agent[26370]: command get_passphrase failed: No pinentry gpg: problem with the agent - disabling agent use foo gpg2: pkglue.c:83: pk_sign: Assertion `list' failed. Aborted jas@latte:~$ From wk at gnupg.org Thu Aug 7 09:47:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:48 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 20:32:18 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> Message-ID: <871xvyt16z.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 20:32:18 +0200, Simon Josefsson said: > gpg-agent[26370]: can't connect to the PIN entry module: connect failed > gpg-agent[26370]: command get_passphrase failed: No pinentry Do you have an pinentry installed (pinentry-gtk) and if it is not in a standard localtion, did you add pinentry-program /somepath/pinentry-gtk into your gpg-agent.conf? > gpg: problem with the agent - disabling agent use > foo > gpg2: pkglue.c:83: pk_sign: Assertion `list' failed. > Aborted Okay, thats a wrong error behaviour. Thanks, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk at gnupg.org Thu Aug 7 10:12:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:48 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: (Simon Josefsson's message of "Wed, 06 Aug 2003 20:32:18 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> Message-ID: <87wudqrlca.fsf@alberti.g10code.de> On Wed, 06 Aug 2003 20:32:18 +0200, Simon Josefsson said: > gpg2: pkglue.c:83: pk_sign: Assertion `list' failed. > Aborted I forgot something yesterday. Actually tested with a newly generated RSA key. --- g10/pkglue.c 5 Aug 2003 17:11:02 -0000 1.1.2.3 +++ g10/pkglue.c 7 Aug 2003 07:05:38 -0000 1.1.2.4 @@ -70,6 +77,14 @@ if (rc) ; + else if (algo == GCRY_PK_RSA) + { + list = gcry_sexp_find_token (s_sig, "s", 0); + assert (list); + data[0] = gcry_sexp_nth_mpi (list, 1, 0); + assert (data[0]); + gcry_sexp_release (list); + } else { list = gcry_sexp_find_token (s_sig, "r", 0); -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From tamer at higazi.net Thu Aug 7 13:52:02 2003 From: tamer at higazi.net (Tamer Higazi) Date: Tue Oct 7 21:31:48 2003 Subject: gpg recognize problem with EMail Plugins Message-ID: <1980000.1059853639@linux.local> Hi! I installed gpg and gpg me under linux (1.2.2) from the source this way under SuSE Linux 8.2: ./configure --prefix=/usr make make install All GPG Plugins can't recognize gpg, i guess. Not KGPG, Enigmall (http://enigmail.mozdev.org) Mozilla Mail Plugin recognize GPG and my keys. Every message I receive and try to decrypt doesn't succeed. I receive always the message "Bad Passphrase" what is not true. If i encrypt/decrpyt from the commandline a message then it works. So, it's not a a wrong password i entered. I guess, it is a configuration problem. If somebody could help me, thank you. Tamer Higazi From aaronl at vitelus.com Thu Aug 7 13:52:06 2003 From: aaronl at vitelus.com (Aaron Lehmann) Date: Tue Oct 7 21:31:48 2003 Subject: [keyanalyze-discuss] The web of trust tightens over time In-Reply-To: <87wudswo7l.fsf@alberti.g10code.de> References: <20030803055345.GH22222@parcelfarce.linux.theplanet.co.uk> <20030803231457.GR31089@dtype.org> <20030804004912.GC4380@pm1.ric-08.lft.widomaker.com> <200308042054.51096@fortytwo.ch> <20030804201118.GD4380@pm1.ric-08.lft.widomaker.com> <87wudswo7l.fsf@alberti.g10code.de> Message-ID: <20030805153919.GT7657@vitelus.com> On Tue, Aug 05, 2003 at 09:36:14AM +0200, Werner Koch wrote: > No. The obvious optimization is to allow random access to the keyring > and have an index. Years ago I tried this with a gdb based key > storage but it was too hard to maintain. gpgsm uses a new key storage > format which allows for an index and random access to each keyblock > without parsing all the precedeeng keyblocks. It is X.509, though. > Part of gpg 1.9 is to replace the keyrings with that new system. I am > pretty sure that this will boost the performance so that you can try a > --check-trustdb on 20000 keys. That would be nice. Right now, it is painful to use even 1000 keys, especially when gpg rechecks the trustdb after any modification to a key. Is there any way I and other outsiders could help speed up the transition to a better format? gpg has had this problem since it was first writen and it is the biggest problem with the software, IMHO. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20030807/3ff04aaf/attachment.bin From Marcus.Brinkmann at ruhr-uni-bochum.de Thu Aug 7 14:17:02 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:49 2003 Subject: gpg recognize problem with EMail Plugins In-Reply-To: <1980000.1059853639@linux.local> Message-ID: Hi, in general, when reporting such problems, please include all relevant information (like version number of GPGME, the plugins you tried etc). In your particular case, you probably didn't set up gpg-agent properly. Thanks, Marcus From jas at extundo.com Thu Aug 7 15:15:02 2003 From: jas at extundo.com (Simon Josefsson) Date: Tue Oct 7 21:31:49 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <871xvyt16z.fsf@alberti.g10code.de> (Werner Koch's message of "Thu, 07 Aug 2003 08:46:12 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <87wudrusni.fsf@alberti.g10code.de> <878yq7uf2b.fsf@alberti.g10code.de> <871xvyt16z.fsf@alberti.g10code.de> Message-ID: Werner Koch writes: > On Wed, 06 Aug 2003 20:32:18 +0200, Simon Josefsson said: > >> gpg-agent[26370]: can't connect to the PIN entry module: connect failed >> gpg-agent[26370]: command get_passphrase failed: No pinentry > > Do you have an pinentry installed (pinentry-gtk) and if it is not in a > standard localtion, did you add > > pinentry-program /somepath/pinentry-gtk > > into your gpg-agent.conf? Thanks, this helps. > I forgot something yesterday. Actually tested with a newly generated > RSA key. It works, thanks! From fhack at gmx.de Thu Aug 7 15:56:02 2003 From: fhack at gmx.de (Frederik Harwath) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg morphos port Message-ID: hey, I'm just trying to port gnupg to MorphOS (www.morphos.net), which is an amiga-os like operating system. As gnupg seems to be written in a very portable way, I hadn't many problems compiling it using the ixemul library (posix compatibility layer, similar to cygwin for windows) and the "geek gadgets" (GNU tools ported to MorphOS, gcc etc.). Now I'd only need some "entropy" source. There's no /dev/random or equivalent and egd won't help as well, as it still requires a "unixish" environment (for example, it doesn't make sense to check the logged in users, even if you had who on MorphOS, as it's a single user OS). So ... is there anybody out there, who could give me a hint or two. Maybe some (ex?)Amiga coder or anybody else who has an idea what to use to get some "randomness". Afair the old PGP for amiga only used direct user input (mouse, keyboard) to do this, but that doesn't seem very secure to me, or am I wrong? Greetings and thanks in advance, Frederik -- Give the anarchist a cigarette! From wk at gnupg.org Thu Aug 7 16:37:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg morphos port In-Reply-To: (Frederik Harwath's message of "Thu, 07 Aug 2003 13:41:25 +0100") References: Message-ID: <87smodpp0h.fsf@alberti.g10code.de> On Thu, 07 Aug 2003 13:41:25 +0100, Frederik Harwath said: > gadgets" (GNU tools ported to MorphOS, gcc etc.). Now I'd only need some > "entropy" source. There's no /dev/random or equivalent and egd won't help The usual problem and one of the reasons why there is no OS/2 version. It seems that this OS is not Free Software, so you have to ask the vendor to provide a way to extract entropy, i.e. implement /dev/random - the code is available under the BSD license, so there won't be a problem to add it to proprietary software. Over the last years most OSes added such a device which is something you really want for "e-business". > who has an idea what to use to get some "randomness". Afair the old PGP for > amiga only used direct user input (mouse, keyboard) to do this, but that Not a good idea under multi-tasking OSed because keystrokes usally get queued und you can't access the interrupt handler. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From avbidder at fortytwo.ch Thu Aug 7 19:46:01 2003 From: avbidder at fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg morphos port In-Reply-To: References: Message-ID: <200308071847.21566@fortytwo.ch> On Thursday 07 August 2003 14:41, Frederik Harwath wrote: [/dev/random] Do you have access to some hardware counters? (blocks read/written to hd, bytes sent/received from network, interrupt counters, does the system have sensors, like temperature or fan speed? Things like that should generate quite a bit randomness on the lower bits. cheers -- vbi -- random link of the day: http://fortytwo.ch/sienapei/edeiquea -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 445 bytes Desc: signature Url : /pipermail/attachments/20030807/00ef1857/attachment.bin From wk at gnupg.org Thu Aug 7 21:02:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg morphos port In-Reply-To: <200308071847.21566@fortytwo.ch> (Adrian von Bidder's message of "Thu, 7 Aug 2003 18:47:18 +0200") References: <200308071847.21566@fortytwo.ch> Message-ID: <87he4twdlx.fsf@alberti.g10code.de> On Thu, 7 Aug 2003 18:47:18 +0200, Adrian 'Dagurashibanipal' von Bidder said: > Do you have access to some hardware counters? (blocks read/written to hd, > bytes sent/received from network, interrupt counters, does the system have All of them are predictable and don't make a good seed for a PRNG or can even be used purely for a RNG. According to Peter Gutmann, network traffic and even its timing does not yield much entropy. What you want is interrupt and disk command command timings becuase these are variable values in general and not even identical from machine to machine. Stuff that EGD collects is at least influenced by such parameters. All in all it is not easy to get entropy from a predictable machine. > sensors, like temperature or fan speed? Things like that should generate > quite a bit randomness on the lower bits. And line noise from audio ports Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From rjwyler at us.ibm.com Thu Aug 7 23:08:02 2003 From: rjwyler at us.ibm.com (Ryan Wyler) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM P660s and P690s. I have tried compiling gnupg on the actual systems having the problems. This does not resolve the issue. It appears gnupg hangs and cannot even be killed with a -9 signal. I have to reboot the systems to get gnupg to free up the resources. They appear to be chewing up quite a bit of CPU also. I have several AIX 5.1 servers using gnupg, but for some reason these P660s and P690s are not working properly. Anyone have any suggestions? Here is the version of GPG I'm using: gpg (GnuPG) 1.2.2 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB Ryan Wyler IBM Global Services From wk at gnupg.org Fri Aug 8 11:12:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: (Ryan Wyler's message of "Thu, 7 Aug 2003 13:22:05 -0700") References: Message-ID: <87he4s8t6h.fsf@alberti.g10code.de> On Thu, 7 Aug 2003 13:22:05 -0700, Ryan Wyler said: > I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM > P660s and P690s. I have tried compiling gnupg on the actual systems having > the problems. This does not resolve the issue. Before we start to look into this, please try again using ftp://ftp.gnupg.org;/cgrypt/alpha/gnupg/gnupg-1.2.3rc2.tar.gz If the box happens to be down, use one of the mirrors as listed at www.gnupg.org/mirrors.html, -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From Holger.Sesterhenn at smgwtest.aachen.utimaco.de Fri Aug 8 11:51:09 2003 From: Holger.Sesterhenn at smgwtest.aachen.utimaco.de (Holger Sesterhenn) Date: Tue Oct 7 21:31:49 2003 Subject: Different output of list-secret-keys Message-ID: <3F336418.2040807@smgwtest.aachen.utimaco.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have added a second uid to an old RSA key old uid: myname new uid: myname Real name is the same on both IDs! Using GnuPG 1.2.2 and the 'primary' command I set the new uid to be the primary one. gpg --with-colons --fixed-list-mode --list-secret-keys myname shows the new ID first, the old ID second. BUT without 'myname' (no parameter for --list-secret-keys) the old ID is show first then the new ID second. Unfortunately I have a script which relies on the order of the 'uid:' entries. Any comments on this? Best Regards, Holger Sesterhenn - -- Internet http://www.utimaco.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Utimaco Safeware AG - SecurE-Mail Gateway - http://www.utimaco.com iD8DBQE/M2SFAjGAzXjV7iURAo1gAJ4qh14DZebra9yMJNORlL/9NutWPQCcCx1q Co+QdBRlUd4aGHmQEPol4Vo= =unaq -----END PGP SIGNATURE----- From rjwyler at us.ibm.com Fri Aug 8 19:51:02 2003 From: rjwyler at us.ibm.com (Ryan Wyler) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: I just finished compiling and running gnupg-1.2.3rc2.tar.gz with the same results. I did the 'make check' after 'make' and it is hanging now. I tried to 'kill -9' the process with no luck. I have called IBM support about the inability to kill the process, they say it's a feature, not a bug. They say processes doing certain things with the kernel will not die until they are complete and they are unable to research this further for this product because it is not supported by IBM. (Obvious answer) .... Here is the output of the 'make check' and the process ----- snip ----- # ps -ef | grep -i gpg root 46154 50648 68 09:45:08 pts/1 1:01 ../g10/gpg --homedir . --passphrase-fd 0 -o y --yes ./plain-1.asc root 52262 48972 1 09:46:09 pts/3 0:00 grep -i gpg ---- snip ----- # make check Making check in intl Target "check" is up to date. Making check in zlib Target "check" is up to date. Making check in util Target "check" is up to date. Making check in mpi Target "check" is up to date. Making check in cipher Target "check" is up to date. Making check in tools Target "check" is up to date. Making check in g10 Target "check" is up to date. Making check in keyserver Target "check" is up to date. Making check in po Target "check" is up to date. Making check in doc make check-am Target "check-am" is up to date. Making check in checks make check-TESTS gpg (GnuPG) 1.2.3rc2 Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: . Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256 Compression: Uncompressed, ZIP, ZLIB PASS: version.test Hash algorithm TIGER/192 is not installed (not an error) Hash algorithm SHA-384 is not installed (not an error) Hash algorithm SHA-512 is not installed (not an error) PASS: mds.test ------------------- snip ------------------ Werner Koch To: gnupg-devel@gnupg.org Sent by: cc: gnupg-devel-admin Subject: Re: gnupg 1.2.2 on aix 5.1 on P660s and P690s @gnupg.org 08/08/2003 01:11 AM On Thu, 7 Aug 2003 13:22:05 -0700, Ryan Wyler said: > I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM > P660s and P690s. I have tried compiling gnupg on the actual systems having > the problems. This does not resolve the issue. Before we start to look into this, please try again using ftp://ftp.gnupg.org;/cgrypt/alpha/gnupg/gnupg-1.2.3rc2.tar.gz If the box happens to be down, use one of the mirrors as listed at www.gnupg.org/mirrors.html, -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-devel From Marcus.Brinkmann at ruhr-uni-bochum.de Fri Aug 8 20:03:03 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: References: Message-ID: <20030808170418.GE1025@212.23.136.22> On Thu, Aug 07, 2003 at 01:22:05PM -0700, Ryan Wyler wrote: > I am having a serious problem with GnuPG 1.2.2 on AIX 5.1 on only newer IBM > P660s and P690s. I have tried compiling gnupg on the actual systems having > the problems. This does not resolve the issue. > > It appears gnupg hangs and cannot even be killed with a -9 signal. I have > to reboot the systems to get gnupg to free up the resources. They appear > to be chewing up quite a bit of CPU also. I am not excluding that there are bugs in GnuPG, but if a task can not be killed with kill -9, then there seems to be a problem with the operating system, a bug that might actually be triggered by another bug in GPGME. kill -9 is not actually a signal to be delivered to the application (just as SIGSTOP). It is a signal to the OS to kill the task no matter what. You might want to look into that as well. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From Marcus.Brinkmann at ruhr-uni-bochum.de Fri Aug 8 20:09:02 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: References: Message-ID: <20030808171103.GF1025@212.23.136.22> On Fri, Aug 08, 2003 at 10:05:32AM -0700, Ryan Wyler wrote: > I just finished compiling and running gnupg-1.2.3rc2.tar.gz with the same > results. I did the 'make check' after 'make' and it is hanging now. I > tried to 'kill -9' the process with no luck. I have called IBM support > about the inability to kill the process, they say it's a feature, not a > bug. They say processes doing certain things with the kernel will not die > until they are complete and they are unable to research this further for > this product because it is not supported by IBM. (Obvious answer) .... Sounds lame. Can you attach a debugger (gdb?) to the hanging process and get a full backtrace, so we can at least see where it hangs? Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From rjwyler at us.ibm.com Sat Aug 9 00:00:02 2003 From: rjwyler at us.ibm.com (Ryan Wyler) Date: Tue Oct 7 21:31:49 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: Marcus Brinkmann cc: gnupg-devel@gnupg.org Subject: Re: gnupg 1.2.2 on aix 5.1 on P660s and P690s 08/08/2003 10:11 AM Sounds lame. Can you attach a debugger (gdb?) to the hanging process and get a full backtrace, so we can at least see where it hangs? Thanks, Marcus I am in the process of putting gdb on the system, but until then here's the truss output file. (Yes AIX now has truss....) Ryan Wyler ---------------- output.truss of gpg ------------- 51232: execve("./gpg", 0x2FF22B64, 0x2FF22B8C) argc: 9 51232: sbrk(0x00000000) = 0x20028C98 51232: sbrk(0x00000008) = 0x20028C98 51232: sbrk(0x00010010) = 0x20028CA0 51232: appsetrlimit(0x00000004, 0x2FF228B0, 0x20028CAB, 0x00000000, 0x67706700, 0x00000000, 0x00000080, 0x7F7F7F7F) = 0x00000000 51232: _sigaction(2, 0x00000000, 0x2FF22870) = 0 51232: _sigaction(2, 0x2FF22880, 0x00000000) = 0 51232: _sigaction(1, 0x00000000, 0x2FF22870) = 0 51232: _sigaction(1, 0x2FF22880, 0x00000000) = 0 51232: _sigaction(15, 0x00000000, 0x2FF22870) = 0 51232: _sigaction(15, 0x2FF22880, 0x00000000) = 0 51232: _sigaction(3, 0x00000000, 0x2FF22870) = 0 51232: _sigaction(3, 0x2FF22880, 0x00000000) = 0 51232: _sigaction(11, 0x00000000, 0x2FF22870) = 0 51232: _sigaction(11, 0x2FF22880, 0x00000000) = 0 51232: _sigaction(30, 0x2FF22880, 0x00000000) = 0 51232: _sigaction(13, 0x2FF22880, 0x00000000) = 0 51232: getuidx(4) = 0x00000000 51232: getuidx(2) = 0x00000000 51232: getuidx(1) = 0x00000000 51232: getgidx(4) = 0 51232: getgidx(2) = 0 51232: getgidx(1) = 0 51232: __loadx(0x01000080, 0x2FF1E5B0, 0x00003E80, 0x2FF22540, 0x00000000, 0x00000000, 0x00008000, 0x7F7F7F7F) = 0xD0077130 51232: __loadx(0x01000180, 0x2FF1E5A0, 0x00003E80, 0xF0048C9C, 0xF0048BCC, 0x00000000, 0xFFFFFFFD, 0xD0079388) = 0x200398A8 51232: __loadx(0x07080000, 0xF0048C6C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A6C4 51232: __loadx(0x07080000, 0xF0048BAC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A6D0 51232: __loadx(0x07080000, 0xF0048C7C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A700 51232: __loadx(0x07080000, 0xF0048BBC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A70C 51232: __loadx(0x07080000, 0xF0048C3C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A6DC 51232: __loadx(0x07080000, 0xF0048BEC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A6F4 51232: __loadx(0x07080000, 0xF0048C4C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A718 51232: __loadx(0x07080000, 0xF0048C5C, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A748 51232: __loadx(0x07080000, 0xF0048BDC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A730 51232: __loadx(0x07080000, 0xF0048BFC, 0xFFFFFFFF, 0x200398A8, 0x00000000, 0x60180018, 0x60052965, 0x00000000) = 0x2003A7C0 51232: kmmap(0x00000000, 0x00008000, 0x00000003, 0x00000012, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000080) = 0x30000000 51232: getuidx(2) = 0x00000000 51232: plock(DATLOCK) = 0 51232: access("/tmp/gpg/.gnupg/gpg.conf", 04) Err#2 ENOENT 51232: statx("/tmp/gpg/.gnupg", 0x2FF227A0, 128, 010) = 0 51232: statx("/tmp/gpg", 0x2FF22820, 128, 010) = 0 51232: getuidx(2) = 0x00000000 51232: open("/tmp/gpg/.gnupg/options", 0400000000) Err#2 ENOENT 51232: kwrite(2, " g p g", 3) = 3 51232: kwrite(2, " : ", 2) = 2 51232: kwrite(2, " N O T E : T H I S I".., 37) = 37 51232: kwrite(2, " g p g", 3) = 3 51232: kwrite(2, " : ", 2) = 2 51232: kwrite(2, " I t i s o n l y i".., 56) = 56 51232: kwrite(2, " g p g", 3) = 3 51232: kwrite(2, " : ", 2) = 2 51232: kwrite(2, " u s e d i n a p r".., 58) = 58 51232: open("/tmp/gpg/.gnupg/secring.gpg", 0400000000) = 3 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY 51232: kread(3, "9501 ?04 >8A 80F1104\0 ?".., 4096) = 1029 51232: close(3) = 0 51232: access("/tmp/gpg/.gnupg/secring.gpg", 0) = 0 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) = 3 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY 51232: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY 51232: kread(3, "9901 ?04 >8A 80F1104\0 ?".., 4096) = 3092 51232: close(3) = 0 51232: access("/tmp/gpg/.gnupg/pubring.gpg", 0) = 0 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) = 3 51232: kread(3, "9901 ?04 >8A 80F1104\0 ?".., 8192) = 3092 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x00000007, 0x0000001B, 0x19DCE886, 0x153DFFAB, 0x049EE8DA) = 0x00000000 51232: times(0x2FF210C0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x0000005F, 0x00000073, 0x19DE28D1, 0x153F3FF6, 0x049EE8DA) = 0x00000000 51232: times(0x2FF210C0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x000000B7, 0x000000EF, 0x19DEE047, 0x153FF76C, 0x049EE8DA) = 0x00000000 51232: times(0x2FF210C0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x0000010F, 0x00000090, 0x19DFA212, 0x1540B937, 0x049EE8DA) = 0x00000000 51232: times(0x2FF210C0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x00000167, 0x00000011, 0x19E05AC2, 0x154171E7, 0x049EE8DA) = 0x00000000 51232: times(0x2FF210C0) = 15428387 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) = 4 51232: kread(4, "9901 ?04 >8A 80F1104\0 ?".., 8192) = 3092 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x000001BF, 0x000000F3, 0x19E1C2A5, 0x1542D9CA, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20DC0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x00000217, 0x00000069, 0x19E27819, 0x15438F3E, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20DC0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x00000017, 0x0000006D, 0x19E3A03E, 0x1544B763, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20DC0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x0000006F, 0x000000FC, 0x19E45D11, 0x15457436, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20DC0) = 15428387 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x000000C7, 0x0000007B, 0x19E51505, 0x15462C2A, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20DC0) = 15428388 51232: open("/tmp/gpg/.gnupg/pubring.gpg", 0400000000) = 5 51232: klseek(5, 0, 2122, 0x00000000) = 0 51232: kread(5, "9901 ?04 >87 ? ?1104\0 ?".., 8192) = 970 51232: kread(5, "9901 ?04 >87 ? ?1104\0 ?".., 8192) = 0 51232: appgetrusage(0x00000000, 0x2FF20E28, 0x30000008, 0x0000011F, 0x000000B7, 0x19E7743E, 0x15488B63, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20DC0) = 15428388 51232: appgetrusage(0x00000000, 0x2FF20E78, 0x30000008, 0x00000177, 0x000000E5, 0x19E85ECD, 0x154975F2, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20E10) = 15428388 51232: access("/tmp/gpg/.gnupg/trustdb.gpg", 04) = 0 51232: _getpid() = 51232 51232: uname(0x2FF20F48, 0x2FF20F43, 0x2000B490, 0x00003332, 0xD03486B0, 0x00002500, 0x0A000000, 0x00808080) = 0x00000000 51232: _getpid() = 51232 51232: open("/tmp/gpg/.gnupg/.#lk2002ddc8.apqmd001.51232", 0400002401) = 6 51232: kwrite(6, " 5 1 2 3 2\n", 11) = 11 51232: close(6) = 0 51232: open("/tmp/gpg/.gnupg/trustdb.gpg", 0400000002) = 6 51232: kread(6, "01 g p g03", 5) = 5 51232: klseek(6, 0, 0, 0x00000000) = 0 51232: kread(6, "01 g p g03030105\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 40, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 80, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 120, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 160, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 200, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 240, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 280, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\01E\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 320, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 360, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 400, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 440, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 480, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 520, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 560, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0 "\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 600, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 640, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 680, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 720, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 760, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 800, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 840, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 880, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 920, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 960, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1000, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1040, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1080, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1120, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1160, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0\0\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1200, 0x00000000) = 0 51232: kread(6, "\f\0 6\0 = { ? D ?90 ? '".., 40) = 40 51232: klseek(6, 0, 1240, 0x00000000) = 0 51232: kread(6, "\r\0 m )0190 @ ? ? : ? +".., 40) = 40 51232: klseek(6, 0, 1280, 0x00000000) = 0 51232: kread(6, "\f\0 # y ? 8 # Y ?80 ?18".., 40) = 40 51232: klseek(6, 0, 1320, 0x00000000) = 0 51232: kread(6, "\r\09C | ^ C X18 ? ) ?9C".., 40) = 40 51232: klseek(6, 0, 1360, 0x00000000) = 0 51232: kread(6, "\f\0 u ? # T8F : ? ? ?8D".., 40) = 40 51232: klseek(6, 0, 1400, 0x00000000) = 0 51232: kread(6, "\r\0 Y1D T ? ? ?1B ) ? ?".., 40) = 40 51232: klseek(6, 0, 1440, 0x00000000) = 0 51232: kread(6, "\r\0 Y1D T ? ? ?1B ) ? ?".., 40) = 0 51232: appgetrusage(0x00000000, 0x2FF20F78, 0x30000008, 0x000001CF, 0x00000015, 0x1A1512AE, 0x157629D3, 0x049EE8DA) = 0x00000000 51232: times(0x2FF20F10) = 15428392 51232: klseek(6, 0, 0, 0x00000000) = 0 51232: kread(6, "01 g p g03030105\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 560, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0 "\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1360, 0x00000000) = 0 51232: kread(6, "\f\0 u ? # T8F : ? ? ?8D".., 40) = 40 51232: klseek(4, 0, 0, 0x00000000) = 0 51232: klseek(4, 0, 2122, 0x00000000) = 0 51232: kread(4, "9901 ?04 >87 ? ?1104\0 ?".., 8192) = 970 51232: kread(4, "9901 ?04 >87 ? ?1104\0 ?".., 8192) = 0 51232: appgetrusage(0x00000000, 0x2FF21128, 0x30000008, 0x00000227, 0x000000CA, 0x1A194F30, 0x157A6655, 0x049EE8DA) = 0x00000000 51232: times(0x2FF210C0) = 15428392 51232: klseek(6, 0, 0, 0x00000000) = 0 51232: kread(6, "01 g p g03030105\0\0\0\0".., 40) = 40 51232: appgetrusage(0x00000000, 0x2FF212A8, 0x30000008, 0x00000027, 0x00000003, 0x1A1B1A0E, 0x157C3133, 0x049EE8DA) = 0x00000000 51232: times(0x2FF21240) = 15428392 51232: appgetrusage(0x00000000, 0x2FF211E8, 0x30000008, 0x0000007F, 0x00000061, 0x1A1BC8A8, 0x157CDFCD, 0x049EE8DA) = 0x00000000 51232: times(0x2FF21180) = 15428392 51232: klseek(6, 0, 560, 0x00000000) = 0 51232: kread(6, "\n\0\0\0\0 "\0\0\0\0\0\0".., 40) = 40 51232: klseek(6, 0, 1360, 0x00000000) = 0 51232: kread(6, "\f\0 u ? # T8F : ? ? ?8D".., 40) = 40 51232: klseek(6, 0, 1400, 0x00000000) = 0 51232: kread(6, "\r\0 Y1D T ? ? ?1B ) ? ?".., 40) = 40 51232: open("/tmp/encrypt", 0400000000) = 7 51232: open("/tmp/encrypt", 0400000000) = 8 51232: fstatx(8, 0x2FF215C0, 128, 010) = 0 51232: kread(8, " # ! / u s r / b i n / p".., 8192) = 1475 51232: appgetrusage(0x00000000, 0x2FF215C8, 0x30000008, 0x000000D7, 0x00000056, 0x1A23D634, 0x1584ED59, 0x049EE8DA) = 0x00000000 51232: times(0x2FF21560) = 15428393 51232: open("/tmp/gpg/.gnupg/random_seed", 0400000000) = 9 51232: fstatx(9, 0x2FF21278, 128, 010) = 0 51232: kread(9, " l ? ? ? ? S8F - 7 t0E15".., 600) = 600 51232: close(9) = 0 51232: _getpid() = 51232 51232: times(0x2FF21210) = 15428393 51232: access("/dev/random", 04) Err#2 ENOENT 51232: socket(0x00000001, 0x00000001, 0x00000000, 0x00000000, 0x6F707900, 0x6F707900, 0x79000000, 0x00808080) = 0x00000009 51232: connext(0x00000009, 0x2FF210FC, 0x00000019, 0x2FF21094, 0x2FF21090, 0x60180018, 0x60052965, 0x00000000) Err#2 ENOENT 51232: close(9) = 0 51232: appgetrusage(0x00000000, 0x2FF21508, 0x30000008, 0x0000013B, 0x00000008, 0x1A2811AF, 0x158928D3, 0x049EE8DA) = 0x00000000 51232: times(0x2FF214A0) = 15428393 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x00000193, 0x000000AD, 0x1A29B1EE, 0x158AC913, 0x049EE8DA) = 0x00000000 51232: times(0x2FF21450) = 15428394 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x000001EB, 0x00000086, 0x1A2B177B, 0x158C2EA0, 0x049EE8DA) = 0x00000000 51232: times(0x2FF21450) = 15428394 51232: appgetrusage(0x00000000, 0x2FF213C8, 0x30000008, 0x00000243, 0x000000FC, 0x1A2CAA3F, 0x158DC164, 0x049EE8DA) = 0x00000000 51232: times(0x2FF21360) = 15428394 51232: fstatx(7, 0x2FF21630, 128, 010) = 0 51232: appgetrusage(0x00000000, 0x2FF213B8, 0x30000008, 0x00000043, 0x00000092, 0x1A731E84, 0x15D435A9, 0x049EE8DA) = 0x00000000 51232: times(0x2FF21350) = 15428400 From jurgen at botz.org Sat Aug 9 00:07:02 2003 From: jurgen at botz.org (=?ISO-8859-1?Q?J=FCrgen_Botz?=) Date: Tue Oct 7 21:31:49 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <87he4wvsvh.fsf@alberti.g10code.de> References: <87he4wvsvh.fsf@alberti.g10code.de> Message-ID: <3F341183.7060904@botz.org> Werner Koch wrote: > gpg2 has been changed to use libgcrypt but secret key management is > still done by itself and not by gpg-agent. However, --use-agent is > the default now and we support the new OpenPGP smartcards. Could you explain what you mean by this for those of us who are not very familiar with the code base? I mean, superficially this statement doesn't make sense, if key management isn't done by the agent what good is the agent? :j From avbidder at fortytwo.ch Sat Aug 9 08:08:04 2003 From: avbidder at fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Oct 7 21:31:49 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <3F341183.7060904@botz.org> References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> Message-ID: <200308090709.32850@fortytwo.ch> On Friday 08 August 2003 23:09, J?rgen Botz wrote: > Werner Koch wrote: > > gpg2 has been changed to use libgcrypt but secret key management is > > still done by itself and not by gpg-agent. However, --use-agent is > > the default now and we support the new OpenPGP smartcards. > > Could you explain what you mean by this for those of us who are > not very familiar with the code base? I mean, superficially this > statement doesn't make sense, if key management isn't done by the > agent what good is the agent? As far as I understand it, the agent at the moment takes care of requesting the password from the user. Which will probably break all application using secret key operations and managing the pw themselves. I think --passphrase-fd should automatically imply --no-use-agent. (Or do you already do this?). When the agent does secret key handling: is there a way to continue using --passphrase-fd (and have gpg supply the pw to the agent)? greetings -- vbi -- featured product: GNU Privacy Guard - http://gnupg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 445 bytes Desc: signature Url : /pipermail/attachments/20030809/988aca7c/attachment.bin From wk at gnupg.org Sat Aug 9 11:27:01 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:50 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <200308090709.32850@fortytwo.ch> (Adrian von Bidder's message of "Sat, 9 Aug 2003 07:09:29 +0200") References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> <200308090709.32850@fortytwo.ch> Message-ID: <87ptjf44la.fsf@alberti.g10code.de> On Sat, 9 Aug 2003 07:09:29 +0200, Adrian 'Dagurashibanipal' von Bidder said: > I think --passphrase-fd should automatically imply --no-use-agent. (Or do you > already do this?). When the agent does secret key handling: is there a way to This is in 1.2.3rc2 -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk at gnupg.org Sat Aug 9 11:32:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:50 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <3F341183.7060904@botz.org> ( =?iso-8859-1?q?J=FCrgen_Botz's_message_of?= "Fri, 08 Aug 2003 14:09:23 -0700") References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> Message-ID: <87llu344bu.fsf@alberti.g10code.de> On Fri, 08 Aug 2003 14:09:23 -0700, J?rgen Botz said: > not very familiar with the code base? I mean, superficially this > statement doesn't make sense, if key management isn't done by the > agent what good is the agent? Key management is never done by the agent. gpg-agent simply takes care of all operations involving private keys - that is just a small part of the key managenent. The current 1.9 code uses the gpg-agent in the same way as 1.2: It is only used as a way to invoke the pinentry and cache the passphrase. So the private key operations are still done in the gpg process. With the smartcard support there is another use of the agent (calling scdaemon), but it uses a different code path. As soon as we have migrated the private key oeprations to the gpg-agent, the --use-agent option won't have an effect anymore. --passphrase-fd (and the --command-fd way) will continue to exist, so that passphrases used for symmetric only encryption can be passed by other programs to gpg during unattended operations. Shalom-Salam, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk at gnupg.org Sat Aug 9 11:57:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:50 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s In-Reply-To: (Ryan Wyler's message of "Fri, 8 Aug 2003 14:14:03 -0700") References: Message-ID: <87he4r43ar.fsf@alberti.g10code.de> On Fri, 8 Aug 2003 14:14:03 -0700, Ryan Wyler said: > 51232: access("/dev/random", 04) Err#2 ENOENT Tries /dev/random -> does not exist > 51232: socket(0x00000001, 0x00000001, 0x00000000, 0x00000000, > 0x6F707900, 0x6F707900, 0x79000000, 0x00808080) = 0x00000009 Fallback to EGD > 51232: connext(0x00000009, 0x2FF210FC, 0x00000019, 0x2FF21094, > 0x2FF21090, 0x60180018, 0x60052965, 0x00000000) Err#2 ENOENT No EGD running. > 51232: close(9) = 0 > 51232: appgetrusage(0x00000000, 0x2FF21508, 0x30000008, 0x0000013B, > 0x00000008, 0x1A2811AF, 0x158928D3, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF214A0) = 15428393 > 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x00000193, > 0x000000AD, 0x1A29B1EE, 0x158AC913, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF21450) = 15428394 That is are several fast random polls. However I expected to see a few other system calls. Can you please grep through config.h and tell us how HAVE_GETHRTIME HAVE_BROKEN_GETHRTIME HAVE_GETTIMEOFDAY HAVE_CLOCK_GETTIME HAVE_TIMES are defined. This is definitely not the hanging problem, though. You can also try to run this: GNUPG_RNDUNIX_DBG=/tmp/foo GNUPG_RNDUNIX_DBGALL=1 \ ./gpg -a --gen-random 2 10 /tmp/foo will be filled with info regarding the tools execed by the rndunix entropy gatherer. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From mwy-opgp97 at the-youngs.org Sat Aug 9 14:17:02 2003 From: mwy-opgp97 at the-youngs.org (Michael Young) Date: Tue Oct 7 21:31:50 2003 Subject: Detached signature as a pass-through filter? Message-ID: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use GnuPG to sign an intermediate result, something like: command ... | gpg --detach-sign -o signature_file | other_command ... This specific incantation doesn't work. Standard output is empty. Is there any way to convince GnuPG to pass the input through to standard output? (And if not, would it be reasonable to add a switch to do this?) -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPzPLmOc3iHYL8FknEQJIjwCeJVIyTe2OmG0ijSui03JCYMCKeXsAnjoW Z1fiPv+4yddhe1b1qrf6P1RV =SCCM -----END PGP SIGNATURE----- From mwy-opgp97 at the-youngs.org Sat Aug 9 14:17:05 2003 From: mwy-opgp97 at the-youngs.org (Michael Young) Date: Tue Oct 7 21:31:50 2003 Subject: Selective import; pop-up trust dialog Message-ID: <001a01c35dce$c4f45960$2ac52609@transarc.ibm.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While I'm asking about features, here are a couple that I've wanted for a long time, but have never gotten around to asking about: When importing a file that contains many keys, I'd like to be able to select only a subset to be incorporated into my keyring. This might take the form of a dialog (like PGP does) or a pattern to accept. Is there any such mechanism? - - and - When encrypting to a key that I haven't signed locally, I get a dialog that displays the fingerprint of the *encryption* subkey. I'd really like to see the *signing* key's fingerprint; that's what I use to verify identity in other situations, and it's what I keep handy. Another notable OpenPGP product won't even show the encryption subkey fingerprint. I suppose some people might still want to see the encryption key's fingerprint, but would it be reasonable to show both? [Yes, I can (and regularly do) stop the dialog and get the signing key fingerprint separately, but it's a nuisance.] Thanks for any suggestions! -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPzPXWOc3iHYL8FknEQILOACgg7UaRjt69fbV7DICVh5CeVkckFgAniLC 5fhAh0O4XQOJQyS36N+AaplA =UzsO -----END PGP SIGNATURE----- From avbidder at fortytwo.ch Sat Aug 9 15:24:02 2003 From: avbidder at fortytwo.ch (Adrian 'Dagurashibanipal' von Bidder) Date: Tue Oct 7 21:31:50 2003 Subject: --show-policy behaviour? Message-ID: <200308091426.03490@fortytwo.ch> Yo! What exactly is the behaviour of show-policy? I've been slightly annoyed today (easily workaroundable(tm), so no problem) gpg --clearsign on the terminal: the signature policy is displayed in the signed message part like -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 blah fasel Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAj805qJgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fWcJoAnRtDEAvMeFsdl9zKiR2Sy8/i DgnXAKDazHLB3AYdVOuQvgR3KyuK8NnnKg== =xnWr -----END PGP SIGNATURE----- so copy-pasting (damn pseudo english verbs today) from the console breaks. Apparently it's displayed on stdout, too, so 2>/dev/null doesn't help either. Funnily when redirecting stdout to a file, the signature policy is displayed after the signature, so it doesn't break the sig. Proposal: display signature policy only when verifying a signature. (And Werner, if you're going to say it's in 1.2.3rcX already one more time, I shall definitely throw something out of the window or whatever ;-) greetings -- vbi -- Could this mail be a fake? (Answer: No! - http://fortytwo.ch/gpg/intro) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 445 bytes Desc: signature Url : /pipermail/attachments/20030809/8029c5f9/attachment.bin From dshaw at jabberwocky.com Sat Aug 9 15:54:01 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:50 2003 Subject: Detached signature as a pass-through filter? In-Reply-To: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> References: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> Message-ID: <20030809125515.GA31373@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 08, 2003 at 12:11:14PM -0400, Michael Young wrote: > I'd like to use GnuPG to sign an intermediate result, something like: > > command ... | gpg --detach-sign -o signature_file | other_command ... > > This specific incantation doesn't work. Standard output is empty. > > Is there any way to convince GnuPG to pass the input through to > standard output? (And if not, would it be reasonable to add a > switch to do this?) Why not use "tee"? That's the standard resource for constructing a pipeline when a command consumes data. echo "foo" | tee tempfile | gpg --detach-sign -o sigfile.gpg ; cat tempfile David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iEYEARECAAYFAj807zMACgkQ4mZch0nhy8lWjQCfeOjUIncyQsVvZZd2kI8p+7mA izsAniHjPNpPcoxPBXjFHAfwOgVWjrpp =IkmK -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sat Aug 9 15:58:01 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:50 2003 Subject: Selective import; pop-up trust dialog In-Reply-To: <001a01c35dce$c4f45960$2ac52609@transarc.ibm.com> References: <001a01c35dce$c4f45960$2ac52609@transarc.ibm.com> Message-ID: <20030809125918.GB31373@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 08, 2003 at 01:01:53PM -0400, Michael Young wrote: > While I'm asking about features, here are a couple that I've wanted > for a long time, but have never gotten around to asking about: > > When importing a file that contains many keys, I'd like to be able > to select only a subset to be incorporated into my keyring. This > might take the form of a dialog (like PGP does) or a pattern to > accept. Is there any such mechanism? gpg --interactive --import foo.gpg > When encrypting to a key that I haven't signed locally, I get a > dialog that displays the fingerprint of the *encryption* subkey. > I'd really like to see the *signing* key's fingerprint; that's what > I use to verify identity in other situations, and it's what I keep > handy. Another notable OpenPGP product won't even show the > encryption subkey fingerprint. I suppose some people might still > want to see the encryption key's fingerprint, but would it be > reasonable to show both? [Yes, I can (and regularly do) stop the > dialog and get the signing key fingerprint separately, but it's a > nuisance.] Which version of GnuPG are you using? GnuPG has displayed both since version 1.1.91. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iEYEARECAAYFAj808CYACgkQ4mZch0nhy8n76ACePTHYrgdKV8OAMTnTjp8Pbfql 2tkAoMWx/qolJl+rt7iVuOA6dYKUq5Y+ =Es2L -----END PGP SIGNATURE----- From JPClizbe at comcast.net Sat Aug 9 17:59:02 2003 From: JPClizbe at comcast.net (John Clizbe) Date: Tue Oct 7 21:31:50 2003 Subject: Detached signature as a pass-through filter? In-Reply-To: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> References: <001401c35dc7$b2d3b5c0$2ac52609@transarc.ibm.com> Message-ID: <3F34E213.9040403@comcast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Young wrote: > I'd like to use GnuPG to sign an intermediate result, something like: > > command ... | gpg --detach-sign -o signature_file | other_command ... > > This specific incantation doesn't work. Standard output is empty. > > Is there any way to convince GnuPG to pass the input through to > standard output? (And if not, would it be reasonable to add a > switch to do this?) > using tee to split the output stream before you pipe to gpg would be the standard way to do it (I'm sure named pipes & file descriptors could be woven in some way) command ... | tee | gpg --detach-sign -o sig_file; cat | other_command ... If you're on Windows, you can get tee from Cygwin, MinGW/MSys, UWin, or Services for Unix - -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Most men take the straight and narrow. A few take the road less traveled. I chose to cut through the woods." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/NOIMHQSsSmCNKhARAv8bAJ9KCkTZoVbOpQJBusfcXODQPxhQIwCg06bv +dSTJkKRMcKIDdR6mBg3IZo= =iGhP -----END PGP SIGNATURE----- From dshaw at jabberwocky.com Sun Aug 10 02:27:03 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:50 2003 Subject: --show-policy behaviour? In-Reply-To: <200308091426.03490@fortytwo.ch> References: <200308091426.03490@fortytwo.ch> Message-ID: <20030809232841.GF4538@jabberwocky.com> On Sat, Aug 09, 2003 at 02:26:00PM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: [ policy urls appear in the middle of clearsigned data on the console ] > so copy-pasting (damn pseudo english verbs today) from the console breaks. > Apparently it's displayed on stdout, too, so 2>/dev/null doesn't help either. Ugh, this is a problem. The same thing happens with sig notations. It's a bigger problem than clearsigning, actually. Try doing an --encrypt and --sign > redirected to a file. It breaks the MDC so you always get the "encrypted message has been manipulated!" warning. It'll be fixed in 1.2.3. David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 268 bytes Desc: not available Url : /pipermail/attachments/20030810/9bf2fa5c/attachment.bin From rjwyler at us.ibm.com Mon Aug 11 19:28:02 2003 From: rjwyler at us.ibm.com (Ryan Wyler) Date: Tue Oct 7 21:31:50 2003 Subject: gnupg 1.2.2 on aix 5.1 on P660s and P690s Message-ID: Here are the requested greps out of config.h: /* #undef HAVE_GETHRTIME */ /* #undef HAVE_BROKEN_GETHRTIME */ #define HAVE_GETTIMEOFDAY 1 #define HAVE_CLOCK_GETTIME 1 #define HAVE_TIMES 1 Here is the outputed /tmp/foo: START RNDUNIX DEBUG pid=55616 Skipping /usr/bin/vmstat Skipping /usr/bin/vmstat /usr/bin/pfstat not present Skipping /usr/bin/vmstat /usr/ucb/netstat not present, has alternatives Skipping /usr/sbin/netstat Skipping /usr/etc/netstat /usr/bin/nfsstat not present /usr/ucb/netstat not present, has alternatives Skipping /usr/sbin/netstat Skipping /usr/etc/netstat Skipping /usr/ucb/netstat Skipping /usr/bin/netstat Skipping /usr/sbin/netstat Skipping /usr/etc/netstat /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /usr/bin/mpstat not present Skipping /usr/bsd/w Skipping /bin/df /usr/sbin/portstat not present Skipping /usr/bsd/uptime Skipping /usr/bin/vmstat Skipping /usr/bin/vmstat /usr/ucb/netstat not present, has alternatives Skipping /usr/sbin/netstat Skipping /usr/etc/netstat /usr/ucb/ps not present, has alternatives Skipping /bin/ps Skipping /bin/ipcs /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present /etc/pstat not present, has alternatives /bin/pstat not present Skipping /usr/bsd/last /usr/sbin/snmp_request not present /usr/sbin/snmp_request not present /etc/arp not present, has alternatives /usr/etc/arp not present, has alternatives /usr/bin/arp not present, has alternatives Skipping /usr/bin/lpstat Skipping /usr/ucb/lpstat /usr/bin/tcpdump not present /usr/sbin/advfsstat not present /usr/sbin/advfsstat not present /usr/sbin/advfsstat not present /bin/vmstat -c contributed 0 bytes, usefulness = 2 /bin/vmstat -s contributed 534 bytes, usefulness = 4 /bin/vmstat -i contributed 601 bytes, usefulness = 3 /usr/bin/netstat -s contributed 6405 bytes, usefulness = 12 /usr/bin/netstat -m contributed 1477 bytes, usefulness = 2 /bin/netstat -in contributed 259 bytes, usefulness = 1 /usr/bin/w contributed 192 bytes, usefulness = 0 /usr/bin/df contributed 5211 bytes, usefulness = 5 /usr/bin/iostat contributed 123 bytes, usefulness = 0 /usr/bin/uptime contributed 67 bytes, usefulness = 0 /bin/vmstat -f contributed 13 bytes, usefulness = 0 /bin/vmstat contributed 145 bytes, usefulness = 0 /usr/bin/netstat -n contributed 18393 bytes, usefulness = 8 /usr/bin/ps aux contributed 10275 bytes, usefulness = 3 /bin/ps -A contributed 3877 bytes, usefulness = 1 /usr/bin/ipcs -a contributed 1073 bytes, usefulness = 0 /usr/bin/last -n 50 contributed 27 bytes, usefulness = 0 /usr/sbin/arp -a contributed 381 bytes, usefulness = 0 /usr/sbin/ripquery -nw 1 127.0.0.1 contributed 99 bytes, usefulness = 0 /bin/lpstat -t contributed 0 bytes, usefulness = 0 Got 49152 bytes, usefulness = 39 Werner Koch To: gnupg-devel@gnupg.org Sent by: cc: gnupg-devel-admin Subject: Re: gnupg 1.2.2 on aix 5.1 on P660s and P690s @gnupg.org 08/09/2003 01:56 AM On Fri, 8 Aug 2003 14:14:03 -0700, Ryan Wyler said: > 51232: access("/dev/random", 04) Err#2 ENOENT Tries /dev/random -> does not exist > 51232: socket(0x00000001, 0x00000001, 0x00000000, 0x00000000, > 0x6F707900, 0x6F707900, 0x79000000, 0x00808080) = 0x00000009 Fallback to EGD > 51232: connext(0x00000009, 0x2FF210FC, 0x00000019, 0x2FF21094, > 0x2FF21090, 0x60180018, 0x60052965, 0x00000000) Err#2 ENOENT No EGD running. > 51232: close(9) = 0 > 51232: appgetrusage(0x00000000, 0x2FF21508, 0x30000008, 0x0000013B, > 0x00000008, 0x1A2811AF, 0x158928D3, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF214A0) = 15428393 > 51232: appgetrusage(0x00000000, 0x2FF214B8, 0x30000008, 0x00000193, > 0x000000AD, 0x1A29B1EE, 0x158AC913, 0x049EE8DA) = 0x00000000 > 51232: times(0x2FF21450) = 15428394 That is are several fast random polls. However I expected to see a few other system calls. Can you please grep through config.h and tell us how HAVE_GETHRTIME HAVE_BROKEN_GETHRTIME HAVE_GETTIMEOFDAY HAVE_CLOCK_GETTIME HAVE_TIMES are defined. This is definitely not the hanging problem, though. You can also try to run this: GNUPG_RNDUNIX_DBG=/tmp/foo GNUPG_RNDUNIX_DBGALL=1 \ ./gpg -a --gen-random 2 10 /tmp/foo will be filled with info regarding the tools execed by the rndunix entropy gatherer. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-devel From mwy-gpg41 at the-youngs.org Mon Aug 11 23:21:02 2003 From: mwy-gpg41 at the-youngs.org (Michael Young) Date: Tue Oct 7 21:31:50 2003 Subject: Detached signature as a pass-through filter? References: <20030810042724.17356.25966.Mailman@trithemius.gnupg.org> Message-ID: <004801c36046$357a71a0$2ac52609@transarc.ibm.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Shaw suggested: > Why not use "tee"? That's the standard resource for constructing a > pipeline when a command consumes data. > > echo "foo" | tee tempfile | gpg --detach-sign -o sigfile.gpg ; cat tempfile Using a regular "tempfile", there are two reasons: this requires storage for the intermediary result (which may be large); and, the second command doesn't get started until the output is complete. The same thing can be accomplished without "tee" at all: echo "foo" > tempfile gpg ... < tempfile using tee to split the output stream before you pipe to gpg would be the > standard way to do it (I'm sure named pipes & file descriptors could be > woven in some way) Yes, "tee" combined with a FIFO should work, but it's not very portable. I could always write my own "tee" that emits to additional file descriptors (rather than files), and do descriptor redirections. This may be slightly more portable (e.g., *might* work on Cygwin). Or, I could hack a private version of GnuPG that does what I want -- that would be portable, but it adds an upkeep burden (as GnuPG changes, I'd like to follow). Again, I was just hoping that I could get GnuPG to act as a passthrough. It seems not. Thanks for the responses, though! -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPzf63ec3iHYL8FknEQId+gCg/QrnIBfuXS21W4AaHXOddDoB5Q0An1mn zdcAQhCCvkM75iWBj2H7dFI4 =RJ3u -----END PGP SIGNATURE----- From marcosp_belem at ig.com.br Wed Aug 13 03:08:02 2003 From: marcosp_belem at ig.com.br (MARCOS SOUSA) Date: Tue Oct 7 21:31:51 2003 Subject: decryption in gnupg 1.2.1 Message-ID: I am making test of code of files with a computer windows 98 using files of *. bat to execute commands in the gnupg 1.2.1 to encrypt and to decrypt files. To codify I didn't have problems, however in the moment of the decryption, it is necessary to interact in the prompt DOS to supply the password. Is it possible that automatic process to turn, sending some parameter without the interaction with the user to put the password? Marcos Paulo _________________________________________________________ Voce quer um iGMail protegido contra vírus e spams? Clique aqui: http://www.igmailseguro.ig.com.br Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/ From jharris at widomaker.com Wed Aug 20 23:35:03 2003 From: jharris at widomaker.com (Jason Harris) Date: Tue Oct 7 21:31:51 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030820164632.GA12604@netserv.nl> References: <20030820164632.GA12604@netserv.nl> Message-ID: <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> On Wed, Aug 20, 2003 at 06:46:32PM +0200, Matto Fransen wrote: > I have not been able to the expire-date of a subkey. I have copied a > part of the edit-key procedure below: [moved from gnupg-users to gnupg-devel] Indeed, is there any combination of options to allow GPG (1.2.1 or 1.2.2) to encrypt to an _expired_ subkey? It seems to me that --ignore-time- conflict, perhaps combined with --expert, should have been sufficient, although adding --trusted-key and fully specifying the subkey to use via -r ! didn't help either. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20030820/8933740a/attachment.bin From Marcus.Brinkmann at ruhr-uni-bochum.de Wed Aug 20 23:58:01 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:51 2003 Subject: thread support in GPGME (was: Re: Bug in gpgme 0.4.2?) In-Reply-To: <20030805155418.GA13270@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> Message-ID: <20030820205922.GF6997@212.23.136.22> On Tue, Aug 05, 2003 at 05:54:18PM +0200, Albrecht Dre? wrote: > As I am now almost finished with moving balsa from gpgme 0.3.15 to 0.4.3, > I would like to submit the patch for migration soon. Do you have a > timeline for releasing gpgme 0.4.3? I guess people would complain if they > had to use CVS gpgme, and I want to make 0.4.3 as minumum requirement to > avoid endless discussions about missing pub keys not detected correctly. I have now reworked GPGME's support for thread. The old autodetect code is still there for compatibility, but it is deprecated. Instead, a new library is built, libgpgme-pthread, which you can use to link against. This library links explicitely against libpthread, so libtool will get the ordering right. What is still missing is support for that in gpgme-config, which will get a new option --thread= to select the thread package, and new autoconf macros AM_PATH_GPGME_PTHREAD (or whatever the name should be). The same for pth, by the way. The libraries libgpgme, libgpgme-pthread, ... are almost identical, they differ only in a few functions :-/ but the alternative to link all three against a libgpgme-real library that contains the main code requires to have the thread support in other libraries (let's call them libgpg-ath, libgpg-ath-pthread, libgpg-ath-pth), because they'd have to be linked in _after_ libgpgme-real. So we would have another stand alone package you would have to download, compile, install, and maintain. We thought long about it, and eventually decided that wasting a bit of disk space is better than wasting a lot of man power, so this is what we are doing now. When we have the gpgme-config and AM_ stuff done, and fixed the documentation, I think it is time for another gpgme release. That would be early next week. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From Marcus.Brinkmann at ruhr-uni-bochum.de Thu Aug 21 00:03:02 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:51 2003 Subject: preparing GPGME 0.4.3 Message-ID: <20030820210446.GG6997@212.23.136.22> Hi, we are in for another GPGME release shortly. If there is anything that bugs you in 0.4.2, or even better the CVS version, please let me know within the next days, and I will try to fix it. If there are any outstanding bug reports or patches, that I have not addressed yet, chances are that I will still get to them, but there is also a chance that I will miss the opportunity. So please don't be shy to remind me of something I might have forgotten or postponed. Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From dshaw at jabberwocky.com Thu Aug 21 00:52:01 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:51 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> References: <20030820164632.GA12604@netserv.nl> <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030820215309.GA16339@jabberwocky.com> On Wed, Aug 20, 2003 at 04:36:45PM -0400, Jason Harris wrote: > On Wed, Aug 20, 2003 at 06:46:32PM +0200, Matto Fransen wrote: > > > I have not been able to the expire-date of a subkey. I have copied a > > part of the edit-key procedure below: > > [moved from gnupg-users to gnupg-devel] > > Indeed, is there any combination of options to allow GPG (1.2.1 or 1.2.2) > to encrypt to an _expired_ subkey? It seems to me that --ignore-time- > conflict, perhaps combined with --expert, should have been sufficient, > although adding --trusted-key and fully specifying the subkey to use > via -r ! didn't help either. I'll admit to a certain curiosity as to why someone would want to do such a thing. This key is no more. It has ceased to be. It's *expired*. Using it after expiration is against the express wishes of the person who put the key out there in the first place - the key owner. David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 268 bytes Desc: not available Url : /pipermail/attachments/20030820/7cdeb135/attachment.bin From stephane at sente.ch Thu Aug 21 12:59:05 2003 From: stephane at sente.ch (=?ISO-8859-1?Q?St=E9phane_Corth=E9sy?=) Date: Tue Oct 7 21:31:51 2003 Subject: preparing GPGME 0.4.3 In-Reply-To: <20030820210446.GG6997@212.23.136.22> Message-ID: <910F0C65-D3A3-11D7-9DB2-0003938D796E@sente.ch> Hi, I encountered some strange problems on MacOS X with gpgme 0.4.2 when using threads (pthreads IIRC); I have no code to submit yet, but here are the symptoms: in a new thread I create a context, then try to decrypt something or list secret keys in that thread; my thread blocks (it is waiting on a select() return); if I interrupt my process, when under gdb control, and simply continue, then the thread is un-blocked and expected results come out. Everything works fine when I work in the main thread. I'll try to submit you a test case this week-end. Cheers, St?phane On Wednesday, Aug 20, 2003, at 23:04 Europe/Zurich, Marcus Brinkmann wrote: > Hi, > > we are in for another GPGME release shortly. If there is anything that > bugs you in 0.4.2, or even better the CVS version, please let me know > within > the next days, and I will try to fix it. > > If there are any outstanding bug reports or patches, that I have not > addressed yet, chances are that I will still get to them, but there is > also > a chance that I will miss the opportunity. So please don't be shy to > remind > me of something I might have forgotten or postponed. > > Thanks, > Marcus > > > -- > `Rhubarb is no Egyptian god.' GNU http://www.gnu.org > marcus@gnu.org > Marcus Brinkmann The Hurd > http://www.gnu.org/software/hurd/ > Marcus.Brinkmann@ruhr-uni-bochum.de > http://www.marcus-brinkmann.de/ > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel From Marcus.Brinkmann at ruhr-uni-bochum.de Thu Aug 21 14:21:02 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:51 2003 Subject: preparing GPGME 0.4.3 In-Reply-To: <910F0C65-D3A3-11D7-9DB2-0003938D796E@sente.ch> References: <20030820210446.GG6997@212.23.136.22> <910F0C65-D3A3-11D7-9DB2-0003938D796E@sente.ch> Message-ID: <20030821105357.GD941@212.23.136.22> On Thu, Aug 21, 2003 at 08:49:09AM +0200, St?phane Corth?sy wrote: > Hi, > > I encountered some strange problems on MacOS X with gpgme 0.4.2 when > using threads (pthreads IIRC); I have no code to submit yet, but here > are the symptoms: in a new thread I create a context, then try to > decrypt something or list secret keys in that thread; my thread blocks > (it is waiting on a select() return); if I interrupt my process, when > under gdb control, and simply continue, then the thread is un-blocked > and expected results come out. Everything works fine when I work in the > main thread. This suspiciously sounds like it could also be a bug in the thread implementation of MacOS X. > I'll try to submit you a test case this week-end. You should also possibly try to runa test case on MacOS X that just forks(), forks() again (double fork is used in GPGME to daemonize) and in the inital parent select(), for example for reading from a pipe, and in the child write() to the pipe. However, more might be necessary to provoke the same behaviour as in GPGME, for example the signal setup GPGME is using (see posix-io.c's spawn function, which you could use in your non-gpgme test case). Thanks, Marcus -- `Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/ Marcus.Brinkmann@ruhr-uni-bochum.de http://www.marcus-brinkmann.de/ From t.schorpp at gmx.de Thu Aug 21 17:55:01 2003 From: t.schorpp at gmx.de (thomas schorpp) Date: Tue Oct 7 21:31:51 2003 Subject: Smartcard Support, open system security, law,( certificate sig removed) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi, im against and dont like using smartcards due to certain security flaws with its whole system: - - it makes no sense to protect and provide electronic signatures with strong algorithms and then using weak smartcard pins of 4-6 decimal digits, this would be the way of the german signature law (SigG) and its well known providers regtp (the old bundespost), bmi, tuvit, d-trust... - - the cards and its commercial systems will be hacked, loosed, pin-compromised faster than you think. - - the reasonable use of smartcards to protect data requires protecting the pin in a encrypted file using a strong passphrase in brain only and never to loose on a personal high secure mobile unit or a workstation (staged concept), i'm doing so with the insecure pin numbers of my credit and ec bank cards. for such a project we need not only open software, we would need OPEN HARDWARE systems of intelligent mobile devices (a stupid smartcard or usb-stick isnt that way), too. maybe off-topic, if this discussion is going on elsewhere please let me know: besides, our open sytems should include the ability to handle the TWO personals needs of a todays electronic individual or organisation (juristic persons): we need 2 personal signature/encryption keys/certificates, one requires privacy and anonymity in electronic worlds, the second requires acceptance by at least by DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures Code 5 Part 2, says, a court has to recognize signatures even NOT approved as "qualified" by national authorities(!). not to mention international treaties. that would be our chance to bridge between the nowadays seperated systems, accepted for both individual needs, otherwise commercial systems and microsoft will lead in the future. gnupg is therefor funded in part by the german ministry of economics to adopt later in civil "government"(?). so politics is in here, too, dont miss it! Y tom Key ID: 0x31E21ABA www.keys.de.pgp.net - ---------------------------------------- Elektronische Unterschrift ist nach Import meines Stammzertifikats g?ltig gem?? RICHTLINIE 1999/93/EG DES EUROP?ISCHEN PARLAMENTS UND DES RATES vom 13. Dezember 1999 ?ber gemeinschaftliche Rahmenbedingungen f?r elektronische Signaturen Artikel 5 Abs. 2 i.V.m. ?23 SigG "ausl?ndische Produkte" Produkte der Microsoft Corporation behandeln Signaturvertrauen in diesem Sinne unvollst?ndig. Benutzen Sie besser Open Source Produkte (Linux, etc.) Digital Signature is valid after importing my Root Certificate by DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures Code 5 Part 2 Products of the Microsoft Coporation handle signature trust in this case not fully. Better use open source products (Linux, etc.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9ElmYACgkQzvbvBTHiGrp+QACg5Q5XfUuMSmX75rm40AryRGNW wloAoJ5FqwXfGxwMoDpJVVp9IT9q9g2T =QrmE -----END PGP SIGNATURE----- From wk at gnupg.org Thu Aug 21 18:52:01 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:51 2003 Subject: Smartcard Support, open system security, law,( certificate sig removed) In-Reply-To: (thomas schorpp's message of "Thu, 21 Aug 2003 16:56:10 +0200") References: Message-ID: <878ypn9fb4.fsf@alberti.g10code.de> On Thu, 21 Aug 2003 16:56:10 +0200, thomas schorpp said: > im against and dont like using smartcards due to certain security flaws with > its whole system: It has been said at least 42 times: What constitutes a security flaw depends on your threat model. So before you talk about it, define your threat model. > - it makes no sense to protect and provide electronic signatures with > strong algorithms and then using weak smartcard pins of 4-6 decimal digits, > this would be the way of the german signature law (SigG) and its well known > providers regtp (the old bundespost), bmi, tuvit, d-trust... The PIN is simply a countermeasure to increase the time window you have to relalise that your card has been stolen/abused, to create a revocation and distribute that. That's all a PIN is good for. Similar for GnuPG's passphrase. Nobody expects any strong security in a PIN. > - the cards and its commercial systems will be hacked, loosed, > pin-compromised faster than you think. Please define commercial system - I guess you mean proprietary system. All what you describe above constitutes local attacks requiring physical access to the card or reader. There is not much one can do about it except for plain old phsical security diligence. A smartcard protects very well against any remote key compromise attack. It can't protect you from malicious software on the host, though. > - the reasonable use of smartcards to protect data requires protecting the > pin in a encrypted file using a strong passphrase in brain only and never to This won't help. The box you are using to keep the encrypted file may already run malicious software. > for such a project we need not only open software, we would need OPEN > HARDWARE systems of intelligent mobile devices (a stupid smartcard or > usb-stick isnt that way), too. I don't know what you mean by open hardware? Hardware is entirely different from software because you can't build it at home from a piece of silicon and copying is is not of near-zero cost. Of course, I'd like to see free designs of chips, so that you can take the design to any fab and have them produce N of those chips. This is an expensive task and those chips won't be as cheap as we are used to - getting the critical mass to make the production cheaper is far harder than with software. For many application domains a smartcard is a thing you want to have. For example: The key I use to sign GnuPG is on some box which is somehow connected to the net and thus this key is a possible target for an attack. I would feel much safer with that key on a smartcard with an integrated signature counter and only used in the few seconds every once in a while while signing a package. Then, it will be much harder to trick my box into signing something without my attention. Well, there is still the question whether the right thing has been signed but a malicious signature will be detected very shortly after it. The real problem is how to assure that the source has not been tampered with - I review the diffs before a stable release - but that is a boring task and prone to errors. Hopefully others are watching the code too. > besides, our open sytems should include the ability to handle the TWO > personals needs of a todays electronic individual or organisation (juristic > persons): we need 2 personal signature/encryption keys/certificates, one The OpenPGP smartcard comes with thre keys: Signing (useful digital signatures), encryption and authentication (ssh, pam). > microsoft will lead in the future. gnupg is therefor funded in part by the > german ministry of economics to adopt later in civil "government"(?). so [ It is a long long time ago that we received some funds. The development is for ~95% done without any financial support. You can change this of course, see for example: http://g10code.com/products.html#maintpoints ] Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From t.schorpp at gmx.de Thu Aug 21 21:09:02 2003 From: t.schorpp at gmx.de (thomas schorpp) Date: Tue Oct 7 21:31:51 2003 Subject: Smartcards, one alternative solution to it..? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi, for workstation: what about booting a secure protected mode virtual machine minimal open source linux box within a normal-use os? all security software and secure shells, mails, document editors running in this box? modern processors protected mode should work well... is there a open counterpart to vmware? maybe a solution. comments? for mobile: < thinking... > y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9FCrIACgkQzvbvBTHiGrpsSQCg8C33UTrmd1QiSPqkfeGvFpqu 08MAn1HtW8G2E5dIZsgw+yLglqE2jwub =i/HS -----END PGP SIGNATURE----- From alex at syjon.fantastyka.net Thu Aug 21 21:19:02 2003 From: alex at syjon.fantastyka.net (Janusz A. Urbanowicz) Date: Tue Oct 7 21:31:51 2003 Subject: Smartcards, one alternative solution to it..? In-Reply-To: References: Message-ID: <20030821182002.GA31085@syjon.fantastyka.net> > for workstation: > > what about booting a secure protected mode virtual machine minimal open > source linux box within a normal-use os? > all security software and secure shells, mails, document editors running in > this box? > modern processors protected mode should work well... You are reinventing MS Palladium/NGSCB here. > is there a open counterpart to vmware? Bochs86. > maybe a solution. It is not a solution. Alex From t.schorpp at gmx.de Thu Aug 21 21:48:01 2003 From: t.schorpp at gmx.de (thomas schorpp) Date: Tue Oct 7 21:31:51 2003 Subject: AW: Smartcards, one alternative solution to it..? In-Reply-To: <20030821182002.GA31085@syjon.fantastyka.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 > -----Ursprungliche Nachricht----- > Von: gnupg-devel-admin@gnupg.org [mailto:gnupg-devel-admin@gnupg.org]Im > Auftrag von Janusz A. Urbanowicz > Gesendet: Donnerstag, 21. August 2003 20:20 > An: thomas schorpp > Cc: Gnupg-Devel; Winpt-Users; Winpt-Dev; Gnupg-Users > Betreff: Re: Smartcards, one alternative solution to it..? > > > > for workstation: > > > > what about booting a secure protected mode virtual machine minimal open > > source linux box within a normal-use os? > > all security software and secure shells, mails, document > editors running in > > this box? > > modern processors protected mode should work well... > > You are reinventing MS Palladium/NGSCB here. if i read the msdn right, thats not the thing i suggested, cause its no real pm, even if running from processor ring 0. and the politics behind that is a completly different, you know it. locking safe pages in virtual menory has pgp already done...? > > > is there a open counterpart to vmware? > > Bochs86. thx. > > > maybe a solution. > > It is not a solution. why?, please let me learn... please tell me your alternative to smartcards. > > Alex > > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9FE/QACgkQzvbvBTHiGrpwpQCgmowkNvxU1QsFecIv39THRVuM kBgAoJdjAB8D/46Fzq53pMZ2ua76o/PR =tOAi -----END PGP SIGNATURE----- From jharris at widomaker.com Thu Aug 21 23:47:02 2003 From: jharris at widomaker.com (Jason Harris) Date: Tue Oct 7 21:31:51 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030820215309.GA16339@jabberwocky.com> References: <20030820164632.GA12604@netserv.nl> <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> <20030820215309.GA16339@jabberwocky.com> Message-ID: <20030821204843.GC4380@pm1.ric-08.lft.widomaker.com> On Wed, Aug 20, 2003 at 05:53:09PM -0400, David Shaw wrote: > I'll admit to a certain curiosity as to why someone would want to do > such a thing. This key is no more. It has ceased to be. It's > *expired*. > Using it after expiration is against the express wishes of the person > who put the key out there in the first place - the key owner. Assuming the keyholder can figure out their software and can easily transmit key updates to those who would use the otherwise-expired key, then yes. But, just as one can use a telephone to verify the finger- print of a new key, one should also be able to say: "Use my existing key for another week, I'm unable to create and transmit a new one right now." Why preclude this? -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20030821/6e7e5683/attachment.bin From dshaw at jabberwocky.com Fri Aug 22 06:50:02 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:52 2003 Subject: encrypting to expired keys (was Re: Expire-date of subkey problem) In-Reply-To: <20030821204843.GC4380@pm1.ric-08.lft.widomaker.com> References: <20030820164632.GA12604@netserv.nl> <20030820203644.GW4380@pm1.ric-08.lft.widomaker.com> <20030820215309.GA16339@jabberwocky.com> <20030821204843.GC4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030822035146.GC21837@jabberwocky.com> On Thu, Aug 21, 2003 at 04:48:43PM -0400, Jason Harris wrote: > On Wed, Aug 20, 2003 at 05:53:09PM -0400, David Shaw wrote: > > > I'll admit to a certain curiosity as to why someone would want to do > > such a thing. This key is no more. It has ceased to be. It's > > *expired*. > > > Using it after expiration is against the express wishes of the person > > who put the key out there in the first place - the key owner. > > Assuming the keyholder can figure out their software and can easily > transmit key updates to those who would use the otherwise-expired key, > then yes. But, just as one can use a telephone to verify the finger- > print of a new key, one should also be able to say: "Use my existing key > for another week, I'm unable to create and transmit a new one right now." > Why preclude this? The protocol doesn't preclude this, of course, but then again, the protocol doesn't preclude nearly anything. There are many things that could theoretically be overridden by a smart user who "knows better". Unrevoke keys, unexpire user IDs or subkeys, change key flags (turn a sign-only key into an encryption key, etc) and so on. In general, I'm somewhat against this sort of thing unless there is a pretty concrete example of it being needed in the field. It's always possible to construct a reason why a particular validation needs to be overridden ("Oops, I didn't mean to revoke my key - it's okay, go ahead and use it anyway" or "I don't have time to sign Joe's key right now, but go ahead and use it as if I had signed it."), but every override gives additional complexity to GnuPG and is an additional place where the wrong thing can happen (How sure are you that you spoke to the right person on the phone? Are you sure that the "Joe" key that is being authorized is the same "Joe" that you have a copy of?) David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 268 bytes Desc: not available Url : /pipermail/attachments/20030822/1bf6f2f5/attachment.bin From itojun at iijlab.net Fri Aug 22 12:14:02 2003 From: itojun at iijlab.net (Jun-ichiro itojun Hagino) Date: Tue Oct 7 21:31:52 2003 Subject: gnupg 1.2.2: IPv6 support Message-ID: <20030815065120.3AF04793@starfruit.itojun.org> the following diff should add IPv6 support (keyserver access) to gnupg 1.2.2. config.h.in should be automatically generated, however, i'm not too familiar with automake so i hand-patched it. please consider integrating it into future distribution. itojun Index: config.h.in =================================================================== RCS file: /cvsroot/apps/gnupg/config.h.in,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- config.h.in 15 Aug 2003 05:12:06 -0000 1.1.1.1 +++ config.h.in 15 Aug 2003 06:44:46 -0000 1.2 @@ -537,3 +537,4 @@ #include "g10defs.h" +#undef HAVE_GETADDRINFO Index: configure =================================================================== RCS file: /cvsroot/apps/gnupg/configure,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- configure 15 Aug 2003 05:12:08 -0000 1.1.1.1 +++ configure 15 Aug 2003 06:47:49 -0000 1.2 @@ -13111,7 +13111,7 @@ -for ac_func in waitpid wait4 sigaction sigprocmask rand pipe stat +for ac_func in waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` echo "$as_me:$LINENO: checking for $ac_func" >&5 Index: configure.ac =================================================================== RCS file: /cvsroot/apps/gnupg/configure.ac,v retrieving revision 1.1.1.1 retrieving revision 1.3 diff -u -r1.1.1.1 -r1.3 --- configure.ac 15 Aug 2003 05:12:08 -0000 1.1.1.1 +++ configure.ac 15 Aug 2003 06:47:49 -0000 1.3 @@ -586,7 +586,7 @@ AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid) AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) -AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat) +AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo) AC_REPLACE_FUNCS(mkdtemp) # Index: util/http.c =================================================================== RCS file: /cvsroot/apps/gnupg/util/http.c,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- util/http.c 15 Aug 2003 05:12:28 -0000 1.1.1.1 +++ util/http.c 15 Aug 2003 06:44:46 -0000 1.2 @@ -753,6 +753,28 @@ sock_close (sd); return -1; } +#elif defined(HAVE_GETADDRINFO) + struct addrinfo hints, *res0, *res; + char portstr[20]; + + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + snprintf(portstr, sizeof(portstr), "%u", port); + if (getaddrinfo(server, portstr, &hints, &res0) != 0) + return -1; + for (res = res0; res; res = res->ai_next) { + sd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (sd < 0) + continue; + if (connect(sd, res->ai_addr, res->ai_addrlen) < 0) { + close(sd); + sd = -1; + continue; + } + break; + } + freeaddrinfo(res0); + return sd; #else struct sockaddr_in addr; struct hostent *host; From bernhard at intevation.de Fri Aug 22 12:14:06 2003 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue Oct 7 21:31:52 2003 Subject: NewPG is now GnuPG 1.9 In-Reply-To: <3F341183.7060904@botz.org> References: <87he4wvsvh.fsf@alberti.g10code.de> <3F341183.7060904@botz.org> Message-ID: <20030819190323.GF23531@intevation.de> On Fri, Aug 08, 2003 at 02:09:23PM -0700, J?rgen Botz wrote: > Werner Koch wrote: > >gpg2 has been changed to use libgcrypt but secret key management is > >still done by itself and not by gpg-agent. However, --use-agent is > >the default now and we support the new OpenPGP smartcards. > > Could you explain what you mean by this for those of us who are > not very familiar with the code base? I mean, superficially this > statement doesn't make sense, if key management isn't done by the > agent what good is the agent? The agent does secret key management for gpgsm. AFAIU for gpg2 it can hold the passphrase, thus working in a similiar manner like gpgsm. Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20030822/888ef668/attachment.bin From tv at pobox.com Fri Aug 22 12:14:11 2003 From: tv at pobox.com (Todd Vierling) Date: Tue Oct 7 21:31:52 2003 Subject: Patch for PR gnupg/199 Message-ID: I replied to GNATS, but it doesn't seem that my reply made it there. Note that I am *NOT* on this list; please include me in Cc: in responses. In the PR, use of --search-keys in a "PGP/GPG frontend" (pgpenvelope, GnuPG::Interface) is useless because the non-tty stdout default is block-buffered rather than line-buffered. Thus the key list, which is written to stdout, may never show up until entering (Q)uit. The following patch adds a fflush(stdout) to ensure that the list of keys in --search-keys is flushed to stdout before writing the prompt to the user. (BTW, I'd really like to see this in 1.2.3 as well, if possible. 8-) Index: g10/keyserver.c =================================================================== RCS file: /cvs/gnupg/gnupg/g10/keyserver.c,v retrieving revision 1.31 diff -u -r1.31 keyserver.c --- g10/keyserver.c 10 Jul 2003 14:30:07 -0000 1.31 +++ g10/keyserver.c 20 Aug 2003 21:06:12 -0000 @@ -486,6 +486,9 @@ from=numdesc+1; } + /* flush key list before displaying prompt */ + fflush(stdout); + answer=cpr_get_no_help("keysearch.prompt", _("Enter number(s), N)ext, or Q)uit > ")); /* control-d */ -- -- Todd Vierling From wk at gnupg.org Fri Aug 22 13:27:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:52 2003 Subject: Patch for PR gnupg/199 In-Reply-To: (Todd Vierling's message of "Wed, 20 Aug 2003 17:13:56 -0400 (EDT)") References: Message-ID: <87fzju6l3w.fsf@alberti.g10code.de> On Wed, 20 Aug 2003 17:13:56 -0400 (EDT), Todd Vierling said: > I replied to GNATS, but it doesn't seem that my reply made it there. Note > that I am *NOT* on this list; please include me in Cc: in responses. It went into a new bug report; I merged it. It is definitely time to upgarde to GNATS 4.0 but die to the kached gnu server it is still not available. > --search-keys is flushed to stdout before writing the prompt to the user. > (BTW, I'd really like to see this in 1.2.3 as well, if possible. 8-) The fflush won't harm, so I added it for 1.2.3 (which is alrweady available). Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From albrecht.dress at arcor.de Fri Aug 22 14:52:01 2003 From: albrecht.dress at arcor.de (Albrecht =?iso-8859-1?Q?Dre=DF?=) Date: Tue Oct 7 21:31:52 2003 Subject: thread support in GPGME (was: Re: Bug in gpgme 0.4.2?) In-Reply-To: <20030820205922.GF6997@212.23.136.22>; from Marcus.Brinkmann@ruhr-uni-bochum.de on Mit, Aug 20, 2003 at 22:59:22 +0200 References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> <20030820205922.GF6997@212.23.136.22> Message-ID: <20030822114539.GC1154@antares.localdomain> Am 20.08.03 22:59 schrieb(en) Marcus Brinkmann: > What is still missing is support for that in gpgme-config, which will get > a > new option --thread= to select the thread package, and new autoconf That should be a usable implementation for balsa, as the config script knows if threads should be used or not... > would have to download, compile, install, and maintain. We thought long > about it, and eventually decided that wasting a bit of disk space is > better than wasting a lot of man power, so this is what we are doing now. Sounds complicated. Did you think about a new function like "gpgme_init_threads({"pthread"|"pth"|...})" to trigger the thread initialisation? Maybe that's easier to maintain... > When we have the gpgme-config and AM_ stuff done, and fixed the > documentation, I think it is time for another gpgme release. That would > be > early next week. I hope the patch for balsa (which uses threads) will be ready about two weeks later (as I'm on holidays in between ;-)). Cheers, Albrecht. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dre? - Johanna-Kirchner-Stra?e 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de _________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20030822/067c5552/attachment.bin From Marcus.Brinkmann at ruhr-uni-bochum.de Fri Aug 22 15:19:02 2003 From: Marcus.Brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Tue Oct 7 21:31:52 2003 Subject: thread support in GPGME (was: Re: Bug in gpgme 0.4.2?) In-Reply-To: <20030822114539.GC1154@antares.localdomain> References: <20030804192424.GG1072@antares.localdomain> <20030804211420.GD2690@212.23.136.22> <20030805155418.GA13270@antares.localdomain> <20030820205922.GF6997@212.23.136.22> <20030822114539.GC1154@antares.localdomain> Message-ID: <20030822121006.GA745@killarney> On Fri, Aug 22, 2003 at 01:45:39PM +0200, Albrecht Dre? wrote: > Am 20.08.03 22:59 schrieb(en) Marcus Brinkmann: > >What is still missing is support for that in gpgme-config, which will get > >a > >new option --thread= to select the thread package, and new autoconf > > That should be a usable implementation for balsa, as the config script > knows if threads should be used or not... Yeah, in general the application this is finally linked to its libraries will know if it wants thread support or not. > >would have to download, compile, install, and maintain. We thought long > >about it, and eventually decided that wasting a bit of disk space is > >better than wasting a lot of man power, so this is what we are doing now. > > Sounds complicated. Did you think about a new function like > "gpgme_init_threads({"pthread"|"pth"|...})" to trigger the thread > initialisation? Maybe that's easier to maintain... Yes, we considered that, but what do you do if you have a library using GPGME? Then you'd have to export the interface to give the user of that library a choice. It would also not eliminate the link order problem using libtool. In the end, even the current solution is not ideal in the case of a library using GPGME, as such a library needs to make a decision to which of the GPGME variants it wants to be linked to! And this is sort of problematic, but I don't really know a solution, except to provide several variants of that library if necessary. Also please note that you can not freely mix threaded and non-threaded code, at least not in GNU/Linux based systems. libpthread overrides functions like fork, and that can cause spurious failures (like, for example, if you have a single-threaded apache and link it with a threaded mod_python). We can only hope that eventually all applications will always link to pthread, and no other thread system exists that people want to use :) Thanks, Marcus From t.schorpp at gmx.de Fri Aug 22 15:29:01 2003 From: t.schorpp at gmx.de (thomas schorpp) Date: Tue Oct 7 21:31:52 2003 Subject: Smartcard Support, open system security, law, i'm standing down and apologize In-Reply-To: <871xve86q4.fsf@alberti.g10code.de> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 @ALL, hi guys, since i've been the only one against smartcards and since the declared circumstances with the openpgp smartcards ARE REASONABLE AND ACCEPTABLE, i'm hereby standing down. i'm sorry and apologize, especially to mr. koch, for being rude. but i had to be provocant to learn about you guys ;). i like this project and if you got some work for me, please feel free to assign to me :). skills are electronics engineering, software engineering, project management, SPI, SW-QA/QM, ergonomics, PKI, MKI, law, and many more. go on with the great work. Y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9GDHcACgkQzvbvBTHiGrpF+gCgsrIvJsoDivWSRGZljURwyAWE 6/MAoPFbByb/Dcx/aN92IPWe8XQ/BXTP =jq7N -----END PGP SIGNATURE----- From wk at gnupg.org Fri Aug 22 17:11:20 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:52 2003 Subject: [Announce] GnuPG one-two-three released Message-ID: <877k557reu.fsf@alberti.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG release: Version 1.2.3 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. This release solves a performance problem introduced with 1.2.2 and make building on less common platforms easier. Getting the Software ==================== GnuPG 1.2.3 can be downloaded from one of the GnuPG mirror sites or From direct from ftp://ftp.gnupg.org/gcrypt . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the follwing files in the *gnupg* directory: gnupg-1.2.3.tar.bz2 (2240k) gnupg-1.2.3.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.2.3.tar.gz (3228k) gnupg-1.2.3.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.2.2-1.2.3.diff.gz (915k) A patch file to upgrade a 1.2.2 GnuPG source. This file is signed; you have to use GnuPG > 0.9.5 to verify the signature. GnuPG has a feature to allow clear signed patch files which can still be processed by the patch utility. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.2.3.zip (1309k) gnupg-w32cli-1.2.3.zip.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and comes without a graphical installer tool. You have to use an UNZIP utility to extract the files and install them manually. The included file README.W32 has further instructions. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.2.3.tar.bz2 you would use this command: gpg --verify gnupg-1.2.3.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key by finger wk 'at' g10code.com . Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation. * If you are not able to use an old version of GnuPG, you have to verify the MD5 checksum. Assuming you downloaded the file gnupg-1.2.3.tar.bz2, you would run the md5sum command like this: md5sum gnupg-1.2.3.tar.bz2 and check that the output matches the first line from the following list: cdca1282d7901f9ddb52f9725b001af2 gnupg-1.2.3.tar.bz2 46b990908019422535a08ce91b370ae7 gnupg-1.2.3.tar.gz 64c305371e658764006439b73ecbd8c3 gnupg-1.2.2-1.2.3.diff.gz 208f98809a6e533fed08846723795477 gnupg-w32cli-1.2.3.zip Upgrade Information =================== If you are upgrading from a version prior to 1.0.7, you should run the script tools/convert-from-106 once. Please note also that due to a bug in versions prior to 1.0.6 it may not be possible to downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . If you have any problems, please see the FAQ and the mailing list archive at http://lists.gnupg.org. Please direct questions to the gnupg-users@gnupg.org mailing list. What's New =========== Here is a list of major user visible changes since 1.2.2: * New "--gnupg" option (set by default) that disables --openpgp, and the various --pgpX emulation options. This replaces --no-openpgp, and --no-pgpX, and also means that GnuPG has finally grown a --gnupg option to make GnuPG act like GnuPG. * A number of portability changes to make building GnuPG on less-common platforms easier. * Romanian translation. * Two new %-expandos for use in notation and policy URLs. "%g" expands to the fingerprint of the key making the signature (which might be a subkey), and "%p" expands to the fingerprint of the primary key that owns the key making the signature. * New "tru" record in --with-colons --list-keys listings. It shows the status of the trust database that was used to calculate the key validity in the listings. See doc/DETAILS for the specifics of this. * New REVKEYSIG status tag for --status-fd. It indicates a valid signature that was issued by a revoked key. See doc/DETAILS for the specifics of this. Internationalization ==================== GnuPG comes with support for these langauges: American English Indonesian (id) Catalan (ca) Italian (it) Czech (cs) Japanese (ja) Danish (da)[*] Polish (pl) Dutch (nl)[*] Brazilian Portuguese (pt_BR)[*] Esperanto (eo)[*] Portuguese (pt) Estonian (et) Romanian (ro) Finnish (fi) Slovak (sk) French (fr) Spanish (es) Galician (gl) Swedish (sv) German (de) Traditional Chinese (zh_TW) Greek (el) Turkish (tr) Hungarian (hu) Languages marked with [*] were not updated for this releases and you may notice untranslated messages. Many thanks to the translators for their ongoing support of GnuPG. Future Directions ================= GnuPG 1.2.x is the current stable branch and won't undergo any serious changes. We will just fix bugs and add compatibility fixes as required. GnuPG 1.3.x is the version were we do most new stuff and it will lead to the next stable version 1.4 not too far away. GnuPG 1.9.x is brand new and flagged as experimental. This version merged the code from the Aegypten project and thus it includes the gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we won't support any ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. 1.9 is based on the current 1.3 code and has been released to have software ready to play with the forthcoming OpenPGP smartcard. The OpenPGP smartcard is a soon to be released specification of an ISO 7816 based application to generate or import keys into a smartcard and provide all functionality to use this card with OpenPGP. The specification features 3 1024 bit RSA keys (signing, decryption and authentication) as well as utility data objects to make integration easy. We will be able to give about 50 test cards to selected developers and soon after distribute real cards. For other developments you may want to consult the task list at http://g10code.com/en/tasklist.html . Happy Hacking, The GnuPG team (David, Stefan, Timo and Werner) Let's not forget about all the other contributors; here is list of them (from the THANKS file): The GNU Privacy Guard has been created by the GnuPG team: David Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils Ellmenreich, R?mi Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch. Birger Langkjer, Daniel Resare, Dokianakis Theofanis, Edmund GRIMLEY EVANS, Ga?l Qu?ri, Gregory Steuck, Nagy Ferenc L?szl?, Ivo Timmermans, Jacobo Tarri'o Barreiro, Janusz Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova', Michael Anckaert, Michal Majer, Marco d'Itri, Nilgun Belma Buguner, Pedro Morais, Tedi Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos Santos, Toomas Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the official translations. Mike Ashley wrote and maintains the GNU Privacy Handbook. David Scribner is the current FAQ editor. Lorenzo Cappelletti maintains the web site. The following people helped greatly by suggesting improvements, testing, fixing bugs, providing resources and doing other important tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews, Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere, Christian Kurz, Christian von Roques, Christopher Oliver, Christian Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave Dykstra, David C Niemi, David Champion, David Ellement, David Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Ga?l Qu?ri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni, Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John A. Martin, Johnny Teve?en, J?rg Schilling, Jos Backus, Joseph Walton, Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde, Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl, Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev, Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye, Oliver Haakert, Oskari J??skel?inen, Pascal Scheffers, Paul D. Smith, Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong, Ralph Gillen, Rat, Reinhard Wobst, R?mi Guyomarch, Reuben Sumner, Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann, Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann, Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen, Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf M?ller, Urko Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann, Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki IIDA, Yoshihiro Kajiki and Gerlinde Klaes. This software has been made possible by the previous work of Chris Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson, Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA mathematicians and all the folks who have worked hard to create complete and free operating systems. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : /pipermail/attachments/20030822/84b66ecc/attachment.bin From t.schorpp at gmx.de Fri Aug 22 23:49:01 2003 From: t.schorpp at gmx.de (thomas schorpp) Date: Tue Oct 7 21:31:52 2003 Subject: open pgp on smart devices, maxim/dallas ibutton,(the very) LIMITATION OF LIABILITY Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 hi, seems, maxim/dallas dont trust their own best products...: http://www.ibutton.com/store/license/crypto.html 5. LIMITED WARRANTIES. DS expressly disclaims any warranty for the Java powered iButton product other than replacement of a returned defective Java powered iButton for one (1) year. The Java powered iButton product AND ANY RELATED DOCUMENTATION, IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OR MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF THE Java powered iButton REMAINS WITH YOU. DS is under no obligation to issue new Java powered iButtons. 6. LIMITATION OF LIABILITY. To the maximum extent permitted by applicable law, in no event shall DS be liable for any special, incidental, indirect, or consequential damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use the Java powered iButton or the provision of or failure to provide Support Services, even if DS has been advised of the possibility of such damages. In any case, DS' entire liability under any provision of this Agreement shall be limited to the greater of the amount actually paid by you for the Java powered iButton or US$4.00. Because some states and jurisdictions do not allow the exclusion or limitation of liability, the above limitation may not apply to you. You assume the entire risk for theft, damage, destruction or loss of the Java powered iButton during the term of this Agreement and thereafter. ... a 4-60$ guarantee, eu providers must guarantee with 250.000? euros. cant find any open hw specs, neither. y tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - WinPT 0.7.96 iEYEAREDAAYFAj9GgWAACgkQzvbvBTHiGrq8fQCg/pShTcfhypO9GcJoI7AAtKsu bHoAn2ODaNkWMXlZRvbpjC7/h2AKPHjX =nqvG -----END PGP SIGNATURE----- From wk at gnupg.org Sat Aug 23 08:57:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:53 2003 Subject: open pgp on smart devices, maxim/dallas ibutton,(the very) LIMITATION OF LIABILITY In-Reply-To: (thomas schorpp's message of "Fri, 22 Aug 2003 22:49:25 +0200") References: Message-ID: <87wud43ofm.fsf@alberti.g10code.de> On Fri, 22 Aug 2003 22:49:25 +0200, thomas schorpp said: > hi, > seems, maxim/dallas dont trust their own best products...: > http://www.ibutton.com/store/license/crypto.html > 5. LIMITED WARRANTIES. DS expressly disclaims any warranty for the Java That is a common disclaimer, have you never been to the U.S.? Do you know the movie The Fortune Cookie: "I slipped on a banana skin - okay, lets sue United Fruit."? I don't think that it is much different for any other semiconductor you buy anywhere in the world. Salam-Shalom, Werner -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From lists at lina.inka.de Sat Aug 23 23:52:02 2003 From: lists at lina.inka.de (Bernd Eckenfels) Date: Tue Oct 7 21:31:53 2003 Subject: Patch for PR gnupg/199 In-Reply-To: References: Message-ID: <20030823205344.GA11253@lina.inka.de> On Wed, Aug 20, 2003 at 05:13:56PM -0400, Todd Vierling wrote: > + /* flush key list before displaying prompt */ > + fflush(stdout); > + > answer=cpr_get_no_help("keysearch.prompt", > _("Enter number(s), N)ext, or Q)uit > ")); wouldnt it be much better to add that flush to the prompt function itself? Greetings Bernd -- (OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de -- ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! From dshaw at jabberwocky.com Sun Aug 24 02:00:02 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:53 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030815065120.3AF04793@starfruit.itojun.org> References: <20030815065120.3AF04793@starfruit.itojun.org> Message-ID: <20030823230108.GC1271@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 15, 2003 at 03:51:19PM +0900, Jun-ichiro itojun Hagino wrote: > the following diff should add IPv6 support (keyserver access) > to gnupg 1.2.2. > config.h.in should be automatically generated, however, i'm not too > familiar with automake so i hand-patched it. please consider > integrating it into future distribution. I am planning to add IPv6 support to the next devel branch release of GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you (or anyone reading this) be willing to test? David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9H8jQqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJOaoAoNtFplVKgE/9Um2szmdIz243gHveAJ4p QRFscU+A+N8zw0BaxhAoqlqQYw== =WX7D -----END PGP SIGNATURE----- From mhw at wittsend.com Sun Aug 24 17:21:01 2003 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Oct 7 21:31:53 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030823230108.GC1271@jabberwocky.com> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> Message-ID: <20030824142248.GA22028@alcove.wittsend.com> On Sat, Aug 23, 2003 at 07:01:08PM -0400, David Shaw wrote: > On Fri, Aug 15, 2003 at 03:51:19PM +0900, Jun-ichiro itojun Hagino wrote: > > the following diff should add IPv6 support (keyserver access) > > to gnupg 1.2.2. > > config.h.in should be automatically generated, however, i'm not too > > familiar with automake so i hand-patched it. please consider > > integrating it into future distribution. > I am planning to add IPv6 support to the next devel branch release of > GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you > (or anyone reading this) be willing to test? I can certainly test it from a client stand-point. Are there some IPv6 keyservers out there to test against? > David > _______________________________________________ > Gnupg-devel mailing list > Gnupg-devel@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: not available Url : /pipermail/attachments/20030824/3caa557d/attachment.bin From wk at gnupg.org Sun Aug 24 19:34:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:53 2003 Subject: Patch for PR gnupg/199 In-Reply-To: <20030823205344.GA11253@lina.inka.de> (Bernd Eckenfels's message of "Sat, 23 Aug 2003 22:53:44 +0200") References: <20030823205344.GA11253@lina.inka.de> Message-ID: <87znhzyq1a.fsf@alberti.g10code.de> On Sat, 23 Aug 2003 22:53:44 +0200, Bernd Eckenfels said: > wouldnt it be much better to add that flush to the prompt function itself? Yes. However, it was a last minute change and thus I did it the fast way. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From dshaw at jabberwocky.com Mon Aug 25 17:00:01 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:53 2003 Subject: Patch for PR gnupg/199 In-Reply-To: <87znhzyq1a.fsf@alberti.g10code.de> References: <20030823205344.GA11253@lina.inka.de> <87znhzyq1a.fsf@alberti.g10code.de> Message-ID: <20030825140133.GA28588@jabberwocky.com> On Sun, Aug 24, 2003 at 06:32:49PM +0200, Werner Koch wrote: > On Sat, 23 Aug 2003 22:53:44 +0200, Bernd Eckenfels said: > > > wouldnt it be much better to add that flush to the prompt function itself? > > Yes. However, it was a last minute change and thus I did it the fast > way. Hopefully, this whole thing can go away at some point. This flush is to support external programs reading and displaying the keyserver search list, but the format of the list is not fixed and is already very different in 1.3.x. Programs should use the --with-colons format, but unfortunately there is no --with-colons --search-keys menu in 1.2.x (there is in 1.3.x.). It would work fine to display the exact text GnuPG outputs, but any program that tries to actually parse the search list is going to break when 1.4 comes out. Possibly the answer is to backport the --with-colons --search-keys to 1.2.x (it's minor). David From cova at ferrara.linux.it Mon Aug 25 23:02:01 2003 From: cova at ferrara.linux.it (Fabio Coatti) Date: Tue Oct 7 21:31:53 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030824142248.GA22028@alcove.wittsend.com> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> <20030824142248.GA22028@alcove.wittsend.com> Message-ID: <200308252203.26617.cova@ferrara.linux.it> Alle 16:22, domenica 24 agosto 2003, Michael H. Warfield ha scritto: > > I can certainly test it from a client stand-point. Are there > some IPv6 keyservers out there to test against? Well, here (Ferrara Linux User Group/deepspace6.net project) we have the possibility to set up a "test" IPv6 keyserver; is there any recommended package to set up such a thing? -- Fabio Coatti http://www.ferrara.linux.it/members/cova Ferrara Linux Users Group http://ferrara.linux.it GnuPG fp:9765 A5B6 6843 17BC A646 BE8C FA56 373A 5374 C703 Old SysOps never die... they simply forget their password. From jharris at widomaker.com Tue Aug 26 00:01:02 2003 From: jharris at widomaker.com (Jason Harris) Date: Tue Oct 7 21:31:53 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <200308252203.26617.cova@ferrara.linux.it> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> <20030824142248.GA22028@alcove.wittsend.com> <200308252203.26617.cova@ferrara.linux.it> Message-ID: <20030825210236.GL4380@pm1.ric-08.lft.widomaker.com> On Mon, Aug 25, 2003 at 10:03:26PM +0200, Fabio Coatti wrote: > Alle 16:22, domenica 24 agosto 2003, Michael H. Warfield ha scritto: > > > > > I can certainly test it from a client stand-point. Are there > > some IPv6 keyservers out there to test against? > > Well, here (Ferrara Linux User Group/deepspace6.net project) we have the > possibility to set up a "test" IPv6 keyserver; is there any recommended > package to set up such a thing? http://www.earth.li/projectpurple/progs/onak.html , IIRC, and I think just the DB4 snapshot/branch of pks, http://pks.sf.net/ . Also, http://lists.alt.org/pipermail/pgp-keyserver-folk/ is the (new) place to signup for the keyserver mailing list, if you want to reach more keyserver folks. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com | web: http://jharris.cjb.net/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20030825/5bac5ddd/attachment.bin From udjinrg at forenet.by Tue Aug 26 15:08:02 2003 From: udjinrg at forenet.by (Maxim Britov) Date: Tue Oct 7 21:31:53 2003 Subject: gnupg.pot Message-ID: <20030826145915.65479bb3.udjinrg@forenet.by> Where I can get last gnupg.pot? I cannot find it in CVS version. -- MaxBritov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 484 bytes Desc: not available Url : /pipermail/attachments/20030826/5f517bca/attachment.bin From redbird at mac.com Tue Aug 26 15:27:02 2003 From: redbird at mac.com (Gordon Worley) Date: Tue Oct 7 21:31:53 2003 Subject: GnuPG binaries with IDEA Message-ID: Hi, everyone. This morning I was trying to look at it, but I'm not 100% clear on what the situation with IDEA is. I know that it's patented in some countries and can't be used there without a license, although IIUC the US is surprisingly not one of those countries. At any rate, what would be the legal situation on releasing binaries of GnuPG that included the IDEA code? Would there be potential legal issues to deal with or is it more a matter of needing to maintain two separate binaries? Obviously I'd like to avoid legal trouble, but this morning I was thinking about it and couldn't really see why not to release a version of IDEA built-in for those who can use it other than that for some reason way in the past I decided that we couldn't. Thanks for any advice. -- Gordon Worley - Mac GPG Project http://macgpg.sourceforge.net/ ``Doveriai no proveriai.'' redbird@mac.com --Russian proverb PGP: 0xBBD3B003 From cortana at earthlink.net Tue Aug 26 16:16:01 2003 From: cortana at earthlink.net (Robert J. Hansen) Date: Tue Oct 7 21:31:53 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: <1061903862.28410.7.camel@localhost.localdomain> > This morning I was trying to look at it, but I'm not 100% clear on what > the situation with IDEA is. Still patented in the U.S., patent still held by Ascom-Tech A.G. last I heard. My most recent information says that it's free for use in noncommercial software, which means if you're using GnuPG noncommercially you can use it without a license; otherwise, you need to pay Ascom-Tech. > I know that it's patented in some countries and can't be used there > without a license, although IIUC the US is surprisingly not one of > those countries. Incorrect. It's patented basically in every Western nation where software patents are considered valid, which (unfortunately) includes the US. > At any rate, what would be the legal situation on releasing binaries of > GnuPG that included the IDEA code? You need to ask a lawyer this question, not the GnuPG-devel mailing list. We're coders here; law is far beyond our professional specialties. Having said that, you couldn't include IDEA in a GnuPG build. The "no commercial use" clause of the free-distribution IDEA license conflicts with the "no additional restrictions" requirement of the GNU GPL. -- Robert J. Hansen From dshaw at jabberwocky.com Tue Aug 26 16:27:02 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:53 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: <20030826132842.GD368@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Aug 26, 2003 at 08:27:23AM -0400, Gordon Worley wrote: > This morning I was trying to look at it, but I'm not 100% clear on what > the situation with IDEA is. I know that it's patented in some > countries and can't be used there without a license, although IIUC the > US is surprisingly not one of those countries. At any rate, what would > be the legal situation on releasing binaries of GnuPG that included the > IDEA code? Would there be potential legal issues to deal with or is it > more a matter of needing to maintain two separate binaries? > > Obviously I'd like to avoid legal trouble, but this morning I was > thinking about it and couldn't really see why not to release a version > of IDEA built-in for those who can use it other than that for some > reason way in the past I decided that we couldn't. There is a licencing conflict between the IDEA licence (patented, but no cost for non-commercial use only) and the GnuPG licence (the GPL). The GPL requires that someone distributing the program gives everyone else the same rights that they themselves got when they received the program. Adding IDEA violates this, as GnuPG can be used for any purpose, and a combined GnuPG+IDEA package can only be used for non-commercial purposes. Section 7 of the GPL even gives this example: "For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program." I know about the Nullify release of GnuPG. It's questionable whether this is compliant with the GPL. Of course, I'm not a lawyer, so you shouldn't take this as legal advice. By the way, IDEA is definitely patented in the US: patent #5,214,703. David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9LYIoqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJqLsAoK4Z7WH3GU5qGBNl9Hb6D866vyBdAJ9D z+glK/hjGdtdyHAebe8q1RAcTQ== =e+Jc -----END PGP SIGNATURE----- From venona at gmx.ch Tue Aug 26 16:33:01 2003 From: venona at gmx.ch (venona@gmx.ch) Date: Tue Oct 7 21:31:53 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: <20030826223121.AF9F.VENONA@gmx.ch> On Tue, 26 Aug 2003 08:27:23 -0400 Gordon Worley wrote: >This morning I was trying to look at it, but I'm not 100% clear on what >the situation with IDEA is. See http://www.mediacrypt.com/engl/Content/licenses.htm for the view of IDEA patent owner. >countries and can't be used there without a license, although IIUC the >US is surprisingly not one of those countries. IDEA has been patented in the US (and will be patented to 2010). http://www.mediacrypt.com/engl/Content/patent_info.htm From wk at gnupg.org Tue Aug 26 17:02:01 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:53 2003 Subject: GnuPG binaries with IDEA In-Reply-To: <20030826132842.GD368@jabberwocky.com> (David Shaw's message of "Tue, 26 Aug 2003 09:28:42 -0400") References: <20030826132842.GD368@jabberwocky.com> Message-ID: <87ptistt0z.fsf@alberti.g10code.de> On Tue, 26 Aug 2003 09:28:42 -0400, David Shaw said: > There is a licencing conflict between the IDEA licence (patented, but > no cost for non-commercial use only) and the GnuPG licence (the GPL). [And only allowed after getting explict permission for the software.] > I know about the Nullify release of GnuPG. It's questionable whether > this is compliant with the GPL. It is released in violation of the GPL. The trick with the IDEA module is there to workaround this license problems in the few countries where IDEA is not patented. The GPL is about distribution and not about running a program, so using an already existing module is okay. It is not okay to distribute it. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From beebe at math.utah.edu Tue Aug 26 18:37:01 2003 From: beebe at math.utah.edu (Nelson H. F. Beebe) Date: Tue Oct 7 21:31:54 2003 Subject: IDEA patent URL Message-ID: For the record to backup recent discussions about the IDEA encryption algorithm and its patent in the US, here is the US Patent Office's Web page for it: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=5,214,703.WKU.&OS=PN/5,214,703&RS=PN/5,214,703 You can do searches for patents by keyword and number at http://patft.uspto.gov/netahtml/srchnum.htm http://www.uspto.gov/patft/index.html The algorithm, and its patent, is discussed section 13.9, pp. 319--325, of Bruce Schneier's Advanced Cryptography, 2nd ed. ------------------------------------------------------------------------------- - Nelson H. F. Beebe Tel: +1 801 581 5254 - - Center for Scientific Computing FAX: +1 801 581 4148 - - University of Utah Internet e-mail: beebe@math.utah.edu - - Department of Mathematics, 110 LCB beebe@acm.org beebe@computer.org - - 155 S 1400 E RM 233 beebe@ieee.org - - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe - ------------------------------------------------------------------------------- From apm35 at student.open.ac.uk Tue Aug 26 22:04:01 2003 From: apm35 at student.open.ac.uk (Andrew Marlow) Date: Tue Oct 7 21:31:54 2003 Subject: GnuPG binaries with IDEA In-Reply-To: References: Message-ID: redbird@mac.com writes: >Hi, everyone. > >This morning I was trying to look at it, but I'm not 100% clear on what >the situation with IDEA is. [snip] > >Obviously I'd like to avoid legal trouble, but this morning I was >thinking about it and couldn't really see why not to release a version >of IDEA built-in for those who can use it I don't want any patent-encumberances in GPL'd code. I object to IDEA being in other open source projects, e.g openssl. I'm glad it's not in GPG. $0.02 Regards, Andrew Marlow ---- There is an emerald here the size of a plover's egg! From wk at gnupg.org Wed Aug 27 09:54:01 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:54 2003 Subject: gnupg.pot In-Reply-To: <20030826145915.65479bb3.udjinrg@forenet.by> (Maxim Britov's message of "Tue, 26 Aug 2003 14:59:15 +0300") References: <20030826145915.65479bb3.udjinrg@forenet.by> Message-ID: <87vfskjvvc.fsf@alberti.g10code.de> On Tue, 26 Aug 2003 14:59:15 +0300, Maxim Britov said: > Where I can get last gnupg.pot? It is a generated file and thus not in the CVS. You find it in the tarball: po/gnupg.pot. I don't think that it makes any sense to use the POT without access to the source. Thus I usullay don't send it to the TP robot. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From udjinrg at forenet.by Wed Aug 27 11:07:02 2003 From: udjinrg at forenet.by (Maxim Britov) Date: Tue Oct 7 21:31:54 2003 Subject: gnupg.pot In-Reply-To: <87vfskjvvc.fsf@alberti.g10code.de> References: <20030826145915.65479bb3.udjinrg@forenet.by> <87vfskjvvc.fsf@alberti.g10code.de> Message-ID: <20030827103702.5a967b91.udjinrg@forenet.by> > > Where I can get last gnupg.pot? > It is a generated file and thus not in the CVS. You find it in the > tarball: po/gnupg.pot. > I don't think that it makes any sense to use the POT without access to > the source. Thus I usullay don't send it to the TP robot. Is CVS not source? I got GnuPG from CVS and I must load tarball too? :( And what I must do to include my ru.po into GnuPG? Can you help me? -- MaxBritov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 484 bytes Desc: not available Url : /pipermail/attachments/20030827/11dc8d3f/attachment.bin From md at Linux.IT Wed Aug 27 12:52:02 2003 From: md at Linux.IT (Marco d'Itri) Date: Tue Oct 7 21:31:54 2003 Subject: [Announce] GnuPG one-two-three released In-Reply-To: <877k557reu.fsf@alberti.g10code.de> References: <877k557reu.fsf@alberti.g10code.de> Message-ID: <20030822144506.GA4311@wonderland.linux.it> On Aug 22, Werner Koch wrote: >The OpenPGP smartcard is a soon to be released specification of an ISO >7816 based application to generate or import keys into a smartcard and >provide all functionality to use this card with OpenPGP. The >specification features 3 1024 bit RSA keys (signing, decryption and >authentication) as well as utility data objects to make integration >easy. Why this limitation? Is it really so much expensive to store more keys? I'd like to import all my keys (the mail ones and the two I use to sign Usenet control messages) and it would be inconvenient having to switch card every time... -- ciao, | Marco | [1407 laWxklGGi8sjM] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20030827/c8ad29ac/attachment.bin From itojun at iijlab.net Wed Aug 27 12:52:05 2003 From: itojun at iijlab.net (itojun@iijlab.net) Date: Tue Oct 7 21:31:54 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: dshaw's message of Sat, 23 Aug 2003 19:01:08 -0400. <20030823230108.GC1271@jabberwocky.com> Message-ID: <20030823230304.1738490@coconut.itojun.org> >> the following diff should add IPv6 support (keyserver access) >> to gnupg 1.2.2. >> config.h.in should be automatically generated, however, i'm not too >> familiar with automake so i hand-patched it. please consider >> integrating it into future distribution. >I am planning to add IPv6 support to the next devel branch release of >GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you >(or anyone reading this) be willing to test? of course, i'm very happy to test. itojun From itojun at iijlab.net Wed Aug 27 12:52:07 2003 From: itojun at iijlab.net (itojun@iijlab.net) Date: Tue Oct 7 21:31:54 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: itojun's message of Sun, 24 Aug 2003 08:03:04 +0900. <20030823230304.1738490@coconut.itojun.org> Message-ID: <20030823230745.5C0C794@coconut.itojun.org> >>> the following diff should add IPv6 support (keyserver access) >>> to gnupg 1.2.2. >>> config.h.in should be automatically generated, however, i'm not too >>> familiar with automake so i hand-patched it. please consider >>> integrating it into future distribution. >>I am planning to add IPv6 support to the next devel branch release of >>GnuPG (1.3.x). Unfortunately, I can't fully test it here. Would you >>(or anyone reading this) be willing to test? > > of course, i'm very happy to test. btw i'm using the patch for --search-keys from behind IPv6-only network to pgp.mit.edu over IPv6. IPv6-only ---IPv6--> IPv6-to-IPv4 translation ---IPv4--> pgp.mit.edu itojun From tv at pobox.com Wed Aug 27 12:52:09 2003 From: tv at pobox.com (Todd Vierling) Date: Tue Oct 7 21:31:54 2003 Subject: Patch for PR gnupg/199 In-Reply-To: <20030823205344.GA11253@lina.inka.de> References: <20030823205344.GA11253@lina.inka.de> Message-ID: On Sat, 23 Aug 2003, Bernd Eckenfels wrote: : > + /* flush key list before displaying prompt */ : > + fflush(stdout); : > + : > answer=cpr_get_no_help("keysearch.prompt", : > _("Enter number(s), N)ext, or Q)uit > ")); : : wouldnt it be much better to add that flush to the prompt function itself? Well, that depends on what the flush is intending to address. (In other words, I haven't checked if this particular situation affects other prompts that use cpr_get_no_help(); I only fixed the one for --search-keys, which is nearly always a pick-from-list menu.) "Whatever works" is fine with me. -- -- Todd Vierling From wk at gnupg.org Wed Aug 27 14:07:02 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:54 2003 Subject: [Announce] GnuPG one-two-three released In-Reply-To: <20030822144506.GA4311@wonderland.linux.it> (Marco d'Itri's message of "Fri, 22 Aug 2003 16:45:06 +0200") References: <877k557reu.fsf@alberti.g10code.de> <20030822144506.GA4311@wonderland.linux.it> Message-ID: <877k4zgy3b.fsf@alberti.g10code.de> On Fri, 22 Aug 2003 16:45:06 +0200, Marco d'Itri said: > Why this limitation? Is it really so much expensive to store more keys? More than 1024 bit is too expensive or not possible at all with current chips. We have restricted the implementaion to 3 keys for simplicity and to match what most people actually use. This also saves space and may help to implement it on low cost cards. > I'd like to import all my keys (the mail ones and the two I use to sign > Usenet control messages) and it would be inconvenient having to switch > card every time... 2 Readers? -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From wk at gnupg.org Wed Aug 27 14:07:06 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:54 2003 Subject: gnupg.pot In-Reply-To: <20030827103702.5a967b91.udjinrg@forenet.by> (Maxim Britov's message of "Wed, 27 Aug 2003 10:37:02 +0300") References: <20030826145915.65479bb3.udjinrg@forenet.by> <87vfskjvvc.fsf@alberti.g10code.de> <20030827103702.5a967b91.udjinrg@forenet.by> Message-ID: <873cfngxwt.fsf@alberti.g10code.de> On Wed, 27 Aug 2003 10:37:02 +0300, Maxim Britov said: > Is CVS not source? I got GnuPG from CVS and I must load tarball too? :( You don't need the traball if you have the CVS version and all required tools. make -C po gnupg.pot creates it. > And what I must do to include my ru.po into GnuPG? Can you help me? I'll answer your private mail soon. Basically we need a copyright disclaimer for the FSF. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From udjinrg at forenet.by Wed Aug 27 14:48:02 2003 From: udjinrg at forenet.by (Maxim Britov) Date: Tue Oct 7 21:31:54 2003 Subject: gnupg.pot In-Reply-To: <873cfngxwt.fsf@alberti.g10code.de> References: <20030826145915.65479bb3.udjinrg@forenet.by> <87vfskjvvc.fsf@alberti.g10code.de> <20030827103702.5a967b91.udjinrg@forenet.by> <873cfngxwt.fsf@alberti.g10code.de> Message-ID: <20030827144720.109fc6c4.udjinrg@forenet.by> > > Is CVS not source? I got GnuPG from CVS and I must load tarball too? :( > > You don't need the traball if you have the CVS version and all > required tools. > make -C po gnupg.pot > creates it. Thank you > > And what I must do to include my ru.po into GnuPG? Can you help me? > > I'll answer your private mail soon. Basically we need a copyright > disclaimer for the FSF. Ok. I read http://www.gnu.org/prep/maintain_5.html yesterday. -- MaxBritov GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 484 bytes Desc: not available Url : /pipermail/attachments/20030827/cd74e0c0/attachment.bin From dshaw at jabberwocky.com Fri Aug 29 02:45:01 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:54 2003 Subject: gnupg 1.2.2: IPv6 support In-Reply-To: <20030825210236.GL4380@pm1.ric-08.lft.widomaker.com> References: <20030815065120.3AF04793@starfruit.itojun.org> <20030823230108.GC1271@jabberwocky.com> <20030824142248.GA22028@alcove.wittsend.com> <200308252203.26617.cova@ferrara.linux.it> <20030825210236.GL4380@pm1.ric-08.lft.widomaker.com> Message-ID: <20030828234600.GA23595@jabberwocky.com> On Mon, Aug 25, 2003 at 05:02:36PM -0400, Jason Harris wrote: > On Mon, Aug 25, 2003 at 10:03:26PM +0200, Fabio Coatti wrote: > > Alle 16:22, domenica 24 agosto 2003, Michael H. Warfield ha scritto: > > > > > > > > I can certainly test it from a client stand-point. Are there > > > some IPv6 keyservers out there to test against? > > > > Well, here (Ferrara Linux User Group/deepspace6.net project) we have the > > possibility to set up a "test" IPv6 keyserver; is there any recommended > > package to set up such a thing? > > http://www.earth.li/projectpurple/progs/onak.html , IIRC, and I think just > the DB4 snapshot/branch of pks, http://pks.sf.net/ . Ok, the CVS GnuPG now has IPv6 support. If anyone is tracking the CVS version, you can test with that, or wait for the next 1.3.x release (hopefully soon). Thanks for all testers :) David -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 330 bytes Desc: not available Url : /pipermail/attachments/20030829/05f007f2/attachment.bin From dshaw at jabberwocky.com Fri Aug 29 15:06:01 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:55 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <1062154898.16458.9.camel@decathlon> References: <1062154898.16458.9.camel@decathlon> Message-ID: <20030829120702.GB27524@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Aug 29, 2003 at 07:01:38PM +0800, Calvin wrote: > Hi, there, > Please reply to me explicitly for I'm in none of above mail list. > Thanks. > > There is a line in gnupg "Feature" page, which says, "Easy > implementation of new algorithms using extension modules." > > But I can't find where to configure to use my own algorithms. And what's > the "extension modules" mean? > > Do I need to add my algorithm module to source code of gnupg and > rebuild it? Or there is some easier way, just follow a specific > interface in my module and register it into gnupg with some > configuration file? Or the 3rd way? The first way. The extension module feature was removed from GnuPG for several reasons (portability, code simplicity, lack of use). To add a new algorithm, you need to: a) Write the code for your new algorithm. See the files in cipher/ for examples on the GnuPG interface for hashes (see sha1.c), public key algorithms (see rsa.c), and symmetric algorithms (see dsa.c). b) When you need an algorithm number, use something in the 100-110 range. These numbers are reserved for this sort of use. c) Add your algorithm to the necessary table in GnuPG (cipher/md.c for hashes, cipher/pubkey.c for public key, and cipher/cipher.c for symmetric). David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9PQeUqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJKV4AnjBmMauB39sby6+xdP09j1C46RahAKDi TG19FW+Ia0vzlJ0V69ar326jaA== =TsfM -----END PGP SIGNATURE----- From mctylr at privacy.nb.ca Fri Aug 29 16:40:01 2003 From: mctylr at privacy.nb.ca (M Taylor) Date: Tue Oct 7 21:31:55 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <20030829120702.GB27524@jabberwocky.com>; from dshaw@jabberwocky.com on Fri, Aug 29, 2003 at 08:07:02AM -0400 References: <1062154898.16458.9.camel@decathlon> <20030829120702.GB27524@jabberwocky.com> Message-ID: <20030829144151.A17221@pull.privacy.nb.ca> On Fri, Aug 29, 2003 at 08:07:02AM -0400, David Shaw wrote: > The first way. The extension module feature was removed from GnuPG > for several reasons (portability, code simplicity, lack of use). To > add a new algorithm, you need to: > > a) Write the code for your new algorithm. See the files in cipher/ > b) When you need an algorithm number, use something in the 100-110 > c) Add your algorithm to the necessary table in GnuPG (cipher/md.c for d) Do not get upset or disappointed if your new algorithm / implmentation does not become popular. Cryptography is a fairly conversative bunch in practice, and if your algorithm is not well known, and greatly cryptanalyzed, I don't think many people will want to become bleeding edge testers / victims. From mo at g10code.com Fri Aug 29 20:12:01 2003 From: mo at g10code.com (Moritz Schulte) Date: Tue Oct 7 21:31:55 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <20030829120702.GB27524@jabberwocky.com> (David Shaw's message of "Fri, 29 Aug 2003 08:07:02 -0400") References: <1062154898.16458.9.camel@decathlon> <20030829120702.GB27524@jabberwocky.com> Message-ID: <87vfsgwfr2.fsf@hell.lan> David Shaw writes: > The extension module feature was removed from GnuPG for several > reasons (portability, code simplicity, lack of use). I wonder, does this only refer to the original `extension module' code that was used by GnuPG or is the concept as a whole not wanted anymore? Regarding code simplicity, the module handling code is contained in Libgcrypt [GnuPG would have to load the external algorithm implementation and then pass the according functions to Libgcrypt...]. moritz -- ((gpg-key-id . "6F984199") (email . "moritz@duesseldorf.ccc.de") (webpage . "http://duesseldorf.ccc.de/~moritz/")) From wk at gnupg.org Sat Aug 30 12:32:01 2003 From: wk at gnupg.org (Werner Koch) Date: Tue Oct 7 21:31:55 2003 Subject: How to add my own algorithm to gnupg? In-Reply-To: <87vfsgwfr2.fsf@hell.lan> (Moritz Schulte's message of "Fri, 29 Aug 2003 19:11:29 +0200") References: <1062154898.16458.9.camel@decathlon> <20030829120702.GB27524@jabberwocky.com> <87vfsgwfr2.fsf@hell.lan> Message-ID: <874qzz8pce.fsf@alberti.g10code.de> On Fri, 29 Aug 2003 19:11:29 +0200, Moritz Schulte said: > I wonder, does this only refer to the original `extension module' code > that was used by GnuPG or is the concept as a whole not wanted > anymore? Regarding code simplicity, the module handling code is It does not make sense to GnupG because it is an OpenPGP implementation and as long as the standard does not define new algorithms every week there is no need for the extension feature. The extension feature orginally aimed owards non-US PGP 2 users, so that they could use there old RSA keys (e.g. for Usenet). > contained in Libgcrypt [GnuPG would have to load the external > algorithm implementation and then pass the according functions to > Libgcrypt...]. Libgcrypt is a different story and the new external extension scheme is indeed much simpler. -- Werner Koch The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org From ehmsen at imada.sdu.dk Sat Aug 30 22:29:01 2003 From: ehmsen at imada.sdu.dk (Martin Ehmsen) Date: Tue Oct 7 21:31:55 2003 Subject: Possible --list-keys bug in 1.2.3 Message-ID: <20030827214853.GA18406@matrix.opasia.dk> Hi... I think I have found a bug in gnupg-1.2.3. It has to do with listing the keyring filename. It all started because psi (a jabber client) couldn't parse the output from gnupg-1.2.3. Is the following the intended output from gnupg??: #gpg --fixed-list-mode --with-colons --list-public-keys tru::0:1052827211:1122902031 pub:u:1024:17:A028881BDEA361F6:1052827202:1122902031::u:::scESC: uid:u::::::::Martin Ehmsen : ... and so on #gpg --fixed-list-mode --list-public-keys /home/ehmsen/.gnupg/pubring.gpg ------------------------------- pub 1024D/DEA361F6 2003-05-13 Martin Ehmsen sub 2048g/0D121BB5 2003-05-13 ... and so on The problem is the missing: /home/ehmsen/.gnupg/pubring.gpg ------------------------------- in the first output where --with-colons is turned on. Even with the --show-keyring option on, it dosen't show the keyring filename when --with-colons in turned on. Is this a bug or is this the intended behaviour?? (This is has changed between 1.2.2 and 1.2.3.) Thanks in advance Martin Ehmsen -- "No harm," The Boss burbles on. "So anyway, I thought maybe we should do something about Branding." "Branding?" I ask, match poised against the striker behind my back. "You mean as in burning a mark onto any user that complains?" - BOFH From calvin.liu at sun.com Sat Aug 30 22:29:04 2003 From: calvin.liu at sun.com (Calvin) Date: Tue Oct 7 21:31:55 2003 Subject: How to add my own algorithm to gnupg? Message-ID: <1062154898.16458.9.camel@decathlon> Hi, there, Please reply to me explicitly for I'm in none of above mail list. Thanks. There is a line in gnupg "Feature" page, which says, "Easy implementation of new algorithms using extension modules." But I can't find where to configure to use my own algorithms. And what's the "extension modules" mean? Do I need to add my algorithm module to source code of gnupg and rebuild it? Or there is some easier way, just follow a specific interface in my module and register it into gnupg with some configuration file? Or the 3rd way? Thanks for help. Best regards, Calvin From dshaw at jabberwocky.com Sun Aug 31 01:54:02 2003 From: dshaw at jabberwocky.com (David Shaw) Date: Tue Oct 7 21:31:55 2003 Subject: Possible --list-keys bug in 1.2.3 In-Reply-To: <20030827214853.GA18406@matrix.opasia.dk> References: <20030827214853.GA18406@matrix.opasia.dk> Message-ID: <20030830225522.GD11925@jabberwocky.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Aug 27, 2003 at 11:48:53PM +0200, Martin Ehmsen wrote: > Hi... > > I think I have found a bug in gnupg-1.2.3. > It has to do with listing the keyring filename. It all started because > psi (a jabber client) couldn't parse the output from gnupg-1.2.3. > Is the following the intended output from gnupg??: > > #gpg --fixed-list-mode --with-colons --list-public-keys > tru::0:1052827211:1122902031 > pub:u:1024:17:A028881BDEA361F6:1052827202:1122902031::u:::scESC: > uid:u::::::::Martin Ehmsen : > ... and so on > > #gpg --fixed-list-mode --list-public-keys > /home/ehmsen/.gnupg/pubring.gpg > ------------------------------- > pub 1024D/DEA361F6 2003-05-13 Martin Ehmsen > sub 2048g/0D121BB5 2003-05-13 > ... and so on > > The problem is the missing: > /home/ehmsen/.gnupg/pubring.gpg > ------------------------------- > in the first output where --with-colons is turned on. Even with the > --show-keyring option on, it dosen't show the keyring filename when > --with-colons in turned on. > Is this a bug or is this the intended behaviour?? > (This is has changed between 1.2.2 and 1.2.3.) Believe it or not, this is a bug *fix* in 1.2.3. The --with-colons output wasn't supposed to contain the keyring filename. The - --with-colons output is for machine parsing, and the keyring filename was for human parsing (note the underline). David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.3-cvs (GNU/Linux) Comment: Key available at http://www.jabberwocky.com/david/keys.asc iHEEARECADEFAj9RK1oqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk L2tleXMuYXNjAAoJEOJmXIdJ4cvJO+IAoLHOP1k1pXQZFWmb19f8DYtFphxQAJwI xdVw2Dt1dNLV0qy5Fr08yuHLXg== =/YHi -----END PGP SIGNATURE-----