How to keep signature on received messages after decrypting them
vedaal
vedaal@hotmail.com
Wed Feb 27 18:20:01 2002
----- Original Message -----
From: <gnupg-users-request@gnupg.org>
To: <gnupg-users@gnupg.org>
Sent: Tuesday, February 26, 2002 1:38 AM
Subject: Gnupg-users digest, Vol 1 #528 - 16 msgs
> Send Gnupg-users mailing list submissions to
> gnupg-users@gnupg.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> or, via email, send a message with subject or body 'help' to
> gnupg-users-request@gnupg.org
>
> You can reach the person managing the list at
> gnupg-users-admin@gnupg.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Gnupg-users digest..."
>
>
> Today's Topics:
>
> 1. RE: Using gpg on multiple systems (Steve Butler)
> 2. Re: Using gpg on multiple systems (JanuszA.Urbanowicz)
> 3. Installing gnupg on IBM AIX 4.2.1 (Naresh Reddy)
> 4. Re: Using gpg on multiple systems (Mike Touloumtzis)
> 5. Re: Using gpg on multiple systems (Mike Touloumtzis)
> 6. Re: Using gpg on multiple systems (Frank Tobin)
> 7. RE: Using gpg from PHP system call (Andre Flitsch)
> 8. Re: Using gpg on multiple systems (Ingo =?iso-8859-1?q?Kl=F6cker?=)
> 9. Re: How to keep signature on received messages after decrypting them
(David Shaw)
> 10. RE: Using gpg from PHP system call (Anthony E. Greene)
> 11. Re: Using gpg on multiple systems (Anthony E. Greene)
> 12. unix/pgp to nt/gpg questions (Nguyen Tuan-ATN014)
> 13. RSA support? (Nguyen Tuan-ATN014)
> 14. Re: How to keep signature on received messages after decrypting them
(Anthony E. Greene)
> 15. Re: unix/pgp to nt/gpg questions (Mario Kratzer)
> 16. Re: unix/pgp to nt/gpg questions (Lionel Elie Mamane)
>
> --__--__--
>
> Message: 1
> From: Steve Butler <sbutler@fchn.com>
> To: 'Bobby' <bobby@xfactor.itec.yorku.ca>, gnupg-users@gnupg.org
> Subject: RE: Using gpg on multiple systems
> Date: Mon, 25 Feb 2002 07:33:00 -0800
>
> I am relying on a long/strong passphrase. I suppose I could develop two
> public keys. One for home and one for work but...
>
> I'll be interested to the approach others have taken.
> --Steve Butler
> Oracle DBA
> First Choice Health Network
>
> PS Apologies for the forced disclaimer attached below. This message is
for
> you folks!
>
> -----Original Message-----
> From: Bobby [mailto:bobby@xfactor.itec.yorku.ca]
> Sent: Friday, February 22, 2002 9:36 PM
> To: gnupg-users@gnupg.org
> Subject: Using gpg on multiple systems
>
>
> Hello, I am not subscribed, so please CC me when you reply.
>
> I'm planning on using gpg at home and at work. At home gpg is installed on
> my computer where I'm the only one who uses, so my keys are secure enough.
> At work however, a lot of people use the machines and they have gpg
> installed. I'm paranoid about leaving my keys at the work server though.
> What's the safest way for me to use the same keyID and keys at both work
> and home? Both systems are running Linux.
>
> Do I have to create two separate IDs for them? I'm new at this, so I'd
> appreciate the step by step procedure on how to do it.
>
> Thanks in advance.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all copies
of the original message.
>
>
>
> --__--__--
>
> Message: 2
> Subject: Re: Using gpg on multiple systems
> To: Steve Butler <sbutler@fchn.com>
> Date: Mon, 25 Feb 2002 16:54:41 +0100 (CET)
> CC: "'Bobby'" <bobby@xfactor.itec.yorku.ca>, gnupg-users@gnupg.org
> From: Janusz A. Urbanowicz <alex@bofh.torun.pl>
>
> Steve Butler wrote/napisa=B3[a]/schrieb:
> [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > I am relying on a long/strong passphrase. I suppose I could develop two
> > public keys. One for home and one for work but...
>
> create a 'master' key at home and make a signing subkey - this you export
to
> work. It will allow you to operate like normally, but this subkey can be
> easily revoked and replaced by new one if compromised. The same for
> decrypting subkey.
>
> Alex
> --=20
> C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | |
=
> * =09
> ; (_O :
+-------------------------------------------------------------+ --=
> +~|=09
> ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
> =BFde z=B3o | l_|/=09
> A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po
d=
> no; | | =20
>
>
> --__--__--
>
> Message: 3
> Date: Mon, 25 Feb 2002 12:23:13 -0500 (EST)
> From: Naresh Reddy <nyg102@email.psu.edu>
> To: <gnupg-users@gnupg.org>
> Subject: Installing gnupg on IBM AIX 4.2.1
>
>
> I am trying to install gnupg on IBM AIX 4.2.1.
> I first did,
> % ./configure --enable-static-rnd=none --with-included-gettext
> --with-included-zlib --disable-nls --enable-m-guard --prefix=$HOME
>
> % make
> make all-recursive
> Making all in intl
> Target "all" is up to date.
> Making all in zlib
> Target "all" is up to date.
> Making all in util
> /usr/bin/xlc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I../intl
> -g -c fileutil.c
> "../include/ttyio.h", line 27.36: 1506-046 (S) Syntax error.
> "fileutil.c", line 39.1: 1506-277 (S) Syntax error: possible missing ';'
> or ','?
> "../include/ttyio.h", line 27.7: 1506-166 (S) Definition of function
> tty_printf requires parentheses.
> "../include/ttyio.h", line 27.7: 1506-160 (S) Object tty_printf cannot be
> declared as type void.
> "fileutil.c", line 48.33: 1506-045 (S) Undeclared identifier filepath.
> "fileutil.c", line 51.5: 1506-046 (S) Syntax error.
> make: 1254-004 The error code from the last command is 1.
>
>
> Stop.
> make: 1254-004 The error code from the last command is 1.
>
>
> Stop.
> make: 1254-004 The error code from the last command is 2.
>
>
> Stop.
>
>
> I am stuck there...Can someone tell me what is wrong and how I can fix
> this?
>
>
> Thanks
> naresh
>
>
>
>
>
>
> --__--__--
>
> Message: 4
> Date: Mon, 25 Feb 2002 13:47:22 -0800
> To: gnupg-users@gnupg.org
> Cc: 'Bobby' <bobby@xfactor.itec.yorku.ca>
> Subject: Re: Using gpg on multiple systems
> From: Mike Touloumtzis <miket@bluemug.com>
>
> On Mon, Feb 25, 2002 at 07:33:00AM -0800, Steve Butler wrote:
> >
> > I am relying on a long/strong passphrase. I suppose I could develop two
> > public keys. One for home and one for work but...
>
> I ended up using one key for work and another key (not just a separate
> key ID) for home. They are mutually signed. This way, in the nightmare
> subpoena scenario, I could surrender the key I use for all work-related
> mail without endangering the privacy of my personal mail.
>
> I didn't have an overwhelming argument in favor of this approach, so
> I'm also curious to hear what others have done, and their rationales.
>
> miket
>
>
> --__--__--
>
> Message: 5
> Date: Mon, 25 Feb 2002 13:54:54 -0800
> To: gnupg-users@gnupg.org
> Cc: 'Bobby' <bobby@xfactor.itec.yorku.ca>
> Subject: Re: Using gpg on multiple systems
> From: Mike Touloumtzis <miket@bluemug.com>
>
> On Mon, Feb 25, 2002 at 04:54:41PM +0100, Janusz A. Urbanowicz wrote:
> >
> > create a 'master' key at home and make a signing subkey - this you
export to
> > work. It will allow you to operate like normally, but this subkey can be
> > easily revoked and replaced by new one if compromised. The same for
> > decrypting subkey.
>
> I have a work mail address and a personal mail address; I want mail
> sent to the work address to be encrypted to one subkey, and mail to
> the personal address to be encrypted to another (this type of setup is
> required by the thread's original poster due to his greater concerns
> about workplace security).
>
> When someone sends me mail, how do they choose which subkey is used?
> Can I associate a subkey with an ID? Or is using two completely
> different OpenPGP keys (which I do now) the only way to get this result?
>
> miket
>
>
> --__--__--
>
> Message: 6
> Date: Mon, 25 Feb 2002 18:12:01 -0500 (EST)
> From: Frank Tobin <ftobin@neverending.org>
> To: Mike Touloumtzis <miket@bluemug.com>
> Cc: gnupg-users@gnupg.org
> Subject: Re: Using gpg on multiple systems
>
> Mike Touloumtzis, at 13:54 -0800 on 2002-02-25, wrote:
>
> > When someone sends me mail, how do they choose which subkey is used? Can
> > I associate a subkey with an ID? Or is using two completely different
> > OpenPGP keys (which I do now) the only way to get this result?
>
> UID's are 'attached' to signing keys, not encryption keys (subkeys). I
> would recommend using two seaparate keypairs, mutually signed.
>
> --
> Frank Tobin http://www.neverending.org/~ftobin/
>
>
>
> --__--__--
>
> Message: 7
> From: "Andre Flitsch" <andre@pixel-works.co.uk>
> To: <tom@tjcc.com>,
> <gnupg-users@gnupg.org>
> Subject: RE: Using gpg from PHP system call
> Date: Mon, 25 Feb 2002 23:15:18 -0000
>
> Hi Tom
>
> You will be able to execute gnupg via telnet as you are authenticated as
> part of a group with permission to execute gnupg. When executing from the
> web server the script runs as as nobody or Apache - a group with no
> permissions. You have to set the permissions of the files in the gnupg
home
> directory (/path/to/home/.gnupg) to be executable by the world. I had the
> same problem with a php script. When i chmod'd the files to 777 gnupg was
> able to execute and create the encoded file.
>
> I hope that helps.
>
> later
>
> Andre
>
> -- >>-----Original Message-----
> -- >>From: gnupg-users-admin@gnupg.org
> -- >>[mailto:gnupg-users-admin@gnupg.org]On
> -- >>Behalf Of Tom Bellucco
> -- >>Sent: 23 February 2002 21:57
> -- >>To: gnupg-users@gnupg.org
> -- >>Subject: Using gpg from PHP system call
> -- >>
> -- >>
> -- >>The article on this page:
> -- >>
> -- >>http://hotwired.lycos.com/webmonkey/00/20/index3a_page5.html
> -- >>
> -- >>explains how to call gpg from within a PHP script by
> -- >>way of a system call to encrypt the contents of a
> -- >>form, then e-mail it. I have followed all of the
> -- >>instructions to get gnupg installed properly (thanks
> -- >>to David Shaw!!) but when running the script, the call
> -- >>to gpg is failing. I know this because my script
> -- >>tells me it can not open the file which would contain
> -- >>the output from the call to gpg (the error says the
> -- >>file does not exist). I've tried sleeping after the
> -- >>call to gpg thinking it never had a chance to finish,
> -- >>but no go. I commented out the 2 calls that delete
> -- >>the data files, and the output from gpg never gets
> -- >>created. When I telnet to my web server and run this
> -- >>command letter for letter manually, it works. For
> -- >>some reason it is not able to run when called from
> -- >>within the script.
> -- >>
> -- >>Has anyone on the list done this, or is anyone using
> -- >>gpg in conjunction with PHP to do something similar?
> -- >>
> -- >>Thanks,
> -- >>Tom B.
>
>
>
> --__--__--
>
> Message: 8
> From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker@epost.de>
> To: gnupg-users@gnupg.org
> Subject: Re: Using gpg on multiple systems
> Date: Tue, 26 Feb 2002 00:38:52 +0100
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Monday 25 February 2002 22:54, Mike Touloumtzis wrote:
> > On Mon, Feb 25, 2002 at 04:54:41PM +0100, Janusz A. Urbanowicz wrote:
> > > create a 'master' key at home and make a signing subkey - this you
> > > export to work. It will allow you to operate like normally, but
> > > this subkey can be easily revoked and replaced by new one if
> > > compromised. The same for decrypting subkey.
> >
> > I have a work mail address and a personal mail address; I want mail
> > sent to the work address to be encrypted to one subkey, and mail to
> > the personal address to be encrypted to another (this type of setup
> > is required by the thread's original poster due to his greater
> > concerns about workplace security).
> >
> > When someone sends me mail, how do they choose which subkey is used?
>
> They can specify the subkey's key id on the encryption command line.
>
> > Can I associate a subkey with an ID?
>
> Not AFAIK.
>
> > Or is using two completely
> > different OpenPGP keys (which I do now) the only way to get this
> > result?
>
> Regards,
> Ingo
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8essMGnR+RTDgudgRAgdoAJ4vzmmCjygFWWFN6bFTxytJYvZneQCaAtnq
> 6FTCi7qd3epvME851jQLv7U=3D
> =3DnlmZ
> -----END PGP SIGNATURE-----
>
>
> --__--__--
>
> Message: 9
> Date: Mon, 25 Feb 2002 19:25:27 -0500
> From: David Shaw <dshaw@jabberwocky.com>
> To: gnupg-users@gnupg.org
> Subject: Re: How to keep signature on received messages after decrypting
them
>
> On Sat, Feb 23, 2002 at 07:00:44PM -0500, ddcc@MIT.EDU wrote:
> > GPG doesn't seem to have a way to preserve the signature on an encrypted
> > message.
...
> > Why would someone need this feature?
...
> > Say Alice signs and encrypts a check to Bob. Now Bob needs to prove to
the
> > bank that Alice signed it. Using GPG, he can recover the text of the
check
> > easily. But what proof of signature does he send the bank? A screenshot
of
> > GPG with the line that says "Good signature from Alice?" An extracted
> > session key (gpg --show-session-key)? Or does he need to ask Alice to
send
> > another check, this one signed, then encrypted, but in two separate
steps?
>
> Sorry, GPG doesn't currently have this feature. There is nothing
> preventing it, but it hasn't been written.
if the sender wants the signature preserved, it can easily be done by
clearsigning,
and then encrypting, or signing and encrypting,
the clearsigned message.
{n.b.} it is important to be aware that ordinary signed and encrypted
messages 'can' still be separated into free standing signed
messages, even though it is not in the GnuPG released versions.
There were a few additional lines of code written for this modification {by
Florian Weimar, i believe, but not publicly released}.
The point is, that it 'can' be done,
{for a detailed account of potential problems with this, see here:}
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
hth,
vedaal